diff options
Diffstat (limited to 'kubernetes')
819 files changed, 6748 insertions, 27193 deletions
diff --git a/kubernetes/aai/Chart.yaml b/kubernetes/aai/Chart.yaml index 7f00c2f002..b06609a0c4 100644 --- a/kubernetes/aai/Chart.yaml +++ b/kubernetes/aai/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP Active and Available Inventory name: aai -version: 13.0.1 +version: 14.0.3 dependencies: - name: common @@ -35,31 +35,31 @@ dependencies: version: ~13.x-0 repository: '@local' - name: aai-babel - version: ~13.x-0 + version: ~14.x-0 repository: 'file://components/aai-babel' condition: aai-babel.enabled - name: aai-graphadmin - version: ~13.x-0 + version: ~14.x-1 repository: 'file://components/aai-graphadmin' condition: aai-graphadmin.enabled - name: aai-modelloader - version: ~13.x-0 + version: ~14.x-0 repository: 'file://components/aai-modelloader' condition: aai-modelloader.enabled - name: aai-resources - version: ~13.x-0 + version: ~14.x-1 repository: 'file://components/aai-resources' condition: aai-resources.enabled - name: aai-schema-service - version: ~13.x-0 + version: ~14.x-0 repository: 'file://components/aai-schema-service' condition: aai-schema-service.enabled - name: aai-sparky-be - version: ~13.x-0 + version: ~14.x-0 repository: 'file://components/aai-sparky-be' condition: aai-sparky-be.enabled - name: aai-traversal - version: ~13.x-0 + version: ~14.x-1 repository: 'file://components/aai-traversal' condition: aai-traversal.enabled - name: serviceAccount diff --git a/kubernetes/aai/components/aai-babel/Chart.yaml b/kubernetes/aai/components/aai-babel/Chart.yaml index 447b59f573..50a7c24ee0 100644 --- a/kubernetes/aai/components/aai-babel/Chart.yaml +++ b/kubernetes/aai/components/aai-babel/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: Babel microservice name: aai-babel -version: 13.0.0 +version: 14.0.2 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-babel/resources/config/application.properties b/kubernetes/aai/components/aai-babel/resources/config/application.properties index 96f1a3eb89..56560d5cb2 100644 --- a/kubernetes/aai/components/aai-babel/resources/config/application.properties +++ b/kubernetes/aai/components/aai-babel/resources/config/application.properties @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # Copyright © 2021 Orange -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright � 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,3 +23,5 @@ spring.main.allow-bean-definition-overriding=true server.servlet.context-path=/services/babel-service logging.config=${CONFIG_HOME}/logback.xml tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json + +management.endpoints.web.exposure.include=* diff --git a/kubernetes/aai/components/aai-babel/resources/config/logback.xml b/kubernetes/aai/components/aai-babel/resources/config/logback.xml index 125731cf6e..686423b31f 100644 --- a/kubernetes/aai/components/aai-babel/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-babel/resources/config/logback.xml @@ -131,7 +131,7 @@ <!-- This determines the logging level for 3rd party code --> <!-- ============================================================================ --> - <root level="INFO"> + <root level={{ .Values.log.level.root | upper | quote }}> <appender-ref ref="asyncEELF" /> <appender-ref ref="asyncEELFDebug" /> <appender-ref ref="AsyncSysOut" /> diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index 24d34e861c..f3fc04c00c 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -22,7 +22,12 @@ kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} + {{- if .Values.debug.enabled }} + replicas: 1 + {{- else }} replicas: {{ .Values.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} strategy: type: {{ .Values.updateStrategy.type }} {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} @@ -37,10 +42,19 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 12 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} + ports: + {{- if .Values.debug.enabled }} + - containerPort: {{ .Values.debug.port }} + name: {{ .Values.debug.portName }} + {{- end }} + {{- if .Values.profiling.enabled }} + - containerPort: {{ .Values.profiling.port }} + name: {{ .Values.profiling.portName }} + {{- end }} + {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when + # debugging.enabled=true or profiling.enabled=true + {{- if and .Values.liveness.enabled (not (or .Values.debug.enabled .Values.profiling.enabled)) }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} @@ -57,6 +71,14 @@ spec: value: NotUsed - name: CONFIG_HOME value: /opt/app/babel/config + {{- if .Values.profiling.enabled }} + - name: JVM_OPTS + value: '{{ join " " .Values.profiling.args }}' + {{- end }} + {{- if .Values.debug.enabled }} + - name: JVM_OPTS + value: {{ .Values.debug.args | quote }} + {{- end }} volumeMounts: - mountPath: /opt/app/babel/config/application.properties name: config diff --git a/kubernetes/aai/components/aai-babel/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-babel/templates/servicemonitor.yaml new file mode 100644 index 0000000000..dc706029bf --- /dev/null +++ b/kubernetes/aai/components/aai-babel/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }} diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index e058d82e46..54f8c5ea98 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -25,7 +25,7 @@ global: {} ################################################################# # application image -image: onap/babel:1.12.3 +image: onap/babel:1.13.3 flavor: small flavorOverride: small @@ -33,6 +33,9 @@ flavorOverride: small # default number of instances replicaCount: 1 +# number of ReplicaSets that should be retained for the Deployment +revisionHistoryLimit: 2 + updateStrategy: type: RollingUpdate maxUnavailable: 0 @@ -95,6 +98,41 @@ resources: memory: "2Gi" unlimited: {} +tracing: + collector: + baseUrl: http://jaeger-collector.istio-system:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) + +# adds jvm args for remote debugging the application +debug: + enabled: false + args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" + port: 5005 + portName: debug + +# adds jvm args for remote profiling the application +profiling: + enabled: false + args: + - "-Dcom.sun.management.jmxremote" + - "-Dcom.sun.management.jmxremote.ssl=false" + - "-Dcom.sun.management.jmxremote.authenticate=false" + - "-Dcom.sun.management.jmxremote.local.only=false" + - "-Dcom.sun.management.jmxremote.port=9999" + - "-Dcom.sun.management.jmxremote.rmi.port=9999" + - "-Djava.rmi.server.hostname=127.0.0.1" + port: 9999 + portName: jmx + +metrics: + serviceMonitor: + enabled: true + targetPort: 9516 + path: /services/babel-service/actuator/prometheus + basicAuth: + enabled: false + #Pods Service Account serviceAccount: nameOverride: aai-babel @@ -104,4 +142,6 @@ serviceAccount: #Log configuration log: path: /var/log/onap + level: + root: INFO logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-graphadmin/Chart.yaml b/kubernetes/aai/components/aai-graphadmin/Chart.yaml index 69abea193f..7c86fed9dd 100644 --- a/kubernetes/aai/components/aai-graphadmin/Chart.yaml +++ b/kubernetes/aai/components/aai-graphadmin/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP AAI GraphAdmin name: aai-graphadmin -version: 13.0.0 +version: 14.0.2 dependencies: - name: common @@ -34,3 +34,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index b63cd83158..d124f63141 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -55,8 +55,14 @@ server.ssl.enabled=false # JMS bind address host port jms.bind.address=tcp://localhost:61649 -dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3904 -dmaap.ribbon.transportType=http +# dmaap is deprecated now kafka is used +spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS} +spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT +spring.kafka.producer.properties.sasl.mechanism=SCRAM-SHA-512 +spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer +spring.kafka.producer.value-serializer=org.apache.kafka.common.serialization.StringSerializer +spring.kafka.producer.properties.sasl.jaas.config=${JAAS_CONFIG} +spring.kafka.producer.retries=3 # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema @@ -103,8 +109,7 @@ aperture.service.base.url=http://localhost:8457/aai/aperture aperture.service.timeout-in-milliseconds=300000 #To Expose the Prometheus scraping endpoint -management.server.port=8448 +management.server.port={{ .Values.service.actuatorPort }} management.endpoints.enabled-by-default=true management.endpoints.web.exposure.include=info,health,prometheus -endpoints.enabled=false -management.security.enabled=false
\ No newline at end of file +management.security.enabled=false diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties deleted file mode 100644 index 5962ebd6fc..0000000000 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties +++ /dev/null @@ -1,99 +0,0 @@ -{{/* -# -# ============LICENSE_START======================================================= -# org.onap.aai -# ================================================================================ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -query.fast-property=true -query.smart-limit=false - -{{ if .Values.global.config.cluster.cassandra.dynamic }} - -storage.backend=cql -storage.hostname={{.Values.global.cassandra.serviceName}} -storage.cql.keyspace=aaigraph -storage.username={{.Values.global.cassandra.username}} -storage.password={{.Values.global.cassandra.password}} - -storage.cql.read-consistency-level=LOCAL_QUORUM -storage.cql.write-consistency-level=LOCAL_QUORUM -storage.cql.replication-factor={{.Values.global.cassandra.replicas}} -storage.cql.only-use-local-consistency-for-system-operations=true - -{{ else }} - -{{ if .Values.global.config.storage }} - -storage.backend={{ .Values.global.config.storage.backend }} - -{{ if eq .Values.global.config.storage.backend "cassandra" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.cassandra.keyspace={{ .Values.global.config.storage.name }} - -storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} -storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} -storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} -storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} -storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ else if eq .Values.global.config.storage.backend "cql" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.cql.keyspace={{ .Values.global.config.storage.name }} - -storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} -storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} -storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} - -storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} -storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} -storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ else if eq .Values.global.config.storage.backend "hbase" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.hbase.table={{ .Values.global.config.storage.name }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ end }} - -{{ end }} - -{{ end }} - -storage.lock.wait-time=300 -#caching on -cache.db-cache = true -cache.db-cache-clean-wait = 20 -cache.db-cache-time = 180000 -cache.db-cache-size = 0.3 - -#load graphson file on startup -load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties index 61550e7a57..d1797a407e 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties @@ -20,44 +20,39 @@ query.fast-property=true query.smart-limit=false -{{ if .Values.global.config.cluster.cassandra.dynamic }} +{{- if .Values.global.config.cluster.cassandra.dynamic }} storage.backend=cql storage.hostname={{.Values.global.cassandra.serviceName}} -storage.cql.keyspace=aaigraph storage.username={{.Values.global.cassandra.username}} storage.password={{.Values.global.cassandra.password}} +storage.cql.keyspace=aaigraph +storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }} storage.cql.read-consistency-level=LOCAL_QUORUM storage.cql.write-consistency-level=LOCAL_QUORUM storage.cql.replication-factor={{.Values.global.cassandra.replicas}} storage.cql.only-use-local-consistency-for-system-operations=true -{{ else }} +{{- if .Values.global.cassandra.partitionerName }} +storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }} +{{- end }} -{{ if .Values.global.config.storage }} +{{- if .Values.config.janusgraph.cassandraDriver }} +storage.cql.internal.string-configuration = datastax-java-driver { {{ .Values.config.janusgraph.cassandraDriver.configuration }} } +{{- end }} -storage.backend={{ .Values.global.config.storage.backend }} +{{- else -}} -{{ if eq .Values.global.config.storage.backend "cassandra" }} +{{- if .Values.global.config.storage }} -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.cassandra.keyspace={{ .Values.global.config.storage.name }} - -storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} -storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} -storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} -storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} -storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} +storage.backend={{ .Values.global.config.storage.backend }} -{{ else if eq .Values.global.config.storage.backend "cql" }} +{{- if eq .Values.global.config.storage.backend "cql" }} storage.hostname={{ .Values.global.config.storage.hostname }} storage.cql.keyspace={{ .Values.global.config.storage.name }} +storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }} storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} @@ -65,13 +60,13 @@ storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationF storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} -storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} +storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }} storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} -{{ else if eq .Values.global.config.storage.backend "hbase" }} +{{- else if eq .Values.global.config.storage.backend "hbase" }} storage.hostname={{ .Values.global.config.storage.hostname }} storage.hbase.table={{ .Values.global.config.storage.name }} @@ -80,14 +75,16 @@ storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} -{{ end }} - -{{ end }} - -{{ end }} +{{- end }} +{{- end }} +{{- end }} storage.lock.wait-time=300 # Setting db-cache to false ensure the fastest propagation of changes across servers -cache.db-cache = false +cache.db-cache=false #load graphson file on startup load.snapshot.file=false + +{{- if .Values.config.janusgraph.allowUpgrade }} +graph.allow-upgrade=true +{{- end }} diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml index fd79f7043a..5825a722ae 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml @@ -201,13 +201,13 @@ <includeCallerData>true</includeCallerData> <appender-ref ref="translog"/> </appender> - <appender name="dmaapAAIEventConsumer" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="kafkaAAIEventConsumer" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> <level>WARN</level> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/error.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}</fileNamePattern> + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/error.log.%d{yyyy-MM-dd}</fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> </rollingPolicy> @@ -215,15 +215,15 @@ <pattern>${"errorPattern"}</pattern> </encoder> </appender> - <appender name="dmaapAAIEventConsumerInfo" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="kafkaAAIEventConsumerInfo" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>INFO</level> <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/kafka-transaction.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/kafka-transaction.log.%d{yyyy-MM-dd} </fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> @@ -232,15 +232,15 @@ <pattern>${debugPattern}</pattern> </encoder> </appender> - <appender name="dmaapAAIEventConsumerDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="kafkaAAIEventConsumerDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>DEBUG</level> <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/debug.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}</fileNamePattern> + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/debug.log.%d{yyyy-MM-dd}</fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> </rollingPolicy> @@ -248,15 +248,15 @@ <pattern>${debugPattern}</pattern> </encoder> </appender> - <appender name="dmaapAAIEventConsumerMetric" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="kafkaAAIEventConsumerMetric" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>INFO</level> <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/metrics.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}</fileNamePattern> + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}</fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> </rollingPolicy> @@ -851,7 +851,7 @@ </then> </if> - <logger name="org.onap.aai" level="DEBUG" additivity="false"> + <logger name="org.onap.aai" level={{ .Values.log.level.base | upper | quote }} additivity="false"> <if condition='property("logToFileEnabled").contains("true")'> <then> <appender-ref ref="asyncDEBUG"/> @@ -1035,12 +1035,12 @@ </if> <appender-ref ref="STDOUT"/> </logger> - <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false"> + <logger name="org.onap.aai.kafka" level="DEBUG" additivity="false"> <if condition='property("logToFileEnabled").contains("true")'> <then> - <appender-ref ref="dmaapAAIEventConsumer"/> - <appender-ref ref="dmaapAAIEventConsumerDebug"/> - <appender-ref ref="dmaapAAIEventConsumerMetric"/> + <appender-ref ref="kafkaAAIEventConsumer"/> + <appender-ref ref="kafkaAAIEventConsumerDebug"/> + <appender-ref ref="kafkaAAIEventConsumerMetric"/> </then> </if> <appender-ref ref="STDOUT"/> @@ -1185,7 +1185,7 @@ </if> <appender-ref ref="STDOUT"/> </logger> - <root level="DEBUG"> + <root level={{ .Values.log.level.root | upper | quote }}> <if condition='property("logToFileEnabled").contains("true")'> <then> <appender-ref ref="external"/> diff --git a/kubernetes/msb/components/msb-consul/templates/configmap.yaml b/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml index 32adcaec5f..4e9bf7f7ff 100644 --- a/kubernetes/msb/components/msb-consul/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2020 Samsung Electronics +# Copyright © 2022-23 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,15 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: ConfigMap +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser metadata: - name: {{ include "common.fullname" . }}-entrypoint - namespace: {{ include "common.namespace" . }} + name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }} labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: scram-sha-512 + authorization: + type: simple + acls: + - resource: + type: topic + name: AAI-EVENT + operations: + - All diff --git a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml index 8eb4a4a781..ddf752b480 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml @@ -40,7 +40,6 @@ data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} --- apiVersion: v1 diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index cad213ab9e..6ac078b756 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -38,7 +38,12 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + {{- if .Values.config.debug.enabled }} + replicas: 1 + {{- else }} replicas: {{ .Values.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} minReadySeconds: {{ .Values.minReadySeconds }} strategy: type: {{ .Values.updateStrategy.type }} @@ -65,71 +70,62 @@ spec: spec: hostname: aai-graphadmin terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} - {{ if .Values.global.initContainers.enabled }} + {{- if .Values.global.initContainers.enabled }} initContainers: - - command: - {{ if .Values.global.jobs.migration.enabled }} - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-aai-graphadmin-migration - {{ else if .Values.global.jobs.createSchema.enabled }} - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{ else }} - - /app/ready.py - args: - - --service-name - - {{ .Values.global.cassandra.serviceName }} - - --service-name - - aai-schema-service - {{ end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - {{ end }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled ) | indent 6 | trim}} + {{- end }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} env: - - name: LOCAL_USER_ID - value: {{ .Values.securityContext.user_id | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.securityContext.group_id | quote }} + {{- if .Values.config.env }} + {{- range $key,$value := .Values.config.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + {{- if eq .Values.flavor "small" }} + - name: MAX_HEAP_SIZE + value: {{ .Values.small.maxHeapSize | quote }} + {{- else if eq .Values.flavor "large" }} + - name: MAX_HEAP_SIZE + value: {{ .Values.large.maxHeapSize | quote }} + {{- end }} - name: INTERNAL_PORT_1 - value: {{ .Values.service.internalPort | quote }} + value: {{ .Values.service.appPort | quote }} - name: INTERNAL_PORT_2 - value: {{ .Values.service.internalPort2 | quote }} + value: {{ .Values.service.debugPort | quote }} - name: INTERNAL_PORT_3 - value: {{ .Values.service.internalPort3 | quote }} + value: {{ .Values.service.actuatorPort | quote }} + - name: BOOTSTRAP_SERVERS + value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - name: JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }} + key: sasl.jaas.config + {{- if .Values.config.profiling.enabled }} + - name: PRE_JVM_ARGS + value: '{{ join " " .Values.config.profiling.args }}' + {{- end }} + {{- if .Values.config.debug.enabled }} + - name: POST_JVM_ARGS + value: {{ .Values.config.debug.args | quote }} + {{- end }} volumeMounts: - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties name: config subPath: janusgraph-realtime.properties - - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: config - subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties name: properties subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES name: logs + - mountPath: /opt/app/aai-graphadmin/logs + name: script-logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml name: config subPath: logback.xml @@ -142,13 +138,21 @@ spec: - mountPath: /opt/app/aai-graphadmin/resources/application.properties name: properties subPath: application.properties + - mountPath: /tmp + name: tmp-volume ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - containerPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - - containerPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.portName3 }} + - containerPort: {{ .Values.service.appPort }} + name: {{ .Values.service.appPortName }} + {{- if .Values.config.debug.enabled }} + - containerPort: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} + {{- end }} + {{- if .Values.config.profiling.enabled }} + - containerPort: {{ .Values.service.profilingPort }} + name: {{ .Values.service.profilingPortName }} + {{- end }} + - containerPort: {{ .Values.service.actuatorPort }} + name: {{ .Values.service.actuatorPortName }} lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. @@ -158,23 +162,36 @@ spec: - sh - -c - | - while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) - do sleep 10 + while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) do + echo "Still active connections. Waiting for active requests to be finished" + sleep 3 done - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} + # disable liveness probe when + # debugging.enabled=true or profiling.enabled=true + {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }} livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + httpGet: + port: {{ .Values.service.actuatorPort }} + path: {{ .Values.liveness.path }} + {{- if .Values.liveness.initialDelaySeconds }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + {{- end }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} + {{- end }} readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + httpGet: + port: {{ .Values.service.actuatorPort }} + path: {{ .Values.readiness.path }} + {{- if .Values.readiness.initialDelaySeconds }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + {{- end }} periodSeconds: {{ .Values.readiness.periodSeconds }} + startupProbe: + httpGet: + port: {{ .Values.service.actuatorPort }} + path: {{ .Values.startup.path }} + failureThreshold: {{ .Values.startup.failureThreshold }} + periodSeconds: {{ .Values.startup.periodSeconds }} resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -189,8 +206,12 @@ spec: {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: tmp-volume + emptyDir: {} - name: logs emptyDir: {} + - name: script-logs + emptyDir: {} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: config configMap: diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml index c949f7dbf8..3f0c4e11e5 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -60,7 +60,7 @@ spec: name: {{ include "common.name" . }} spec: initContainers: - {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + {{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} - command: - /bin/bash - -c @@ -95,11 +95,6 @@ spec: echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} bash docker-entrypoint.sh dataSnapshot.sh; {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} - env: - - name: LOCAL_USER_ID - value: {{ .Values.securityContext.user_id | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.securityContext.group_id | quote }} volumeMounts: - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots name: snapshots diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 5046b0c06b..e67479a1d5 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -55,33 +55,13 @@ spec: name: {{ include "common.name" . }} spec: initContainers: - - command: - - /app/ready.py - args: - - --service-name - - {{ .Values.global.cassandra.serviceName }} - - --service-name - - aai-schema-service - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled) | indent 6 | trim }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} command: - sh args: @@ -89,20 +69,22 @@ spec: - | {{- if include "common.onServiceMesh" . }} echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - bash docker-entrypoint.sh createDBSchema.sh; + sh docker-entrypoint.sh createDBSchema.sh; {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - - name: LOCAL_USER_ID - value: {{ .Values.securityContext.user_id | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.securityContext.group_id | quote }} + {{- if .Values.config.debug.enabled }} + - name: JVM_OPTS + value: {{ .Values.config.debug.args | quote }} + {{- end }} + ports: + {{- if .Values.config.debug.enabled }} + - containerPort: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} + {{- end }} volumeMounts: - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties name: config subPath: janusgraph-realtime.properties - - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: config - subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties name: properties subPath: aaiconfig.properties @@ -128,7 +110,8 @@ spec: volumes: {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: logs - emptyDir: {} + emptyDir: + sizeLimit: 64Mi - name: config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 92474032b1..4ec2306eca 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -88,21 +88,13 @@ spec: args: - -c - | - bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'` - env: - - name: LOCAL_USER_ID - value: {{ .Values.securityContext.user_id | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.securityContext.group_id | quote }} + sh docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'` volumeMounts: - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties name: config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots name: snapshots - - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: config - subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties name: properties subPath: aaiconfig.properties @@ -131,20 +123,12 @@ spec: - | {{- if include "common.onServiceMesh" . }} echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ; + sh docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ; {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} - env: - - name: LOCAL_USER_ID - value: {{ .Values.securityContext.user_id | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.securityContext.group_id | quote }} volumeMounts: - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties name: config subPath: janusgraph-realtime.properties - - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: config - subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties name: properties subPath: aaiconfig.properties @@ -207,7 +191,7 @@ spec: name: {{ include "common.name" . }} spec: initContainers: - {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + {{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} - command: - /bin/bash - -c @@ -240,13 +224,8 @@ spec: - | {{- if include "common.onServiceMesh" . }} echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - bash docker-entrypoint.sh dataSnapshot.sh + sh docker-entrypoint.sh dataSnapshot.sh {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} - env: - - name: LOCAL_USER_ID - value: {{ .Values.securityContext.user_id | quote }} - - name: LOCAL_GROUP_ID - value: {{ .Values.securityContext.group_id | quote }} volumeMounts: - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots name: snapshots diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml index e3f7569767..16924e9d5c 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml @@ -35,28 +35,28 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} + - port: {{ .Values.service.appPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - targetPort: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.appPortName }} + targetPort: {{ .Values.service.appPortName }} + - port: {{ .Values.service.debugPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - targetPort: {{ .Values.service.portName2 }} - - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.debugPortName }} + targetPort: {{ .Values.service.debugPortName }} + - port: {{ .Values.service.actuatorPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: {{ .Values.service.portName3 }} - targetPort: {{ .Values.service.portName3 }} + name: {{ .Values.service.actuatorPortName }} + targetPort: {{ .Values.service.actuatorPortName }} {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - targetPort: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - targetPort: {{ .Values.service.portName2 }} - - port: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.portName3 }} - targetPort: {{ .Values.service.portName }} + - port: {{ .Values.service.appPort }} + name: {{ .Values.service.appPortName }} + targetPort: {{ .Values.service.appPortName }} + - port: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} + targetPort: {{ .Values.service.debugPortName }} + - port: {{ .Values.service.actuatorPort }} + name: {{ .Values.service.actuatorPortName }} + targetPort: {{ .Values.service.appPort }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 8b6b5f906a..dd95c8b67a 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -25,11 +25,15 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 + kafkaBootstrap: strimzi-kafka-bootstrap + aaiGraphKafkaUser: aai-graph-kafka-user cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. localCluster: false # flag to enable the DB creation via k8ssandra-operator useOperator: true + #Cassandra datacenter name + localDataCenter: dc1 initContainers: enabled: true jobs: @@ -39,26 +43,24 @@ global: # global defaults #migration using helm hooks migration: enabled: false + duplicates: + enabled: false config: - # Specifies that the cluster connected to a dynamic # cluster being spinned up by kubernetes deployment cluster: cassandra: dynamic: true - # Specifies if the basic authorization is enabled basic: auth: enabled: true username: AAI passwd: AAI - # Notification event specific properties notification: eventType: AAI-EVENT domain: dev - # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth @@ -79,11 +81,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v28 + default: v29 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 # Specifies from which version related link should appear related: link: v11 @@ -96,19 +98,22 @@ global: # global defaults # Specifies from which version the edge label appeared in API edge: label: v12 - # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1 # application image -image: onap/aai-graphadmin:1.12.3 +image: onap/aai-graphadmin:1.14.7 pullPolicy: Always restartPolicy: Always flavor: small -flavorOverride: small + # default number of instances replicaCount: 1 + +# number of ReplicaSets that should be retained for the Deployment +revisionHistoryLimit: 2 + # the minimum number of seconds that a newly created Pod should be ready minReadySeconds: 30 updateStrategy: @@ -120,27 +125,31 @@ updateStrategy: # Configuration for the graphadmin deployment config: - # Specify the profiles for the graphadmin microservice profiles: - - active: dmaap - + active: kafka + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}' + someConfig: graphrandom # Specifies the timeout limit for the REST API requests timeout: enabled: true limit: 180000 - + janusgraph: + # temporarily enable this to update the graph storage version + # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9 + allowUpgrade: true + # config override for the cassandra driver + # see: https://docs.janusgraph.org/master/configs/configuration-reference/#storagecqlinternal + cassandraDriver: + configuration: advanced.metadata.schema.debouncer.window = 1 second # Default maximum records to fix for the data grooming and dupeTool maxFix: dataGrooming: 150 dupeTool: 25 - # Default number of sleep minutes for dataGrooming and dupeTool sleepMinutes: dataGrooming: 7 dupeTool: 7 - # Cron specific attributes to be triggered for the graphadmin spring cron tasks cron: # Specifies that the data grooming tool which runs duplicates should be enabled @@ -150,10 +159,8 @@ config: dataSnapshot: enabled: true params: JUST_TAKE_SNAPSHOT - # Data cleanup which zips snapshots older than x days and deletes older than y days dataCleanup: - dataGrooming: enabled: true # Zips up the dataGrooming files older than 5 days @@ -172,7 +179,21 @@ config: lock: uri: enabled: false - + # adds jvm args for remote debugging the application + debug: + enabled: false + args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" + # adds jvm args for remote profiling the application + profiling: + enabled: false + args: + - "-Dcom.sun.management.jmxremote" + - "-Dcom.sun.management.jmxremote.ssl=false" + - "-Dcom.sun.management.jmxremote.authenticate=false" + - "-Dcom.sun.management.jmxremote.local.only=false" + - "-Dcom.sun.management.jmxremote.port=9999" + - "-Dcom.sun.management.jmxremote.rmi.port=9999" + - "-Djava.rmi.server.hostname=127.0.0.1" nodeSelector: {} @@ -180,26 +201,40 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 60 - periodSeconds: 60 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false + enabled: true + path: /actuator/health/liveness + periodSeconds: 10 readiness: - initialDelaySeconds: 60 + path: /actuator/health/readiness periodSeconds: 10 +startup: + path: /actuator/health/liveness + failureThreshold: 60 + periodSeconds: 5 + +readinessCheck: + waitForWithCreateSchemaEnabled: + jobs: + - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema' + waitForWithCreateSchemaDisabled: + services: + - '{{ .Values.global.cassandra.serviceName }}' + - aai-schema-service + service: type: ClusterIP # REST API port for the graphadmin microservice - portName: http - internalPort: 8449 - portName2: tcp-5005 - internalPort2: 5005 - portName3: http-graphadmin - internalPort3: 8448 - terminationGracePeriodSeconds: 120 + appPortName: http + appPort: 8449 + debugPortName: tcp-5005 + debugPort: 5005 + profilingPortName: jxm-9999 + profilingPort: 9999 + actuatorPortName: http-graphadmin + actuatorPort: 8448 + terminationGracePeriodSeconds: 45 ingress: enabled: false @@ -257,12 +292,19 @@ resources: memory: "8Gi" requests: cpu: "1" - memory: "3.2Gi" + memory: "4Gi" unlimited: {} +# define the heap size for the JVM +# according to the resource flavor +small: + maxHeapSize: "1g" +large: + maxHeapSize: "5g" + metrics: serviceMonitor: - enabled: false + enabled: true targetPort: 8448 path: /actuator/prometheus basicAuth: @@ -280,8 +322,8 @@ metrics: # Not fully used for now securityContext: - user_id: 1000 - group_id: 1000 + user_id: 65534 + group_id: 65534 #Pods Service Account serviceAccount: @@ -291,4 +333,32 @@ serviceAccount: #Log configuration log: path: /var/log/onap + level: + root: INFO + base: INFO logConfigMapNamePrefix: '{{ include "common.fullname" . }}' + +#DupeTool cronjob parameters +dupeToolParams: + schedule: "0 8 * * *" + userId: "am8383 " + nodeType: "complex" + timeWindowMinutes: 60 + autoFix: true +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: aai-graph-kafka-user + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: AAI-EVENT + type: topic + operations: [Read, Write] diff --git a/kubernetes/aai/components/aai-modelloader/Chart.yaml b/kubernetes/aai/components/aai-modelloader/Chart.yaml index 123da099a5..5ce5902869 100644 --- a/kubernetes/aai/components/aai-modelloader/Chart.yaml +++ b/kubernetes/aai/components/aai-modelloader/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP AAI modelloader name: aai-modelloader -version: 13.0.0 +version: 14.0.1 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml index 129af8f2ac..dd8da5951a 100644 --- a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml +++ b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml @@ -163,10 +163,9 @@ <logger name="ch.qos.logback.classic" level="WARN" /> <logger name="ch.qos.logback.core" level="WARN" /> - <root> + <root level={{ .Values.log.level.root | upper | quote }}> <appender-ref ref="asyncEELF" /> <appender-ref ref="AsyncSysOut" /> - <!-- <appender-ref ref="asyncEELFDebug" /> --> </root> </configuration> diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index 8dee92f77e..486ffbaa49 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -34,7 +34,12 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: + {{- if .Values.debug.enabled }} + replicas: 1 + {{- else }} replicas: {{ .Values.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} strategy: type: {{ .Values.updateStrategy.type }} {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} @@ -76,6 +81,25 @@ spec: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config + {{- if .Values.profiling.enabled }} + - name: JVM_ARGS + value: '{{ join " " .Values.profiling.args }}' + {{- end }} + {{- if .Values.debug.enabled }} + - name: JVM_ARGS + value: {{ .Values.debug.args | quote }} + {{- end }} + ports: + - containerPort: 9500 + name: http + {{- if .Values.debug.enabled }} + - containerPort: {{ .Values.debug.port }} + name: {{ .Values.debug.portName }} + {{- end }} + {{- if .Values.profiling.enabled }} + - containerPort: {{ .Values.profiling.port }} + name: {{ .Values.profiling.portName }} + {{- end }} volumeMounts: - mountPath: /opt/app/model-loader/config/model-loader.properties subPath: model-loader.properties diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/configmap.yaml b/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml index 2dafcc381e..1eb564ed72 100644 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright 2018 Intel Corporation, Inc +# Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,19 +14,21 @@ # limitations under the License. */}} -{{- if .Values.global.alertmanager.enabled -}} - -apiVersion: v1 -kind: ConfigMap +{{- if .Values.metrics.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor metadata: name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{- end -}} + {{- include "common.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + podMetricsEndpoints: + - port: {{ .Values.metrics.podMonitor.port }} + path: {{ .Values.metrics.podMonitor.path }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index ab3d8646c2..b28989c78f 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -21,7 +21,7 @@ global: # global defaults nodePortPrefix: 302 # application image -image: onap/model-loader:1.13.6 +image: onap/model-loader:1.14.2 pullPolicy: Always restartPolicy: Always flavor: small @@ -41,11 +41,36 @@ kafkaUser: # default number of instances replicaCount: 1 +# number of ReplicaSets that should be retained for the Deployment +revisionHistoryLimit: 2 + updateStrategy: type: RollingUpdate maxUnavailable: 0 maxSurge: 1 +# adds jvm args for remote debugging the application +debug: + enabled: false + args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" + port: 5005 + portName: debug + +# adds jvm args for remote profiling the application +profiling: + enabled: false + args: + - "-Dcom.sun.management.jmxremote" + - "-Dcom.sun.management.jmxremote.ssl=false" + - "-Dcom.sun.management.jmxremote.authenticate=false" + - "-Dcom.sun.management.jmxremote.local.only=false" + - "-Dcom.sun.management.jmxremote.port=9999" + - "-Dcom.sun.management.jmxremote.rmi.port=9999" + - "-Djava.rmi.server.hostname=127.0.0.1" + port: 9999 + portName: jmx + + nodeSelector: {} affinity: {} @@ -88,6 +113,12 @@ tracing: ignorePatterns: - /aai/util.* +metrics: + podMonitor: + enabled: true + port: http + path: /actuator/prometheus + #Pods Service Account serviceAccount: nameOverride: aai-modelloader @@ -102,4 +133,6 @@ securityContext: #Log configuration log: path: /var/log/onap + level: + root: INFO logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-resources/.helmignore b/kubernetes/aai/components/aai-resources/.helmignore index daebc7da77..f0c1319444 100644 --- a/kubernetes/aai/components/aai-resources/.helmignore +++ b/kubernetes/aai/components/aai-resources/.helmignore @@ -1,21 +1,21 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-resources/Chart.yaml b/kubernetes/aai/components/aai-resources/Chart.yaml index 3594492675..c67329d234 100644 --- a/kubernetes/aai/components/aai-resources/Chart.yaml +++ b/kubernetes/aai/components/aai-resources/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP AAI resources name: aai-resources -version: 13.0.1 +version: 14.0.2 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties index adabae3ac7..0f6f2923af 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties @@ -5,7 +5,7 @@ # ================================================================================ # Copyright © 2017 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2020 Orange -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -97,4 +97,4 @@ aai.graph.checker.task.enabled=true aai.graph.checker.task.delay=5 # Period, in seconds, between two consecutive executions of the scheduled task, if enabled -aai.graph.checker.task.period=10
\ No newline at end of file +aai.graph.checker.task.period=10 diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 1b7bdf8ff6..5762460a02 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -58,8 +58,15 @@ server.ssl.enabled=false # JMS bind address host port jms.bind.address=tcp://localhost:61647 -dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3904 -dmaap.ribbon.transportType=http + +# dmaap is deprecated now kafka is used +spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS} +spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT +spring.kafka.producer.properties.sasl.mechanism=SCRAM-SHA-512 +spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer +spring.kafka.producer.value-serializer=org.apache.kafka.common.serialization.StringSerializer +spring.kafka.producer.properties.sasl.jaas.config=${JAAS_CONFIG} +spring.kafka.producer.retries=3 # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema diff --git a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties index 4835560665..36940a8921 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties @@ -15,9 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= -# -# ECOMP is a trademark and service mark of AT&T Intellectual Property. -# */}} query.fast-property=true @@ -27,40 +24,31 @@ query.smart-limit=false storage.backend=cql storage.hostname={{.Values.global.cassandra.serviceName}} -storage.cql.keyspace=aaigraph storage.username={{.Values.global.cassandra.username}} storage.password={{.Values.global.cassandra.password}} +storage.cql.keyspace=aaigraph +storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }} storage.cql.read-consistency-level=LOCAL_QUORUM storage.cql.write-consistency-level=LOCAL_QUORUM storage.cql.replication-factor={{.Values.global.cassandra.replicas}} storage.cql.only-use-local-consistency-for-system-operations=true +{{ if .Values.global.cassandra.partitionerName }} +storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }} +{{ end }} + {{ else }} {{ if .Values.global.config.storage }} storage.backend={{ .Values.global.config.storage.backend }} -{{ if eq .Values.global.config.storage.backend "cassandra" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.cassandra.keyspace={{ .Values.global.config.storage.name }} - -storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} -storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} -storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} -storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} -storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ else if eq .Values.global.config.storage.backend "cql" }} +{{ if eq .Values.global.config.storage.backend "cql" }} storage.hostname={{ .Values.global.config.storage.hostname }} storage.cql.keyspace={{ .Values.global.config.storage.name }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} @@ -104,3 +92,7 @@ cache.db-cache-clean-wait={{ .Values.config.janusgraph.caching.dbCacheCleanWait #load graphson file on startup load.snapshot.file=false + +{{ if .Values.config.janusgraph.allowUpgrade }} +graph.allow-upgrade=true +{{ end }} diff --git a/kubernetes/aai/components/aai-resources/resources/config/logback.xml b/kubernetes/aai/components/aai-resources/resources/config/logback.xml index b52318500d..441539361f 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-resources/resources/config/logback.xml @@ -196,14 +196,14 @@ <appender-ref ref="translog"/> </appender> - <appender name="dmaapAAIEventConsumer" + <appender name="kafkaAAIEventConsumer" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> <level>WARN</level> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/error.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}.zip + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/error.log.%d{yyyy-MM-dd}.zip </fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> @@ -214,16 +214,16 @@ </appender> - <appender name="dmaapAAIEventConsumerDebug" + <appender name="kafkaAAIEventConsumerDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>DEBUG</level> <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/debug.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}.zip + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/debug.log.%d{yyyy-MM-dd}.zip </fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> @@ -232,16 +232,16 @@ <pattern>${debugPattern}</pattern> </encoder> </appender> - <appender name="dmaapAAIEventConsumerInfo" + <appender name="kafkaAAIEventConsumerInfo" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>INFO</level> <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/kafka-transaction.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd}.zip + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/kafka-transaction.log.%d{yyyy-MM-dd}.zip </fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> @@ -250,16 +250,16 @@ <pattern>${auditPattern}</pattern> </encoder> </appender> - <appender name="dmaapAAIEventConsumerMetric" + <appender name="kafkaAAIEventConsumerMetric" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>INFO</level> <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/metrics.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}.zip + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}.zip </fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> @@ -363,7 +363,7 @@ <logger name="org.zookeeper" level="OFF" /> - <logger name="org.onap.aai" level="DEBUG" additivity="false"> + <logger name="org.onap.aai" level={{ .Values.log.level.base | upper | quote }} additivity="false"> <if condition='property("logToFileEnabled").contains("true")'> <then> <appender-ref ref="asyncDEBUG"/> @@ -395,13 +395,13 @@ <appender-ref ref="asyncMETRIC"/> </logger> <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO"> - <appender-ref ref="dmaapAAIEventConsumerMetric"/> + <appender-ref ref="kafkaAAIEventConsumerMetric"/> </logger> <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN"> <appender-ref ref="asyncERROR"/> </logger> <logger name="com.att.nsa.mr" level="INFO"> - <appender-ref ref="dmaapAAIEventConsumerInfo"/> + <appender-ref ref="kafkaAAIEventConsumerInfo"/> </logger> </then> </if> @@ -415,17 +415,17 @@ <appender-ref ref="STDOUT"/> </logger> - <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false"> + <logger name="org.onap.aai.kafka" level="DEBUG" additivity="false"> <if condition='property("logToFileEnabled").contains("true")'> <then> - <appender-ref ref="dmaapAAIEventConsumer"/> - <appender-ref ref="dmaapAAIEventConsumerDebug"/> + <appender-ref ref="kafkaAAIEventConsumer"/> + <appender-ref ref="kafkaAAIEventConsumerDebug"/> </then> </if> <appender-ref ref="STDOUT"/> </logger> - <root level="DEBUG"> + <root level={{ .Values.log.level.root | upper | quote }}> <if condition='property("logToFileEnabled").contains("true")'> <then> <appender-ref ref="external"/> diff --git a/kubernetes/msb/components/msb-eag/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml index 62bbf4272a..6b703e7cdd 100644 --- a/kubernetes/msb/components/msb-eag/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Copyright © 2021 Orange +# Copyright © 2022-23 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,11 +13,20 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: ConfigMap +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser metadata: - name: {{ include "common.fullname" . }}-log - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} - + name: {{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: scram-sha-512 + authorization: + type: simple + acls: + - resource: + type: topic + name: AAI-EVENT + operations: + - All diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 122e522bb1..f00cb99d21 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -36,6 +36,7 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} minReadySeconds: {{ .Values.minReadySeconds }} strategy: type: {{ .Values.updateStrategy.type }} @@ -130,13 +131,6 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - | - echo "*** actual launch of AAI Resources" - /bin/bash /opt/app/aai-resources/docker-entrypoint.sh env: {{- if .Values.config.env }} {{- range $key,$value := .Values.config.env }} @@ -157,11 +151,18 @@ spec: - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - name: INTERNAL_PORT_1 - value: {{ .Values.service.internalPort | quote }} + value: {{ .Values.service.resourcesPort | quote }} - name: INTERNAL_PORT_2 - value: {{ .Values.service.internalPort2 | quote }} + value: {{ .Values.service.debugPort | quote }} - name: INTERNAL_PORT_3 - value: {{ .Values.service.internalPort3 | quote }} + value: {{ .Values.service.metricsPort | quote }} + - name: BOOTSTRAP_SERVERS + value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - name: JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }} + key: sasl.jaas.config volumeMounts: - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties name: {{ include "common.fullname" . }}-config @@ -190,19 +191,18 @@ spec: name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + - containerPort: {{ .Values.service.resourcesPort }} + name: {{ .Values.service.resourcesPortName }} {{- if .Values.config.debug.enabled }} - - containerPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} + - containerPort: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} {{- end }} - - containerPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.portName3 }} + - containerPort: {{ .Values.service.metricsPort }} + name: {{ .Values.service.metricsPortName }} {{- if .Values.config.profiling.enabled }} - - containerPort: {{ .Values.service.internalPort4 }} - name: {{ .Values.service.portName4 }} + - containerPort: {{ .Values.service.profilingPort }} + name: {{ .Values.service.profilingPortName }} {{- end }} - lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. @@ -212,16 +212,16 @@ spec: - sh - -c - | - while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) - do sleep 10 + while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1) + do sleep 3 done - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if .Values.liveness.enabled }} + # disable liveness probe when + # debugging.enable=true or profiling.enabled=true + {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }} livenessProbe: httpGet: path: /aai/util/echo?action=checkDB - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.resourcesPort }} scheme: HTTP httpHeaders: - name: X-FromAppId @@ -236,7 +236,7 @@ spec: readinessProbe: httpGet: path: /aai/util/echo?action=checkDB - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.resourcesPort }} scheme: HTTP httpHeaders: - name: X-FromAppId diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index 0613129aac..308dc052c8 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -29,28 +29,30 @@ spec: type: {{ .Values.service.type }} ports: {{ if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} + - port: {{ .Values.service.resourcesPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - targetPort: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.resourcesPortName }} + targetPort: {{ .Values.service.resourcesPortName }} + - port: {{ .Values.service.debugPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - targetPort: {{ .Values.service.portName2 }} - - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.debugPortName }} + targetPort: {{ .Values.service.debugPortName }} + - port: {{ .Values.service.metricsPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: {{ .Values.service.portName3 }} - targetPort: {{ .Values.service.portName3 }} + name: {{ .Values.service.metricsPortName }} + targetPort: {{ .Values.service.metricsPortName }} {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - targetPort: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - targetPort: {{ .Values.service.portName2 }} - - port: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.portName3 }} - targetPort: {{ .Values.service.portName3 }} + - port: {{ .Values.service.resourcesPort }} + name: {{ .Values.service.resourcesPortName }} + targetPort: {{ .Values.service.resourcesPortName }} + {{- if .Values.config.debug.enabled }} + - port: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} + targetPort: {{ .Values.service.debugPortName }} + {{- end }} + - port: {{ .Values.service.metricsPort }} + name: {{ .Values.service.metricsPortName }} + targetPort: {{ .Values.service.metricsPortName }} {{- end }} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index b1d32028c2..630c88a244 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -20,6 +20,8 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 + kafkaBootstrap: strimzi-kafka-bootstrap + aaiKafkaUser: aai-kafka-user cassandra: #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. @@ -50,7 +52,7 @@ global: # global defaults # Active spring profiles for the resources microservice profiles: - active: production,dmaap + active: production,kafka # Notification event specific properties notification: @@ -75,11 +77,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v28 + default: v29 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 # Specifies from which version related link should appear related: link: v11 @@ -96,7 +98,6 @@ global: # global defaults # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete - api_list: - 11 - 12 @@ -107,6 +108,16 @@ api_list: - 17 - 18 - 19 + - 20 + - 21 + - 22 + - 23 + - 24 + - 25 + - 26 + - 27 + - 28 + - 29 aai_enpoints: - name: aai-cloudInfrastructure @@ -123,13 +134,17 @@ aai_enpoints: url: external-system # application image -image: onap/aai-resources:1.13.0 +image: onap/aai-resources:1.14.7 pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small # default number of instances replicaCount: 1 + +# number of ReplicaSets that should be retained for the Deployment +revisionHistoryLimit: 2 + # the minimum number of seconds that a newly created Pod should be ready minReadySeconds: 30 updateStrategy: @@ -160,11 +175,15 @@ config: # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache # modifications to graph done by other services (traversal) will only be visible # after time specified in db-cache-time - enabled: false + enabled: true # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching dbCacheTime: 180000 # in milliseconds dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running dbCacheCleanWait: 20 # in milliseconds + # temporarily enable this to update the graph storage version + # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9 + allowUpgrade: true + # Specifies crud related operation timeouts and overrides @@ -190,7 +209,7 @@ config: # environment variables added to the launch of the image in deployment env: MIN_HEAP_SIZE: "512m" - MAX_HEAP_SIZE: "1024m" + MAX_HEAP_SIZE: "2g" MAX_METASPACE_SIZE: "512m" # adds jvm args for remote debugging the application @@ -222,9 +241,7 @@ affinity: {} liveness: initialDelaySeconds: 60 periodSeconds: 60 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false + enabled: true readiness: initialDelaySeconds: 60 @@ -232,13 +249,15 @@ readiness: service: type: ClusterIP - portName: http - internalPort: 8447 - portName2: tcp-5005 - internalPort2: 5005 - portName3: http-resources - internalPort3: 8448 - terminationGracePeriodSeconds: 120 + resourcesPortName: http + resourcesPort: 8447 + debugPortName: tcp-5005 + debugPort: 5005 + metricsPortName: metrics + metricsPort: 8448 + profilingPortName: jmx-9999 + profilingPort: 9999 + terminationGracePeriodSeconds: 30 sessionAffinity: None ingress: @@ -260,13 +279,6 @@ serviceMesh: # ref: http://kubernetes.io/docs/user-guide/compute-resources/ # Minimum memory for development is 2 CPU cores and 4GB memory # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: "2" -# memory: "4Gi" -# requests: -# cpu: "2" -# memory: "4Gi" resources: small: limits: @@ -277,10 +289,10 @@ resources: memory: "3Gi" large: limits: - cpu: "4" - memory: "8Gi" + cpu: "8" + memory: "12Gi" requests: - cpu: "2" + cpu: "4" memory: "6Gi" unlimited: {} @@ -360,6 +372,9 @@ serviceAccount: #Log configuration log: path: /var/log/onap + level: + root: DEBUG + base: DEBUG # base package (org.onap.aai) logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # To make logback capping values configurable @@ -374,3 +389,20 @@ accessLogback: logToFileEnabled: false maxHistory: 7 totalSizeCap: 1GB +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: aai-kafka-user + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: AAI-EVENT + type: topic + operations: [Read, Write] diff --git a/kubernetes/aai/components/aai-schema-service/.helmignore b/kubernetes/aai/components/aai-schema-service/.helmignore index daebc7da77..f0c1319444 100644 --- a/kubernetes/aai/components/aai-schema-service/.helmignore +++ b/kubernetes/aai/components/aai-schema-service/.helmignore @@ -1,21 +1,21 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-schema-service/Chart.yaml b/kubernetes/aai/components/aai-schema-service/Chart.yaml index 3860826d1b..47064859d5 100644 --- a/kubernetes/aai/components/aai-schema-service/Chart.yaml +++ b/kubernetes/aai/components/aai-schema-service/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP AAI Schema Service name: aai-schema-service -version: 13.0.0 +version: 14.0.2 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties index 4c620a0028..1cd6335585 100644 --- a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties @@ -4,7 +4,7 @@ # org.onap.aai # ================================================================================ # Copyright © 2019 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties index 20dc6bc520..5d55923021 100644 --- a/kubernetes/aai/components/aai-schema-service/config/application.properties +++ b/kubernetes/aai/components/aai-schema-service/config/application.properties @@ -1,6 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index 0ecc2b2d80..d4041bed57 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -35,6 +35,7 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} strategy: type: {{ .Values.updateStrategy.type }} {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} @@ -69,6 +70,14 @@ spec: value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.securityContext.group_id | quote }} + {{- if .Values.profiling.enabled }} + - name: PRE_JVM_ARGS + value: '{{ join " " .Values.profiling.args }}' + {{- end }} + {{- if .Values.debug.enabled }} + - name: POST_JAVA_OPTS + value: {{ .Values.debug.args | quote }} + {{- end }} volumeMounts: - mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties name: aaiconfig-conf @@ -88,22 +97,28 @@ spec: name: springapp-conf subPath: application.properties ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - containerPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} + - containerPort: {{ .Values.service.appPort }} + name: {{ .Values.service.appPortName }} + {{- if .Values.debug.enabled }} + - containerPort: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} + {{- end }} + {{- if .Values.profiling.enabled }} + - containerPort: {{ .Values.service.profilingPort }} + name: {{ .Values.service.profilingPortName }} + {{- end }} + # disable liveness probe when + # debugging.enabled=true or profiling.enabled=true + {{- if and .Values.liveness.enabled (not (or .Values.debug.enabled .Values.profiling.enabled)) }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.appPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.appPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: {{ include "common.resources" . | nindent 10 }} diff --git a/kubernetes/aai/components/aai-schema-service/templates/service.yaml b/kubernetes/aai/components/aai-schema-service/templates/service.yaml index 79f01d6638..412b62c6fe 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/service.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/service.yaml @@ -29,21 +29,21 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} + - port: {{ .Values.service.appPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - targetPort: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.appPortName }} + targetPort: {{ .Values.service.appPortName }} + - port: {{ .Values.service.debugPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - targetPort: {{ .Values.service.portName2 }} + name: {{ .Values.service.debugPortName }} + targetPort: {{ .Values.service.debugPortName }} {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - targetPort: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - targetPort: {{ .Values.service.portName2 }} + - port: {{ .Values.service.appPort }} + name: {{ .Values.service.appPortName }} + targetPort: {{ .Values.service.appPortName }} + - port: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} + targetPort: {{ .Values.service.debugPortName }} {{- end }} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index ccda86dc0d..12dfaea091 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -41,11 +41,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v28 + default: v29 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 # Specifies from which version related link should appear related: link: v11 @@ -60,13 +60,33 @@ global: # global defaults label: v12 # application image -image: onap/aai-schema-service:1.12.3 +image: onap/aai-schema-service:1.12.5 pullPolicy: Always restartPolicy: Always flavorOverride: small # default number of instances replicaCount: 1 +# adds jvm args for remote debugging the application +debug: + enabled: false + args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" + +# adds jvm args for remote profiling the application +profiling: + enabled: false + args: + - "-Dcom.sun.management.jmxremote" + - "-Dcom.sun.management.jmxremote.ssl=false" + - "-Dcom.sun.management.jmxremote.authenticate=false" + - "-Dcom.sun.management.jmxremote.local.only=false" + - "-Dcom.sun.management.jmxremote.port=9999" + - "-Dcom.sun.management.jmxremote.rmi.port=9999" + - "-Djava.rmi.server.hostname=127.0.0.1" + +# number of ReplicaSets that should be retained for the Deployment +revisionHistoryLimit: 2 + updateStrategy: type: RollingUpdate maxUnavailable: 0 @@ -90,10 +110,12 @@ readiness: service: type: ClusterIP - portName: http - internalPort: 8452 - portName2: tcp-5005 - internalPort2: 5005 + appPortName: http + appPort: 8452 + debugPortName: tcp-5005 + debugPort: 5005 + profilingPortName: jmx-9999 + profilingPort: 9999 ingress: enabled: false diff --git a/kubernetes/aai/components/aai-sparky-be/.helmignore b/kubernetes/aai/components/aai-sparky-be/.helmignore index daebc7da77..f0c1319444 100644 --- a/kubernetes/aai/components/aai-sparky-be/.helmignore +++ b/kubernetes/aai/components/aai-sparky-be/.helmignore @@ -1,21 +1,21 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-sparky-be/Chart.yaml b/kubernetes/aai/components/aai-sparky-be/Chart.yaml index a057002f57..5f05c6d428 100644 --- a/kubernetes/aai/components/aai-sparky-be/Chart.yaml +++ b/kubernetes/aai/components/aai-sparky-be/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP AAI sparky-be name: aai-sparky-be -version: 13.0.0 +version: 14.0.0 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties index 178adb80b3..79f48da2aa 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties @@ -1,6 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties index e9ed63e76e..e0cf24c40b 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties @@ -1,6 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +19,3 @@ resources.hostname=aai resources.port=80 resources.authType=HTTP_NOAUTH - diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties index c6e1baac2a..68e1141cb3 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties @@ -1,5 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,4 +16,3 @@ server.port=8000 security.require-ssl=false server.ssl.enabled=false - diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties index b5ad6b3f4a..41c41d29b1 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties @@ -1,5 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,3 +30,55 @@ searchservice.hostname={{.Values.global.searchData.serviceName}} searchservice.port=9509 schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties + +# Properties for the SchemaLocationsBean +# Files named aai_oxm_v*.xml are unpacked here: +# Schema Version Related Attributes +schema.uri.base.path=/aai +# Lists all of the versions in the schema +schema.version.list=v9,v10,v11,v12,v13,v14 +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start=v10 +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start=v10 +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start=v11 +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start=v12 +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start=v12 +# Specifies the version that the application should default to +schema.version.api.default=v14 +# Schema Location Related Attributes +schema.configuration.location=NA +# New propterties required by the aai-common - aai-schema-ingest lib as of 1.3.0 +schema.configuration.location=N/A +schema.nodes.location=${APP_HOME}/onap/oxm +schema.edges.location= +# Setting this values to ${oxm.apiVersion} only to ensure the value used exists (we don't use this properties in our application) +# schema.version.depth.start=${oxm.apiVersion} +# schema.version.related.link.start=${oxm.apiVersion} +# schema.version.app.root.start=${oxm.apiVersion} +# schema.version.namespace.change.start=${oxm.apiVersion} +# schema.version.edge.label.start=${oxm.apiVersion} +# Properties required by AAI Schema Service MS +schema.translator.list=config +schema.service.base.url=${oxm.schemaServiceBaseUrl} +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions +schema.local=true +schema.filename=mockrequests +#Default rest client is the two-way-ssl +#schema.service.client=two-way-ssl +#Replace the below with the A&AI client key store +schema.service.ssl.key-store=${oxm.schemaServiceKeystore} +#Replace the below with the A&AI tomcat trust store +schema.service.ssl.trust-store=${oxm.schemaServiceTruststore} +schema.service.ssl.key-store-password=${oxm.schemaServiceKeystorePassword} +schema.service.ssl.trust-store-password=${oxm.schemaServiceTruststorePassword} +spring.application.name=sparky +nodeDir=src/main/resources/schema/onap/oxm/ +edgeDir=src/main/resources/schema/onap/oxm +schemaIngestPropLoc=src/main/resources/schema/onap/oxm diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config index ce69e88918..093e7b01fa 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config @@ -1,20 +1,20 @@ -[{
- "orgId": null,
- "managerId": null,
- "firstName": "Demo",
- "middleInitial": null,
- "lastName": "User",
- "phone": null,
- "email": "demo@email.com",
- "hrid": null,
- "orgUserId": "demo",
- "orgCode": null,
- "orgManagerUserId": null,
- "jobTitle": null,
- "loginId": "demo",
- "active": false,
- "roles": [{
- "id": 1,
- "name": "View"
- }]
-}]
\ No newline at end of file +[{ + "orgId": null, + "managerId": null, + "firstName": "Demo", + "middleInitial": null, + "lastName": "User", + "phone": null, + "email": "demo@email.com", + "hrid": null, + "orgUserId": "demo", + "orgCode": null, + "orgManagerUserId": null, + "jobTitle": null, + "loginId": "demo", + "active": false, + "roles": [{ + "id": 1, + "name": "View" + }] +}] diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index f8813cdf69..3c0b4b9d92 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -23,6 +23,7 @@ metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} strategy: type: {{ .Values.updateStrategy.type }} {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} @@ -96,10 +97,34 @@ spec: - mountPath: /opt/app/sparky/config/logging/logback.xml name: config subPath: logback.xml - ports: {{ include "common.containerPorts" . | nindent 10 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} + ports: + {{- if .Values.debug.enabled }} + - containerPort: {{ .Values.debug.port }} + name: {{ .Values.debug.portName }} + {{- end }} + {{- if .Values.profiling.enabled }} + - containerPort: {{ .Values.profiling.port }} + name: {{ .Values.profiling.portName }} + {{- end }} + {{ include "common.containerPorts" . | nindent 10 }} + env: + {{- if .Values.config.env }} + {{- range $key,$value := .Values.config.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + {{- if .Values.profiling.enabled }} + - name: JVM_ARGS + value: '{{ join " " .Values.profiling.args }}' + {{- end }} + {{- if .Values.debug.enabled }} + - name: JVM_ARGS + value: {{ .Values.debug.args | quote }} + {{- end }} + # disable liveness probe when + # debugging.enabled=true or profiling.enabled=true + {{- if and .Values.liveness.enabled (not (or .Values.debug.enabled .Values.profiling.enabled)) }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 0a9de51e54..e017032b03 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -1,5 +1,5 @@ -# Copyright (c) 2018 Amdocs, Bell Canada, AT&T -# Modifications Copyright (c) 2020 Nokia, Orange +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 Nokia, Orange # Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -29,7 +29,7 @@ global: # global defaults serviceName: aai-search-data # application image -image: onap/sparky-be:2.0.3 +image: onap/sparky-be:2.0.5 pullPolicy: Always restartPolicy: Always flavor: small @@ -46,6 +46,8 @@ config: portalCookieName: UserId portalAppRoles: ui_view cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor + env: + JVM_ARGS: -XX:MaxRAMPercentage=50.0 # ONAP Cookie Processing - During initial development, the following flag, if true, will # prevent the portal interface's login processing from searching for a user @@ -53,9 +55,33 @@ config: portalOnapEnabled: true # +# adds jvm args for remote debugging the application +debug: + enabled: false + args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" + port: 5555 + portName: debug + +# adds jvm args for remote profiling the application +profiling: + enabled: false + args: + - "-Dcom.sun.management.jmxremote" + - "-Dcom.sun.management.jmxremote.ssl=false" + - "-Dcom.sun.management.jmxremote.authenticate=false" + - "-Dcom.sun.management.jmxremote.local.only=false" + - "-Dcom.sun.management.jmxremote.port=9999" + - "-Dcom.sun.management.jmxremote.rmi.port=9999" + - "-Djava.rmi.server.hostname=127.0.0.1" + port: 9999 + portName: jmx + # default number of instances replicaCount: 1 +# number of ReplicaSets that should be retained for the Deployment +revisionHistoryLimit: 2 + updateStrategy: type: RollingUpdate maxUnavailable: 0 diff --git a/kubernetes/aai/components/aai-traversal/.helmignore b/kubernetes/aai/components/aai-traversal/.helmignore index daebc7da77..f0c1319444 100644 --- a/kubernetes/aai/components/aai-traversal/.helmignore +++ b/kubernetes/aai/components/aai-traversal/.helmignore @@ -1,21 +1,21 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-traversal/Chart.yaml b/kubernetes/aai/components/aai-traversal/Chart.yaml index 8c77848368..3b2d8b819e 100644 --- a/kubernetes/aai/components/aai-traversal/Chart.yaml +++ b/kubernetes/aai/components/aai-traversal/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP AAI traversal name: aai-traversal -version: 13.0.0 +version: 14.0.2 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties index 559166ba8e..c844b3d194 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties @@ -5,7 +5,7 @@ # ================================================================================ # Copyright © 2017 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2020 Orange -# Modifications Copyright © 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index 276dbfe6d7..da2703dd41 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright © 2020 Orange -# Modifications Copyright � 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -49,8 +49,15 @@ server.ssl.enabled=false # JMS bind address host port jms.bind.address=tcp://localhost:61647 -dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3904 -dmaap.ribbon.transportType=http + +# dmaap is deprecated now kafka is used +spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS} +spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT +spring.kafka.producer.properties.sasl.mechanism=SCRAM-SHA-512 +spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer +spring.kafka.producer.value-serializer=org.apache.kafka.common.serialization.StringSerializer +spring.kafka.producer.properties.sasl.jaas.config=${JAAS_CONFIG} +spring.kafka.producer.retries=3 # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema @@ -105,4 +112,4 @@ management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms #Add common tag for grouping all aai related metrics management.metrics.tags.group_id=aai #It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584 -scrape.uri.metrics=false
\ No newline at end of file +scrape.uri.metrics=false diff --git a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties index 4835560665..36940a8921 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties @@ -15,9 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= -# -# ECOMP is a trademark and service mark of AT&T Intellectual Property. -# */}} query.fast-property=true @@ -27,40 +24,31 @@ query.smart-limit=false storage.backend=cql storage.hostname={{.Values.global.cassandra.serviceName}} -storage.cql.keyspace=aaigraph storage.username={{.Values.global.cassandra.username}} storage.password={{.Values.global.cassandra.password}} +storage.cql.keyspace=aaigraph +storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }} storage.cql.read-consistency-level=LOCAL_QUORUM storage.cql.write-consistency-level=LOCAL_QUORUM storage.cql.replication-factor={{.Values.global.cassandra.replicas}} storage.cql.only-use-local-consistency-for-system-operations=true +{{ if .Values.global.cassandra.partitionerName }} +storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }} +{{ end }} + {{ else }} {{ if .Values.global.config.storage }} storage.backend={{ .Values.global.config.storage.backend }} -{{ if eq .Values.global.config.storage.backend "cassandra" }} - -storage.hostname={{ .Values.global.config.storage.hostname }} -storage.cassandra.keyspace={{ .Values.global.config.storage.name }} - -storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} -storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} -storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} -storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} -storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} - -storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} -cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} -log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} - -{{ else if eq .Values.global.config.storage.backend "cql" }} +{{ if eq .Values.global.config.storage.backend "cql" }} storage.hostname={{ .Values.global.config.storage.hostname }} storage.cql.keyspace={{ .Values.global.config.storage.name }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} @@ -104,3 +92,7 @@ cache.db-cache-clean-wait={{ .Values.config.janusgraph.caching.dbCacheCleanWait #load graphson file on startup load.snapshot.file=false + +{{ if .Values.config.janusgraph.allowUpgrade }} +graph.allow-upgrade=true +{{ end }} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml index 3dc4867f5d..21f48f7c93 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml @@ -208,13 +208,13 @@ <includeCallerData>true</includeCallerData> <appender-ref ref="translog" /> </appender> - <appender name="dmaapAAIEventConsumer" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="kafkaAAIEventConsumer" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> <level>WARN</level> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/error.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/error.log.%d{yyyy-MM-dd} </fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> @@ -223,15 +223,15 @@ <pattern>${errorPattern}</pattern> </encoder> </appender> - <appender name="dmaapAAIEventConsumerDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="kafkaAAIEventConsumerDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>DEBUG</level> <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/debug.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/debug.log.%d{yyyy-MM-dd} </fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> @@ -240,15 +240,15 @@ <pattern>${debugPattern}</pattern> </encoder> </appender> - <appender name="dmaapAAIEventConsumerInfo" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="kafkaAAIEventConsumerInfo" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>INFO</level> <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/kafka-transaction.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/kafka-transaction.log.%d{yyyy-MM-dd} </fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> @@ -257,15 +257,15 @@ <pattern>${auditPattern}</pattern> </encoder> </appender> - <appender name="dmaapAAIEventConsumerMetric" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="kafkaAAIEventConsumerMetric" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>INFO</level> <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter> - <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File> + <File>${logDirectory}/kafkaAAIEventConsumer/metrics.log</File> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} </fileNamePattern> <maxHistory>${maxHistory}</maxHistory> <totalSizeCap>${totalSizeCap}</totalSizeCap> @@ -332,7 +332,7 @@ <logger name="org.zookeeper" level="OFF" /> - <logger name="org.onap.aai" level="DEBUG" additivity="false"> + <logger name="org.onap.aai" level={{ .Values.log.level.base | upper | quote }} additivity="false"> <if condition='property("logToFileEnabled").contains("true")'> <then> <appender-ref ref="asyncDEBUG" /> @@ -381,7 +381,7 @@ <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO" additivity="false"> <if condition='property("logToFileEnabled").contains("true")'> <then> - <appender-ref ref="dmaapAAIEventConsumerMetric" /> + <appender-ref ref="kafkaAAIEventConsumerMetric" /> </then> </if> <appender-ref ref="STDOUT" /> @@ -405,11 +405,11 @@ <appender-ref ref="STDOUT" /> </logger> - <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false"> + <logger name="org.onap.aai.kafka" level="DEBUG" additivity="false"> <if condition='property("logToFileEnabled").contains("true")'> <then> - <appender-ref ref="dmaapAAIEventConsumer" /> - <appender-ref ref="dmaapAAIEventConsumerDebug" /> + <appender-ref ref="kafkaAAIEventConsumer" /> + <appender-ref ref="kafkaAAIEventConsumerDebug" /> </then> </if> <appender-ref ref="STDOUT" /> @@ -418,13 +418,13 @@ <logger name="com.att.nsa.mr" level="INFO"> <if condition='property("logToFileEnabled").contains("true")'> <then> - <appender-ref ref="dmaapAAIEventConsumerInfo" /> + <appender-ref ref="kafkaAAIEventConsumerInfo" /> </then> </if> <appender-ref ref="STDOUT" /> </logger> - <root level="DEBUG"> + <root level={{ .Values.log.level.root | upper | quote }}> <if condition='property("logToFileEnabled").contains("true")'> <then> <appender-ref ref="external" /> diff --git a/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml b/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml new file mode 100644 index 0000000000..7c6a252315 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml @@ -0,0 +1,32 @@ +{{/* +# Copyright © 2022-23 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: scram-sha-512 + authorization: + type: simple + acls: + - resource: + type: topic + name: AAI-EVENT + operations: + - All diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index 6627a801b3..d8977520a5 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -1,8 +1,8 @@ {{/* -# Copyright (c) 2017 Amdocs, Bell Canada -# Modifications Copyright (c) 2018 AT&T -# Modifications Copyright (c) 2020 Nokia, Orange -# Modifications Copyright (c) 2021 Orange +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020 Nokia, Orange +# Modifications Copyright © 2021 Orange # Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,6 +36,7 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} minReadySeconds: {{ .Values.minReadySeconds }} strategy: type: {{ .Values.updateStrategy.type }} @@ -149,13 +150,6 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - | - echo "*** actual launch of AAI Resources" - /bin/bash /opt/app/aai-traversal/docker-entrypoint.sh env: {{- if .Values.config.env }} {{- range $key,$value := .Values.config.env }} @@ -178,11 +172,18 @@ spec: - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} - name: INTERNAL_PORT_1 - value: {{ .Values.service.internalPort | quote }} + value: {{ .Values.service.traversalPort | quote }} - name: INTERNAL_PORT_2 - value: {{ .Values.service.internalPort2 | quote }} + value: {{ .Values.service.debugPort | quote }} - name: INTERNAL_PORT_3 - value: {{ .Values.service.internalPort3 | quote }} + value: {{ .Values.service.metricsPort | quote }} + - name: BOOTSTRAP_SERVERS + value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - name: JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }} + key: sasl.jaas.config volumeMounts: - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties name: {{ include "common.fullname" . }}-config @@ -213,20 +214,18 @@ spec: name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - + - containerPort: {{ .Values.service.traversalPort }} + name: {{ .Values.service.traversalPortName }} {{- if .Values.config.debug.enabled }} - - containerPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} + - containerPort: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} {{- end }} - - containerPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.portName3 }} + - containerPort: {{ .Values.service.metricsPort }} + name: {{ .Values.service.metricsPortName }} {{- if .Values.config.profiling.enabled }} - - containerPort: {{ .Values.service.internalPort4 }} - name: {{ .Values.service.portName4 }} + - containerPort: {{ .Values.service.profilingPort }} + name: {{ .Values.service.profilingPortName }} {{- end }} - lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. @@ -236,16 +235,16 @@ spec: - sh - -c - | - while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) + while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1) do sleep 10 done - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} + # disable liveness probe when + # debugging.enable=true or profiling.enabled=true + {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }} livenessProbe: httpGet: path: /aai/util/echo?action=checkDB - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.traversalPort }} scheme: HTTP httpHeaders: - name: X-FromAppId @@ -260,7 +259,7 @@ spec: readinessProbe: httpGet: path: /aai/util/echo?action=checkDB - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.traversalPort }} scheme: HTTP httpHeaders: - name: X-FromAppId diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 88fbe4788a..3977f827d6 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -44,7 +44,10 @@ spec: name: {{ include "common.name" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: - /app/ready.py args: - --service-name @@ -55,9 +58,24 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" + - name: {{ include "common.name" . }}-wait-for-aai-haproxy image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + command: + - sh + - "-c" + - | + until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do + echo "Retrying to reach aai on port 80"; + sleep 1; + done; resources: limits: cpu: "100m" @@ -70,13 +88,16 @@ spec: image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - bash + - sh - "-c" - | - set -x - if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi - until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do echo "Retrying to reach aai on port 80"; done; - bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh ; + set -x; + if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; + then mkdir -p /opt/aai/logroot/AAI-GQ/misc; + fi + + sh -x /opt/app/aai-traversal/bin/install/updateQueryData.sh ; + {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml index 2fac1e5a42..49ed56306a 100644 --- a/kubernetes/aai/components/aai-traversal/templates/service.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml @@ -29,28 +29,30 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} + - port: {{ .Values.service.traversalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - targetPort: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.traversalPortName }} + targetPort: {{ .Values.service.traversalPortName }} + - port: {{ .Values.service.debugPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - targetPort: {{ .Values.service.portName2 }} - - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.debugPortName }} + targetPort: {{ .Values.service.debugPortName }} + - port: {{ .Values.service.metricsPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: {{ .Values.service.portName3 }} - targetPort: {{ .Values.service.portName3 }} + name: {{ .Values.service.metricsPortName }} + targetPort: {{ .Values.service.metricsPortName }} {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - targetPort: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - targetPort: {{ .Values.service.portName2 }} - - port: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.portName3 }} - targetPort: {{ .Values.service.portName3 }} + - port: {{ .Values.service.traversalPort }} + name: {{ .Values.service.traversalPortName }} + targetPort: {{ .Values.service.traversalPortName }} + {{- if .Values.config.debug.enabled }} + - port: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} + targetPort: {{ .Values.service.debugPortName }} + {{- end }} + - port: {{ .Values.service.metricsPort }} + name: {{ .Values.service.metricsPortName }} + targetPort: {{ .Values.service.metricsPortName }} {{- end }} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index aca1ec7731..6b268cae42 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -20,12 +20,14 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 - + kafkaBootstrap: strimzi-kafka-bootstrap + aaiTravKafkaUser: aai-trav-kafka-user cassandra: #Service Name of the cassandra cluster to connect to. #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - + # Cassandra datacenter name + localDataCenter: dc1 # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules @@ -59,7 +61,7 @@ global: # global defaults # Active spring profiles for the resources microservice profiles: - active: production,dmaap + active: production,kafka # Notification event specific properties notification: @@ -84,11 +86,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v28 + default: v29 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 # Specifies from which version related link should appear related: link: v11 @@ -105,9 +107,11 @@ global: # global defaults # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }}' + someConfig: random # application image -image: onap/aai-traversal:1.12.3 +image: onap/aai-traversal:1.14.7 pullPolicy: Always restartPolicy: Always flavor: small @@ -131,6 +135,16 @@ api_list: - 17 - 18 - 19 + - 20 + - 21 + - 22 + - 23 + - 24 + - 25 + - 26 + - 27 + - 28 + - 29 aai_enpoints: - name: aai-generic-query @@ -142,6 +156,7 @@ aai_enpoints: # application configuration config: + # configure keycloak according to your environment. # don't forget to add keycloak in active profiles above (global.config.profiles) keycloak: @@ -159,14 +174,16 @@ config: caching: # enable when running read-heavy workloads # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache - # modifications to graph done by other services (resources) will only be visible + # modifications to graph done by other services (traversal) will only be visible # after time specified in db-cache-time - enabled: false + enabled: true # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching dbCacheTime: 180000 # in milliseconds dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running dbCacheCleanWait: 20 # in milliseconds - + # temporarily enable this to update the graph storage version + # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9 + allowUpgrade: true # Specifies timeout information such as application specific and limits timeout: @@ -180,8 +197,9 @@ config: # environment variables added to the launch of the image in deployment env: MIN_HEAP_SIZE: "512m" - MAX_HEAP_SIZE: "1024m" + MAX_HEAP_SIZE: "2g" MAX_METASPACE_SIZE: "512m" + # POST_JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" # adds jvm args for remote debugging the application debug: @@ -232,6 +250,9 @@ persistence: # default number of instances replicaCount: 1 +# number of ReplicaSets that should be retained for the Deployment +revisionHistoryLimit: 2 + nodeSelector: {} affinity: {} @@ -240,9 +261,7 @@ affinity: {} liveness: initialDelaySeconds: 60 periodSeconds: 60 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false + enabled: true readiness: initialDelaySeconds: 10 @@ -250,13 +269,15 @@ readiness: service: type: ClusterIP - portName: http - internalPort: 8446 - portName2: tcp-5005 - internalPort2: 5005 - portName3: http-traversal - internalPort3: 8448 - terminationGracePeriodSeconds: 120 + traversalPortName: http + traversalPort: 8446 + debugPortName: tcp-5005 + debugPort: 5005 + metricsPortName: metrics + metricsPort: 8448 + profilingPortName: jmx-9999 + profilingPort: 9999 + terminationGracePeriodSeconds: 30 sessionAffinity: None ingress: @@ -276,8 +297,8 @@ logback: queueSize: 1000 accessLogback: - livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes logToFileEnabled: false + livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes maxHistory: 7 totalSizeCap: 6GB @@ -300,6 +321,14 @@ resources: memory: "4Gi" unlimited: {} +tracing: + collector: + baseUrl: http://jaeger-collector.istio-system:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) + ignorePatterns: + - /aai/util.* + endpoints: enabled: true health: @@ -368,4 +397,24 @@ serviceAccount: #Log configuration log: path: /var/log/onap + level: + root: DEBUG + base: DEBUG # base package (org.onap.aai) logConfigMapNamePrefix: '{{ include "common.fullname" . }}' +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: aai-trav-kafka-user + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: AAI-EVENT + type: topic + operations: [Read, Write] diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 523cd8cc38..8607e58f60 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -64,6 +64,15 @@ global: # global defaults username: cassandra password: cassandra + #Cassandra datacenter name + localDataCenter: dc1 + + # The name of Cassandra cluster's partitioner. + # It will be retrieved by client if not provided. + # See storage.cql.partitioner-name in https://docs.janusgraph.org/v0.6/configs/configuration-reference/#storagecql + partitionerName: org.apache.cassandra.dht.Murmur3Partitioner + + aai: serviceName: aai babel: @@ -212,7 +221,7 @@ global: # global defaults # Active spring profiles for the resources microservice # aaf-auth profile will be automatically set if aaf enabled is set to true profiles: - active: production,dmaap #,aaf-auth + active: production,kafka #,aaf-auth # Notification event specific properties notification: @@ -238,11 +247,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v28 + default: v29 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 # Specifies from which version related link should appear related: link: v11 diff --git a/kubernetes/platform/components/keycloak-init/.helmignore b/kubernetes/authentication/.helmignore index cf02291a2a..cf02291a2a 100644 --- a/kubernetes/platform/components/keycloak-init/.helmignore +++ b/kubernetes/authentication/.helmignore diff --git a/kubernetes/platform/components/keycloak-init/Chart.yaml b/kubernetes/authentication/Chart.yaml index 44ac9f5213..e8400aeb81 100644 --- a/kubernetes/platform/components/keycloak-init/Chart.yaml +++ b/kubernetes/authentication/Chart.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright © 2022 Deutsche Telekom +# Copyright © 2024 Deutsche Telekom # ================================================================================ # Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE) # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,9 +16,9 @@ # limitations under the License. # ============LICENSE_END========================================================= apiVersion: v2 -version: 13.0.1 -description: ONAP Realm creation and configuration -name: keycloak-init +version: 14.0.1 +description: ONAP Realm creation, Oauth2Proxy installation and configuration +name: authentication sources: - https://github.com/adorsys/keycloak-config-cli @@ -31,5 +31,8 @@ dependencies: version: ~13.x-0 repository: '@local' - name: onap-keycloak-config-cli - version: 5.10.0 + version: 5.12.0 repository: 'file://components/keycloak-config-cli' + - name: onap-oauth2-proxy + version: 7.5.4 + repository: 'file://components/oauth2-proxy' diff --git a/kubernetes/platform/components/keycloak-init/Makefile b/kubernetes/authentication/Makefile index 5970a97115..f47666e135 100644 --- a/kubernetes/platform/components/keycloak-init/Makefile +++ b/kubernetes/authentication/Makefile @@ -18,7 +18,7 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets -EXCLUDES := +EXCLUDES := dist resources templates charts HELM_BIN := helm ifneq ($(SKIP_LINT),TRUE) HELM_LINT_CMD := $(HELM_BIN) lint diff --git a/kubernetes/authentication/README.md b/kubernetes/authentication/README.md new file mode 100644 index 0000000000..306e2f9645 --- /dev/null +++ b/kubernetes/authentication/README.md @@ -0,0 +1,305 @@ +# Helm Chart for Authentication Application + +This component delivers: + +- Keycloak Realm creation and import +- (Optionally) creation of AuthenticationPolicies for Ingress to enable + OAuth Authentication and RoleBased access to Ingress APIs and UIs + +## REALM Configuration settings + +- In the configuration section "realmSettings" multiple REALMs can be configured +- Each REALM configuration has the following sections: + - [General REALM settings](#general-realm-settings) + - [CLIENT definitions](#client-definitions) + - (optional) [CLIENT SCOPE definitions](#client-scope-definitions) + - (optional) [Access control definitions](#access-control-definitions) + - (optional) [GROUP definitions](#group-definitions) + - (optional) [USER definitions](#user-definitions) + - (optional) [IDENTITY PROVIDER definitions](#identity-provider-and-mapper-definitions) + - (optional) [SMTP server definitions](#smtp-server-definitions) + +### General REALM settings + +This sections sets the realm general attributes shown in Keycloak + +```yaml +realmSettings: + - name: <Realm ID> - unique ID for a realm (e.g. "ONAP") + displayName: <Display Name> - (optional) Keycloak Display Name (e.g. "ONAP Realm") + themes: - (optional) Keycloak Theme settings + login: <login theme> - (optional) Keycloak Theme for Login UI (e.g. "base") + admin: <admin theme> - (optional) Keycloak Theme for Admin UI (e.g. "base") + account: <account theme> - (optional) Keycloak Theme for Account UI (e.g. "base") + email: <email theme> - (optional) Keycloak Theme for Email UI (e.g. "base") + attributes: + frontendUrl: "<Keycloak URL>" - External Url for Keycloak access (e.g. "https://keycloak-$PARAM_BASE_URL/") +``` + +### CLIENT definitions + +In this section each realm authentication client is defined e.g. portal-bff, oauth2-proxy, grafana + +possible "attribute" settings (maybe more): + - id.token.as.detached.signature: "false" + - exclude.session.state.from.auth.response: "false" + - tls.client.certificate.bound.access.tokens: "false" + - saml.allow.ecp.flow: "false" + - saml.assertion.signature: "false" + - saml.force.post.binding: "false" + - saml.multivalued.roles: "false" + - saml.encrypt: "false" + - saml.server.signature: "false" + - saml.server.signature.keyinfo.ext: "false" + - saml.artifact.binding: "false" + - saml_force_name_id_format: "false" + - saml.client.signature: "false" + - saml.authnstatement: "false" + - saml.onetimeuse.condition: "false" + - oidc.ciba.grant.enabled: "false" + - frontchannel.logout.session.required: "true" + - backchannel.logout.session.required: "true" + - backchannel.logout.revoke.offline.tokens: "false" + - client_credentials.use_refresh_token: "false" + - acr.loa.map: "{}" + - require.pushed.authorization.requests: "false" + - oauth2.device.authorization.grant.enabled: "false" + - display.on.consent.screen: "false" + - token.response.type.bearer.lower-case: "false" + - use.refresh.tokens: "true" + - post.logout.redirect.uris: '<url>' + +```yaml + clients: + oauth2_proxy: + clientId: "<client ID>" - client ID + name: "<client name>" - (optional) client name + secret: <client secret> - (optional) client secret + clientAuthenticatorType: <type> - (optional) auth type (default: client-secret) + protocol: <protocol> - (optional) auth protocol (default: openid-connect) + description: "<description>" - (optional) client description + baseUrl: "<base path>" - (optional) url subpath (e.g. /application) + rootUrl: "<root URL>" - (optional) root url + adminUrl: "<admin URL>" - (optional) admin url + bearerOnly: "<false|true>" - (optional) bearerOnly (default: false) + consentRequired: "<false|true>" - (optional) consentRequired (default: false) + standardFlowEnabled: "<false|true>" - (optional) standardFlowEnabled (default: true) + implicitFlowEnabled: "<false|true>" - (optional) implicitFlowEnabled (default: false) + directAccessGrantsEnabled: "<false|true>" - (optional) directAccessGrantsEnabled (default: true) + serviceAccountsEnabled: "<false|true>" - (optional) serviceAccountsEnabled (default: false) + frontchannelLogout: "<false|true>" - (optional) frontend channel logout (default: true) + surrogateAuthRequired: "<false|true>" - (optional) surrogate Auth Required (default: false) + publicClient: "<false|true>" - (optional) public Client (default: false) + attributes: - (optional) attributes settings (see code) + post.logout.redirect.uris: '<url>' - example + protocolMappers: - (optional) protocol mappers + - name: "Audience for Oauth2Proxy" - examples + protocolMapper: "oidc-audience-mapper" + config: + included.client.audience: "oauth2-proxy-onap" + id.token.claim: "false" + access.token.claim: "true" + included.custom.audience: "oauth2-proxy-onap" + - name: "SDC-User" + protocolMapper: "oidc-usermodel-attribute-mapper" + config: + multivalued: "false" + userinfo.token.claim: "true" + user.attribute: "sdc_user" + id.token.claim: "true" + access.token.claim: "true" + claim.name: "sdc_user" + jsonType.label: "String" + additionalDefaultScopes: + - "onap_roles" + redirectUris: + - "https://portal-$PARAM_BASE_URL/*" + - "http://localhost/*" + webOrigins: + - "https://argocd-$PARAM_BASE_URL" + defaultClientScopes: + - "web-origins" + - "profile" + - "acr" + - "email" + - "roles" + - "groups" +``` + +### CLIENT SCOPE definitions + +Here additional scopes besides the default scopes can be defined and set as default client scope + +default scopes: + + - roles + - groups + - acr + - profile + - address + - web-origin + - phone + - email + - offline_access + - role_list + - microprofile-jwt + +```yaml + defaultClientScopes: + - "onap_roles" + additionalClientScopes: + - name: onap_roles + description: OpenID Connect scope for add user onap roles to the access token + protocolMappers: + - name: aud + protocol: openid-connect + protocolMapper: oidc-audience-mapper + consentRequired: false + config: + included.client.audience: oauth2-proxy + id.token.claim: 'false' + access.token.claim: 'true' + - name: client roles + protocol: openid-connect + protocolMapper: oidc-usermodel-client-role-mapper + consentRequired: false + config: + multivalued: 'true' + userinfo.token.claim: 'false' + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: onap_roles + jsonType.label: String + usermodel.clientRoleMapping.clientId: oauth2-proxy +``` + +### Access control definitions + +In this section additional roles (assignableRoles) besides the default roles can be set. + +default roles: + - user + - admin + - offline_access + - uma_authorization + - default-roles-<realm> + +(optional) accessRoles can be defined. +These access roles are used in the Ingress "Auhorization Policy" to restrict the access to certain services +The access role is assigned to a realm client (e.g. oauth2_proxy) + +```yaml + accessControl: + assignableRoles: + - name: onap-operator-read + description: "Allows to perform GET operations for all ONAP components" + associatedAccessRoles: [ "dmaap-bc-api-read", ... ] + accessRoles: + "oauth2_proxy": + - name: dmaap-bc-api-read + methodsAllowed: ["GET"] + servicePrefix: dmaap-bc-api +``` + +### GROUP definitions + +```yaml + groups: - (optional) Group definitions + - name: <group name> - Group name + path: /path> - Group URL path + roles: [ <role>,... ] - (optional) List of Realm roles +``` + +### USER definitions + +```yaml + initialUsers: - (optional) List of initial users + - username: <user name> - Name of the User + firstName: <first name> - (optional) First Name + lastName: <last name> - (optional) Last Name + email: <email> - (optional) Email Address + emailVerified : <true|false>- (optional)Email verified + credentials: - (optional) credentials + - type: password - (optional) initial password (<pwd>: encrypted password, <salt>: used salt) + secretData: "{\"value\":\"<pwd>\",\"salt\":\"<salt>\"}" + credentialData: "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + attributes: - (optional) additional attributes + sdc_user: - example attribute + - "cs0008" + realmRoles: - (optional) assigned realm roles + - <role name> + groups: - (optional) group membership + - <group name> +``` + +### Identity Provider and Mapper definitions + +```yaml + identityProviders: + - name: "gitlab" + displayName: "gitlab" + config: + userInfoUrl: "https://gitlab.devops.telekom.de/oauth/userinfo" + validateSignature: "true" + clientId: "ee4e0db734157e9cdad16733656ba285f2f813354aa7c590a8693e48ed156860" + tokenUrl: "https://gitlab.devops.telekom.de/oauth/token" + jwksUrl: "https://gitlab.devops.telekom.de/oauth/discovery/keys" + issuer: "https://gitlab.devops.telekom.de" + useJwksUrl: "true" + authorizationUrl: "https://gitlab.devops.telekom.de/oauth/authorize" + clientAuthMethod: "client_secret_post" + syncMode: "IMPORT" + clientSecret: "gloas-35267790bf6fb7c4b507aea11db46d80174cb8ef4192e77424803b595eef735e" + defaultScope: "openid read_user email" + identityProviderMappers: + - name: "argo-admins" + identityProviderAlias: "gitlab" + identityProviderMapper: "oidc-advanced-group-idp-mapper" + config: + claims: "[{\"key\":\"groups_direct\",\"value\":\"dt-rc\"}]" + syncMode: "FORCE" + group: "/ArgoCDAdmins" + - name: "ArgoCDRestricted" + identityProviderAlias: "gitlab" + identityProviderMapper: "oidc-advanced-group-idp-mapper" + config: + claims: "[{\"key\":\"groups_direct\",\"value\":\"\"}]" + syncMode: "FORCE" + group: "/ArgoCDRestricted" + - name: "lastName " + identityProviderAlias: "gitlab" + identityProviderMapper: "oidc-user-attribute-idp-mapper" + config: + claim: "nickname" + syncMode: "FORCE" + user.attribute: "lastName" +``` + +### SMTP Server definitions + +```yaml + smtpServer: + password: "<password>" + starttls: "true" + auth: "true" + port: "587" + host: "<mailserver>" + from: "<mail-address>" + fromDisplayName: "onapsupport" + ssl: "false" + user: "onapsupport" +``` + +## Ingress Authentication settings + +Activating the Ingress Authentication (enabled: true) will create AuthorizationPolicy resources for each defined "accessControl.accessRoles" in a REALM definition. + +``` +ingressAuthentication: + enabled: false + exceptions: + - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}' + - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "portal-ui") }}' + - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "minio-console") }}' + - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "uui-server") }}' +``` diff --git a/kubernetes/platform/components/keycloak-init/components/Makefile b/kubernetes/authentication/components/Makefile index 4ecfbc53cc..4ecfbc53cc 100644 --- a/kubernetes/platform/components/keycloak-init/components/Makefile +++ b/kubernetes/authentication/components/Makefile diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/.helmignore b/kubernetes/authentication/components/keycloak-config-cli/.helmignore index 0e8a0eb36f..0e8a0eb36f 100644 --- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/.helmignore +++ b/kubernetes/authentication/components/keycloak-config-cli/.helmignore diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml b/kubernetes/authentication/components/keycloak-config-cli/Chart.yaml index abcf889834..80e5d27c9f 100644 --- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml +++ b/kubernetes/authentication/components/keycloak-config-cli/Chart.yaml @@ -20,8 +20,8 @@ apiVersion: v2 name: onap-keycloak-config-cli description: Import JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak. home: https://github.com/adorsys/keycloak-config-cli -version: 5.10.0 -appVersion: 5.10.0 +version: 5.12.0 +appVersion: 5.12.0 maintainers: - name: jkroepke email: joe@adorsys.de diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/_helpers.tpl b/kubernetes/authentication/components/keycloak-config-cli/templates/_helpers.tpl index cc1ad7ad8d..cc1ad7ad8d 100644 --- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/_helpers.tpl +++ b/kubernetes/authentication/components/keycloak-config-cli/templates/_helpers.tpl diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/job.yaml b/kubernetes/authentication/components/keycloak-config-cli/templates/job.yaml index 322db2b7a1..322db2b7a1 100644 --- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/job.yaml +++ b/kubernetes/authentication/components/keycloak-config-cli/templates/job.yaml diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/realms.yaml b/kubernetes/authentication/components/keycloak-config-cli/templates/realms.yaml index fa9363e9d0..fa9363e9d0 100644 --- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/realms.yaml +++ b/kubernetes/authentication/components/keycloak-config-cli/templates/realms.yaml diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/secrets.yaml b/kubernetes/authentication/components/keycloak-config-cli/templates/secrets.yaml index 94505289e6..94505289e6 100644 --- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/secrets.yaml +++ b/kubernetes/authentication/components/keycloak-config-cli/templates/secrets.yaml diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml b/kubernetes/authentication/components/keycloak-config-cli/values.yaml index 5f8d4a3fd5..46c67dd220 100644 --- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml +++ b/kubernetes/authentication/components/keycloak-config-cli/values.yaml @@ -47,10 +47,10 @@ labels: {} resources: {} # limits: # cpu: "100m" - # memory: "1Gi" + # memory: "1024Mi" # requests: # cpu: "100m" -# memory: "1Gi" +# memory: "1024Mi" env: KEYCLOAK_URL: http://keycloak:8080 diff --git a/kubernetes/platform/components/oauth2-proxy/.helmignore b/kubernetes/authentication/components/oauth2-proxy/.helmignore index 825c007791..825c007791 100644 --- a/kubernetes/platform/components/oauth2-proxy/.helmignore +++ b/kubernetes/authentication/components/oauth2-proxy/.helmignore diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/Chart.yaml b/kubernetes/authentication/components/oauth2-proxy/Chart.yaml index b31b35f46d..3bcf687241 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/Chart.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/Chart.yaml @@ -1,7 +1,7 @@ name: onap-oauth2-proxy -version: 6.10.1 +version: 7.5.4 apiVersion: v2 -appVersion: 7.4.0 +appVersion: 7.6.0 home: https://oauth2-proxy.github.io/oauth2-proxy/ description: A reverse proxy that provides authentication with Google, Github or other providers keywords: @@ -14,7 +14,7 @@ keywords: - redis dependencies: - name: redis - version: ~16.13.2 + version: 19.1.0 repository: https://charts.bitnami.com/bitnami alias: redis condition: redis.enabled @@ -39,3 +39,10 @@ maintainers: - name: pierluigilenoci email: pierluigi.lenoci@gmail.com kubeVersion: ">=1.9.0-0" +annotations: + artifacthub.io/changes: | + - kind: changed + description: Wait for redis script fixes for cluster and sentinel + links: + - name: Github PR + url: https://github.com/oauth2-proxy/manifests/issues/205 diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/README.md b/kubernetes/authentication/components/oauth2-proxy/README.md index 9e18388501..55a5e44429 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/README.md +++ b/kubernetes/authentication/components/oauth2-proxy/README.md @@ -98,7 +98,7 @@ Parameter | Description | Default `config.clientID` | oauth client ID | `""` `config.clientSecret` | oauth client secret | `""` `config.cookieSecret` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 \| head -c 32 \| base64` | `""` -`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret.yaml) for the required values | `nil` +`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [oauth2-proxy.secrets helper](https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/templates/_helpers.tpl#L157C13-L157C33) for the required values | `nil` `config.configFile` | custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line | `""` `config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap.yaml) for the required values | `nil` `config.cookieName` | The name of the cookie that oauth2-proxy will create. | `""` @@ -107,7 +107,9 @@ Parameter | Description | Default `alphaConfig.serverConfigData` | Arbitrary configuration data to append to the server section | `{}` `alphaConfig.metricsConfigData` | Arbitrary configuration data to append to the metrics section | `{}` `alphaConfig.configData` | Arbitrary configuration data to append | `{}` -`alphaConfig.existingConfig` | existing Kubernetes configmap to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap-alpha.yaml) for the required values | `nil` +`alphaConfig.configFile` | Arbitrary configuration to append, treated as a Go template and rendered with the root context | `""` +`alphaConfig.existingConfig` | existing Kubernetes configmap to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values | `nil` +`alphaConfig.existingSecret` | existing Kubernetes secret to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values | `nil` `customLabels` | Custom labels to add into metadata | `{}` | `config.google.adminEmail` | user impersonated by the google service account | `""` `config.google.useApplicationDefaultCredentials` | use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account json | `false` @@ -121,9 +123,7 @@ Parameter | Description | Default `extraEnv` | key:value list of extra environment variables to give the binary | `[]` `extraVolumes` | list of extra volumes | `[]` `extraVolumeMounts` | list of extra volumeMounts | `[]` -`hostAlias.enabled` | provide extra ip:hostname alias for network name resolution. -`hostAlias.ip` | `ip` address `hostAliases.hostname` should resolve to. -`hostAlias.hostname` | `hostname` associated to `hostAliases.ip`. +`hostAliases` | hostAliases is a list of aliases to be added to /etc/hosts for network name resolution. `htpasswdFile.enabled` | enable htpasswd-file option | `false` `htpasswdFile.entries` | list of [encrypted user:passwords](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#command-line-options) | `{}` `htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""` @@ -137,12 +137,21 @@ Parameter | Description | Default `ingress.path` | Ingress accepted path | `/` `ingress.pathType` | Ingress [path type](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) | `ImplementationSpecific` `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]` +`ingress.labels` | Ingress extra labels | `{}` `ingress.annotations` | Ingress annotations | `nil` `ingress.hosts` | Ingress accepted hostnames | `nil` `ingress.tls` | Ingress TLS configuration | `nil` +`initContainers.waitForRedis.enabled` | if `redis.enabled` is true, use an init container to wait for the redis master pod to be ready. If `serviceAccount.enabled` is true, create additionally a role/binding to get, list and watch the redis master pod | `true` +`initContainers.waitForRedis.image.pullPolicy` | kubectl image pull policy | `IfNotPresent` +`initContainers.waitForRedis.image.repository` | kubectl image repository | `docker.io/bitnami/kubectl` +`initContainers.waitForRedis.kubectlVersion` | kubectl version to use for the init container | `printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor | replace "+" "")` +`initContainers.waitForRedis.securityContext.enabled` | enable Kubernetes security context on container | `true` +`initContainers.waitForRedis.timeout` | number of seconds | 180 +`initContainers.waitForRedis.resources` | pod resource requests & limits | `{}` `livenessProbe.enabled` | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true` `livenessProbe.initialDelaySeconds` | number of seconds | 0 `livenessProbe.timeoutSeconds` | number of seconds | 1 +`namespaceOverride` | Override the deployment namespace | `""` `nodeSelector` | node labels for pod assignment | `{}` `deploymentAnnotations` | annotations to add to the deployment | `{}` `podAnnotations` | annotations to add to each pod | `{}` @@ -169,9 +178,9 @@ Parameter | Description | Default `serviceAccount.enabled` | create a service account | `true` `serviceAccount.name` | the service account name | `` `serviceAccount.annotations` | (optional) annotations for the service account | `{}` +`strategy` | configure deployment strategy | `{}` `tolerations` | list of node taints to tolerate | `[]` -`securityContext.enabled` | enable Kubernetes security context on container | `false` -`securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true` +`securityContext.enabled` | enable Kubernetes security context on container | `true` `proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true` `sessionStorage.type` | Session storage type which can be one of the following: cookie or redis | `cookie` `sessionStorage.redis.existingSecret` | Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`) | `""` @@ -192,12 +201,18 @@ Parameter | Description | Default `metrics.port` | Serve Prometheus metrics on this port | `44180` `metrics.nodePort` | External port for the metrics when service.type is `NodePort` | `nil` `metrics.service.appProtocol` | application protocol of the metrics port in the service | `http` -`metrics.servicemonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false` -`metrics.servicemonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""` -`metrics.servicemonitor.prometheusInstance` | Prometheus Instance definition | `default` -`metrics.servicemonitor.interval` | Prometheus scrape interval | `60s` -`metrics.servicemonitor.scrapeTimeout` | Prometheus scrape timeout | `30s` -`metrics.servicemonitor.labels` | Add custom labels to the ServiceMonitor resource| `{}` +`metrics.serviceMonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false` +`metrics.serviceMonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""` +`metrics.serviceMonitor.prometheusInstance` | Prometheus Instance definition | `default` +`metrics.serviceMonitor.interval` | Prometheus scrape interval | `60s` +`metrics.serviceMonitor.scrapeTimeout` | Prometheus scrape timeout | `30s` +`metrics.serviceMonitor.labels` | Add custom labels to the ServiceMonitor resource| `{}` +`metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.| `""` +`metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the endpoint. For example if using istio mTLS.| `{}` +`metrics.serviceMonitor.bearerTokenFile` | Path to bearer token file.| `""` +`metrics.serviceMonitor.annotations` | Used to pass annotations that are used by the Prometheus installed in your cluster| `{}` +`metrics.serviceMonitor.metricRelabelings` | Metric relabel configs to apply to samples before ingestion.| `[]` +`metrics.serviceMonitor.relabelings` | Relabel configs to apply to samples before ingestion.| `[]` `extraObjects` | Extra K8s manifests to deploy | `[]` Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/default-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/default-values.yaml index fc2ba605ad..fc2ba605ad 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/default-values.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/ci/default-values.yaml diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml index 92dc451807..92dc451807 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-list-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/extra-args-as-list-values.yaml index 5f47a5f479..5f47a5f479 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-list-values.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/ci/extra-args-as-list-values.yaml diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-env-tpl-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/extra-env-tpl-values.yaml index 357dba9153..357dba9153 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-env-tpl-values.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/ci/extra-env-tpl-values.yaml diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml index e74a393db0..e74a393db0 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pdb-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/pdb-values.yaml index 25b16272a7..25b16272a7 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pdb-values.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/ci/pdb-values.yaml diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pod-security-context-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/pod-security-context-values.yaml index b7c8cea546..b7c8cea546 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pod-security-context-values.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/ci/pod-security-context-values.yaml diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/redis-standalone-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/redis-standalone-values.yaml index e3418c39fa..e58c32cf0c 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/redis-standalone-values.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/ci/redis-standalone-values.yaml @@ -10,3 +10,6 @@ redis: global: redis: password: "foo" +initContainers: + waitForRedis: + enabled: true diff --git a/kubernetes/authentication/components/oauth2-proxy/ci/servicemonitor-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/servicemonitor-values.yaml new file mode 100644 index 0000000000..0c232bf5c1 --- /dev/null +++ b/kubernetes/authentication/components/oauth2-proxy/ci/servicemonitor-values.yaml @@ -0,0 +1,18 @@ +metrics: + enabled: true + serviceMonitor: + enabled: true + annotations: + key: value + metricRelabelings: + - action: keep + regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + sourceLabels: [__name__] + + relabelings: + - sourceLabels: [__meta_kubernetes_pod_node_name] + separator: ; + regex: ^(.*)$ + targetLabel: nodename + replacement: $1 + action: replace diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/tpl-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/tpl-values.yaml index 65977d921b..65977d921b 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/tpl-values.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/ci/tpl-values.yaml diff --git a/kubernetes/authentication/components/oauth2-proxy/scripts/check-redis.sh b/kubernetes/authentication/components/oauth2-proxy/scripts/check-redis.sh new file mode 100644 index 0000000000..24e628f426 --- /dev/null +++ b/kubernetes/authentication/components/oauth2-proxy/scripts/check-redis.sh @@ -0,0 +1,52 @@ +#!/bin/sh + +RETRY_INTERVAL=5 # Interval between retries in seconds +elapsed=0 # Elapsed time + +check_redis() { + host=$1 + port=$2 + while [ $elapsed -lt $TOTAL_RETRY_TIME ]; do + echo "Checking Redis at $host:$port... Elapsed time: ${elapsed}s" + if nc -z -w1 $TIMEOUT $host $port > /dev/null 2>&1; then + echo "Redis is up at $host:$port!" + return 0 + else + echo "Redis is down at $host:$port. Retrying in $RETRY_INTERVAL seconds." + sleep $RETRY_INTERVAL + elapsed=$((elapsed + RETRY_INTERVAL)) + fi + done + echo "Failed to connect to Redis at $host:$port after $TOTAL_RETRY_TIME seconds." + return 1 +} + +# For parsing and checking connections +parse_and_check() { + url=$1 + clean_url=${url#redis://} + host=$(echo $clean_url | cut -d':' -f1) + port=$(echo $clean_url | cut -d':' -f2) + check_redis $host $port +} + +# Main +if [ -n "$OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS" ]; then + echo "Checking Redis in cluster mode..." + echo "$OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do + parse_and_check $addr || exit 1 + done +elif [ -n "$OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS" ]; then + echo "Checking Redis in sentinel mode..." + echo "$OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do + parse_and_check $addr || exit 1 + done +elif [ -n "$OAUTH2_PROXY_REDIS_CONNECTION_URL" ]; then + echo "Checking standalone Redis..." + parse_and_check "$OAUTH2_PROXY_REDIS_CONNECTION_URL" || exit 1 +else + echo "Redis configuration not specified." + exit 1 +fi + +echo "Redis check completed." diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/NOTES.txt b/kubernetes/authentication/components/oauth2-proxy/templates/NOTES.txt new file mode 100644 index 0000000000..36ded35867 --- /dev/null +++ b/kubernetes/authentication/components/oauth2-proxy/templates/NOTES.txt @@ -0,0 +1,3 @@ +To verify that oauth2-proxy has started, run: + + kubectl --namespace={{ template "oauth2-proxy.namespace" $ }} get pods -l "app={{ template "oauth2-proxy.name" . }}" diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_capabilities.tpl b/kubernetes/authentication/components/oauth2-proxy/templates/_capabilities.tpl index f959f10e49..f959f10e49 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_capabilities.tpl +++ b/kubernetes/authentication/components/oauth2-proxy/templates/_capabilities.tpl diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_helpers.tpl b/kubernetes/authentication/components/oauth2-proxy/templates/_helpers.tpl index 87c64493b7..6a9bbb320d 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_helpers.tpl +++ b/kubernetes/authentication/components/oauth2-proxy/templates/_helpers.tpl @@ -79,6 +79,17 @@ Create the name of the service account to use {{- end -}} {{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "oauth2-proxy.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} + +{{/* Redis subcharts fullname */}} {{- define "oauth2-proxy.redis.fullname" -}} @@ -106,5 +117,45 @@ Compute the redis url if not set explicitly. Returns the version */}} {{- define "oauth2-proxy.version" -}} -{{ trimPrefix "v" (lower (.Values.image.tag | default (printf "v%s" .Chart.AppVersion))) }} +{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }} +{{- end -}} + +{{/* +Returns the kubectl version +Workaround for EKS https://github.com/aws/eks-distro/issues/1128 +*/}} +{{- define "kubectl.version" -}} +{{- if .Values.initContainers.waitForRedis.kubectlVersion -}} +{{ .Values.initContainers.waitForRedis.kubectlVersion }} +{{- else -}} +{{- printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor | replace "+" "") -}} +{{- end -}} +{{- end -}} + +{{- define "oauth2-proxy.alpha-config" -}} +--- +server: + BindAddress: '0.0.0.0:4180' +{{- if .Values.alphaConfig.serverConfigData }} +{{- toYaml .Values.alphaConfig.serverConfigData | nindent 2 }} +{{- end }} +{{- if .Values.metrics.enabled }} +metricsServer: + BindAddress: '0.0.0.0:44180' +{{- if .Values.alphaConfig.metricsConfigData }} +{{- toYaml .Values.alphaConfig.metricsConfigData | nindent 2 }} +{{- end }} +{{- end }} +{{- if .Values.alphaConfig.configData }} +{{- toYaml .Values.alphaConfig.configData | nindent 0 }} +{{- end }} +{{- if .Values.alphaConfig.configFile }} +{{- tpl .Values.alphaConfig.configFile $ | nindent 0 }} +{{- end }} +{{- end -}} + +{{- define "oauth2-proxy.secrets" -}} +cookie-secret: {{ tpl .Values.config.cookieSecret $ | b64enc | quote }} +client-secret: {{ tpl .Values.config.clientSecret $ | b64enc | quote }} +client-id: {{ tpl .Values.config.clientID $ | b64enc | quote }} {{- end -}} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_ingress.tpl b/kubernetes/authentication/components/oauth2-proxy/templates/_ingress.tpl index f4a3cad0e4..f4a3cad0e4 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_ingress.tpl +++ b/kubernetes/authentication/components/oauth2-proxy/templates/_ingress.tpl diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml index cf4e77eaaa..d9f9cffef7 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml @@ -11,6 +11,7 @@ metadata: {{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }} {{- end }} name: {{ template "oauth2-proxy.fullname" . }}-accesslist + namespace: {{ template "oauth2-proxy.namespace" $ }} data: {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | quote }} {{- end }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/configmap-wait-for-redis.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/configmap-wait-for-redis.yaml new file mode 100644 index 0000000000..721048d786 --- /dev/null +++ b/kubernetes/authentication/components/oauth2-proxy/templates/configmap-wait-for-redis.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: {{ template "oauth2-proxy.name" . }} +{{- include "oauth2-proxy.labels" . | indent 4 }} + name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis + namespace: {{ template "oauth2-proxy.namespace" $ }} +data: + check-redis.sh: | +{{ .Files.Get "scripts/check-redis.sh" | indent 4 }} +{{- end }} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/configmap.yaml index 8a19ccb943..94d7806d2e 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/configmap.yaml @@ -11,6 +11,7 @@ metadata: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} + namespace: {{ template "oauth2-proxy.namespace" $ }} data: oauth2_proxy.cfg: {{ tpl .Values.config.configFile $ | quote }} {{- end }} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deployment.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/deployment.yaml index 4523591231..1a626d1ab8 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deployment.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/deployment.yaml @@ -9,10 +9,13 @@ metadata: {{ toYaml .Values.deploymentAnnotations | indent 8 }} {{- end }} name: {{ template "oauth2-proxy.fullname" . }} + namespace: {{ template "oauth2-proxy.namespace" $ }} spec: replicas: {{ .Values.replicaCount }} - {{- if .Values.revisionHistoryLimit }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- with .Values.strategy }} + strategy: + {{ toYaml . | nindent 4 }} {{- end }} selector: matchLabels: @@ -20,16 +23,18 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/config: {{ tpl .Values.config.configFile $ | sha256sum }} {{- if .Values.alphaConfig.enabled }} - checksum/alpha-config: {{ include (print $.Template.BasePath "/configmap-alpha.yaml") . | sha256sum }} + checksum/alpha-config: {{ include "oauth2-proxy.alpha-config" . | sha256sum }} {{- end }} + {{- if .Values.authenticatedEmailsFile.enabled }} checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- end }} + checksum/secret: {{ include "oauth2-proxy.secrets" . | sha256sum }} checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }} checksum/redis-secret: {{ include (print $.Template.BasePath "/redis-secret.yaml") . | sha256sum }} {{- if .Values.htpasswdFile.enabled }} - checksum/htpasswd: {{ include (print $.Template.BasePath "/secret-htpasswd-file.yaml") . | sha256sum }} + checksum/htpasswd: {{ toYaml .Values.htpasswdFile.entries | sha256sum }} {{- end }} {{- if .Values.podAnnotations }} {{ toYaml .Values.podAnnotations | indent 8 }} @@ -49,17 +54,53 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }} - automountServiceAccountToken : {{ .Values.serviceAccount.automountServiceAccountToken }} - {{- if .Values.hostAlias.enabled }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} + {{- if .Values.hostAliases }} hostAliases: - - ip: {{ .Values.hostAlias.ip }} - hostnames: - - {{ .Values.hostAlias.hostname }} + {{ toYaml .Values.hostAliases | nindent 8}} + {{- end }} + {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }} + initContainers: + - name: wait-for-redis + #image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ .Values.initContainers.waitForRedis.image.tag }}" + image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.initContainers.waitForRedis.image.repository }}:{{ .Values.initContainers.waitForRedis.image.tag }}" + imagePullPolicy: {{ .Values.initContainers.waitForRedis.image.pullPolicy }} + command: ["/bin/sh", "-c", "/scripts/check-redis.sh"] + env: + - name: TOTAL_RETRY_TIME + value: "{{ .Values.initContainers.waitForRedis.timeout }}" + {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }} + - name: OAUTH2_PROXY_REDIS_CONNECTION_URL + value: {{ include "oauth2-proxy.redis.StandaloneUrl" . }} + {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "cluster" }} + - name: OAUTH2_PROXY_REDIS_USE_CLUSTER + value: "true" + - name: OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS + value: {{ .Values.sessionStorage.redis.cluster.connectionUrls }} + {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "sentinel" }} + - name: OAUTH2_PROXY_REDIS_USE_SENTINEL + value: "true" + - name: OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS + value: {{ .Values.sessionStorage.redis.sentinel.connectionUrls }} + {{- end }} + {{- if .Values.initContainers.waitForRedis.securityContext.enabled }} + {{- $securityContext := unset .Values.initContainers.waitForRedis.securityContext "enabled" }} + securityContext: + {{- toYaml $securityContext | nindent 10 }} + {{- end }} + resources: + {{- toYaml .Values.initContainers.waitForRedis.resources | nindent 10 }} + volumeMounts: + - name: redis-script + mountPath: /scripts + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} containers: - name: {{ .Chart.Name }} - image: "{{ include "repositoryGenerator.quayRepository" . }}/{{ .Values.image.repository }}:v{{ include "oauth2-proxy.version" . }}" - #image: "{{ .Values.image.repository }}:v{{ include "oauth2-proxy.version" . }}" + image: "{{ include "repositoryGenerator.quayRepository" . }}/{{ .Values.image.repository }}:{{ include "oauth2-proxy.version" . }}" + #image: "{{ .Values.image.repository }}:{{ include "oauth2-proxy.version" . }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: {{- if .Values.alphaConfig.enabled }} @@ -76,7 +117,7 @@ spec: {{- end }} {{- if kindIs "map" .Values.extraArgs }} {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} + {{- if not (kindIs "invalid" $value) }} - --{{ $key }}={{ tpl ($value | toString) $ }} {{- else }} - --{{ $key }} @@ -119,6 +160,10 @@ spec: {{- if .Values.htpasswdFile.enabled }} - --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt {{- end }} +{{- if .Values.lifecycle }} + lifecycle: +{{ toYaml .Values.lifecycle | indent 10 }} +{{- end }} env: {{- if .Values.proxyVarsAsSecrets }} - name: OAUTH2_PROXY_CLIENT_ID @@ -184,6 +229,10 @@ spec: {{- if .Values.extraEnv }} {{ tpl (toYaml .Values.extraEnv) . | indent 8 }} {{- end }} + {{- if .Values.envFrom }} + envFrom: +{{ tpl (toYaml .Values.envFrom) . | indent 8 }} + {{- end }} ports: {{- if .Values.containerPort }} - containerPort: {{ .Values.containerPort }} @@ -292,7 +341,12 @@ spec: secretName: {{ template "oauth2-proxy.fullname" . }}-accesslist {{- end }} {{- end }} - +{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }} + - name: redis-script + configMap: + name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis + defaultMode: 0775 +{{- end }} {{- if or .Values.config.existingConfig .Values.config.configFile }} - configMap: defaultMode: 420 @@ -300,10 +354,17 @@ spec: name: configmain {{- end }} {{- if .Values.alphaConfig.enabled }} +{{- if .Values.alphaConfig.existingConfig }} - configMap: defaultMode: 420 - name: {{ if .Values.alphaConfig.existingConfig }}{{ .Values.alphaConfig.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}-alpha{{ end }} + name: {{ .Values.alphaConfig.existingConfig }} name: configalpha +{{- else }} + - secret: + defaultMode: 420 + secretName: {{ if .Values.alphaConfig.existingSecret }}{{ .Values.alphaConfig.existingSecret }}{{ else }}{{ template "oauth2-proxy.fullname" . }}-alpha{{ end }} + name: configalpha +{{- end }} {{- end }} {{- if ne (len .Values.extraVolumes) 0 }} {{ toYaml .Values.extraVolumes | indent 6 }} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deprecation.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/deprecation.yaml index 126d3e7a18..126d3e7a18 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deprecation.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/deprecation.yaml diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/extra-manifests.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/extra-manifests.yaml index a9bb3b6ba8..a9bb3b6ba8 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/extra-manifests.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/extra-manifests.yaml diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/google-secret.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/google-secret.yaml index 5703273d93..30a9ae1bb6 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/google-secret.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/google-secret.yaml @@ -6,6 +6,7 @@ metadata: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }}-google + namespace: {{ template "oauth2-proxy.namespace" $ }} type: Opaque data: service-account.json: {{ .Values.config.google.serviceAccountJson | b64enc | quote }} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/ingress.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/ingress.yaml index 73fd758d16..5323820487 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/ingress.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/ingress.yaml @@ -9,8 +9,12 @@ kind: Ingress metadata: labels: app: {{ template "oauth2-proxy.name" . }} -{{- include "oauth2-proxy.labels" . | indent 4 }} + {{- include "oauth2-proxy.labels" . | indent 4 }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} name: {{ template "oauth2-proxy.fullname" . }} + namespace: {{ template "oauth2-proxy.namespace" $ }} {{- with .Values.ingress.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/poddisruptionbudget.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/poddisruptionbudget.yaml index 7cdbbbeabb..1fc8ecc005 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/poddisruptionbudget.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/poddisruptionbudget.yaml @@ -6,6 +6,7 @@ metadata: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} + namespace: {{ template "oauth2-proxy.namespace" $ }} spec: selector: matchLabels: diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/redis-secret.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/redis-secret.yaml index 7a1555d8b3..202e9243e3 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/redis-secret.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/redis-secret.yaml @@ -10,6 +10,7 @@ metadata: app: {{ $name }} {{- $labels | indent 4 }} name: {{ $fullName }}-redis-access + namespace: {{ template "oauth2-proxy.namespace" $ }} type: Opaque data: {{- if and .redis.password (not .redis.existingSecret) }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml new file mode 100644 index 0000000000..15bb89338e --- /dev/null +++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml @@ -0,0 +1,20 @@ +{{- + if and + .Values.alphaConfig.enabled + (not .Values.alphaConfig.existingConfig) + (not .Values.alphaConfig.existingSecret) +}} +apiVersion: v1 +kind: Secret +metadata: +{{- if .Values.alphaConfig.annotations }} + annotations: {{- toYaml .Values.alphaConfig.annotations | nindent 4 }} +{{- end }} + labels: + app: {{ template "oauth2-proxy.name" . }} + {{- include "oauth2-proxy.labels" . | indent 4 }} + name: {{ template "oauth2-proxy.fullname" . }}-alpha + namespace: {{ template "oauth2-proxy.namespace" $ }} +data: + oauth2_proxy.yml: {{ include "oauth2-proxy.alpha-config" . | b64enc | quote }} +{{- end }} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml index ce79db1dce..95f85a8006 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml @@ -12,6 +12,7 @@ metadata: {{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }} {{- end }} name: {{ template "oauth2-proxy.fullname" . }}-accesslist + namespace: {{ template "oauth2-proxy.namespace" $ }} data: {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | b64enc }} {{- end }} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-htpasswd-file.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret-htpasswd-file.yaml index 44fe67e96a..c5ea330ff7 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-htpasswd-file.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret-htpasswd-file.yaml @@ -6,10 +6,11 @@ metadata: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file + namespace: {{ template "oauth2-proxy.namespace" $ }} type: Opaque stringData: users.txt: |- {{- range $entries := .Values.htpasswdFile.entries }} {{ $entries }} {{- end -}} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret.yaml index c9b3791f89..f3364e95a9 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret.yaml @@ -10,9 +10,8 @@ metadata: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} + namespace: {{ template "oauth2-proxy.namespace" $ }} type: Opaque data: - cookie-secret: {{ tpl .Values.config.cookieSecret $ | b64enc | quote }} - client-secret: {{ tpl .Values.config.clientSecret $ | b64enc | quote }} - client-id: {{ tpl .Values.config.clientID $ | b64enc | quote }} +{{- include "oauth2-proxy.secrets" . | nindent 2 }} {{- end -}} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/service.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/service.yaml index d9563ac283..d16120ee91 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/service.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/templates/service.yaml @@ -5,6 +5,7 @@ metadata: app: {{ template "oauth2-proxy.name" . }} {{- include "oauth2-proxy.labels" . | indent 4 }} name: {{ template "oauth2-proxy.fullname" . }} + namespace: {{ template "oauth2-proxy.namespace" $ }} {{- if .Values.service.annotations }} annotations: {{ toYaml .Values.service.annotations | indent 4 }} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml new file mode 100644 index 0000000000..2a89c4b9e3 --- /dev/null +++ b/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml @@ -0,0 +1,60 @@ +{{- if or .Values.serviceAccount.enabled -}} +{{- $fullName := include "oauth2-proxy.fullname" . -}} +{{- $saName := include "oauth2-proxy.serviceAccountName" . -}} +{{- $name := include "oauth2-proxy.name" . -}} +{{- $namespace := include "oauth2-proxy.namespace" $ -}} +{{- $labels := include "oauth2-proxy.labels" . -}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app: {{ $name }} +{{- $labels | indent 4 }} + name: {{ $saName }} + namespace: {{ $namespace }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $fullName }}-watch-redis + namespace: {{ $namespace }} + labels: + app: {{ $name }} + {{- $labels | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + resourceNames: + - "{{ include "oauth2-proxy.redis.fullname" . }}-master-0" + verbs: + - get + - list + - watch +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $saName }}-watch-redis + namespace: {{ $namespace }} + labels: + app: {{ $name }} + {{- $labels | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ $saName }} + apiGroup: "" +roleRef: + kind: Role + name: {{ $fullName }}-watch-redis + apiGroup: "" +{{- end -}} +{{- end -}} diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml new file mode 100644 index 0000000000..3802666be0 --- /dev/null +++ b/kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml @@ -0,0 +1,57 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + {{- with .Values.metrics.serviceMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "oauth2-proxy.fullname" . }} +{{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} +{{- else }} + namespace: {{ template "oauth2-proxy.namespace" $ }} +{{- end }} + labels: + prometheus: {{ .Values.metrics.serviceMonitor.prometheusInstance }} + app: {{ template "oauth2-proxy.name" . }} +{{- include "oauth2-proxy.labels" . | indent 4 }} +{{- if .Values.metrics.serviceMonitor.labels }} +{{ toYaml .Values.metrics.serviceMonitor.labels | indent 4}} +{{- end }} +spec: + jobLabel: {{ template "oauth2-proxy.fullname" . }} + selector: + matchLabels: + {{- include "oauth2-proxy.selectorLabels" . | indent 6 }} + namespaceSelector: + matchNames: + - {{ template "oauth2-proxy.namespace" $ }} + endpoints: + - port: metrics + path: "/metrics" + {{- with .Values.metrics.serviceMonitor.interval }} + interval: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.scheme }} + scheme: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.bearerTokenFile }} + bearerTokenFile: {{ . }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.tlsConfig }} + tlsConfig: + {{- toYaml .| nindent 6 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/values.yaml b/kubernetes/authentication/components/oauth2-proxy/values.yaml index 8f81e15d03..f49cb638fa 100644 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/values.yaml +++ b/kubernetes/authentication/components/oauth2-proxy/values.yaml @@ -1,5 +1,17 @@ global: quayRepository: quay.io + dockerHubRepository: docker.io + # Additions for Redis **************************** + # If dockerHubRepository is changes the following entry needs + # to be changed as well + imageRegistry: docker.io + imagePullSecrets: + - '{{ include "common.names.namespace" . }}-docker-registry-key' + # ************************************************* + +## Override the deployment namespace +## +namespaceOverride: "" # Force the target Kubernetes version (it uses Helm `.Capabilities` if not set). # This is especially useful for `helm template` as capabilities are always empty @@ -57,8 +69,13 @@ alphaConfig: metricsConfigData: {} # Arbitrary configuration data to append configData: {} - # Use an existing config map (see configmap-alpha.yaml for required fields) + # Arbitrary configuration to append + # This is treated as a Go template and rendered with the root context + configFile: "" + # Use an existing config map (see secret-alpha.yaml for required fields) existingConfig: ~ + # Use an existing secret + existingSecret: ~ image: #repository: "quay.io/oauth2-proxy/oauth2-proxy" @@ -81,6 +98,19 @@ image: extraArgs: {} extraEnv: [] +envFrom: [] +# Load environment variables from a ConfigMap(s) and/or Secret(s) +# that already exists (created and managed by you). +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +# +# PS: Changes in these ConfigMaps or Secrets will not be automatically +# detected and you must manually restart the relevant Pods after changes. +# +# - configMapRef: +# name: special-config +# - secretRef: +# name: special-config-secret + # -- Custom labels to add into metadata customLabels: {} @@ -153,6 +183,7 @@ ingress: # name: ssl-redirect # port: # name: use-annotation + labels: {} # annotations: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" @@ -164,11 +195,11 @@ ingress: resources: {} # limits: - # cpu: "100m" - # memory: "300Mi" + # cpu: 100m + # memory: 300Mi # requests: - # cpu: "100m" - # memory: "300Mi" + # cpu: 100m + # memory: 300Mi extraVolumes: [] # - name: ca-bundle-cert @@ -186,11 +217,15 @@ extraContainers: [] priorityClassName: "" -# Host aliases, useful when working "on premise" where (public) DNS resolver does not know about my hosts. -hostAlias: - enabled: false - # ip: "10.xxx.xxx.xxx" - # hostname: "auth.example.com" +# hostAliases is a list of aliases to be added to /etc/hosts for network name resolution +hostAliases: [] +# - ip: "10.xxx.xxx.xxx" +# hostnames: +# - "auth.example.com" +# - ip: 127.0.0.1 +# hostnames: +# - chart-example.local +# - example.local # [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration. # Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling @@ -229,16 +264,24 @@ readinessProbe: # Configure Kubernetes security context for container # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ securityContext: - enabled: false + enabled: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true runAsNonRoot: true - # allowPrivilegeEscalation: false - # runAsUser: 2000 + runAsUser: 2000 + runAsGroup: 2000 + seccompProfile: + type: RuntimeDefault deploymentAnnotations: {} podAnnotations: {} podLabels: {} replicaCount: 1 revisionHistoryLimit: 10 +strategy: {} ## PodDisruptionBudget settings ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ @@ -253,12 +296,47 @@ podSecurityContext: {} # whether to use http or https httpScheme: http +initContainers: + # if the redis sub-chart is enabled, wait for it to be ready + # before starting the proxy + # creates a role binding to get, list, watch, the redis master pod + # if service account is enabled + waitForRedis: + enabled: true + image: + repository: "alpine" + tag: "latest" + pullPolicy: "IfNotPresent" + # uses the kubernetes version of the cluster + # the chart is deployed on, if not set + kubectlVersion: "" + securityContext: + enabled: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + seccompProfile: + type: RuntimeDefault + timeout: 180 + resources: {} + # limits: + # cpu: 100m + # memory: 300Mi + # requests: + # cpu: 100m + # memory: 300Mi + # Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -B" for bcrypt encryption. # Alternatively supply an existing secret which contains the required information. htpasswdFile: enabled: false existingSecret: "" - entries: {} + entries: [] # One row for each user # example: # entries: @@ -302,13 +380,18 @@ redis: # Redis specific helm chart settings, please see: # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters # redisPort: 6379 - # cluster: - # enabled: false - # slaveCount: 1 + # architecture: standalone # Enables apiVersion deprecation checks checkDeprecation: true +# Allows graceful shutdown +# terminationGracePeriodSeconds: 65 +# lifecycle: +# preStop: +# exec: +# command: [ "sh", "-c", "sleep 60" ] + metrics: # Enable Prometheus metrics endpoint enabled: true @@ -319,7 +402,7 @@ metrics: # Protocol set on the service for the metrics port service: appProtocol: http - servicemonitor: + serviceMonitor: # Enable Prometheus Operator ServiceMonitor enabled: false # Define the namespace where to deploy the ServiceMonitor resource @@ -333,6 +416,37 @@ metrics: # Add custom labels to the ServiceMonitor resource labels: {} + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig + tlsConfig: {} + + ## bearerTokenFile: Path to bearer token file. + bearerTokenFile: "" + + ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + annotations: {} + + ## Metric relabel configs to apply to samples before ingestion. + ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## Relabel configs to apply to samples before ingestion. + ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + # Extra K8s manifests to deploy extraObjects: [] # - apiVersion: secrets-store.csi.x-k8s.io/v1 diff --git a/kubernetes/authentication/resources/oauth2_proxy.cfg b/kubernetes/authentication/resources/oauth2_proxy.cfg new file mode 100644 index 0000000000..60aaad4b52 --- /dev/null +++ b/kubernetes/authentication/resources/oauth2_proxy.cfg @@ -0,0 +1,38 @@ +provider = "oidc" +provider_display_name = "ONAPKeycloakID" +client_id = "{{ index .Values "onap-oauth2-proxy" "config" "clientId" }}" +client_secret = "{{ index .Values "onap-oauth2-proxy" "config" "clientSecret" }}" +oidc_issuer_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap' +oidc_jwks_url = 'http://{{ include "common.namespace" . }}-authentication-keycloakx-http.{{ include "common.namespace" . }}/realms/onap/protocol/openid-connect/certs' +profile_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/userinfo' +validate_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/userinfo' +redeem_url = 'http://{{ include "common.namespace" . }}-authentication-keycloakx-http.{{ include "common.namespace" . }}/realms/onap/protocol/openid-connect/token' +scope = "openid email profile groups onap_roles" +skip_oidc_discovery = true +cookie_secure = false +cookie_secret = "{{ index .Values "onap-oauth2-proxy" "config" "cookieSecret" }}" +email_domains = [ "*" ] +auth_logging = true +request_logging = true +standard_logging = true +show_debug_on_error = true +cookie_domains = ".{{ .Values.global.ingress.virtualhost.baseurl }}" +cookie_samesite = "lax" +whitelist_domains = ".{{ .Values.global.ingress.virtualhost.baseurl }}" +login_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/auth' +pass_access_token = true +pass_authorization_header = true +pass_host_header = true +pass_user_headers = true +http_address = "0.0.0.0:4180" +oidc_email_claim = "email" +oidc_groups_claim = "groups" +insecure_oidc_skip_issuer_verification = true +insecure_oidc_allow_unverified_email = true +silence_ping_logging = true +upstreams = "static://200" +set_xauthrequest = true +set_authorization_header = true +skip_provider_button = true +skip_jwt_bearer_tokens = true +cookie_expire = "30m" diff --git a/kubernetes/authentication/templates/_utils.tpl b/kubernetes/authentication/templates/_utils.tpl new file mode 100644 index 0000000000..806f96164a --- /dev/null +++ b/kubernetes/authentication/templates/_utils.tpl @@ -0,0 +1,811 @@ +{{/* +# Copyright © 2024 Tata Communication Limited (TCL), Deutsche Telekom AG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "auth.realm" ( dict "dot" . "realm" .Values.path.to.realm) }} +*/}} +{{- define "auth.realm" -}} +{{- $dot := default . .dot -}} +{{- $realm := (required "'realm' param, set to the specific service, is required." .realm) -}} +realm: {{ $realm.name }} +{{ if $realm.displayName }}displayName: {{ $realm.displayName }}{{ end }} +id: {{ $realm.name }} +accessTokenLifespan: 1900 +registrationAllowed: false +resetPasswordAllowed: true +enabled: true +{{ if $realm.themes }} +{{ if $realm.themes.login }}loginTheme: {{ $realm.themes.login }}{{ end }} +{{ if $realm.themes.admin }}adminTheme: {{ $realm.themes.admin }}{{ end }} +{{ if $realm.themes.account }}accountTheme: {{ $realm.themes.account }}{{ end }} +{{ if $realm.themes.email }}emailTheme: {{ $realm.themes.email }}{{ end }} +{{- end }} +{{- if $realm.accessControl }} +{{ include "auth._roles" $realm }} +{{- end }} +{{ include "auth._clients" (dict "dot" $dot "realm" $realm) }} +{{ include "auth._clientScopes" $realm }} +{{ include "auth._defaultClientScopes" $realm }} +{{ include "auth._groups" $realm }} +{{ include "auth._users" $realm }} +{{ include "auth._identity" $realm }} +{{ include "auth._identityMapper" $realm }} +{{ include "auth._smtpServer" $realm }} +{{ include "auth._attributes" (dict "dot" $dot "realm" $realm) }} +{{- end -}} + +{{/* +Renders the roles section in a realm. +Usage: +{{ include "auth._roles" ( dict "dot" .Values) }} +*/}} +{{- define "auth._roles" -}} +{{- $realm := default . .dot -}} +roles: + realm: + {{- range $index, $role := $realm.accessControl.assignableRoles }} + - name: "{{ $role.name }}" + description: "{{ $role.description }}" + {{- if $role.associatedAccessRoles }} + composite: true + composites: + client: + {{- range $key, $accessRole := $realm.accessControl.accessRoles }} + {{ $client := index $realm.clients $key -}} + {{ $client.clientId }}: + {{- range $index2, $associatedRole := $role.associatedAccessRoles }} + - {{ $associatedRole }} + {{- end }} + {{- end }} + {{- else }} + composite: false + {{- end }} + clientRole: false + containerId: "{{ $realm.name }}" + attributes: {} + {{- end }} + - name: "user" + composite: false + clientRole: false + containerId: "{{ $realm.name }}" + attributes: {} + - name: "admin" + composite: false + clientRole: false + containerId: "{{ $realm.name }}" + attributes: {} + - name: "offline_access" + description: "${role_offline-access}" + composite: false + clientRole: false + containerId: "{{ $realm.name }}" + attributes: {} + - name: "uma_authorization" + description: "${role_uma_authorization}" + composite: false + clientRole: false + containerId: "{{ $realm.name }}" + attributes: {} + - name: "default-roles-{{ $realm.name }}" + description: "${role_default-roles}" + composite: true + composites: + realm: + - "offline_access" + - "uma_authorization" + client: + account: + - "view-profile" + - "manage-account" + clientRole: false + containerId: "{{ $realm.name }}" + attributes: {} + {{- if $realm.accessControl.accessRoles }} + client: + {{- range $key, $accessRole := $realm.accessControl.accessRoles }} + {{ $client := index $realm.clients $key -}} + {{ $client.clientId }}: + {{- range $index, $role := get $realm.accessControl.accessRoles $key }} + - name: "{{ $role.name }}" + description: "Allows to perform {{ $role.methodsAllowed }} operations for {{ $role.name }} component" + composite: false + clientRole: false + containerId: "{{ $client.clientId }}" + attributes: {} + {{- end }} + {{- end }} + {{- end }} +{{- end }} + +{{/* +Renders the clients section in a realm. +Usage: +{{ include "auth._clients" ( dict "dot" . "realm" $realm ) }} +*/}} +{{- define "auth._clients" -}} +{{- $dot := default . .dot -}} +{{- $realm := (required "'realm' param, set to the specific service, is required." .realm) -}} +clients: + {{- range $index, $client := $realm.clients }} + - clientId: "{{ $client.clientId }}" + {{- if $client.name }} + name: "{{ $client.name }}" + {{- end }} + {{- if $client.description }} + description: "{{ $client.description }}" + {{- end }} + {{- if $client.rootUrl }} + rootUrl: {{ tpl $client.rootUrl $dot }} + {{- end }} + {{- if $client.adminUrl }} + adminUrl: {{ tpl $client.adminUrl $dot }} + {{- end }} + {{- if $client.baseUrl }} + baseUrl: {{ tpl $client.baseUrl $dot }} + {{- end }} + surrogateAuthRequired: {{ default false $client.surrogateAuthRequired }} + enabled: true + alwaysDisplayInConsole: false + clientAuthenticatorType: {{ default "client-secret" $client.clientAuthenticatorType }} + {{- if $client.secret }} + secret: "{{ $client.secret }}" + {{- end }} + {{- if $client.redirectUris }} + redirectUris: + {{- range $index2, $url := $client.redirectUris }} + - {{ tpl $url $dot }} + {{- end }} + {{- else }} + redirectUris: [] + {{- end }} + {{- if $client.webOrigins }} + webOrigins: + {{- range $index3, $web := $client.webOrigins }} + - {{ $web | quote }} + {{- end }} + {{- else }} + webOrigins: [] + {{- end }} + notBefore: 0 + bearerOnly: {{ default false $client.bearerOnly }} + consentRequired: {{ default false $client.consentRequired }} + standardFlowEnabled: {{ default true $client.standardFlowEnabled }} + implicitFlowEnabled: {{ default false $client.implicitFlowEnabled }} + directAccessGrantsEnabled: {{ default true $client.directAccessGrantsEnabled }} + serviceAccountsEnabled: {{ default false $client.serviceAccountsEnabled }} + publicClient: {{ default false $client.publicClient }} + frontchannelLogout: {{ default false $client.frontchannelLogout }} + protocol: "{{ default "openid-connect" $client.protocol }}" + {{- if $client.attributes }} + attributes: + {{- range $key,$value := $client.attributes }} + {{ $key }}: {{ tpl $value $dot }} + {{- end }} + {{- end }} + authenticationFlowBindingOverrides: {} + fullScopeAllowed: true + nodeReRegistrationTimeout: -1 + protocolMappers: + {{- if $client.protocolMappers }} + {{- range $index2, $mapper := $client.protocolMappers }} + - name: {{ $mapper.name }} + protocol: "openid-connect" + protocolMapper: {{ $mapper.protocolMapper }} + consentRequired: false + config: + {{ toYaml $mapper.config | nindent 10 }} + {{- end }} + {{- end }} + defaultClientScopes: + {{- if $client.defaultClientScopes }} + {{- range $index2, $scope := $client.defaultClientScopes }} + - {{ $scope }} + {{- end }} + {{- else }} + - web-origins + - profile + - acr + - email + {{- end }} + optionalClientScopes: + {{- if $client.optionalClientScopes }} + {{- range $index2, $scope := $client.optionalClientScopes }} + - {{ $scope }} + {{- end }} + {{- else }} + - address + - phone + - offline_access + - microprofile-jwt + {{- end }} + {{- end }} +{{- end }} + +{{/* +Renders the defaulDefaultClientScopes section in a realm. +Usage: +{{ include "auth._defaultClientScopes" ( dict "dot" .Values) }} +*/}} +{{- define "auth._defaultClientScopes" -}} +{{- $dot := default . .dot -}} +{{- if $dot.defaultClientScopes }} +defaultDefaultClientScopes: + {{- range $index, $scope := $dot.defaultClientScopes }} + - {{ $scope }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Renders the clientScopes section in a realm. +Usage: +{{ include "auth._clientScopes" ( dict "dot" .Values) }} +*/}} +{{- define "auth._clientScopes" -}} +{{- $dot := default . .dot -}} +clientScopes: +{{- if $dot.additionalClientScopes }} +{{- range $index, $scope := $dot.additionalClientScopes }} +- name: {{ $scope.name }} + description: "{{ default "" $scope.description }}" + protocol: openid-connect + attributes: + include.in.token.scope: 'false' + display.on.consent.screen: 'true' + gui.order: '' + consent.screen.text: "${rolesScopeConsentText}" + protocolMappers: + {{- if $scope.protocolMappers }} + {{- range $index2, $mapper := $scope.protocolMappers }} + - name: {{ $mapper.name }} + protocol: "openid-connect" + protocolMapper: {{ $mapper.protocolMapper }} + consentRequired: false + config: + {{ toYaml $mapper.config | nindent 8 }} + {{- end }} + {{- end }} + +{{- end }} +{{- end }} +- name: roles + description: OpenID Connect scope for add user roles to the access token + protocol: openid-connect + attributes: + include.in.token.scope: 'false' + display.on.consent.screen: 'true' + consent.screen.text: "${rolesScopeConsentText}" + protocolMappers: + - name: audience resolve + protocol: openid-connect + protocolMapper: oidc-audience-resolve-mapper + consentRequired: false + config: {} + - name: realm roles + protocol: openid-connect + protocolMapper: oidc-usermodel-realm-role-mapper + consentRequired: false + config: + user.attribute: foo + access.token.claim: 'true' + claim.name: realm_access.roles + jsonType.label: String + multivalued: 'true' + - name: client roles + protocol: openid-connect + protocolMapper: oidc-usermodel-client-role-mapper + consentRequired: false + config: + user.attribute: foo + access.token.claim: 'true' + claim.name: resource_access.${client_id}.roles + jsonType.label: String + multivalued: 'true' +- name: groups + description: Membership to a group + protocol: openid-connect + attributes: + include.in.token.scope: 'true' + display.on.consent.screen: 'true' + gui.order: '' + consent.screen.text: '' + protocolMappers: + - name: groups + protocol: openid-connect + protocolMapper: oidc-group-membership-mapper + consentRequired: false + config: + full.path: 'false' + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: groups + userinfo.token.claim: 'true' +- name: acr + description: OpenID Connect scope for add acr (authentication context class reference) + to the token + protocol: openid-connect + attributes: + include.in.token.scope: 'false' + display.on.consent.screen: 'false' + protocolMappers: + - name: acr loa level + protocol: openid-connect + protocolMapper: oidc-acr-mapper + consentRequired: false + config: + id.token.claim: 'true' + access.token.claim: 'true' +- name: profile + description: 'OpenID Connect built-in scope: profile' + protocol: openid-connect + attributes: + include.in.token.scope: 'true' + display.on.consent.screen: 'true' + consent.screen.text: "${profileScopeConsentText}" + protocolMappers: + - name: profile + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: profile + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: profile + jsonType.label: String + - name: given name + protocol: openid-connect + protocolMapper: oidc-usermodel-property-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: firstName + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: given_name + jsonType.label: String + - name: website + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: website + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: website + jsonType.label: String + - name: zoneinfo + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: zoneinfo + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: zoneinfo + jsonType.label: String + - name: locale + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: locale + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: locale + jsonType.label: String + - name: gender + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: gender + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: gender + jsonType.label: String + - name: family name + protocol: openid-connect + protocolMapper: oidc-usermodel-property-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: lastName + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: family_name + jsonType.label: String + - name: username + protocol: openid-connect + protocolMapper: oidc-usermodel-property-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: username + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: preferred_username + jsonType.label: String + - name: middle name + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: middleName + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: middle_name + jsonType.label: String + - name: birthdate + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: birthdate + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: birthdate + jsonType.label: String + - name: updated at + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: updatedAt + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: updated_at + jsonType.label: long + - name: full name + protocol: openid-connect + protocolMapper: oidc-full-name-mapper + consentRequired: false + config: + id.token.claim: 'true' + access.token.claim: 'true' + userinfo.token.claim: 'true' + - name: nickname + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: nickname + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: nickname + jsonType.label: String + - name: picture + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: picture + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: picture + jsonType.label: String +- name: address + description: 'OpenID Connect built-in scope: address' + protocol: openid-connect + attributes: + include.in.token.scope: 'true' + display.on.consent.screen: 'true' + consent.screen.text: "${addressScopeConsentText}" + protocolMappers: + - name: address + protocol: openid-connect + protocolMapper: oidc-address-mapper + consentRequired: false + config: + user.attribute.formatted: formatted + user.attribute.country: country + user.attribute.postal_code: postal_code + userinfo.token.claim: 'true' + user.attribute.street: street + id.token.claim: 'true' + user.attribute.region: region + access.token.claim: 'true' + user.attribute.locality: locality +- name: web-origins + description: OpenID Connect scope for add allowed web origins to the access token + protocol: openid-connect + attributes: + include.in.token.scope: 'false' + display.on.consent.screen: 'false' + consent.screen.text: '' + protocolMappers: + - name: allowed web origins + protocol: openid-connect + protocolMapper: oidc-allowed-origins-mapper + consentRequired: false + config: {} +- name: phone + description: 'OpenID Connect built-in scope: phone' + protocol: openid-connect + attributes: + include.in.token.scope: 'true' + display.on.consent.screen: 'true' + consent.screen.text: "${phoneScopeConsentText}" + protocolMappers: + - name: phone number verified + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: phoneNumberVerified + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: phone_number_verified + jsonType.label: boolean + - name: phone number + protocol: openid-connect + protocolMapper: oidc-usermodel-attribute-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: phoneNumber + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: phone_number + jsonType.label: String +- name: offline_access + description: 'OpenID Connect built-in scope: offline_access' + protocol: openid-connect + attributes: + consent.screen.text: "${offlineAccessScopeConsentText}" + display.on.consent.screen: 'true' +- name: role_list + description: SAML role list + protocol: saml + attributes: + consent.screen.text: "${samlRoleListScopeConsentText}" + display.on.consent.screen: 'true' + protocolMappers: + - name: role list + protocol: saml + protocolMapper: saml-role-list-mapper + consentRequired: false + config: + single: 'false' + attribute.nameformat: Basic + attribute.name: Role +- name: microprofile-jwt + description: Microprofile - JWT built-in scope + protocol: openid-connect + attributes: + include.in.token.scope: 'true' + display.on.consent.screen: 'false' + protocolMappers: + - name: upn + protocol: openid-connect + protocolMapper: oidc-usermodel-property-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: username + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: upn + jsonType.label: String + - name: groups + protocol: openid-connect + protocolMapper: oidc-usermodel-realm-role-mapper + consentRequired: false + config: + multivalued: 'true' + user.attribute: foo + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: groups + jsonType.label: String +- name: email + description: 'OpenID Connect built-in scope: email' + protocol: openid-connect + attributes: + include.in.token.scope: 'true' + display.on.consent.screen: 'true' + consent.screen.text: "${emailScopeConsentText}" + protocolMappers: + - name: email + protocol: openid-connect + protocolMapper: oidc-usermodel-property-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: email + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: email + jsonType.label: String + - name: email verified + protocol: openid-connect + protocolMapper: oidc-usermodel-property-mapper + consentRequired: false + config: + userinfo.token.claim: 'true' + user.attribute: emailVerified + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: email_verified + jsonType.label: boolean +{{- end }} + +{{/* +Renders the groups section in a realm. +Usage: +{{ include "auth._groups" ( dict "dot" .Values) }} +*/}} +{{- define "auth._groups" -}} +{{- $dot := default . .dot -}} +{{- if $dot.groups }} +groups: +{{- range $index, $group := $dot.groups }} + - name: "{{ $group.name }}" + path: "{{ $group.path }}" + attributes: {} + {{- if $group.roles }} + realmRoles: + {{- range $index2, $groupRole := $group.roles }} + - "{{ $groupRole }}" + {{- end }} + {{- else }} + realmRoles: [] + {{- end }} + clientRoles: {} + subGroups: [] +{{- end }} +{{- else }} +groups: [] +{{- end }} +{{- end }} + +{{/* +Renders the users section in a realm. +Usage: +{{ include "auth._users" ( dict "dot" .Values) }} +*/}} +{{- define "auth._users" -}} +{{- $dot := default . .dot -}} +{{- if $dot.initialUsers }} +users: + {{- range $index, $user := $dot.initialUsers }} + - username: "{{ $user.username }}" + enabled: true + totp: false + email: "{{ default "" $user.email }}" + emailVerified: "{{ default true $user.emailVerified }}" + firstName: "{{ default "" $user.firstName }}" + lastName: "{{ default "" $user.lastName }}" + {{- if $user.attributes }} + attributes: + {{ toYaml $user.attributes | nindent 6 }} + {{- else }} + attributes: {} + {{- end }} + {{- if $user.password }} + credentials: + - type: "password" + temporary: false + value: "{{ $user.password }}" + {{- end }} + {{- if $user.credentials }} + credentials: + {{ toYaml $user.credentials | nindent 6 }} + {{- end }} + disableableCredentialTypes: [] + requiredActions: [] + {{- if $user.realmRoles }} + realmRoles: + {{- range $index2, $realmRole := $user.realmRoles }} + - "{{ $realmRole }}" + {{- end }} + {{- else }} + realmRoles: [ "default-roles-{{ $dot.name }}" ] + {{- end }} + {{- if $user.clientRoles }} + clientRoles: + {{ toYaml $user.clientRoles | nindent 6 }} + {{- end }} + notBefore: 0 + groups: {{ $user.groups | toJson }} + {{- end }} +{{- end }} +{{- end }} + +{{/* +Renders the identityProviders section in a realm. +Usage: +{{ include "auth._identity" ( dict "dot" .Values) }} +*/}} +{{- define "auth._identity" -}} +{{- $dot := default . .dot -}} +{{- if $dot.identityProviders }} +identityProviders: +{{- range $index, $provider := $dot.identityProviders }} + - alias: {{ $provider.name }} + displayName: {{ $provider.displayName }} + providerId: oidc + enabled: true + updateProfileFirstLoginMode: "on" + trustEmail: true + storeToken: true + addReadTokenRoleOnCreate: true + authenticateByDefault: false + linkOnly: false + firstBrokerLoginFlowAlias: "first broker login" + config: + {{ toYaml $provider.config | nindent 6 }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Renders the identityProviderMappers section in a realm. +Usage: +{{ include "auth._identityMapper" ( dict "dot" .Values) }} +*/}} +{{- define "auth._identityMapper" -}} +{{- $dot := default . .dot -}} +{{- if $dot.identityProviderMappers }} +identityProviderMappers: +{{- range $index, $mapper := $dot.identityProviderMappers }} + - name: {{ $mapper.name }} + identityProviderAlias: {{ $mapper.identityProviderAlias }} + identityProviderMapper: {{ $mapper.identityProviderMapper }} + config: + {{ toYaml $mapper.config | nindent 6 }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Renders the smtpServer section in a realm. +Usage: +{{ include "auth._smtpServer" ( dict "dot" .Values) }} +*/}} +{{- define "auth._smtpServer" -}} +{{- $dot := default . .dot -}} +{{- if $dot.smtpServer }} +smtpServer: + {{ toYaml $dot.smtpServer | nindent 2 }} +{{- end }} +{{- end }} + +{{/* +Renders the attributes section in a realm. +Usage: +{{ include "auth._attributes" ( dict "dot" . "realm" $realm ) }} +*/}} +{{- define "auth._attributes" -}} +{{- $dot := default . .dot -}} +{{- $realm := (required "'realm' param, set to the specific service, is required." .realm) -}} +attributes: + frontendUrl: {{ tpl $realm.attributes.frontendUrl $dot }} + acr.loa.map: "{\"ABC\":\"5\"}" +{{- end }} diff --git a/kubernetes/authentication/templates/authorizationpolicy.yaml b/kubernetes/authentication/templates/authorizationpolicy.yaml new file mode 100644 index 0000000000..abd40725da --- /dev/null +++ b/kubernetes/authentication/templates/authorizationpolicy.yaml @@ -0,0 +1,90 @@ +{{/* +# Copyright © 2024 Tata Communication Limited (TCL), Deutsche Telekom AG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.ingressAuthentication.enabled }} +--- +{{- $dot := . }} +{{- range $index, $realm := .Values.realmSettings }} +{{- range $key, $accessRole := $realm.accessControl.accessRoles }} +{{- range $index, $role := get $realm.accessControl.accessRoles $key }} +apiVersion: security.istio.io/v1 +kind: AuthorizationPolicy +metadata: + name: {{ $key }}-{{ $role.name }}-jwt + namespace: istio-ingress +spec: + action: ALLOW + rules: + - to: + - operation: + hosts: + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $role.servicePrefix) }} + methods: + {{- range $role.methodsAllowed }} + - {{ . }} + {{- end }} + when: + - key: request.auth.claims[onap_roles] + values: + - {{ $role.name }} + selector: + matchLabels: + istio: ingress +--- +{{- end }} +{{- end }} +{{- end }} +apiVersion: security.istio.io/v1 +kind: AuthorizationPolicy +metadata: + name: {{ .Release.Name }}-custom-action + namespace: istio-ingress +spec: + action: CUSTOM + provider: + name: oauth2-proxy + rules: + - to: + - operation: + notHosts: + {{- if .Values.ingressAuthentication.exceptions }} + {{- range $index, $url := .Values.ingressAuthentication.exceptions }} + - {{ tpl $url $dot }} + {{- end }} + {{- end }} + selector: + matchLabels: + istio: ingress +--- +apiVersion: security.istio.io/v1 +kind: AuthorizationPolicy +metadata: + name: {{ .Release.Name }}-allowed-exceptions + namespace: istio-ingress +spec: + action: ALLOW + rules: + - to: + - operation: + hosts: + {{- if .Values.ingressAuthentication.exceptions }} + {{- range $index, $url := .Values.ingressAuthentication.exceptions }} + - {{ tpl $url $dot }} + {{- end }} + {{- end }} + selector: + matchLabels: + istio: ingress +{{- end }} diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml b/kubernetes/authentication/templates/configmap.yaml index 83f658f751..f373754379 100644 --- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml +++ b/kubernetes/authentication/templates/configmap.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2024 Tata Communication Limited (TCL), Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,11 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - +--- apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-logging-configmap + name: oauth2-onap-config namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/oauth2_proxy.cfg").AsConfig . | indent 2 }} diff --git a/kubernetes/authentication/templates/requestauthentication.yaml b/kubernetes/authentication/templates/requestauthentication.yaml new file mode 100644 index 0000000000..92bea9f48e --- /dev/null +++ b/kubernetes/authentication/templates/requestauthentication.yaml @@ -0,0 +1,36 @@ +{{/* +# Copyright © 2024 Tata Communication Limited (TCL), Deutsche Telekom AG +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.ingressAuthentication.enabled }} +--- +apiVersion: security.istio.io/v1beta1 +kind: RequestAuthentication +metadata: + name: {{ .Release.Name }}-request-auth + namespace: istio-ingress +spec: + selector: + matchLabels: + istio: ingress + jwtRules: + {{- $dot := . }} + {{- range $index, $realm := .Values.realmSettings }} + - issuer: "https://{{ include "ingress.config.host" (dict "dot" $dot "baseaddr" "keycloak-ui") }}/{{ $dot.Values.keycloak.relativePath }}realms/{{ $realm.name }}" + jwksUri: {{ $dot.Values.keycloak.intURL }}realms/{{ $realm.name }}/protocol/openid-connect/certs + {{- end }} + - issuer: "https://{{ include "ingress.config.host" (dict "dot" $dot "baseaddr" "keycloak-ui") }}/{{ .Values.keycloak.relativePath }}realms/master" + jwksUri: {{ .Values.keycloak.intURL }}realms/master/protocol/openid-connect/certs + forwardOriginalToken: true +{{- end }} diff --git a/kubernetes/platform/components/keycloak-init/templates/secret.yaml b/kubernetes/authentication/templates/secret.yaml index 0d9b387dfa..1488be6969 100644 --- a/kubernetes/platform/components/keycloak-init/templates/secret.yaml +++ b/kubernetes/authentication/templates/secret.yaml @@ -9,9 +9,8 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} -{{- with .Files.Glob "resources/realms/*json" }} data: -{{- range $path, $bytes := . }} - {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }} -{{- end }} -{{- end }} +{{- $dot := . }} +{{- range $realm := .Values.realmSettings }} + {{ $realm.name }}: {{ include "auth.realm" (dict "dot" $dot "realm" $realm) | fromYaml | toPrettyJson | indent 2 | b64enc | quote }} +{{- end -}} diff --git a/kubernetes/authentication/values.yaml b/kubernetes/authentication/values.yaml new file mode 100644 index 0000000000..ba99879e87 --- /dev/null +++ b/kubernetes/authentication/values.yaml @@ -0,0 +1,648 @@ +# Copyright © 2024, Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + # Global ingress configuration + ingress: + enabled: false + virtualhost: + baseurl: "simpledemo.onap.org" + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" + +keycloak: + intURL: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/" + relativePath: "auth/" +ingressAuthentication: + enabled: false + exceptions: + - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}' + - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "portal-ui") }}' + - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "minio-console") }}' + - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "uui-server") }}' + +onap-keycloak-config-cli: + image: + pullSecrets: + - name: onap-docker-registry-key + #existingSecret: "keycloak-keycloakx-admin-creds" + env: + # internal KC URL plus relative path + KEYCLOAK_URL: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/" + KEYCLOAK_SSLVERIFY: "false" + KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true" + secrets: + KEYCLOAK_PASSWORD: secret + existingConfigSecret: "keycloak-config-cli-config-realms" + securityContext: + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + readOnlyRootFilesystem: true + resources: + limits: + cpu: "1" + memory: 500Mi + requests: + cpu: 100m + memory: 10Mi + +onap-oauth2-proxy: + securityContext: + capabilities: + drop: + - ALL + - CAP_NET_RAW + + resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 500m + memory: 500Mi + + initContainers: + waitForRedis: + #image: + # repository: "dockerhub.devops.telekom.de/alpine" + # tag: "3.20" + securityContext: + capabilities: + drop: + - ALL + - CAP_NET_RAW + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + + # Oauth client configuration specifics + config: + # Create a new secret with the following command + # openssl rand -base64 32 | head -c 32 | base64 + cookieSecret: "CbgXFXDJ16laaCfChtFBpKy1trNEmJZDIjaiaIMLyRA=" + clientID: &clientID "oauth2-proxy-onap" + # To be set in helmfile + clientSecret: &clientSecret "5YSOkJz99WHv8enDZPknzJuGqVSerELp" + # To be set in helmfile + cookieName: "onap-cookie" + # settings see https://github.com/oauth2-proxy/oauth2-proxy/blob/master/docs/docs/configuration/overview.md + existingConfig: "oauth2-onap-config" + + # Configure the session storage type, between cookie and redis + sessionStorage: + # Can be one of the supported session storage cookie|redis + type: redis + redis: + # Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`) + existingSecret: "onap-authentication-redis" + # Redis password value. Applicable for all Redis configurations. Taken from redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence + password: "" + # Key of the Kubernetes secret data containing the redis password value + passwordKey: "redis-password" + # Can be one of standalone|cluster|sentinel + clientType: "sentinel" + standalone: + # URL of redis standalone server for redis session storage (e.g. `redis://HOST[:PORT]`). Automatically generated if not set + connectionUrl: "" + cluster: + # List of Redis cluster connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) + connectionUrls: [] + sentinel: + # Name of the Kubernetes secret containing the redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret` + existingSecret: "" + # Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password` + password: "" + # Key of the Kubernetes secret data containing the redis sentinel password value + passwordKey: "redis-password" + # Redis sentinel master name + masterName: "mymaster" + # List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) + connectionUrls: "redis://onap-authentication-redis-node-0.onap-authentication-redis-headless.onap:26379,redis://onap-authentication-redis-node-1.onap-authentication-redis-headless.onap:26379,redis://onap-authentication-redis-node-2.onap-authentication-redis-headless.onap:26379" + + # Enables and configure the automatic deployment of the redis subchart + redis: + # provision an instance of the redis sub-chart + enabled: true + master: + containerSecurityContext: + capabilities: + drop: ["ALL", "CAP_NET_RAW"] + replica: + containerSecurityContext: + capabilities: + drop: ["ALL", "CAP_NET_RAW"] + sentinel: + enabled: true + containerSecurityContext: + capabilities: + drop: ["ALL", "CAP_NET_RAW"] + +serviceAccount: + nameOverride: keycloak-init + roles: + - read + +realmSettings: + - name: onap + displayName: "ONAP Realm" + attributes: + frontendUrl: 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/{{ .Values.keycloak.relativePath }}' + themes: + login: "base" + admin: "base" + account: "base" + email: "base" + groups: + - name: admins + path: /admins + roles: [ "platform-all-full" ] + - name: contributors + path: /contributors + roles: [ "platform-all-write" ] + - name: readers + path: /readers + roles: [ "platform-all-read" ] + initialUsers: + - username: "onap-admin" + credentials: + - type: password + secretData: "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}" + credentialData : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + attributes: + sdc_user: + - "cs0008" + realmRoles: + - default-roles-onap + - portal_admin + groups: [] + - username: "onap-designer" + credentials: [] + attributes: + sdc_user: + - "cs0008" + realmRoles: + - default-roles-onap + - portal_designer + groups: [] + - username: "onap-operator" + credentials: [] + attributes: + sdc_user: + - "cs0008" + realmRoles: + - default-roles-onap + - portal_operator + groups: [] + - username: "service-account-portal-bff" + serviceAccountClientId: "portal-bff" + credentials: [] + clientRoles: + realm-management: + - manage-realm + - manage-users + groups: [] + - username: adminek + password: Adminek + email: "onap-admin@amartus.com" + groups: + - admins + - username: onapadmin + password: ONAPAdmin + email: "onap-admin1@amartus.com" + groups: + - admins + - username: contributor + password: Contributor + email: "onap-contributor@amartus.com" + groups: + - contributors + - username: reader + password: Reader + email: "onap-reader@amartus.com" + groups: + - readers + clients: + oauth2_proxy: + clientId: *clientID + name: "Oauth2 Proxy" + secret: *clientSecret + protocol: openid-connect + protocolMappers: + - name: "Audience for Oauth2Proxy" + protocolMapper: "oidc-audience-mapper" + config: + included.client.audience: "oauth2-proxy-onap" + id.token.claim: "false" + access.token.claim: "true" + included.custom.audience: "oauth2-proxy-onap" + - name: "SDC-User" + protocolMapper: "oidc-usermodel-attribute-mapper" + config: + multivalued: "false" + userinfo.token.claim: "true" + user.attribute: "sdc_user" + id.token.claim: "true" + access.token.claim: "true" + claim.name: "sdc_user" + jsonType.label: "String" + additionalDefaultScopes: + - "onap_roles" + portal_app: + clientId: "portal-app" + redirectUris: + - 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "portal-ng-ui") }}/*' + - 'http://localhost/*' + protocol: openid-connect + additionalAttributes: + post.logout.redirect.uris: 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "portal-ng-ui") }}/*' + protocolMappers: + - name: "User-Roles" + protocolMapper: "oidc-usermodel-attribute-mapper" + config: + userinfo.token.claim: "true" + id.token.claim: "true" + access.token.claim: "true" + claim.name: "roles" + multivalued: "true" + - name: "SDC-User" + protocolMapper: "oidc-usermodel-attribute-mapper" + config: + userinfo.token.claim: "true" + user.attribute: "sdc_user" + id.token.claim: "true" + access.token.claim: "true" + claim.name: "sdc_user" + jsonType.label: "String" + portal_bff: + clientId: "portal-bff" + protocol: openid-connect + secret : pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr + protocolMappers: + - name: "Client Host" + protocolMapper: "oidc-usersessionmodel-note-mapper" + config: + user.session.note : "clientHost" + id.token.claim : "true" + access.token.claim : "true" + claim.name : "clientHost" + jsonType.label : "String" + - name: "Client IP Address" + protocolMapper: "oidc-usersessionmodel-note-mapper" + config: + user.session.note : "clientAddress" + id.token.claim : "true" + access.token.claim : "true" + claim.name : "clientAddress" + jsonType.label : "String" + defaultClientScopes: + - "onap_roles" + additionalClientScopes: + - name: onap_roles + description: OpenID Connect scope for add user onap roles to the access token + protocolMappers: + - name: aud + protocol: openid-connect + protocolMapper: oidc-audience-mapper + consentRequired: false + config: + included.client.audience: oauth2-proxy + id.token.claim: 'false' + access.token.claim: 'true' + - name: client roles + protocol: openid-connect + protocolMapper: oidc-usermodel-client-role-mapper + consentRequired: false + config: + multivalued: 'true' + userinfo.token.claim: 'false' + id.token.claim: 'true' + access.token.claim: 'true' + claim.name: onap_roles + jsonType.label: String + usermodel.clientRoleMapping.clientId: oauth2-proxy + accessControl: + assignableRoles: + - name: portal_admin + description: "User role for administration tasks in the portal." + - name: portal_designer + description: "User role for designer tasks in the portal." + - name: portal_operator + description: "User role for operator tasks in the portal." + - name: onap-operator-read + description: "Allows to perform GET operations for all ONAP components" + associatedAccessRoles: [ "dmaap-bc-api-read", "dmaap-dr-node-api-read", "dmaap-dr-prov-api-read", "dmaap-mr-api-read", "msb-consul-api-read", "msb-discovery-api-read", "msb-eag-ui-read", "msb-iag-ui-read", "nbi-api-read", "aai-api-read", "aai-babel-api-read", "aai-sparkybe-api-read", "cds-blueprintsprocessor-api-read", "cds-ui-read", "cps-core-api-read", "cps-ncmp-dmi-plugin-api-read", "cps-temporal-api-read", "reaper-dc1-read", "sdc-be-api-read", "sdc-fe-ui-read", "sdc-wfd-be-api-read", "sdc-wfd-fe-ui-read", "so-admin-cockpit-ui-read", "so-api-read", "usecase-ui-read", "uui-server-read" ] + - name: onap-operator-write + description: "Allows to perform GET, POST, PUT, PATCH operations for all ONAP components" + associatedAccessRoles: [ "dmaap-bc-api-write", "dmaap-dr-node-api-write", "dmaap-dr-prov-api-write", "dmaap-mr-api-write", "msb-consul-api-write", "msb-discovery-api-write", "msb-eag-ui-write", "msb-iag-ui-write", "nbi-api-write", "aai-api-write", "aai-babel-api-write", "aai-sparkybe-api-write", "cds-blueprintsprocessor-api-write", "cds-ui-write", "cps-core-api-write", "cps-ncmp-dmi-plugin-api-write", "cps-temporal-api-write", "reaper-dc1-write", "sdc-be-api-write", "sdc-fe-ui-write", "sdc-wfd-be-api-write", "sdc-wfd-fe-ui-write", "so-admin-cockpit-ui-write", "so-api-write", "usecase-ui-write", "uui-server-write" ] + - name: onap-operator-full + description: "Allows to perform GET, POST, PUT, PATCH, DELETE operations for all ONAP components" + associatedAccessRoles: [ "dmaap-bc-api-full", "dmaap-dr-node-api-full", "dmaap-dr-prov-api-full", "dmaap-mr-api-full", "msb-consul-api-full", "msb-discovery-api-full", "msb-eag-ui-full", "msb-iag-ui-full", "nbi-api-full", "aai-api-full", "aai-babel-api-full", "aai-sparkybe-api-full", "cds-blueprintsprocessor-api-full", "cds-ui-full", "cps-core-api-full", "cps-ncmp-dmi-plugin-api-full", "cps-temporal-api-full", "reaper-dc1-full", "sdc-be-api-full", "sdc-fe-ui-full", "sdc-wfd-be-api-full", "sdc-wfd-fe-ui-full", "so-admin-cockpit-ui-full", "so-api-full", "usecase-ui-full", "uui-server-full" ] + - name: platform-operator-read + description: "Allows to perform GET operations for all ONAP components" + associatedAccessRoles: [ "grafana-read", "kibana-read" ] + - name: platform-operator-write + description: "Allows to perform GET, POST, PUT, PATCH operations for all ONAP components" + associatedAccessRoles: [ "grafana-write", "kibana-write" ] + - name: platform-operator-full + description: "Allows to perform GET, POST, PUT, PATCH, DELETE operations for all ONAP components" + associatedAccessRoles: [ "grafana-full", "kibana-full" ] + - name: platform-all-read + description: "Allows to perform GET operations for all PLATFORM components" + associatedAccessRoles: [ "dmaap-bc-api-read", "dmaap-dr-node-api-read", "dmaap-dr-prov-api-read", "dmaap-mr-api-read", "msb-consul-api-read", "msb-discovery-api-read", "msb-eag-ui-read", "msb-iag-ui-read", "nbi-api-read", "aai-api-read", "aai-babel-api-read", "aai-sparkybe-api-read", "cds-blueprintsprocessor-api-read", "cds-ui-read", "cps-core-api-read", "cps-ncmp-dmi-plugin-api-read", "cps-temporal-api-read", "grafana-read", "kibana-read", "reaper-dc1-read", "sdc-be-api-read", "sdc-fe-ui-read", "sdc-wfd-be-api-read", "sdc-wfd-fe-ui-read", "so-admin-cockpit-ui-read", "so-api-read", "usecase-ui-read", "uui-server-read" ] + - name: platform-all-write + description: "Allows to perform GET, POST, PUT, PATCH operations for all PLATFORM components" + associatedAccessRoles: [ "dmaap-bc-api-write", "dmaap-dr-node-api-write", "dmaap-dr-prov-api-write", "dmaap-mr-api-write", "msb-consul-api-write", "msb-discovery-api-write", "msb-eag-ui-write", "msb-iag-ui-write", "nbi-api-write", "aai-api-write", "aai-babel-api-write", "aai-sparkybe-api-write", "cds-blueprintsprocessor-api-write", "cds-ui-write", "cps-core-api-write", "cps-ncmp-dmi-plugin-api-write", "cps-temporal-api-write", "grafana-write", "kibana-write", "reaper-dc1-write", "sdc-be-api-write", "sdc-fe-ui-write", "sdc-wfd-be-api-write", "sdc-wfd-fe-ui-write", "so-admin-cockpit-ui-write", "so-api-write", "usecase-ui-write", "uui-server-write" ] + - name: platform-all-full + description: "Allows to perform GET, POST, PUT, PATCH, DELETE operations for all PLATFORM components" + associatedAccessRoles: [ "dmaap-bc-api-full", "dmaap-dr-node-api-full", "dmaap-dr-prov-api-full", "dmaap-mr-api-full", "msb-consul-api-full", "msb-discovery-api-full", "msb-eag-ui-full", "msb-iag-ui-full", "nbi-api-full", "aai-api-full", "aai-babel-api-full", "aai-sparkybe-api-full", "cds-blueprintsprocessor-api-full", "cds-ui-full", "cps-core-api-full", "cps-ncmp-dmi-plugin-api-full", "cps-temporal-api-full", "grafana-full", "kibana-full", "reaper-dc1-full", "sdc-be-api-full", "sdc-fe-ui-full", "sdc-wfd-be-api-full", "sdc-wfd-fe-ui-full", "so-admin-cockpit-ui-full", "so-api-full", "usecase-ui-full", "uui-server-full" ] + accessRoles: + "oauth2_proxy": + - name: dmaap-bc-api-read + methodsAllowed: ["GET"] + servicePrefix: dmaap-bc-api + - name: dmaap-bc-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: dmaap-bc-api + - name: dmaap-bc-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: dmaap-bc-api + - name: dmaap-dr-node-api-read + methodsAllowed: ["GET"] + servicePrefix: dmaap-dr-node-api + - name: dmaap-dr-node-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: dmaap-dr-node-api + - name: dmaap-dr-node-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: dmaap-dr-node-api + - name: dmaap-dr-prov-api-read + methodsAllowed: ["GET"] + servicePrefix: dmaap-dr-prov-api + - name: dmaap-dr-prov-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: dmaap-dr-prov-api + - name: dmaap-dr-prov-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: dmaap-dr-prov-api + - name: dmaap-mr-api-read + methodsAllowed: ["GET"] + servicePrefix: dmaap-mr-api + - name: dmaap-mr-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: dmaap-mr-api + - name: dmaap-mr-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: dmaap-mr-api + - name: msb-consul-api-read + methodsAllowed: ["GET"] + servicePrefix: msb-consul-api + - name: msb-consul-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: msb-consul-api + - name: msb-consul-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: msb-consul-api + - name: msb-discovery-api-read + methodsAllowed: ["GET"] + servicePrefix: msb-discovery-api + - name: msb-discovery-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: msb-discovery-api + - name: msb-discovery-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: msb-discovery-api + - name: msb-eag-ui-read + methodsAllowed: ["GET"] + servicePrefix: msb-eag-ui + - name: msb-eag-ui-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: msb-eag-ui + - name: msb-eag-ui-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: msb-eag-ui + - name: msb-iag-ui-read + methodsAllowed: ["GET"] + servicePrefix: msb-iag-ui + - name: msb-iag-ui-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: msb-iag-ui + - name: msb-iag-ui-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: msb-iag-ui + - name: nbi-api-read + methodsAllowed: ["GET"] + servicePrefix: nbi-api + - name: nbi-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: nbi-api + - name: nbi-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: nbi-api + - name: aai-api-read + methodsAllowed: ["GET"] + servicePrefix: aai-api + - name: aai-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: aai-api + - name: aai-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: aai-api + - name: aai-babel-api-read + methodsAllowed: ["GET"] + servicePrefix: aai-babel-api + - name: aai-babel-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: aai-babel-api + - name: aai-babel-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: aai-babel-api + - name: aai-sparkybe-api-read + methodsAllowed: ["GET"] + servicePrefix: aai-sparkybe-api + - name: aai-sparkybe-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: aai-sparkybe-api + - name: aai-sparkybe-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: aai-sparkybe-api + - name: cds-blueprintsprocessor-api-read + methodsAllowed: ["GET"] + servicePrefix: cds-blueprintsprocessor-api + - name: cds-blueprintsprocessor-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: cds-blueprintsprocessor-api + - name: cds-blueprintsprocessor-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: cds-blueprintsprocessor-api + - name: cds-ui-read + methodsAllowed: ["GET"] + servicePrefix: cds-ui + - name: cds-ui-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: cds-ui + - name: cds-ui-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: cds-ui + - name: cps-core-api-read + methodsAllowed: ["GET"] + servicePrefix: cps-core-api + - name: cps-core-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: cps-core-api + - name: cps-core-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: cps-core-api + - name: cps-ncmp-dmi-plugin-api-read + methodsAllowed: ["GET"] + servicePrefix: cps-ncmp-dmi-plugin-api + - name: cps-ncmp-dmi-plugin-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: cps-ncmp-dmi-plugin-api + - name: cps-ncmp-dmi-plugin-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: cps-ncmp-dmi-plugin-api + - name: cps-temporal-api-read + methodsAllowed: ["GET"] + servicePrefix: cps-temporal-api + - name: cps-temporal-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: cps-temporal-api + - name: cps-temporal-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: cps-temporal-api + - name: grafana-read + methodsAllowed: ["GET"] + servicePrefix: grafana + - name: grafana-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: grafana + - name: grafana-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: grafana + - name: kibana-read + methodsAllowed: ["GET"] + servicePrefix: kibana + - name: kibana-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: kibana + - name: kibana-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: kibana + - name: minio-read + methodsAllowed: ["GET"] + servicePrefix: minio-console + - name: minio-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: minio-console + - name: minio-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: minio-console + - name: reaper-dc1-read + methodsAllowed: ["GET"] + servicePrefix: reaper-dc1 + - name: reaper-dc1-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: reaper-dc1 + - name: reaper-dc1-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: reaper-dc1 + - name: sdc-be-api-read + methodsAllowed: ["GET"] + servicePrefix: sdc-be-api + - name: sdc-be-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: sdc-be-api + - name: sdc-be-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: sdc-be-api + - name: sdc-fe-ui-read + methodsAllowed: ["GET"] + servicePrefix: sdc-fe-ui + - name: sdc-fe-ui-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: sdc-fe-ui + - name: sdc-fe-ui-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: sdc-fe-ui + - name: sdc-wfd-be-api-read + methodsAllowed: ["GET"] + servicePrefix: sdc-wfd-be-api + - name: sdc-wfd-be-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: sdc-wfd-be-api + - name: sdc-wfd-be-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: sdc-wfd-be-api + - name: sdc-wfd-fe-ui-read + methodsAllowed: ["GET"] + servicePrefix: sdc-wfd-fe-ui + - name: sdc-wfd-fe-ui-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: sdc-wfd-fe-ui + - name: sdc-wfd-fe-ui-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: sdc-wfd-fe-ui + - name: so-admin-cockpit-ui-read + methodsAllowed: ["GET"] + servicePrefix: so-admin-cockpit-ui + - name: so-admin-cockpit-ui-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: so-admin-cockpit-ui + - name: so-admin-cockpit-ui-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: so-admin-cockpit-ui + - name: so-api-read + methodsAllowed: ["GET"] + servicePrefix: so-api + - name: so-api-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: so-api + - name: so-api-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: so-api + - name: usecase-ui-read + methodsAllowed: ["GET"] + servicePrefix: usecase-ui + - name: usecase-ui-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: usecase-ui + - name: usecase-ui-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: usecase-ui + - name: uui-server-read + methodsAllowed: ["GET"] + servicePrefix: uui-server + - name: uui-server-write + methodsAllowed: ["GET", "POST", "PUT", "PATCH"] + servicePrefix: uui-server + - name: uui-server-full + methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"] + servicePrefix: uui-server diff --git a/kubernetes/cli/Chart.yaml b/kubernetes/cli/Chart.yaml deleted file mode 100644 index 956a923e0d..0000000000 --- a/kubernetes/cli/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Command Line Interface -name: cli -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/cli/resources/configuration/lighttpd.conf b/kubernetes/cli/resources/configuration/lighttpd.conf deleted file mode 100644 index f1735a1e5d..0000000000 --- a/kubernetes/cli/resources/configuration/lighttpd.conf +++ /dev/null @@ -1,44 +0,0 @@ -{{/* -# Copyright 2018 Huawei Technologies Co., Ltd. -# Copyright 2021 Huawei Technologies Co., Ltd. -# Modifications Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -server.document-root = "/var/www-data/servers/open-cli/" -server.username = "www-data" -server.groupname = "www-data" -server.port = {{ .Values.containerPort }} - -mimetype.assign = ( - ".html" => "text/html", - ".txt" => "text/plain", - ".jpg" => "image/jpeg", - ".png" => "image/png" -) - -index-file.names = ( "index.html" ) -dir-listing.activate = "disable" - - -server.modules = ( - "mod_access", - "mod_proxy", - "mod_alias", - "mod_compress", - "mod_redirect" -) - -server.errorlog = "/var/log/lighttpd/error.log" -server.pid-file = "/var/run/lighttpd.pid" diff --git a/kubernetes/cli/templates/configmap.yaml b/kubernetes/cli/templates/configmap.yaml deleted file mode 100644 index a4c636f0e4..0000000000 --- a/kubernetes/cli/templates/configmap.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -# Copyright © 2021 Orange -# Modifications Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }} diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml deleted file mode 100644 index 9f8d71c332..0000000000 --- a/kubernetes/cli/templates/deployment.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 12 }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - httpGet: - port: {{ .Values.liveness.port }} - path: {{ .Values.liveness.path }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - httpGet: - port: {{ .Values.readiness.port }} - path: {{ .Values.readiness.path }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - name: lighttpd - mountPath: /etc/lighttpd/lighttpd.conf - subPath: lighttpd.conf - readOnly: true - env: - - name: OPEN_CLI_MODE - value: "{{ .Values.config.climode }}" - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: lighttpd - configMap: - name: {{ include "common.fullname" . }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/cli/templates/ingress.yaml b/kubernetes/cli/templates/ingress.yaml deleted file mode 100644 index 0deb6ce481..0000000000 --- a/kubernetes/cli/templates/ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{/* -# Modifications Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{ include "common.ingress" . }} diff --git a/kubernetes/cli/templates/service.yaml b/kubernetes/cli/templates/service.yaml deleted file mode 100644 index b33db211f9..0000000000 --- a/kubernetes/cli/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml deleted file mode 100644 index 8ad2240ee4..0000000000 --- a/kubernetes/cli/values.yaml +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/cli:6.0.1 -pullPolicy: IfNotPresent - -# flag to enable debugging - application support required -debugEnabled: false - -nodeSelector: {} -affinity: {} - -# Resource Limit flavor -By Default using small -flavor: small -# default number of instances -replicaCount: 1 - -# application configuration -config: - climode: daemon - -containerPort: &svc_port 8080 -service: - type: ClusterIP - name: cli - ports: - - name: http - port: *svc_port - targetPort: *svc_port - -ingress: - enabled: true - service: - - baseaddr: "cli-api" - path: "/" - name: "cps" - port: *svc_port - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: *svc_port - path: / - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - port: *svc_port - path: / - - -# Configure resource requests and limits -# ref: http://kubernetes.io/docs/user-guide/compute-resources/ -resources: - small: - limits: - cpu: "1" - memory: "2Gi" - requests: - cpu: "10m" - memory: "500Mi" - large: - limits: - cpu: "4" - memory: "8Gi" - requests: - cpu: "2" - memory: "4Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: cli - roles: - - read diff --git a/kubernetes/modeling/.helmignore b/kubernetes/common/cassandra/.helmignore index 7ddbad7ef4..0bab41b6b1 100644 --- a/kubernetes/modeling/.helmignore +++ b/kubernetes/common/cassandra/.helmignore @@ -19,4 +19,14 @@ .project .idea/ *.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs components/ diff --git a/kubernetes/common/cassandra/Chart.yaml b/kubernetes/common/cassandra/Chart.yaml index ee3f4e5355..544ebb247d 100644 --- a/kubernetes/common/cassandra/Chart.yaml +++ b/kubernetes/common/cassandra/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP cassandra name: cassandra -version: 13.1.0 +version: 13.1.1 dependencies: - name: common @@ -30,4 +30,4 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: 'file://../serviceAccount' - condition: global.cassandra.enableServiceAccount
\ No newline at end of file + condition: global.cassandra.enableServiceAccount diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh index f9f62739f2..50051b4b44 100644 --- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh +++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh @@ -93,4 +93,3 @@ if [ "$1" = 'cassandra' ]; then fi exec "$@" - diff --git a/kubernetes/common/cassandra/resources/exec.py b/kubernetes/common/cassandra/resources/exec.py index a7f297399e..ec2f0b4fc6 100644 --- a/kubernetes/common/cassandra/resources/exec.py +++ b/kubernetes/common/cassandra/resources/exec.py @@ -118,5 +118,3 @@ def main(argv): if __name__ == "__main__": main(sys.argv[1:]) - - diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index 6db1202b4f..263ac28512 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -250,4 +250,4 @@ spec: persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-backup-data {{- end -}} -{{- end -}}
\ No newline at end of file +{{- end -}} diff --git a/kubernetes/common/cassandra/templates/cassOp.yaml b/kubernetes/common/cassandra/templates/cassOp.yaml index 9f463adf08..6b7052d10e 100644 --- a/kubernetes/common/cassandra/templates/cassOp.yaml +++ b/kubernetes/common/cassandra/templates/cassOp.yaml @@ -16,4 +16,4 @@ {{- if .Values.global.cassandra.useOperator }} {{ include "common.k8ssandraCluster" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/cassandra/templates/configmap.yaml b/kubernetes/common/cassandra/templates/configmap.yaml index 5510986e54..117100a441 100644 --- a/kubernetes/common/cassandra/templates/configmap.yaml +++ b/kubernetes/common/cassandra/templates/configmap.yaml @@ -26,4 +26,4 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/docker-entrypoint.sh").AsConfig . | indent 2 }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml index d18e51d2f4..00e61d3bb5 100644 --- a/kubernetes/common/cassandra/templates/pv.yaml +++ b/kubernetes/common/cassandra/templates/pv.yaml @@ -15,4 +15,4 @@ */}} {{- if not .Values.global.cassandra.useOperator }} {{ include "common.replicaPV" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/cassandra/templates/secrets.yaml b/kubernetes/common/cassandra/templates/secrets.yaml index 5a611a9bef..181e5f98a7 100644 --- a/kubernetes/common/cassandra/templates/secrets.yaml +++ b/kubernetes/common/cassandra/templates/secrets.yaml @@ -18,4 +18,4 @@ {{- if .Values.global.cassandra.useOperator }} {{ include "common.secretFast" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml index 8b2e534a5f..6b6f585d2f 100644 --- a/kubernetes/common/cassandra/templates/service.yaml +++ b/kubernetes/common/cassandra/templates/service.yaml @@ -16,4 +16,4 @@ {{- if not .Values.global.cassandra.useOperator }} {{ include "common.headlessService" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/cassandra/templates/servicemonitor.yaml b/kubernetes/common/cassandra/templates/servicemonitor.yaml index 078107393a..57f4d3f412 100644 --- a/kubernetes/common/cassandra/templates/servicemonitor.yaml +++ b/kubernetes/common/cassandra/templates/servicemonitor.yaml @@ -18,4 +18,4 @@ {{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index ddaff5c7c0..d76dde3454 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -199,4 +199,4 @@ spec: requests: storage: {{ .Values.persistence.size | quote }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 0ab1f0961c..842c268c8a 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -40,16 +40,30 @@ k8ssandraOperator: superuserPassword: &superuserpassword cassandra casOptions: authorizer: AllowAllAuthorizer - read_request_timeout: 10000ms - write_request_timeout: 10000ms + read_request_timeout: 15000ms + write_request_timeout: 15000ms counter_write_request_timeout: 15000ms + request_timeout: 15000ms + auto_snapshot: false + commitlog_segment_size: 128MiB + commitlog_sync_period: 15000ms + concurrent_reads: 16 + concurrent_writes: 16 + counter_cache_size: 16MiB jvmOptions: heap_initial_size: 512M - heap_max_size: 8192M + heap_max_size: 4096M hostNetwork: false datacenters: - name: dc1 size: 3 + resources: + requests: + cpu: 2 + memory: 8Gi + limits: + cpu: 8 + memory: 8Gi reaper: enabled: true stargate: diff --git a/kubernetes/msb/.helmignore b/kubernetes/common/common/.helmignore index 7ddbad7ef4..f066c4b723 100644 --- a/kubernetes/msb/.helmignore +++ b/kubernetes/common/common/.helmignore @@ -19,4 +19,14 @@ .project .idea/ *.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.local/ +.config/ +# OOM specific dirs components/ diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml index ffcda6736a..6fa292639e 100644 --- a/kubernetes/common/common/Chart.yaml +++ b/kubernetes/common/common/Chart.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2021 Orange +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,8 +13,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v2 description: Common templates for inclusion in other charts name: common -version: 13.2.0 +version: 13.2.6 diff --git a/kubernetes/common/common/templates/_affinities.tpl b/kubernetes/common/common/templates/_affinities.tpl index bf7ae497ca..69d0e78680 100644 --- a/kubernetes/common/common/templates/_affinities.tpl +++ b/kubernetes/common/common/templates/_affinities.tpl @@ -106,4 +106,4 @@ Return a podAffinity/podAntiAffinity definition {{- else if eq .type "hard" }} {{- include "common.affinities.pods.hard" . -}} {{- end -}} -{{- end -}}
\ No newline at end of file +{{- end -}} diff --git a/kubernetes/common/common/templates/_cassOp.tpl b/kubernetes/common/common/templates/_cassOp.tpl index b0cf8e331e..c707312b80 100644 --- a/kubernetes/common/common/templates/_cassOp.tpl +++ b/kubernetes/common/common/templates/_cassOp.tpl @@ -1,5 +1,5 @@ {{/* -# Copyright © 2022 Deutsche Telekom AG +# Copyright © 2022-2024 Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,6 +45,29 @@ spec: endpoint: address: 0.0.0.0 {{- end }} + podSecurityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + initContainerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW {{- end }} {{ if .Values.k8ssandraOperator.stargate.enabled -}} stargate: @@ -110,14 +133,61 @@ spec: - metadata: name: {{ $datacenter.name }} size: {{ $datacenter.size }} + {{ if $datacenter.resources -}} + resources: + {{ toYaml $datacenter.resources | nindent 10 }} + {{- end }} {{- end }} - {{ if .Values.podAnnotations -}} + initContainers: + - name: server-config-init-base + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + - name: server-config-init + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + containers: + - name: cassandra + securityContext: + allowPrivilegeEscalation: false + #readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + - name: server-system-logger + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + podSecurityContext: + fsGroup: 999 + runAsGroup: 999 + runAsUser: 999 + runAsNonRoot: true metadata: + {{ if .Values.podAnnotations -}} pods: annotations: {{ toYaml .Values.podAnnotations | nindent 10 }} + {{- end }} commonLabels: app: {{ .Values.k8ssandraOperator.config.clusterName }} version: {{ .Values.k8ssandraOperator.cassandraVersion }} - {{- end }} {{ end }} diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl index e7b90ea8ff..f162e9a2f9 100644 --- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl +++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl @@ -115,4 +115,4 @@ {{- include "common.dmaap.provisioning._volumeMounts" $dot | trim | nindent 2 }} resources: {{ include "common.resources" $dot | nindent 4 }} {{- end -}} -{{- end -}}
\ No newline at end of file +{{- end -}} diff --git a/kubernetes/common/common/templates/_log.tpl b/kubernetes/common/common/templates/_log.tpl index 993c48239a..dc900dd4e4 100644 --- a/kubernetes/common/common/templates/_log.tpl +++ b/kubernetes/common/common/templates/_log.tpl @@ -59,4 +59,3 @@ data: {{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} {{- end }} {{- end -}} - diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl index 3092298a7d..0e46e5ef26 100644 --- a/kubernetes/common/common/templates/_mariadb.tpl +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -257,6 +257,29 @@ spec: runAsUser: 10001 runAsGroup: 10001 fsGroup: 10001 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + securityContext: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + volumes: + - name: run + emptyDir: + sizeLimit: 64Mi + - name: tmp + emptyDir: + sizeLimit: 64Mi + volumeMounts: + - name: run + mountPath: /run/mysqld + - name: tmp + mountPath: /tmp inheritMetadata: {{ if .Values.podAnnotations -}} annotations: {{ toYaml .Values.podAnnotations | nindent 6 }} @@ -288,6 +311,17 @@ spec: enabled: true authDelegatorRoleName: {{ $dbinst }}-auth gracefulShutdownTimeout: 5s + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + privileged: false + runAsNonRoot: true + runAsUser: 10001 + seccompProfile: + type: RuntimeDefault primary: automaticFailover: true podIndex: 0 @@ -301,6 +335,17 @@ spec: initContainer: image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ $dot.Values.mariadbOperator.galera.initImage }}:{{ $dot.Values.mariadbOperator.galera.initVersion }} imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + privileged: false + runAsNonRoot: true + runAsUser: 10001 + seccompProfile: + type: RuntimeDefault config: reuseStorageVolume: false volumeClaimTemplate: @@ -334,6 +379,31 @@ spec: {{- if default false $dot.Values.global.metrics.enabled }} metrics: enabled: true + exporter: + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/prom/mysqld-exporter:v0.15.1 + port: 9104 + podSecurityContext: + fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + securityContext: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi {{- end }} affinity: podAntiAffinity: diff --git a/kubernetes/common/common/templates/_mongodb.tpl b/kubernetes/common/common/templates/_mongodb.tpl new file mode 100644 index 0000000000..80d8d72194 --- /dev/null +++ b/kubernetes/common/common/templates/_mongodb.tpl @@ -0,0 +1,165 @@ +{{/* +# Copyright © 2019 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{/* + UID of mongodb root password +*/}} +{{- define "common.mongodb.secret.rootPassUID" -}} + {{- printf "db-root-password" }} +{{- end -}} + +{{/* + Name of mongodb secret +*/}} +{{- define "common.mongodb.secret._secretName" -}} + {{- $global := .dot }} + {{- $chartName := tpl .chartName $global -}} + {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }} +{{- end -}} + +{{/* + Name of mongodb root password secret +*/}} +{{- define "common.mongodb.secret.rootPassSecretName" -}} + {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.rootPassUID") }} +{{- end -}} + +{{/* + UID of mongodb user credentials +*/}} +{{- define "common.mongodb.secret.userCredentialsUID" -}} + {{- printf "db-user-credentials" }} +{{- end -}} + +{{/* + Name of mongodb user credentials secret +*/}} +{{- define "common.mongodb.secret.userCredentialsSecretName" -}} + {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.userCredentialsUID") }} +{{- end -}} + +{{/* + UID of mongodb primary password +*/}} +{{- define "common.mongodb.secret.primaryPasswordUID" -}} + {{- printf "primary-password" }} +{{- end -}} + +{{/* + Name of mongodb user credentials secret +*/}} +{{- define "common.mongodb.secret.primaryPasswordSecretName" -}} + {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.primaryPasswordUID") }} +{{- end -}} + +{{/* + Choose the name of the mongodb app label to use. +*/}} +{{- define "common.mongodbAppName" -}} + {{- if .Values.global.mongodb.localCluster -}} + {{- index .Values "mongodb" "nameOverride" -}} + {{- else -}} + {{- .Values.global.mongodb.nameOverride -}} + {{- end -}} +{{- end -}} + +#Not edited yet +{{/* + Create mongodb cluster via mongodb percona-operator +*/}} +{{- define "common.mongodbOpInstance" -}} +{{- $dot := default . .dot -}} +{{- $global := $dot.Values.global -}} +{{- $dbinst := include "common.name" $dot -}} +--- + +apiVersion: psmdb.percona.com/v1 +kind: PerconaServerMongoDB +metadata: + name: {{ $dbinst }} + labels: + app: {{ $dbinst }} + version: "5.5" +spec: + metadata: + labels: + app: {{ $dbinst }} + version: "5.5" + {{- if .Values.mongodbOperator.imageMongo }} + image: {{ .Values.mongodbOperator.imageMongo | quote }} + {{- end }} + imagePullSecrets: + - name: {{ include "common.namespace" . }}-docker-registry-key + mongodbVersion: {{ $dot.Values.mongodbOperator.mongodbVersion }} + instances: + - name: {{ default "instance1" .Values.mongodbOperator.instanceName | quote }} + replicas: {{ default 2 .Values.mongodbOperator.instanceReplicas }} + dataVolumeClaimSpec: + {{- if .Values.instanceStorageClassName }} + storageClassName: {{ .Values.mongodbOperator.instanceStorageClassName | quote }} + {{- end }} + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: {{ default "1Gi" .Values.mongodbOperator.instanceSize | quote }} + {{- if or .Values.instanceMemory .Values.mongodbOperator.instanceCPU }} + resources: + limits: + cpu: {{ default "" .Values.mongodbOperator.instanceCPU | quote }} + memory: {{ default "" .Values.mongodbOperator.instanceMemory | quote }} + {{- end }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + mongodb-operator.crunchydata.com/cluster: {{ $dbinst }} + mongodb-operator.crunchydata.com/instance-set: {{ default "instance1" .Values.mongodbOperator.instanceName | quote }} + proxy: + pgBouncer: + metadata: + labels: + app: {{ $dbinst }} + version: "5.5" + {{- if .Values.mongodbOperator.imagePgBouncer }} + image: {{ .Values.mongodbOperator.imagePgBouncer | quote }} + {{- end }} + replicas: {{ default 2 .Values.mongodbOperator.bouncerReplicas }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + mongodb-operator.crunchydata.com/cluster: {{ $dbinst }} + mongodb-operator.crunchydata.com/role: pgbouncer + {{- if .Values.mongodbOperator.monitoring }} + monitoring: + pgmonitor: + exporter: + image: {{ default "" .Values.mongodbOperator.imageExporter | quote }} + {{- if .Values.mongodbOperator.monitoringConfig }} +{{ toYaml .Values.monitoringConfig | indent 8 }} + {{- end }} + {{- end }} + users: + - name: mongodb +{{- end -}} diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl index 810350bfa6..743e3db1df 100644 --- a/kubernetes/common/common/templates/_pod.tpl +++ b/kubernetes/common/common/templates/_pod.tpl @@ -53,20 +53,60 @@ {{/* Generate securityContext for pod + required variables: user_id, group_id + optional variables: fsgroup_id, runAsNonRoot, seccompProfileType + Example in values.yaml + securityContext: + user_id: 70 + group_id: 70 + # fsgroup_id: 70 + # runAsNonRoot: true + # seccompProfileType: "RuntimeDefault" */}} {{- define "common.podSecurityContext" -}} securityContext: runAsUser: {{ .Values.securityContext.user_id }} runAsGroup: {{ .Values.securityContext.group_id }} - fsGroup: {{ .Values.securityContext.group_id }} + fsGroup: {{ default .Values.securityContext.group_id .Values.securityContext.fsgroup_id }} + runAsNonRoot: {{ hasKey .Values.securityContext "runAsNonRoot" | ternary .Values.securityContext.runAsNonRoot true }} + seccompProfile: + type: {{ default "RuntimeDefault" .Values.securityContext.seccompProfileType }} {{- end }} {{/* - Generate securityContext for container + Generate securityContext for container (optional) + predefined variables: capabilities.drop + optional variables: readOnlyRootFilesystem, privileged, allowPrivilegeEscalation + Example in values.yaml + containerSecurityContext: + capabilities: + privileged: false + runAsUser: 1337 + runAsGroup: 1337 + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false */}} {{- define "common.containerSecurityContext" -}} securityContext: +{{- if not .Values.containerSecurityContext }} readOnlyRootFilesystem: true privileged: false allowPrivilegeEscalation: false +{{- else }} + readOnlyRootFilesystem: {{ hasKey .Values.containerSecurityContext "readOnlyRootFilesystem" | ternary .Values.containerSecurityContext.readOnlyRootFilesystem false }} + privileged: {{ hasKey .Values.containerSecurityContext "privileged" | ternary .Values.containerSecurityContext.privileged false }} + allowPrivilegeEscalation: {{ hasKey .Values.containerSecurityContext "allowPrivilegeEscalation" | ternary .Values.containerSecurityContext.allowPrivilegeEscalation false }} + runAsNonRoot: {{ hasKey .Values.containerSecurityContext "runAsNonRoot" | ternary .Values.containerSecurityContext.runAsNonRoot true }} +{{- if .Values.containerSecurityContext.runAsUser }} + runAsUser: {{ .Values.containerSecurityContext.runAsUser }} +{{- end }} +{{- if .Values.containerSecurityContext.runAsGroup }} + runAsGroup: {{ .Values.containerSecurityContext.runAsGroup }} +{{ end }} +{{- end }} + capabilities: + drop: + - ALL + - CAP_NET_RAW {{- end }} diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl index de779f8db8..638db8cab1 100644 --- a/kubernetes/common/common/templates/_serviceMesh.tpl +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -27,14 +27,27 @@ true {{- end -}} {{/* + Calculate if we require a sidecar killer. +*/}} +{{- define "common.requireSidecarKiller" -}} +{{- if (include "common.onServiceMesh" .) }} +{{- if eq .Values.global.serviceMesh.engine "istio" }} +{{- if not (default false .Values.global.serviceMesh.nativeSidecars) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Kills the sidecar proxy associated with a pod. */}} {{- define "common.serviceMesh.killSidecar" -}} -{{- if (include "common.onServiceMesh" .) }} +{{- if (include "common.requireSidecarKiller" .) }} RCODE="$?"; echo "*** script finished with exit code $RCODE" ; echo "*** killing service mesh sidecar" ; -curl -sf -X POST http://127.0.0.1:15020/quitquitquit ; +wget --quiet --post-data '' --output-document=- http://127.0.0.1:15020/quitquitquit || exit $? ; echo "" ; echo "*** exiting with script exit code" ; exit "$RCODE" @@ -47,7 +60,7 @@ exit "$RCODE" {{- define "common.waitForJobContainer" -}} {{- $dot := default . .dot -}} {{- $wait_for_job_container := default $dot.Values.wait_for_job_container .wait_for_job_container -}} -{{- if (include "common.onServiceMesh" .) }} +{{- if (include "common.requireSidecarKiller" .) }} - name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $wait_for_job_container.name) (empty $wait_for_job_container.name) }}-service-mesh-wait-for-job-container image: {{ include "repositoryGenerator.image.quitQuit" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} @@ -65,6 +78,23 @@ exit "$RCODE" fieldRef: apiVersion: v1 fieldPath: metadata.namespace + securityContext: + capabilities: + drop: + - ALL + - CAP_NET_RAW + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsUser: 100 + runAsGroup: 65533 + resources: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi {{- end }} {{- end }} diff --git a/kubernetes/common/elasticsearch/.helmignore b/kubernetes/common/elasticsearch/.helmignore index 68ffb32406..0bab41b6b1 100644 --- a/kubernetes/common/elasticsearch/.helmignore +++ b/kubernetes/common/elasticsearch/.helmignore @@ -1 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs components/ diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml index 82c8ccd056..48de2c0502 100644 --- a/kubernetes/common/elasticsearch/Chart.yaml +++ b/kubernetes/common/elasticsearch/Chart.yaml @@ -23,7 +23,10 @@ version: 13.0.0 dependencies: - name: common version: ~13.x-0 - repository: 'file://../common' + repository: '@local' + - name: repositoryGenerator + version: ~13.x-0 + repository: '@local' - name: master version: ~13.x-0 repository: 'file://components/master' @@ -35,6 +38,3 @@ dependencies: version: ~13.x-0 repository: 'file://components/curator' condition: elasticsearch.curator.enabled,curator.enabled - - name: repositoryGenerator - version: ~13.x-0 - repository: 'file://../repositoryGenerator' diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml index 39780f2e83..baceb1dadc 100644 --- a/kubernetes/common/elasticsearch/components/curator/Chart.yaml +++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml @@ -23,7 +23,7 @@ version: 13.0.0 dependencies: - name: common version: ~13.x-0 - repository: 'file://../../../common' + repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../../../repositoryGenerator'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml index 00f113b5bb..d02d017108 100644 --- a/kubernetes/common/elasticsearch/components/curator/values.yaml +++ b/kubernetes/common/elasticsearch/components/curator/values.yaml @@ -175,4 +175,3 @@ extraInitContainers: {} # "storage_class": "${S3_STORAGE_CLASS}" # } # } - diff --git a/kubernetes/common/elasticsearch/components/data/Chart.yaml b/kubernetes/common/elasticsearch/components/data/Chart.yaml index d49a21085b..30c925aba7 100644 --- a/kubernetes/common/elasticsearch/components/data/Chart.yaml +++ b/kubernetes/common/elasticsearch/components/data/Chart.yaml @@ -23,7 +23,7 @@ version: 13.0.0 dependencies: - name: common version: ~13.x-0 - repository: 'file://../../../common' + repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../../../repositoryGenerator' + repository: '@local' diff --git a/kubernetes/common/elasticsearch/components/master/Chart.yaml b/kubernetes/common/elasticsearch/components/master/Chart.yaml index 73d59075e3..e481c7cd4b 100644 --- a/kubernetes/common/elasticsearch/components/master/Chart.yaml +++ b/kubernetes/common/elasticsearch/components/master/Chart.yaml @@ -22,7 +22,7 @@ version: 13.0.0 dependencies: - name: common version: ~13.x-0 - repository: 'file://../../../common' + repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../../../repositoryGenerator' + repository: '@local' diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl index 1de2599af9..34663e14f1 100644 --- a/kubernetes/common/elasticsearch/templates/_helpers.tpl +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -69,5 +69,3 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} - - diff --git a/kubernetes/common/etcd/.helmignore b/kubernetes/common/etcd/.helmignore index f0c1319444..0bab41b6b1 100644 --- a/kubernetes/common/etcd/.helmignore +++ b/kubernetes/common/etcd/.helmignore @@ -19,3 +19,14 @@ .project .idea/ *.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/etcd/Chart.yaml b/kubernetes/common/etcd/Chart.yaml index 02fc2c0603..465364b3da 100644 --- a/kubernetes/common/etcd/Chart.yaml +++ b/kubernetes/common/etcd/Chart.yaml @@ -28,7 +28,7 @@ sources: dependencies: - name: common version: ~13.x-0 - repository: 'file://../common' + repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../repositoryGenerator' + repository: '@local' diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml index 006378f631..72dea06832 100644 --- a/kubernetes/common/etcd/templates/service.yaml +++ b/kubernetes/common/etcd/templates/service.yaml @@ -35,4 +35,3 @@ spec: selector: app.kubernetes.io/name: {{ include "common.name" . }} app.kubernetes.io/instance: {{ include "common.release" . }} - diff --git a/kubernetes/vfc/.helmignore b/kubernetes/common/logConfiguration/.helmignore index 7ddbad7ef4..0bab41b6b1 100644 --- a/kubernetes/vfc/.helmignore +++ b/kubernetes/common/logConfiguration/.helmignore @@ -19,4 +19,14 @@ .project .idea/ *.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs components/ diff --git a/kubernetes/common/logConfiguration/Chart.yaml b/kubernetes/common/logConfiguration/Chart.yaml index a5790a4d62..7908bfa405 100644 --- a/kubernetes/common/logConfiguration/Chart.yaml +++ b/kubernetes/common/logConfiguration/Chart.yaml @@ -22,4 +22,4 @@ version: 13.0.0 dependencies: - name: common version: ~13.x-0 - repository: 'file://../common' + repository: '@local' diff --git a/kubernetes/common/mariadb-galera/.helmignore b/kubernetes/common/mariadb-galera/.helmignore index f0c1319444..0bab41b6b1 100644 --- a/kubernetes/common/mariadb-galera/.helmignore +++ b/kubernetes/common/mariadb-galera/.helmignore @@ -19,3 +19,14 @@ .project .idea/ *.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/mariadb-galera/Chart.yaml b/kubernetes/common/mariadb-galera/Chart.yaml index c5bb0aaf94..41d11a646e 100644 --- a/kubernetes/common/mariadb-galera/Chart.yaml +++ b/kubernetes/common/mariadb-galera/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: Chart for MariaDB Galera cluster name: mariadb-galera -version: 13.2.0 +version: 13.2.2 keywords: - mariadb - mysql @@ -30,14 +30,14 @@ keywords: dependencies: - name: common version: ~13.x-0 - repository: 'file://../common' + repository: '@local' - name: readinessCheck version: ~13.x-0 - repository: 'file://../readinessCheck' + repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../repositoryGenerator' + repository: '@local' - name: serviceAccount version: ~13.x-0 - repository: 'file://../serviceAccount' + repository: '@local' condition: global.mariadbGalera.enableServiceAccount
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml index 4c2bfcd389..05aafb5cc9 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml @@ -47,4 +47,4 @@ spec: {{- end -}} {{- end -}} {{- end -}} -{{- end -}}
\ No newline at end of file +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index 0aa0a63f0a..152d39f4a5 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -39,4 +39,4 @@ data: my.cnf: | {{ .Values.mariadbConfiguration | indent 4 }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/mariadb.yaml b/kubernetes/common/mariadb-galera/templates/mariadb.yaml index ce09c9ff06..d8ada6fbbb 100644 --- a/kubernetes/common/mariadb-galera/templates/mariadb.yaml +++ b/kubernetes/common/mariadb-galera/templates/mariadb.yaml @@ -16,4 +16,4 @@ {{- if .Values.global.mariadbGalera.useOperator }} {{ include "common.mariadbOpInstance" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml index d37aeb1751..e628deea15 100644 --- a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml +++ b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml @@ -34,4 +34,4 @@ spec: targetPort: tcp-metrics selector: {{- include "common.matchLabels" . | nindent 4 }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/pdb.yaml b/kubernetes/common/mariadb-galera/templates/pdb.yaml index 734f03f237..da83abc993 100644 --- a/kubernetes/common/mariadb-galera/templates/pdb.yaml +++ b/kubernetes/common/mariadb-galera/templates/pdb.yaml @@ -29,4 +29,4 @@ spec: selector: matchLabels: {{- include "common.matchLabels" . | nindent 6 }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml b/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml index cf0ab566a4..ee9124f23b 100644 --- a/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml +++ b/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml @@ -28,4 +28,3 @@ spec: rules: {{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }} {{- end }} - diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml index 129b5b26c7..267755259d 100644 --- a/kubernetes/common/mariadb-galera/templates/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/pv.yaml @@ -17,4 +17,4 @@ {{- if not .Values.global.mariadbGalera.useOperator }} {{ include "common.replicaPV" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml index 527f41266d..77a8e38e80 100644 --- a/kubernetes/common/mariadb-galera/templates/secrets.yaml +++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml @@ -16,4 +16,4 @@ # limitations under the License. */}} -{{ include "common.secretFast" . }}
\ No newline at end of file +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml index 4cbf7b394f..1bffb246f4 100644 --- a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml +++ b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml @@ -18,4 +18,4 @@ {{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 70cc0c34bd..66ce8abc6e 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -55,7 +55,20 @@ spec: image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + add: + - CHOWN + - SYS_CHROOT + runAsGroup: {{ .Values.securityContext.group_id }} + readOnlyRootFilesystem: false runAsUser: 0 + runAsNonRoot: false + seccompProfile: + type: RuntimeDefault volumeMounts: - name: previous-boot mountPath: /bootstrap @@ -169,6 +182,7 @@ spec: successThreshold: {{ .Values.startupProbe.successThreshold }} failureThreshold: {{ .Values.startupProbe.failureThreshold }} {{- end }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} resources: {{ include "common.resources" . | nindent 12 }} volumeMounts: - name: previous-boot @@ -218,7 +232,7 @@ spec: timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{ include "common.containerSecurityContext" . | indent 10 | trim }} + securityContext: {{- toYaml .Values.metrics.securityContext | nindent 12 }} resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- include "common.imagePullSecrets" . | nindent 6 }} @@ -266,4 +280,4 @@ spec: volumeClaimTemplates: - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 3d9725cb43..faab7af1b3 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -63,9 +63,9 @@ mariadbOperator: galera: enabled: true agentImage: mariadb-operator/mariadb-operator - agentVersion: v0.0.27 + agentVersion: v0.0.28 initImage: mariadb-operator/mariadb-operator - initVersion: v0.0.27 + initVersion: v0.0.28 ## String to partially override common.names.fullname template (will maintain the release name) ## @@ -217,10 +217,13 @@ serviceAccount: ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: - enabled: true user_id: 10001 group_id: 10001 +# Old Bitnami Chart does not work without Filesystem access +containerSecurityContext: + readOnlyFileSystem: false + ## Database credentials for root (admin) user ## rootUser: @@ -659,6 +662,19 @@ metrics: ## - --collect.binlog_size ## extraFlags: [] + securityContext: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + runAsGroup: 10001 + runAsNonRoot: true + runAsUser: 10001 + seccompProfile: + type: RuntimeDefault ## MySQL Prometheus exporter containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## diff --git a/kubernetes/common/mariadb-init/.helmignore b/kubernetes/common/mariadb-init/.helmignore index dadf202953..f4d0b92f20 100644 --- a/kubernetes/common/mariadb-init/.helmignore +++ b/kubernetes/common/mariadb-init/.helmignore @@ -21,3 +21,14 @@ *.tmproj tests +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/mariadb-init/Chart.yaml b/kubernetes/common/mariadb-init/Chart.yaml index fa89a669d2..d1844916e0 100644 --- a/kubernetes/common/mariadb-init/Chart.yaml +++ b/kubernetes/common/mariadb-init/Chart.yaml @@ -1,6 +1,7 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,19 +14,19 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- apiVersion: v2 description: Chart for MariaDB Galera init job name: mariadb-init -version: 13.0.0 +version: 13.0.2 dependencies: - name: common version: ~13.x-0 - repository: 'file://../common' + repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../repositoryGenerator' + repository: '@local' - name: serviceAccount version: ~13.x-0 repository: '@local' diff --git a/kubernetes/common/mariadb-init/templates/_configmap.tpl b/kubernetes/common/mariadb-init/templates/_configmap.tpl index ea612a078d..8d111b5170 100644 --- a/kubernetes/common/mariadb-init/templates/_configmap.tpl +++ b/kubernetes/common/mariadb-init/templates/_configmap.tpl @@ -1,4 +1,4 @@ -{{/* +{{- /* # Copyright © 2019 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,7 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} +*/ -}} {{/* Choose the name of the configmap to use. diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl index 5563fe714d..fda93b52ef 100644 --- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl +++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl @@ -1,4 +1,4 @@ -{{/* +{{- /* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -13,7 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} +*/ -}} {{/* Choose the name of the mariadb secret to use. diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml index 6708efdb60..6df329e8a5 100644 --- a/kubernetes/common/mariadb-init/templates/configmap.yaml +++ b/kubernetes/common/mariadb-init/templates/configmap.yaml @@ -1,4 +1,3 @@ -{{/* # Copyright © 2019 Orange # Modifications Copyright © 2018 AT&T # @@ -13,8 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} - +--- apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 4bb142d001..d620bd2edc 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -1,4 +1,3 @@ -{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -13,8 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} - +--- {{ include "mariadbInit._updateSecrets" . -}} apiVersion: batch/v1 @@ -42,11 +40,13 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} command: - /bin/sh - -c diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml index a9d9e0b704..b2876bcb82 100644 --- a/kubernetes/common/mariadb-init/templates/secret.yaml +++ b/kubernetes/common/mariadb-init/templates/secret.yaml @@ -1,4 +1,3 @@ -{{/* # Copyright © 2017 Amdocs, Bell Canada, Orange # Copyright © 2020 Samsung Electronics # @@ -13,8 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} - +--- {{ include "mariadbInit._updateSecrets" . -}} {{ include "common.secretFast" . }} diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml index cff8f947f8..33cd1c2dc3 100644 --- a/kubernetes/common/mariadb-init/tests/job_test.yaml +++ b/kubernetes/common/mariadb-init/tests/job_test.yaml @@ -98,11 +98,11 @@ tests: - it: "should render with default value (volumes)" asserts: - contains: - path: spec.template.spec.volumes - content: - name: mariadb-conf - configMap: - name: RELEASE-NAME-mariadb-init + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-mariadb-init - it: "should render with nameOverride set" set: @@ -136,11 +136,11 @@ tests: name: RELEASE-NAME-myJob-secret key: db-user-password - contains: - path: spec.template.spec.volumes - content: - name: mariadb-conf - configMap: - name: RELEASE-NAME-myJob + path: spec.template.spec.volumes + content: + name: mariadb-conf + configMap: + name: RELEASE-NAME-myJob - it: "should render with configmap set" set: @@ -158,8 +158,8 @@ tests: set: global: mariadbGalera: - nameOverride: myMaria - servicePort: 545 + nameOverride: myMaria + servicePort: 545 asserts: - contains: path: spec.template.spec.initContainers[0].args @@ -187,10 +187,10 @@ tests: set: global: mariadbGalera: - nameOverride: myMaria - servicePort: 545 - userRootSecret: galera-secret - userRootSecretKey: root-password + nameOverride: myMaria + servicePort: 545 + userRootSecret: galera-secret + userRootSecretKey: root-password asserts: - contains: path: spec.template.spec.initContainers[0].args @@ -230,11 +230,11 @@ tests: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: kubernetes.io/e2e-az-name - operator: In - values: - - e2e-az1 - - e2e-az2 + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 asserts: - equal: path: spec.template.spec.affinity @@ -243,11 +243,11 @@ tests: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: kubernetes.io/e2e-az-name - operator: In - values: - - e2e-az1 - - e2e-az2 + - key: kubernetes.io/e2e-az-name + operator: In + values: + - e2e-az1 + - e2e-az2 - it: "should use large flavor" set: flavor: large diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index 57dfb400c4..591477c5cf 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +--- ################################################################# # Global configuration defaults. ################################################################# @@ -106,21 +106,25 @@ config: # externalSecret: some-secret-name config_map: default +securityContext: + user_id: 100 + group_id: 65533 + nodeSelector: {} affinity: {} -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory +# resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory flavor: small resources: small: @@ -139,7 +143,7 @@ resources: memory: "20Mi" unlimited: {} -#Pods Service Account +# Pods Service Account serviceAccount: nameOverride: mariadb-init roles: @@ -152,4 +156,4 @@ wait_for_job_container: readinessCheck: wait_for: services: - - '{{ include "common.mariadbService" . }}' + - '{{ include "common.mariadbService" . }}' diff --git a/kubernetes/dmaap/.helmignore b/kubernetes/common/mongodb-init/.helmignore index 7ddbad7ef4..0bab41b6b1 100644 --- a/kubernetes/dmaap/.helmignore +++ b/kubernetes/common/mongodb-init/.helmignore @@ -19,4 +19,14 @@ .project .idea/ *.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs components/ diff --git a/kubernetes/sdnc/components/dmaap-listener/Chart.yaml b/kubernetes/common/mongodb-init/Chart.yaml index 0fdddec268..0cdeecf84b 100644 --- a/kubernetes/sdnc/components/dmaap-listener/Chart.yaml +++ b/kubernetes/common/mongodb-init/Chart.yaml @@ -1,5 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange +# Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,9 +13,9 @@ # limitations under the License. apiVersion: v2 -description: SDNC DMaaP Listener -name: dmaap-listener -version: 13.0.0 +description: Chart for MongoDB init job +name: mongodb-init +version: 13.0.2 dependencies: - name: common @@ -25,6 +24,9 @@ dependencies: - name: repositoryGenerator version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' - name: serviceAccount version: ~13.x-0 repository: '@local' diff --git a/kubernetes/common/mongodb-init/README.md b/kubernetes/common/mongodb-init/README.md new file mode 100644 index 0000000000..aa6c735744 --- /dev/null +++ b/kubernetes/common/mongodb-init/README.md @@ -0,0 +1,16 @@ +# mongodb-init + +## Introduction + +Initialization scripts for mongo database. + +- not part of ONAP OOM yet + +## Requirements + +mongodb-init needs the following ONAP projects to work: + +- common/common +- common/repositoryGenerator +- common/serviceAccount +- common/readinessCheck diff --git a/kubernetes/common/mongodb-init/resources/config/setup.sql b/kubernetes/common/mongodb-init/resources/config/setup.sql new file mode 100644 index 0000000000..452ee187df --- /dev/null +++ b/kubernetes/common/mongodb-init/resources/config/setup.sql @@ -0,0 +1,11 @@ +// Database Setup +use ${MONGO_DATABASE} + +// UserCreation Setup +db.createUser( + { + user: "${MONGODB_USER}", + pwd: "${MONGODB_PASSWORD}", + roles: [ { role: "readWrite", db: "${MONGO_DATABASE}" } ] + } +) diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/configmap.yaml b/kubernetes/common/mongodb-init/templates/configmap.yaml index c41c3ef0d6..bde790f205 100644 --- a/kubernetes/sdnc/components/dmaap-listener/templates/configmap.yaml +++ b/kubernetes/common/mongodb-init/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2024 Deutsche Telekom +# # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/common/mongodb-init/templates/job.yaml b/kubernetes/common/mongodb-init/templates/job.yaml new file mode 100644 index 0000000000..5e232e26d3 --- /dev/null +++ b/kubernetes/common/mongodb-init/templates/job.yaml @@ -0,0 +1,129 @@ +{{/* +# Copyright © 2024 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-config-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} + - name: {{ include "common.name" . }}-update-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + command: + - sh + args: + - -c + - | + function prepare_password { + echo -n $1 | sed -e "s/'/''/g" + } + export MONGODB_PASSWORD=`prepare_password $MONGODB_PASSWORD_INPUT`; + export MONGODB_ROOT_PASSWORD=`prepare_password $MONGODB_ROOT_PASSWORD_INPUT`; + export MONGODB_USER=`prepare_password $MONGODB_USER_INPUT`; + export MONGODB_ROOT_USER=`prepare_password $MONGODB_ROOT_USER_INPUT`; + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s; + {{- end }} + cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done; + env: + - name: MONGODB_HOST + value: "{{ .Values.global.mongodb.service.name }}" + - name: MONGODB_USER_INPUT + #value: "{{ .Values.config.mgUserName }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mgDatabase "key" "login") | indent 10 }} + - name: MONGODB_PASSWORD_INPUT + #value: "{{ .Values.config.mgUserPassword }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mgDatabase "key" "password") | indent 10 }} + - name: MONGO_DATABASE + value: "{{ .Values.config.mgDatabase }}" + - name: MONGODB_ROOT_USER_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" .Values.config.mgRootUserKey) | indent 10 }} + - name: MONGODB_ROOT_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" .Values.config.mgRootPasswordKey) | indent 10 }} + volumeMounts: + - mountPath: /config-input/setup.sql + name: config + subPath: setup.sql + - mountPath: /config + name: mgconf + containers: + - name: {{ include "common.name" . }}-setup-db + image: {{ include "repositoryGenerator.image.mongodbImage" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + command: + - sh + args: + - -c + - | + function prepare_password { + echo -n $1 | sed -e "s/'/''/g" + } + export MONGODB_ROOT_USER=`prepare_password $MONGODB_ROOT_USER_INPUT`; + export MONGODB_ROOT_PASSWORD=`prepare_password $MONGODB_ROOT_PASSWORD_INPUT`; + mongosh "mongodb://${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$MONGODB_HOST" < /config/setup.sql + env: + - name: MONGODB_HOST + value: "{{ .Values.global.mongodb.service.name }}" + - name: MONGODB_ROOT_USER_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" "MONGODB_DATABASE_ADMIN_USER") | indent 10 }} + - name: MONGODB_ROOT_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" "MONGODB_DATABASE_ADMIN_PASSWORD") | indent 10 }} + volumeMounts: + - mountPath: /config-input/setup.sql + name: config + subPath: setup.sql + - mountPath: /config + name: mgconf + resources: {{ include "common.resources" . | nindent 10 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: mgconf + emptyDir: + medium: Memory + sizeLimit: 64Mi + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/vnfsdk/templates/secrets.yaml b/kubernetes/common/mongodb-init/templates/secrets.yaml index b143034d8f..577d9d581e 100644 --- a/kubernetes/vnfsdk/templates/secrets.yaml +++ b/kubernetes/common/mongodb-init/templates/secrets.yaml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2020 Samsung Electronics -# # +# ## Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # # You may obtain a copy of the License at diff --git a/kubernetes/common/mongodb-init/values.yaml b/kubernetes/common/mongodb-init/values.yaml new file mode 100644 index 0000000000..478fab5cdd --- /dev/null +++ b/kubernetes/common/mongodb-init/values.yaml @@ -0,0 +1,108 @@ +# Copyright © 2024 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + mongodb: + service: + name: mgset + container: + name: mongodb + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: '{{ include "common.mongodb.secret.rootPassUID" . }}' + type: password + externalSecret: '{{ tpl (default "" .Values.config.mgExternalSecret) . }}' + password: '{{ .Values.config.mgRootPasswordKey }}' + - uid: '{{ .Values.config.mgDatabase }}' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.mgUserExternalSecret) . }}' + login: '{{ .Values.config.mgUserName }}' + password: '{{ .Values.config.mgUserPassword }}' + +################################################################# +# Application configuration defaults. +################################################################# + +pullPolicy: Always + +# application configuration +config: + mgUserName: testuser + mgUserPassword: testuser123 + mgDatabase: testdb + mgDataPath: data + #mgRootPasswordExternalSecret: '{{ include "common.namespace" . }}-mongodb-db-root-password' + mgExternalSecret: '{{ include "common.name" . }}-mongo-secrets' + mgRootUserKey: MONGODB_DATABASE_ADMIN_USER + mgRootPasswordKey: MONGODB_DATABASE_ADMIN_PASSWORD + mgUserExternalSecret: '{{ include "common.release" . }}-{{ include "common.name" . }}-mg-secret' + +nodeSelector: {} + +affinity: {} + +flavor: small + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: "100m" + memory: "0.3Gi" + requests: + cpu: "10m" + memory: "0.09Gi" + large: + limits: + cpu: "2" + memory: "4Gi" + requests: + cpu: "1" + memory: "2Gi" + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: mongodb-init + roles: + - read + +securityContext: + user_id: 100 + group_id: 65533 + +readinessCheck: + wait_for: + services: + - '{{ .Values.global.mongodb.service.name }}' + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-setup-db' diff --git a/kubernetes/common/mongodb/Chart.yaml b/kubernetes/common/mongodb/Chart.yaml index 2d6bf4bb4f..fc39ce3dee 100644 --- a/kubernetes/common/mongodb/Chart.yaml +++ b/kubernetes/common/mongodb/Chart.yaml @@ -40,4 +40,4 @@ maintainers: name: mongodb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mongodb -version: 14.12.3 +version: 14.12.4 diff --git a/kubernetes/common/mongodb/README.md b/kubernetes/common/mongodb/README.md index 065e047fdc..a4d1803a9f 100644 --- a/kubernetes/common/mongodb/README.md +++ b/kubernetes/common/mongodb/README.md @@ -1117,4 +1117,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License.
\ No newline at end of file +limitations under the License. diff --git a/kubernetes/common/mongodb/common/templates/_images.tpl b/kubernetes/common/mongodb/common/templates/_images.tpl index 1bcb779df5..e6acf9e3c6 100644 --- a/kubernetes/common/mongodb/common/templates/_images.tpl +++ b/kubernetes/common/mongodb/common/templates/_images.tpl @@ -114,4 +114,3 @@ Return the proper image version (ingores image revision/prerelease info & fallba {{- print .chart.AppVersion -}} {{- end -}} {{- end -}} - diff --git a/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml b/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml index 041b0cb51d..ee033e9437 100644 --- a/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml +++ b/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml @@ -274,7 +274,8 @@ spec: {{- end }} volumes: - name: empty-dir - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }} {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }} - name: common-scripts configMap: @@ -287,7 +288,8 @@ spec: {{- end }} {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - name: certs - emptyDir: {} + emptyDir: + sizeLimit: 64Mi {{- if (include "mongodb.autoGenerateCerts" .) }} - name: certs-volume secret: diff --git a/kubernetes/common/mongodb/templates/backup/cronjob.yaml b/kubernetes/common/mongodb/templates/backup/cronjob.yaml index 2e884b14b9..b1d0b589a9 100644 --- a/kubernetes/common/mongodb/templates/backup/cronjob.yaml +++ b/kubernetes/common/mongodb/templates/backup/cronjob.yaml @@ -167,7 +167,7 @@ spec: volumes: - name: empty-dir emptyDir: - sizeLimit: 64Mi + sizeLimit: {{ .Values.backup.emptyDir.sizeLimit }} - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} diff --git a/kubernetes/common/mongodb/templates/hidden/statefulset.yaml b/kubernetes/common/mongodb/templates/hidden/statefulset.yaml index 08a55ebd06..493c2b2cfe 100644 --- a/kubernetes/common/mongodb/templates/hidden/statefulset.yaml +++ b/kubernetes/common/mongodb/templates/hidden/statefulset.yaml @@ -515,7 +515,7 @@ spec: volumes: - name: empty-dir emptyDir: - sizeLimit: 64Mi + sizeLimit: {{ .Values.hidden.emptyDir.sizeLimit }} - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} diff --git a/kubernetes/common/mongodb/templates/networkpolicy.yaml b/kubernetes/common/mongodb/templates/networkpolicy.yaml index f6d62ca867..63c4d715d4 100644 --- a/kubernetes/common/mongodb/templates/networkpolicy.yaml +++ b/kubernetes/common/mongodb/templates/networkpolicy.yaml @@ -80,4 +80,4 @@ spec: {{- if $extraIngress }} {{- include "common.tplvalues.render" ( dict "value" $extraIngress "context" $ ) | nindent 4 }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml b/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml index b171eca005..7de00e7925 100644 --- a/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml +++ b/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml @@ -513,7 +513,7 @@ spec: volumes: - name: empty-dir emptyDir: - sizeLimit: 64Mi + sizeLimit: {{ .Values.replicaSet.emptyDir.sizeLimit }} - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} diff --git a/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml b/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml index 6f63f0be5b..817698beed 100644 --- a/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml +++ b/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml @@ -438,7 +438,7 @@ spec: volumes: - name: empty-dir emptyDir: - sizeLimit: 64Mi + sizeLimit: {{ .Values.standalone.emptyDir.sizeLimit }} - name: common-scripts configMap: name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} diff --git a/kubernetes/common/mongodb/values.yaml b/kubernetes/common/mongodb/values.yaml index 9612859392..7628846a3e 100644 --- a/kubernetes/common/mongodb/values.yaml +++ b/kubernetes/common/mongodb/values.yaml @@ -307,6 +307,14 @@ hostAliases: [] ## @param replicaSetName Name of the replica set (only when `architecture=replicaset`) ## Ignored when mongodb.architecture=standalone ## +replicaSet: + emptyDir: + sizeLimit: 1Gi + +standalone: + emptyDir: + sizeLimit: 1Gi + replicaSetName: rs0 ## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) ## Ignored when mongodb.architecture=standalone @@ -1166,6 +1174,8 @@ backup: ## @param backup.enabled Enable the logical dump of the database "regularly" ## enabled: false + emptyDir: + sizeLimit: 1Gi ## Fine tuning cronjob's config ## cronjob: @@ -1438,6 +1448,8 @@ volumePermissions: ## @section Arbiter parameters ## arbiter: + emptyDir: + sizeLimit: 1Gi ## @param arbiter.enabled Enable deploying the arbiter ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ ## @@ -1616,8 +1628,8 @@ arbiter: allowPrivilegeEscalation: false capabilities: drop: - - ALL - - CAP_NET_RAW + - ALL + - CAP_NET_RAW seccompProfile: type: "RuntimeDefault" ## MongoDB(®) Arbiter containers' resource requests and limits. @@ -1783,6 +1795,8 @@ hidden: ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/ ## enabled: false + emptyDir: + sizeLimit: 1Gi ## @param hidden.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false @@ -1960,9 +1974,7 @@ hidden: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: - drop: - - ALL - - CAP_NET_RAW + drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## MongoDB(®) Hidden containers' resource requests and limits. @@ -1971,7 +1983,7 @@ hidden: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production). + ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" diff --git a/kubernetes/common/postgres-init/.helmignore b/kubernetes/common/postgres-init/.helmignore index f0c1319444..0bab41b6b1 100644 --- a/kubernetes/common/postgres-init/.helmignore +++ b/kubernetes/common/postgres-init/.helmignore @@ -19,3 +19,14 @@ .project .idea/ *.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/postgres-init/Chart.yaml b/kubernetes/common/postgres-init/Chart.yaml index 81f566f9e1..4951ed6359 100644 --- a/kubernetes/common/postgres-init/Chart.yaml +++ b/kubernetes/common/postgres-init/Chart.yaml @@ -1,5 +1,6 @@ # Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,19 +17,19 @@ apiVersion: v2 description: Chart for Postgres init job name: postgres-init -version: 13.0.1 +version: 13.0.3 dependencies: - name: common version: ~13.x-0 - repository: 'file://../common' + repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../repositoryGenerator' + repository: '@local' - name: readinessCheck version: ~13.x-0 repository: '@local' - name: serviceAccount version: ~13.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml index cc7d410eb2..a2f7e12274 100644 --- a/kubernetes/common/postgres-init/templates/job.yaml +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -39,6 +39,7 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - command: @@ -82,6 +83,7 @@ spec: - mountPath: /config name: pgconf resources: {{ include "common.resources" . | nindent 10 }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: @@ -98,6 +100,7 @@ spec: name: {{ include "common.fullname" . }} - name: pgconf emptyDir: + sizeLimit: 64Mi medium: Memory restartPolicy: Never {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml index 160e6720ed..99be8354be 100644 --- a/kubernetes/common/postgres-init/values.yaml +++ b/kubernetes/common/postgres-init/values.yaml @@ -97,6 +97,10 @@ serviceAccount: roles: - read +securityContext: + user_id: 26 + group_id: 26 + readinessCheck: wait_for: services: @@ -104,4 +108,4 @@ readinessCheck: wait_for_job_container: containers: - - '{{ include "common.name" . }}-update-config'
\ No newline at end of file + - '{{ include "common.name" . }}-update-config' diff --git a/kubernetes/common/postgres/.helmignore b/kubernetes/common/postgres/.helmignore index f0c1319444..0bab41b6b1 100644 --- a/kubernetes/common/postgres/.helmignore +++ b/kubernetes/common/postgres/.helmignore @@ -19,3 +19,14 @@ .project .idea/ *.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/postgres/Chart.yaml b/kubernetes/common/postgres/Chart.yaml index 3920d8e73d..562b69fd0e 100644 --- a/kubernetes/common/postgres/Chart.yaml +++ b/kubernetes/common/postgres/Chart.yaml @@ -22,7 +22,7 @@ version: 13.1.0 dependencies: - name: common version: ~13.x-0 - repository: 'file://../common' + repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../repositoryGenerator'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/common/postgres/configs/pg_hba.conf b/kubernetes/common/postgres/configs/pg_hba.conf index 580185c6f0..d8918409e8 100644 --- a/kubernetes/common/postgres/configs/pg_hba.conf +++ b/kubernetes/common/postgres/configs/pg_hba.conf @@ -65,4 +65,3 @@ #local all all trust # IPv4 local connections: host all all 0.0.0.0/0 md5 - diff --git a/kubernetes/common/postgres/templates/deployment-primary.yaml b/kubernetes/common/postgres/templates/deployment-primary.yaml index 535eefa8cf..7947559211 100644 --- a/kubernetes/common/postgres/templates/deployment-primary.yaml +++ b/kubernetes/common/postgres/templates/deployment-primary.yaml @@ -15,4 +15,4 @@ */}} {{- if not .Values.global.postgres.useOperator }} {{ include "common.postgres.deployment" (dict "dot" . "pgMode" "primary") }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/postgres/templates/deployment-replica.yaml b/kubernetes/common/postgres/templates/deployment-replica.yaml index 97c7e11053..246e1e9a07 100644 --- a/kubernetes/common/postgres/templates/deployment-replica.yaml +++ b/kubernetes/common/postgres/templates/deployment-replica.yaml @@ -15,4 +15,4 @@ */}} {{- if not .Values.global.postgres.useOperator }} {{ include "common.postgres.deployment" (dict "dot" . "pgMode" "replica") }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/postgres/templates/metrics-svc-primary.yaml b/kubernetes/common/postgres/templates/metrics-svc-primary.yaml index 00a5182eb1..b8d7912210 100644 --- a/kubernetes/common/postgres/templates/metrics-svc-primary.yaml +++ b/kubernetes/common/postgres/templates/metrics-svc-primary.yaml @@ -35,4 +35,4 @@ spec: name: {{ .Values.container.name.primary }} release: {{ include "common.release" . }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/postgres/templates/metrics-svc-replica.yaml b/kubernetes/common/postgres/templates/metrics-svc-replica.yaml index b8b9e793e8..6d9990a7bc 100644 --- a/kubernetes/common/postgres/templates/metrics-svc-replica.yaml +++ b/kubernetes/common/postgres/templates/metrics-svc-replica.yaml @@ -35,4 +35,4 @@ spec: name: {{ .Values.container.name.replica }} release: {{ include "common.release" . }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/postgres/templates/postgres.yaml b/kubernetes/common/postgres/templates/postgres.yaml index aca6aa260f..0dad7f5886 100644 --- a/kubernetes/common/postgres/templates/postgres.yaml +++ b/kubernetes/common/postgres/templates/postgres.yaml @@ -16,4 +16,4 @@ {{- if .Values.global.postgres.useOperator }} {{ include "common.postgresOpInstance" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/postgres/templates/pv-primary.yaml b/kubernetes/common/postgres/templates/pv-primary.yaml index 8db79d665e..9e73ceb8e3 100644 --- a/kubernetes/common/postgres/templates/pv-primary.yaml +++ b/kubernetes/common/postgres/templates/pv-primary.yaml @@ -38,4 +38,4 @@ spec: path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/primary {{- end -}} {{- end -}} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/postgres/templates/pvc-replica.yaml b/kubernetes/common/postgres/templates/pvc-replica.yaml index f59adf736a..e71284fcec 100644 --- a/kubernetes/common/postgres/templates/pvc-replica.yaml +++ b/kubernetes/common/postgres/templates/pvc-replica.yaml @@ -43,4 +43,4 @@ spec: storageClassName: {{ include "common.storageClass" . }} {{- end }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/postgres/templates/service-replica.yaml b/kubernetes/common/postgres/templates/service-replica.yaml index 68694561bd..878a02ef66 100644 --- a/kubernetes/common/postgres/templates/service-replica.yaml +++ b/kubernetes/common/postgres/templates/service-replica.yaml @@ -40,4 +40,4 @@ spec: selector: name: "{{.Values.container.name.replica}}" release: {{ include "common.release" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/postgres/templates/servicemonitor.yaml b/kubernetes/common/postgres/templates/servicemonitor.yaml index 522e515545..3fb716b133 100644 --- a/kubernetes/common/postgres/templates/servicemonitor.yaml +++ b/kubernetes/common/postgres/templates/servicemonitor.yaml @@ -17,4 +17,4 @@ {{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/readinessCheck/.helmignore b/kubernetes/common/readinessCheck/.helmignore new file mode 100644 index 0000000000..0bab41b6b1 --- /dev/null +++ b/kubernetes/common/readinessCheck/.helmignore @@ -0,0 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/readinessCheck/Chart.yaml b/kubernetes/common/readinessCheck/Chart.yaml index bb2986a9fb..c9134177c2 100644 --- a/kubernetes/common/readinessCheck/Chart.yaml +++ b/kubernetes/common/readinessCheck/Chart.yaml @@ -17,12 +17,12 @@ apiVersion: v2 description: Template used to wait for other deployment/sts/jobs in onap name: readinessCheck -version: 13.1.0 +version: 13.1.1 dependencies: - name: common version: ~13.x-0 - repository: 'file://../common' + repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../repositoryGenerator'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl index 51791fec13..42f526148a 100644 --- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl +++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl @@ -95,6 +95,13 @@ securityContext: runAsUser: {{ $subchartDot.Values.user }} runAsGroup: {{ $subchartDot.Values.group }} + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW command: - /app/ready.py args: diff --git a/kubernetes/common/repositoryGenerator/.helmignore b/kubernetes/common/repositoryGenerator/.helmignore new file mode 100644 index 0000000000..0bab41b6b1 --- /dev/null +++ b/kubernetes/common/repositoryGenerator/.helmignore @@ -0,0 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 1da838a5b9..e708926049 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -2,6 +2,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2021 AT&T # Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -139,6 +140,10 @@ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "nginxImage") .) }} {{- end -}} +{{- define "repositoryGenerator.image.mongodbImage" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "mongodbImage") .) }} +{{- end -}} + {{- define "repositoryGenerator.image.postgres" -}} {{- include "repositoryGenerator.image._helper" (merge (dict "image" "postgresImage") .) }} {{- end -}} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index da10d82035..1c0909fce1 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -37,6 +37,7 @@ global: kubectlImage: bitnami/kubectl:1.22.4 loggingImage: beats/filebeat:5.5.0 mariadbImage: bitnami/mariadb:10.5.8 + mongodbImage: percona/percona-server-mongodb:7.0.5-3 nginxImage: bitnami/nginx:1.21.4 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:6.0.3 @@ -71,6 +72,7 @@ imageRepoMapping: kubectlImage: dockerHubRepository loggingImage: elasticRepository mariadbImage: dockerHubRepository + mongodbImage: dockerHubRepository nginxImage: dockerHubRepository postgresImage: dockerHubRepository readinessImage: repository diff --git a/kubernetes/common/serviceAccount/.helmignore b/kubernetes/common/serviceAccount/.helmignore new file mode 100644 index 0000000000..0bab41b6b1 --- /dev/null +++ b/kubernetes/common/serviceAccount/.helmignore @@ -0,0 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/serviceAccount/Chart.yaml b/kubernetes/common/serviceAccount/Chart.yaml index 7afd31f4d9..b691c40903 100644 --- a/kubernetes/common/serviceAccount/Chart.yaml +++ b/kubernetes/common/serviceAccount/Chart.yaml @@ -23,4 +23,4 @@ version: 13.0.1 dependencies: - name: common version: ~13.x-0 - repository: 'file://../common'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/common/serviceAccount/templates/role.yaml b/kubernetes/common/serviceAccount/templates/role.yaml index 83cb945ba9..d6d041f916 100644 --- a/kubernetes/common/serviceAccount/templates/role.yaml +++ b/kubernetes/common/serviceAccount/templates/role.yaml @@ -128,6 +128,7 @@ rules: - pods/exec verbs: - create + - get - apiGroups: - cert-manager.io resources: diff --git a/kubernetes/common/serviceAccount/templates/service-account.yaml b/kubernetes/common/serviceAccount/templates/service-account.yaml index 20bd94f49a..683d5d2984 100644 --- a/kubernetes/common/serviceAccount/templates/service-account.yaml +++ b/kubernetes/common/serviceAccount/templates/service-account.yaml @@ -21,4 +21,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/timescaledb/.helmignore b/kubernetes/common/timescaledb/.helmignore index 50af031725..0bab41b6b1 100644 --- a/kubernetes/common/timescaledb/.helmignore +++ b/kubernetes/common/timescaledb/.helmignore @@ -19,4 +19,14 @@ .project .idea/ *.tmproj -.vscode/ +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/timescaledb/Chart.yaml b/kubernetes/common/timescaledb/Chart.yaml index d8b9869817..8ce460061d 100644 --- a/kubernetes/common/timescaledb/Chart.yaml +++ b/kubernetes/common/timescaledb/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 appVersion: "1.0" description: ONAP timescaledb name: timescaledb -version: 13.0.0 +version: 13.0.1 dependencies: - name: common @@ -33,4 +33,4 @@ dependencies: repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../repositoryGenerator'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml index 653326be5f..031241dbaf 100644 --- a/kubernetes/common/timescaledb/templates/statefulset.yaml +++ b/kubernetes/common/timescaledb/templates/statefulset.yaml @@ -29,27 +29,12 @@ spec: metadata: {{- include "common.templateMetadata" (dict "ignoreHelmChart" true "dot" . ) | nindent 6 }} spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} - {{ include "common.podSecurityContext" . | indent 10 | trim}} - initContainers: - # we shouldn't need this but for unknown reason, it's fsGroup is not - # applied - - name: fix-permission - command: - - /bin/sh - args: - - -c - - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /var/lib/postgresql/data - name: {{ include "common.fullname" . }} + {{ include "common.podSecurityContext" . | indent 6 | trim}} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim}} ports: {{ include "common.containerPorts" . | nindent 12 }} livenessProbe: exec: @@ -80,10 +65,15 @@ spec: mountPath: /docker-entrypoint-initdb.d - name: {{ include "common.fullname" . }} mountPath: /var/lib/postgresql/data + - name: var-run + mountPath: /var/run/postgresql volumes: - name: {{ include "common.fullname" . }}-init configMap: name: {{ include "common.fullname" . }}-init + - name: var-run + emptyDir: + sizeLimit: {{ .Values.dirSizes.varDir.sizeLimit }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -94,9 +84,9 @@ spec: {{- end }} {{- with .Values.tolerations }} tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence "ignoreHelmChart" true) | indent 6 | trim }} -{{- end }} + {{- end }} diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml index 2643f55062..35beab7ea1 100644 --- a/kubernetes/common/timescaledb/values.yaml +++ b/kubernetes/common/timescaledb/values.yaml @@ -21,9 +21,9 @@ global: persistence: {} ################################################################# -# Secrets. +# Image ############################################################## -image: timescale/timescaledb:2.5.1-pg14 +image: timescale/timescaledb:2.16.1-pg14 pullPolicy: Always containerPorts: 5432 @@ -41,11 +41,6 @@ securityContext: # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group) user_id: 70 group_id: 70 - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true flavor: small @@ -114,6 +109,10 @@ config: pgRootUserName: postgres pgDatabase: timescaledb +dirSizes: + varDir: + sizeLimit: 64Mi + secrets: - uid: root-creds type: basicAuth diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml index 81b81341e5..e9d4df5fe3 100644 --- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml +++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml @@ -3,6 +3,7 @@ # Modifications Copyright (C) 2020 Bell Canada. # Modifications Copyright (C) 2021-2023 Nordix Foundation. # Modifications Copyright (C) 2021 Orange +# Modifications Copyright (C) 2024 TechMahindra Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,7 +31,7 @@ spring: initialization-mode: always liquibase: change-log: classpath:changelog/changelog-master.yaml - labels: {{ .Values.config.liquibaseLabels }} + label-filter: {{ .Values.config.liquibaseLabels }} kafka: producer: @@ -43,6 +44,12 @@ security: username: ${CPS_USERNAME} password: ${CPS_PASSWORD} +# Actuator +management: + tracing: + propagation: + produce: {{ .Values.management.tracing.propagation.produce }} + logging: level: org: @@ -71,12 +78,24 @@ spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG} {{ toYaml .Values.config.additional | nindent 2 }} {{- end }} +# cps tracing +{{- if .Values.tracing }} + {{ toYaml .Values.tracing | nindent 2 }} +{{- end }} + # Custom Hazelcast config. hazelcast: + cluster-name: {{ .Values.hazelcast.config.clusterName }} mode: kubernetes: enabled: {{ .Values.hazelcast.config.kubernetesDiscovery }} service-name: {{ .Values.hazelcast.config.kubernetesServiceName }} +otel: + exporter: + otlp: + traces: + protocol: {{ .Values.otel.config.otlp.traces.protocol }} + # Last empty line is required otherwise the last property will be missing from application.yml file in the pod. diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index d72863955f..94aa67efd3 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -1,6 +1,7 @@ # Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada. # Modifications Copyright (C) 2022 Bell Canada # Modifications Copyright © 2022-2023 Nordix Foundation +# Modifications Copyright © 2024 TechMahindra Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -68,7 +69,7 @@ global: container: name: postgres -image: onap/cps-and-ncmp:3.3.11 +image: onap/cps-and-ncmp:3.4.9 service: type: ClusterIP @@ -183,7 +184,6 @@ config: additional: notification.enabled: true - notification.data-updated.topic: &dataUpdatedTopic cps.data-updated-events notification.data-updated.filters.enabled-dataspaces: "" notification.async.enabled: false notification.async.executor.core-pool-size: 2 @@ -191,12 +191,16 @@ config: notification.async.executor.queue-capacity: 500 notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true notification.async.executor.thread-name-prefix: Async- + app.cps.data-updated.change-event-notifications-enabled: true # Strimzi KafkaUser and Topic config kafkaTopic: - name: &dmiCmEventsTopic dmi-cm-events retentionMs: 7200000 segmentBytes: 1073741824 + - name: &dataUpdatedTopic cps-data-updated-events + retentionMs: 7200000 + segmentBytes: 1073741824 kafkaUser: authenticationType: scram-sha-512 @@ -216,17 +220,62 @@ kafkaUser: - name: &cmAvcSubscriptionTopic cm-avc-subscription type: topic operations: [Read] + - name: &ncmpCmSubscriptionIn subscription + type: topic + operations: [Read] + - name: &ncmpCmSubscriptionDmiIn ncmp-dmi-cm-avc-subscription + type: topic + operations: [Read] + - name: &ncmpCmSubscriptionDmiOut dmi-ncmp-cm-avc-subscription + type: topic + operations: [Read] + - name: &ncmpCmSubscriptionOut subscription-response + type: topic + operations: [Read] + - name: &ncmpCmEventsTopic cm-events + type: topic + operations: [Read] + - name: &dmiDeviceHeartbeatTopic dmi-device-heartbeat + type: topic + operations: [Read] + - name: &lcmEventsTopic ncmp-events + type: topic + operations: [Read] topics: config: app.ncmp.async-m2m.topic: *ncmpAsyncM2MTopic - app.ncmp.avc.subscription-topic: *cmAvcSubscriptionTopic + app.ncmp.avc.cm-subscription-ncmp-in: *ncmpCmSubscriptionIn + app.ncmp.avc.cm-subscription-dmi-in: *ncmpCmSubscriptionDmiIn + app.ncmp.avc.cm-subscription-dmi-out: *ncmpCmSubscriptionDmiOut + app.ncmp.avc.cm-subscription-ncmp-out: *ncmpCmSubscriptionOut + app.ncmp.avc.cm-events-topic: *ncmpCmEventsTopic + app.lcm.events.topic: *lcmEventsTopic app.dmi.cm-events.topic: *dmiCmEventsTopic + app.dmi.device-heartbeat.topic: *dmiDeviceHeartbeatTopic + app.cps.data-updated.topic: *dataUpdatedTopic logging: level: INFO path: /tmp +management: + tracing: + propagation: + produce: [W3C] + +tracing: + cps: + tracing: + sampler: + jaeger_remote: + endpoint: http://onap-otel-collector:14250 + exporter: + endpoint: http://onap-otel-collector:4317 + protocol: grpc + enabled: false + excluded-observation-names: tasks.scheduled.execution + ################################################################# # Postgres overriding defaults in the postgres ################################################################# @@ -283,5 +332,11 @@ hazelcast: config: kubernetesDiscovery: true kubernetesServiceName: cps-core-headless + clusterName: cps-and-ncmp-common-cache-cluster +otel: + config: + otlp: + traces: + protocol: grpc diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml index e0bc868c54..439fdb91eb 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml @@ -47,7 +47,7 @@ global: virtualhost: baseurl: "simpledemo.onap.org" -image: onap/ncmp-dmi-plugin:1.4.0 +image: onap/ncmp-dmi-plugin:1.5.0 containerPort: &svc_port 8080 prometheus: diff --git a/kubernetes/dcaegen2-services/Chart.yaml b/kubernetes/dcaegen2-services/Chart.yaml index ade33b4c3f..83b344b303 100644 --- a/kubernetes/dcaegen2-services/Chart.yaml +++ b/kubernetes/dcaegen2-services/Chart.yaml @@ -19,19 +19,15 @@ # ============LICENSE_END========================================================= apiVersion: v2 -appVersion: "NewDelhi" +appVersion: "Oslo" description: DCAE Microservices name: dcaegen2-services -version: 13.1.0 +version: 15.0.0 dependencies: - name: common version: ~13.x-0 repository: '@local' - - name: dcae-datafile-collector - version: ~13.x-0 - repository: '@local' - condition: dcae-datafile-collector.enabled - name: dcae-datalake-admin-ui version: ~13.x-0 repository: '@local' @@ -44,62 +40,22 @@ dependencies: version: ~13.x-0 repository: '@local' condition: dcae-datalake-feeder.enabled - - name: dcae-heartbeat - version: ~13.x-0 - repository: '@local' - condition: dcae-heartbeat.enabled - name: dcae-hv-ves-collector version: ~13.x-0 repository: '@local' condition: dcae-hv-ves-collector.enabled - - name: dcae-kpi-ms - version: ~13.x-0 - repository: '@local' - condition: dcae-kpi-ms.enabled - name: dcae-ms-healthcheck version: ~13.x-0 repository: '@local' condition: dcae-ms-healthcheck.enabled - - name: dcae-pm-mapper - version: ~13.x-0 - repository: '@local' - condition: dcae-pm-mapper.enabled - - name: dcae-pmsh - version: ~13.x-0 - repository: '@local' - condition: dcae-pmsh.enabled - name: dcae-prh version: ~13.x-0 repository: '@local' condition: dcae-prh.enabled - - name: dcae-restconf-collector - version: ~13.x-0 - repository: '@local' - condition: dcae-restconf-collector.enabled - - name: dcae-slice-analysis-ms - version: ~13.x-0 - repository: '@local' - condition: dcae-slice-analysis-ms.enabled - - name: dcae-snmptrap-collector - version: ~13.x-0 - repository: '@local' - condition: dcae-snmptrap-collector.enabled - - name: dcae-son-handler - version: ~13.x-0 - repository: '@local' - condition: dcae-son-handler.enabled - - name: dcae-tcagen2 - version: ~13.x-0 - repository: '@local' - condition: dcae-tcagen2.enabled - name: dcae-ves-collector version: ~13.x-0 repository: '@local' condition: dcae-ves-collector.enabled - - name: dcae-ves-mapper - version: ~13.x-0 - repository: '@local' - condition: dcae-ves-mapper.enabled - name: dcae-ves-openapi-manager version: ~13.x-0 repository: 'file://components/dcae-ves-openapi-manager' diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index c841d6df50..5e39d51844 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -313,6 +313,8 @@ spec: name: {{ ternary "app-config-input" "app-config" (not $drNeedProvisioning) }} - mountPath: /app-config-input name: app-config-input + - mountPath: /tmp + name: tmp-volume {{- if $logDir }} - mountPath: {{ $logDir}} name: logs @@ -385,6 +387,9 @@ spec: - emptyDir: medium: Memory name: app-config + - name: tmp-volume + emptyDir: + sizeLimit: 128Mi {{- if $logDir }} - emptyDir: {} name: logs diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/Chart.yaml deleted file mode 100644 index d5cc948cb4..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/Chart.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (C) 2021 Nordix Foundation. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# Modifications Copyright © 2023 Deutsche Telekom AG. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -apiVersion: v2 -appVersion: "London" -description: DCAE DataFile Collector Helm charts -name: dcae-datafile-collector -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: certManagerCertificate - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/authorizationpolicy.yaml deleted file mode 100644 index 7158c0263f..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/certificates.yaml deleted file mode 100644 index 78ae858cec..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/certificates.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -################################################################################ -# Copyright (C) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} -{{ include "certManagerCertificate.certificate" . }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/configmap.yaml deleted file mode 100644 index a0cb9a66bd..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (C) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/deployment.yaml deleted file mode 100644 index d992d5c19c..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (C) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml deleted file mode 100644 index 79df5ced0c..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright (C) 2022 Deutsche Telekom AG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml deleted file mode 100644 index 13a14a5e12..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2022 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/service.yaml deleted file mode 100644 index 2de4a8fe0a..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (C) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml deleted file mode 100644 index 30da823e60..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ /dev/null @@ -1,228 +0,0 @@ -# ================================ LICENSE_START ========================== -# ========================================================================= -# Copyright (c) 2021 Nordix Foundation. -# Copyright (c) 2022 Nokia. All rights reserved. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved. -# ========================================================================= -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END =========================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &drPubCredsUID drpubcreds - type: basicAuth - login: '{{ .Values.drPubscriberCreds.username }}' - password: '{{ .Values.drPubscriberCreds.password }}' - passwordPolicy: required - -################################################################# -# InitContainer Images. -################################################################# -certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.10.0 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /var/log/ONAP -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/datafile/etc/cert - -# CMPv2 certificate -# It is used only when: -# - certDirectory is set -# - global cmpv2Enabled flag is set to true -# - flag useCmpv2Certificates is set to true -# Disabled by default -useCmpv2Certificates: false -certificates: - - mountPath: /opt/app/datafile/etc/cert/external - commonName: dcae-datafile-collector - dnsNames: - - dcae-datafile-collector - - datafile-collector - - datafile - keystore: - outputType: - - p12 - passwordSecretRef: - name: datafile-collector-cmpv2-keystore-password - key: password - create: true - -# Dependencies -# Waiting for dmaap-dr-node (which depends on dmaap-dr-prov) -# to be sure that we can provision the DR feed that's needed -readinessCheck: - wait_for: - services: - - dmaap-dr-node - - message-router - -# Probe Configuration -readiness: - initialDelaySeconds: 10 - periodSeconds: 15 - timeoutSeconds: 1 - path: /heartbeat - scheme: HTTP - port: 8100 - -# Service Configuration -service: - type: ClusterIP - name: datafile-collector - ports: - - name: http - port: 8443 - plain_port: 8100 - port_protocol: http - -ingress: - enabled: false - service: - - baseaddr: "dcae-datafile-collector-api" - name: "datafile-collector" - port: 8443 - plain_port: 8100 - config: - ssl: "redirect" - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: dcae-pm-mapper-read - - serviceAccount: message-router-read - - serviceAccount: istio-ingress - namespace: istio-ingress - -# Data Router Publisher Credentials -drPubscriberCreds: - username: username - password: password - -credentials: -- name: DR_USERNAME - uid: *drPubCredsUID - key: login -- name: DR_PASSWORD - uid: *drPubCredsUID - key: password - -# Initial Application Configuration -applicationConfig: - dmaap.certificateConfig.keyCert: /opt/app/datafile/etc/cert/cert.p12 - dmaap.certificateConfig.keyPasswordPath: /opt/app/datafile/etc/cert/p12.pass - dmaap.certificateConfig.trustedCa: /opt/app/datafile/etc/cert/trust.jks - dmaap.certificateConfig.trustedCaPasswordPath: /opt/app/datafile/etc/cert/trust.pass - dmaap.certificateConfig.enableCertAuth: false - dmaap.dmaapConsumerConfiguration.consumerGroup: OpenDcae-c12 - dmaap.dmaapConsumerConfiguration.consumerId: C12 - dmaap.dmaapConsumerConfiguration.timeoutMs: -1 - dmaap.security.enableDmaapCertAuth: false - dmaap.security.keyStorePasswordPath: /opt/app/datafile/etc/cert/jks.pass - dmaap.security.keyStorePath: /opt/app/datafile/etc/cert/cert.jks - dmaap.security.trustStorePasswordPath: /opt/app/datafile/etc/cert/trust.pass - dmaap.security.trustStorePath: /opt/app/datafile/etc/cert/trust.jks - service_calls: [] - sftp.security.strictHostKeyChecking: true - streams_publishes: - PM_MEAS_FILES: - dmaap_info: - publisher_id: "dummy_id" - location: loc00 - log_url: ${DR_FEED_LOGURL_0} - publish_url: ${DR_FEED_PUBURL_0} - username: ${DR_USERNAME} - password: ${DR_PASSWORD} - type: data_router - streams_subscribes: - dmaap_subscriber: - dmaap_info: - topic_url: "http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT" - type: message_router - -applicationEnv: - #CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' - #Temporary Dummy CBS Port Value until internal SDK library is updated - CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' - -# DataRouter Feed Configuration -drFeedConfig: - - feedName: bulk_pm_feed - feedVersion: "0.0" - classification: unclassified - feedDescription: DFC Feed Creation - publisher: - username: ${DR_USERNAME} - password: ${DR_PASSWORD} - -# ConfigMap Configuration for Feed, Dr_Publisher -volumes: - - name: feeds-config - path: /opt/app/config/feeds - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "2" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - large: - limits: - cpu: "4" - memory: "2Gi" - requests: - cpu: "2" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: dcae-datafile-collector - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/Chart.yaml deleted file mode 100644 index 6ff60f4de5..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/Chart.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (c) 2021 AT&T Intellectual Property -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -apiVersion: v2 -appVersion: "Kohn" -description: DCAE Heartbeat Microservice -name: dcae-heartbeat -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: postgres - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/authorizationpolicy.yaml deleted file mode 100644 index 30d173c2d8..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,136 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- $pgHost := "primary" -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }}-{{ $pgHost }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- $pgHost := "replica" -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }}-{{ $pgHost }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/configmap.yaml deleted file mode 100644 index a914446c99..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/deployment.yaml deleted file mode 100644 index 0ad66b62a9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/secret.yaml deleted file mode 100644 index 6b70356ca9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/service.yaml deleted file mode 100644 index cf11d2a0c5..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml deleted file mode 100644 index da8f2c6561..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml +++ /dev/null @@ -1,179 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (c) 2021-2023 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &pgUserCredsSecretUid pg-user-creds - name: &pgUserCredsSecretName '{{ include "common.release" . }}-heartbeat-pg-user-creds' - type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "heartbeat-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' - login: '{{ .Values.postgres.config.pgUserName }}' - password: '{{ .Values.postgres.config.pgUserPassword }}' - passwordPolicy: generate - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.services.heartbeat:2.6.1 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /var/log/ONAP/dcaegen2/services/heartbeat -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Probe Configuration -readiness: - initialDelaySeconds: 10 - periodSeconds: 15 - timeoutSeconds: 1 - path: / - scheme: HTTP - port: 10002 - -# Service Configuration -service: - type: ClusterIP - name: dcae-heartbeat - ports: - - name: http - port: 10002 - port_protocol: http - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: message-router-read - authorizedPrincipalsPostgres: - - serviceAccount: dcae-heartbeat-read - -credentials: -- name: HEARTBEAT_PG_USERNAME - uid: *pgUserCredsSecretUid - key: login -- name: HEARTBEAT_PG_PASSWORD - uid: *pgUserCredsSecretUid - key: password - - -# Initial Application Configuration -applicationConfig: - CBS_polling_allowed: "True" - CBS_polling_interval: "300" - consumerID: "1" - groupID: "hbgrpID" - pg_ipAddress: dcae-heartbeat-pg-primary - pg_passwd: ${HEARTBEAT_PG_PASSWORD} - pg_portNum: 5432 - pg_userName: ${HEARTBEAT_PG_USERNAME} - pg_dbName: heartbeat - heartbeat_config: '{"vnfs": [{"eventName": "Heartbeat_vDNS","heartbeatcountmissed": 3,"heartbeatinterval": 60,"closedLoopControlName": "ControlLoopEvent1", "policyVersion": "1.0.0.5", "policyName":"vFireWall","policyScope": "resource=sampleResource,type=sampletype,CLName=sampleCLName","target_type": "VNF", "target": "genVnfName", "version": "1.0"}, {"eventName": "Heartbeat_vFW","heartbeatcountmissed": 3, "heartbeatinterval": 60,"closedLoopControlName": "ControlLoopEvent1","policyVersion": "1.0.0.5","policyName": "vFireWall","policyScope": "resource=sampleResource,type=sampletype,CLName=sampleCLName", "target_type":"VNF", "target": "genVnfName", "version": "1.0"}, {"eventName": "Heartbeat_xx","heartbeatcountmissed": 3, "heartbeatinterval": 60,"closedLoopControlName": "ControlLoopEvent1","policyVersion": "1.0.0.5","policyName": "vFireWall", "policyScope": "resource=sampleResource,type=sampletype,CLName=sampleCLName","target_type": "VNF","target": "genVnfName","version": "1.0"}]}' - streams_publishes: - dcae_cl_out: - dmaap_info: - topic_url: "http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.DCAE_CL_OUTPUT" - type: message_router - streams_subscribes: - ves-heartbeat: - dmaap_info: - topic_url: "http://message-router:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT" - type: message_router - -#applicationEnv: -# HEARTBEAT_PG_URL: &dcaeheartbeatPgPrimary dcae-heartbeat-pg-primary -# HEARTBEAT_PG_USERNAME: -# secretUid: *pgUserCredsSecretUid -# key: login -# HEARTBEAT_PG_PASSWORD: -# secretUid: *pgUserCredsSecretUid -# key: password - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "2" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - large: - limits: - cpu: "4" - memory: "2Gi" - requests: - cpu: "2" - memory: "2Gi" - unlimited: {} - -################################################################# -# Application configuration Overriding Defaults in the Postgres. -################################################################# -postgres: - nameOverride: &postgresName dcae-heartbeat-postgres - service: - name: *postgresName - name2: dcae-heartbeat-pg-primary - name3: dcae-heartbeat-pg-replica - container: - name: - primary: dcae-heartbeat-pg-primary - replica: dcae-heartbeat-pg-replica - persistence: - mountSubPath: heartbeat/data - mountInitPath: heartbeat - config: - pgUserName: heartbeat - pgDatabase: heartbeat - pgUserExternalSecret: *pgUserCredsSecretName - -# Dependencies -readinessCheck: - wait_for: - services: - - '{{ .Values.postgres.service.name2 }}' - - message-router - -#Pods Service Account -serviceAccount: - nameOverride: dcae-heartbeat - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/Chart.yaml deleted file mode 100644 index b4c79c915b..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Wipro Limited. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# Modifications Copyright © 2023 Deutsche Telekom AG. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -apiVersion: v2 -appVersion: "London" -description: DCAE KPI MS chart -name: dcae-kpi-ms -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/authorizationpolicy.yaml deleted file mode 100644 index 5a9baa822f..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/deployment.yaml deleted file mode 100644 index 02b5df8135..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/deployment.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Wipro Limited. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/secret.yaml deleted file mode 100644 index c4596e5b21..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/secret.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Wipro Limited. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/service.yaml deleted file mode 100644 index ba0283dda5..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Wipro Limited. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml deleted file mode 100644 index 61b78fa01f..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ /dev/null @@ -1,138 +0,0 @@ -# ============= LICENSE_START ================================================ -# ============================================================================ -# Copyright (C) 2021-2022 Wipro Limited. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============= LICENSE_END ================================================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.2.1 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /var/log/ONAP/dcaegen2/services/kpims -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Optional Policy configuration properties -# if present, policy-sync side car will be deployed -#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 -#policies: -# policyID: | -# '["com.Config_KPIMS_CONFIG_POLICY"]' - -# Dependencies -readinessCheck: - wait_for: - services: - - message-router - -# Probe Configuration -readiness: - initialDelaySeconds: 10 - periodSeconds: 15 - timeoutSeconds: 1 - path: /healthcheck - scheme: HTTP - port: 8080 - -# Service Configuration -service: - type: ClusterIP - name: dcae-kpi-ms - ports: - - name: http - port: 8080 - port_protocol: http - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: message-router-read - -# Initial Application Configuration -applicationConfig: - trust_store_path: '/opt/app/kpims/etc/cert/trust.jks' - trust_store_pass_path: '/opt/app/kpims/etc/cert/trust.pass' - pollingInterval: 20 - pollingTimeout: 60 - cbsPollingInterval: 60 - dmaap.server: ["message-router"] - cg: kpi-cg - cid: kpi-cid - streams_subscribes: - performance_management_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS - streams_publishes: - kpi_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.DCAE_KPI_OUTPUT - kpi.policy: '{"domain":"measurementsForKpi","methodForKpi":[{"eventName":"perf3gpp_CORE-AMF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"AMFRegNbr","operation":"SUM","operands":"RM.RegisteredSubNbrMean"}]},{"eventName":"perf3gpp_CORE-UPF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"UpstreamDownstreamThr","operation":"SUM","operands":["GTP.InDataOctN3UPF","GTP.OutDataOctN3UPF"]}]}]' - -applicationEnv: - CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' - #Temporary Dummy CBS Port Value until internal SDK library is updated - CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' - STANDALONE: 'false' - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "2" - memory: "500Mi" - requests: - cpu: "1" - memory: "500Mi" - large: - limits: - cpu: "4" - memory: "1Gi" - requests: - cpu: "2" - memory: "1Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: dcae-kpi-ms - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml deleted file mode 100644 index 30cb9cfe6c..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (C) 2021 Nordix Foundation. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# Modifications Copyright © 2023 Deutsche Telekom AG. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -apiVersion: v2 -appVersion: "London" -description: DCAE PM-Mapper Helm charts -name: dcae-pm-mapper -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: 'file://../../common/dcaegen2-services-common' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/authorizationpolicy.yaml deleted file mode 100644 index 5a9baa822f..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/configmap.yaml deleted file mode 100644 index a0cb9a66bd..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (C) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/deployment.yaml deleted file mode 100644 index d992d5c19c..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (C) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/secret.yaml deleted file mode 100644 index 1f588464ba..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (C) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/service.yaml deleted file mode 100644 index 2de4a8fe0a..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (C) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml deleted file mode 100644 index 290c313b52..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ /dev/null @@ -1,187 +0,0 @@ -# ================================ LICENSE_START ========================== -# ========================================================================= -# Copyright (C) 2021 Nordix Foundation. -# Copyright (c) 2022 Nokia. All rights reserved. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved. -# ========================================================================= -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END =========================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &drSubCredsUID drsubcreds - type: basicAuth - login: '{{ .Values.drSubscriberCreds.username }}' - password: '{{ .Values.drSubscriberCreds.password }}' - passwordPolicy: required - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.services.pm-mapper:1.10.1 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /var/log/ONAP/dcaegen2/services/pm-mapper -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Dependencies -# Depend on the datafile-collector, which guarantees that -# the DR feed that pm-mapper susbscribes to will be created -# already by the datafile-collector DMaaP provisioning init -# container. Also guarantees that DR provisioning will be -# available for pm-mapper initContainter to create the -# subscription to the feed. -readinessCheck: - wait_for: - services: - - datafile-collector - -# Probe Configuration -readiness: - initialDelaySeconds: 10 - periodSeconds: 15 - timeoutSeconds: 1 - path: /healthcheck - scheme: HTTP - port: 8081 - -# Service Configuration -service: - type: ClusterIP - name: dcae-pm-mapper - both_tls_and_plain: true - ports: - - name: http - port: 8443 - plain_port: 8081 - port_protocol: http - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: message-router-read - -# Data Router Subscriber Credentials -drSubscriberCreds: - username: username - password: password - -credentials: -- name: DR_USERNAME - uid: *drSubCredsUID - key: login -- name: DR_PASSWORD - uid: *drSubCredsUID - key: password - -# Initial Application Configuration -applicationConfig: - enable_tls: false - enable_http: true - aaf_identity: "" - aaf_password: "" - pm-mapper-filter: "{ \"filters\":[] }" - #key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks - #key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass - trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks - trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass - dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete - streams_publishes: - dmaap_publisher: - type: message_router - dmaap_info: - client_id: "dummy_id" - location: san-francisco - client_role: org.onap.dcae.pmPublisher - topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS - streams_subscribes: - dmaap_subscriber: - type: data_router - dmaap_info: - subscriber_id: "dummy_id" - decompress: true - privileged: true - username: ${DR_USERNAME} - password: ${DR_PASSWORD} - location: san-francisco - delivery_url: http://dcae-pm-mapper:8081/delivery - -applicationEnv: - #CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' - #Temporary Dummy CBS Port Value until internal SDK library is updated - CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' - -# DataRouter Subscriber Configuration -drSubConfig: - - feedName: bulk_pm_feed - feedVersion: "0.0" - decompress: true - username: ${DR_USERNAME} - userpwd: ${DR_PASSWORD} - privilegedSubscriber: true - deliveryURL: http://dcae-pm-mapper:8081/delivery - -# ConfigMap Configuration for DR Subscriber -volumes: - - name: drsub-config - path: /opt/app/config/dr_subs - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "2" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - large: - limits: - cpu: "4" - memory: "2Gi" - requests: - cpu: "2" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: dcae-pm-mapper - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml deleted file mode 100644 index f721f0aba4..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (C) 2021 Nordix Foundation. -# Copyright (c) 2021 AT&T. All rights reserved. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -apiVersion: v2 -appVersion: "Kohn" -description: DCAE PMSH Service -name: dcae-pmsh -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: postgres - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml deleted file mode 100644 index 30d173c2d8..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,136 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- $pgHost := "primary" -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }}-{{ $pgHost }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- $pgHost := "replica" -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }}-{{ $pgHost }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml deleted file mode 100644 index b4b8e59b2e..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml deleted file mode 100644 index 60fce4a7be..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml deleted file mode 100644 index 0f1129cfb4..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml deleted file mode 100644 index fedb766524..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml deleted file mode 100644 index 0f7289cc07..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ /dev/null @@ -1,182 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (C) 2021 Nordix Foundation. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &pgUserCredsSecretUid pg-user-creds - name: &pgUserCredsSecretName '{{ include "common.release" . }}-pmsh-pg-user-creds' - type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "pmsh-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' - login: '{{ .Values.postgres.config.pgUserName }}' - password: '{{ .Values.postgres.config.pgUserPassword }}' - passwordPolicy: generate - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.services.pmsh:2.2.3 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /var/log/ONAP/dcaegen2/services/pmsh -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Probe Configuration -readiness: - initialDelaySeconds: 10 - periodSeconds: 15 - timeoutSeconds: 1 - path: /healthcheck - scheme: HTTP - port: 8080 - -# Service Configuration -service: - type: ClusterIP - name: dcae-pmsh - ports: - - name: http - port: 8080 - plain_port: 8080 - port_protocol: http - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: message-router-read - authorizedPrincipalsPostgres: - - serviceAccount: dcae-pmsh-read - -# Initial Application Configuration -applicationConfig: - enable_tls: false - aaf_identity: dummy_value - aaf_password: dummy_value - key_path: /opt/app/pmsh/etc/certs/key.pem - cert_path: /opt/app/pmsh/etc/certs/cert.pem - ca_cert_path: /opt/app/pmsh/etc/certs/cacert.pem - control_loop_name: pmsh-control-loop - operational_policy_name: pmsh-operational-policy - pmsh_policy: - subscription: - subscriptionName: ExtraPM-All-gNB-R2B - administrativeState: LOCKED - fileBasedGP: 15 - fileLocation: "/pm/pm.xml" - nfFilter: { "nfNames": [ "^pnf.*","^vnf.*" ],"modelInvariantIDs": [ ],"modelVersionIDs": [ ],"modelNames": [ ] } - measurementGroups: [ { "measurementGroup": { "measurementTypes": [ { "measurementType": "countera" },{ "measurementType": "counterb" } ],"managedObjectDNsBasic": [ { "DN": "dna" },{ "DN": "dnb" } ] } },{ "measurementGroup": { "measurementTypes": [ { "measurementType": "counterc" },{ "measurementType": "counterd" } ],"managedObjectDNsBasic": [ { "DN": "dnc" },{ "DN": "dnd" } ] } } ] - streams_publishes: - policy_pm_publisher: - type: message_router - dmaap_info: - topic_url: "http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT" - streams_subscribes: - policy_pm_subscriber: - type: message_router - dmaap_info: - topic_url: "http://message-router:3904/events/unauthenticated.PMSH_CL_INPUT" - aai_subscriber: - type: message_router - dmaap_info: - topic_url: "http://message-router:3904/events/AAI-EVENT" - -applicationEnv: - PMSH_PG_URL: &dcaePmshPgPrimary dcae-pmsh-pg-primary - PMSH_PG_USERNAME: - secretUid: *pgUserCredsSecretUid - key: login - PMSH_PG_PASSWORD: - secretUid: *pgUserCredsSecretUid - key: password - PMSH_API_PORT: '8080' - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "2" - memory: "2Gi" - unlimited: {} - -################################################################# -# Application configuration Overriding Defaults in the Postgres. -################################################################# -postgres: - nameOverride: &postgresName dcae-pmsh-postgres - service: - name: *postgresName - name2: *dcaePmshPgPrimary - name3: dcae-pmsh-pg-replica - container: - name: - primary: dcae-pmsh-pg-primary - replica: dcae-pmsh-pg-replica - persistence: - mountSubPath: pmsh/data - mountInitPath: pmsh - config: - pgUserName: pmsh - pgDatabase: pmsh - pgUserExternalSecret: *pgUserCredsSecretName - -# Dependencies -readinessCheck: - wait_for: - services: - - '{{ .Values.postgres.service.name2 }}' - - message-router - -#Pods Service Account -serviceAccount: - nameOverride: dcae-pmsh - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/Chart.yaml deleted file mode 100644 index 72d43e9481..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (c) 2021 AT&T Intellectual Property -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# Modifications Copyright © 2023 Deutsche Telekom AG. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -apiVersion: v2 -appVersion: "London" -description: DCAE RESTConf Collector -name: dcae-restconf-collector -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/authorizationpolicy.yaml deleted file mode 100644 index 5a9baa822f..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/configmap.yaml deleted file mode 100644 index a914446c99..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/deployment.yaml deleted file mode 100644 index 0ad66b62a9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml deleted file mode 100644 index df12117b3e..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright (C) 2022 Deutsche Telekom AG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/secret.yaml deleted file mode 100644 index 6b70356ca9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/service.yaml deleted file mode 100644 index cf11d2a0c5..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml deleted file mode 100644 index 8e6cc7a4a6..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ /dev/null @@ -1,178 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: false - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &controllerCredsUID controllercreds - type: basicAuth - login: '{{ .Values.controllerCreds.username }}' - password: '{{ .Values.controllerCreds.password }}' - passwordPolicy: required - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.4.1 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: null # /opt/app/restconfcollector/logs -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Dependencies -readinessCheck: - wait_for: - services: - - message-router - -# Probe Configuration -readiness: - initialDelaySeconds: 100 - periodSeconds: 60 - timeoutSeconds: 5 - path: /healthcheck - scheme: HTTP - port: 8080 - - -# service configuration -service: - type: NodePort - name: dcae-restconf-collector - ports: - - name: http - port: 8443 - plain_port: 8080 - port_protocol: http - nodePort: 16 - useNodePortExt: true - -ingress: - enabled: false - service: - - baseaddr: "dcae-restconf-collector-api" - name: "dcae-restconf-collector" - port: 8443 - plain_port: 8080 - config: - ssl: "redirect" - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: istio-ingress - namespace: istio-ingress - -# AAF Credentials -controllerCreds: - username: access - password: Huawei@123 - -credentials: -- name: CONTROLLER_USERNAME - uid: *controllerCredsUID - key: login -- name: CONTROLLER_PASSWORD - uid: *controllerCredsUID - key: password - -# application environments -applicationEnv: - LOG4J_FORMAT_MSG_NO_LOOKUPS: 'true' - -# Initial Application Configuration -applicationConfig: - collector.rcc.appDescription: DCAE RestConf Collector Application - collector.rcc.appName: dcae-rcc - collector.rcc.dmaap.streamid: notification=device-registration - collector.rcc.inputQueue.maxPending: '8096' - tomcat.maxthreads: '200' - collector.rcc.service.port: '8080' - # Disabling of secure port not working (DCAEGEN2-3336) - collector.rcc.service.secure.port: '0' - #collector.rcc.service.secure.port: '8687' - #collector.rcc.keystore.file.location: /opt/app/dcae-certificate/cert.jks - #collector.rcc.keystore.passwordfile: /opt/app/dcae-certificate/jks.pass - #collector.rcc.keystore.alias: dynamically generated - #collector.rcc.truststore.file.location: /opt/app/dcae-certificate/trust.jks - #collector.rcc.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass - #collector.keystore.file.location: /opt/app/dcae-certificate/external/cert.jks - #collector.keystore.passwordfile: /opt/app/dcae-certificate/external/jks.pass - collector.header.authflag: '0' - collector.header.authlist: sample1,c2FtcGxlMQ== - collector.rcc.service.secure.clientauth: '0' - streams_publishes: - device-registration: - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.DCAE_RCC_OUTPUT - type: message_router - rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]' - -#applicationEnv: -# CONTROLLER_IP: "172.30.0.55" -# CONTROLLER_PORT: "26335" - - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "2" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: dcae-restconf-collector - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml deleted file mode 100644 index f90bd1ef95..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml +++ /dev/null @@ -1,45 +0,0 @@ -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Wipro Limited. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# Modifications Copyright © 2023 Deutsche Telekom AG. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -apiVersion: v2 -appVersion: "London" -description: DCAE SliceAnalysis MS charts -name: dcae-slice-analysis-ms -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: postgres - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/authorizationpolicy.yaml deleted file mode 100644 index 30d173c2d8..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,136 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- $pgHost := "primary" -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }}-{{ $pgHost }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- $pgHost := "replica" -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }}-{{ $pgHost }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml deleted file mode 100644 index 26be310888..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Wipro Limited. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "dcaegen2-services-common.configMap" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml deleted file mode 100644 index 02b5df8135..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Wipro Limited. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml deleted file mode 100644 index c4596e5b21..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Wipro Limited. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml deleted file mode 100644 index ba0283dda5..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Wipro Limited. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml deleted file mode 100644 index fd70e36619..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ /dev/null @@ -1,241 +0,0 @@ -# ============= LICENSE_START ================================================ -# ============================================================================ -# Copyright (C) 2021-2022 Wipro Limited. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# Copyright (C) 2022 Huawei Canada Limited. -# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============= LICENSE_END ================================================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &pgUserCredsSecretUid pg-user-creds - name: &pgUserCredsSecretName '{{ include "common.release" . }}-sliceanalysisms-pg-user-creds' - type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "sliceanalysisms-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' - login: '{{ .Values.postgres.config.pgUserName }}' - password: '{{ .Values.postgres.config.pgUserPassword }}' - passwordPolicy: generate - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.2.1 -pullPolicy: IfNotPresent - -################################################################# -# Policy Sync Container Image. -################################################################# -# optional Policy configuration properties -# if present, policy-sync side car will be deployed -# policy sync is used for provide runtime configuration for slicems -# policy id is originally set to "onap.dcae.slicems.config" - -#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 -#pullPolicy: IfNotPresent -#policies: -# duration: -# 10 -# policyID: | -# '["onap.dcae.slicems.config"]' - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /var/log/ONAP/dcaegen2/services/sliceanalysisms -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Probe Configuration -readiness: - initialDelaySeconds: 60 - periodSeconds: 15 - timeoutSeconds: 1 - path: /healthcheck - scheme: HTTP - port: 8080 - -# Service Configuration -service: - type: ClusterIP - name: dcae-slice-analysis-ms - ports: - - name: http - port: 8080 - port_protocol: http - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: message-router-read - authorizedPrincipalsPostgres: - - serviceAccount: dcae-slice-analysis-ms-read - -credentials: -- name: PG_USERNAME - uid: *pgUserCredsSecretUid - key: login -- name: PG_PASSWORD - uid: *pgUserCredsSecretUid - key: password - -# Initial Application Configuration -applicationConfig: - postgres.host: dcae-sliceanalysisms-pg-primary - postgres.port: 5432 - postgres.username: ${PG_USERNAME} - postgres.password: ${PG_PASSWORD} - trust_store_path: /opt/app/sliceanalysisms/etc/cert/trust.jks - trust_store_pass_path: /opt/app/sliceanalysisms/etc/cert/trust.pass - sliceanalysisms.pollingInterval: 20 - sliceanalysisms.pollingTimeout: 60 - cbsPollingInterval: 60 - sliceanalysisms.namespace: onap - sliceanalysisms.dmaap.server: ["message-router"] - sliceanalysisms.bufferTime: 60 - sliceanalysisms.cg: sliceanalysisms-cg - sliceanalysisms.cid: sliceanalysisms-cid - sliceanalysisms.configDb.service: http://config-db:8080 - sliceanalysisms.configDbEnabled: true - sliceanalysisms.aai.url: http://aai-internal.onap.svc.cluster.local:80/aai/v21 - sliceanalysisms.cps.url: http://cps:8080 - sliceanalysisms.samples: 3 - sliceanalysisms.minPercentageChange: 5 - sliceanalysisms.initialDelaySeconds: 120000 - sliceanalysisms.rannfnssiDetailsTemplateId: get-rannfnssiid-details - sliceanalysisms.desUrl: http://dl-des:1681/datalake/v1/exposure/pm_data - sliceanalysisms.pmDataDurationInWeeks: 4 - sliceanalysisms.vesNotifPollingInterval: 15 - sliceanalysisms.vesNotifChangeIdentifier: PM_BW_UPDATE - sliceanalysisms.vesNotifChangeType: BandwidthChanged - sliceanalysisms.aaiNotif.targetAction: UPDATE - sliceanalysisms.aaiNotif.targetSource: UUI - sliceanalysisms.aaiNotif.targetEntity: service-instance - sliceanalysisms.ccvpnEvalInterval: 5 - sliceanalysisms.ccvpnEvalUpperThreshold: 0.8 - sliceanalysisms.ccvpnEvalLowerThreshold: 0.3 - sliceanalysisms.ccvpnEvalPrecision: 100.0 - sliceanalysisms.ccvpnEvalPeriodicCheckOn: true - sliceanalysisms.ccvpnEvalOnDemandCheckOn: true - sliceanalysisms.ccvpnEvalStrategy: FlexibleThresholdStrategy - streams_publishes: - CL_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT - streams_subscribes: - performance_management_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS - intelligent_slicing_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.ML_RESPONSE_TOPIC - dcae_cl_response_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/DCAE_CL_RSP - ves_ccvpn_notification_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT - aai_subscriber: - type: message-router - servers : ["message-router:3904"] - consumer_group: dcae_ccvpn_cl - consumer_instance: dcae_ccvpn_cl_aaievent - fetch_timeout: 15000 - fetch_limit: 100 - dmaap_info: - topic_url: http://message-router:3904/events/AAI-EVENT - -applicationEnv: - CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' - #Temporary Dummy CBS Port Value until internal SDK library is updated - CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' - STANDALONE: 'false' - -# Resource Limit Flavor -By Default Using Small -flavor: small -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - large: - limits: - cpu: "4" - memory: "4Gi" - requests: - cpu: "2" - memory: "4Gi" - unlimited: {} - -################################################################# -# Application configuration Overriding Defaults in the Postgres. -################################################################# -postgres: - nameOverride: &postgresName dcae-sliceanalysisms-postgres - service: - name: *postgresName - name2: dcae-sliceanalysisms-pg-primary - name3: dcae-sliceanalysisms-pg-replica - container: - name: - primary: dcae-sliceanalysisms-pg-primary - replica: dcae-sliceanalysisms-pg-replica - persistence: - mountSubPath: sliceanalysisms/data - mountInitPath: sliceanalysisms - config: - pgUserName: sliceanalysisms - pgDatabase: sliceanalysisms - pgUserExternalSecret: *pgUserCredsSecretName - -# Dependencies -readinessCheck: - wait_for: - services: - - '{{ .Values.postgres.service.name2 }}' - - message-router - -#Pods Service Account -serviceAccount: - nameOverride: dcae-slice-analysis-ms - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml deleted file mode 100644 index 5f2eb49546..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (c) 2021 AT&T Intellectual Property -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# Copyright (c) 2024 J. F. Lucas. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -apiVersion: v2 -appVersion: "NewDelhi" -description: DCAE SNMPTrap Collector -name: dcae-snmptrap-collector -version: 13.0.1 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/authorizationpolicy.yaml deleted file mode 100644 index 5a9baa822f..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml deleted file mode 100644 index a914446c99..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml deleted file mode 100644 index 0ad66b62a9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml deleted file mode 100644 index 6b70356ca9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml deleted file mode 100644 index cf11d2a0c5..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml deleted file mode 100644 index 599b3d21b9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml +++ /dev/null @@ -1,150 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.8 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /opt/app/snmptrap/logs -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Dependencies -readinessCheck: - wait_for: - services: - - message-router - -# Probe Configuration -readiness: - type: exec - command: - - /opt/app/snmptrap/bin/snmptrapd.sh - - status - -# service configuration -service: - type: NodePort - name: dcae-snmptrap-collector - ports: - - name: udp - port: 6162 - l4_protocol: UDP # default to TCP if not set - port_protocol: udp #used in svn name - nodePort: 70 - useNodePortExt: true - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: [] - -# Initial Application Configuration -applicationConfig: - StormWatchPolicy: '' - cache: - dns_cache_ttl_seconds: 60 - services_calls: {} - snmptrapd: - version: '2.0.8' - title: ONAP SNMP Trap Receiver - sw_interval_in_seconds: 60 - streams_publishes: - sec_fault_unsecure: - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.ONAP-COLLECTOR-SNMPTRAP - type: message_router - aaf_password: "" - aaf_username: "" - files: - runtime_base_dir: "/opt/app/snmptrap" - log_dir: logs - data_dir: data - pid_dir: tmp - arriving_traps_log: snmptrapd_arriving_traps.log - snmptrapd_diag: snmptrapd_prog_diag.log - traps_stats_log: snmptrapd_stats.csv - perm_status_file: snmptrapd_status.log - eelf_base_dir: "/opt/app/snmptrap/logs" - eelf_error: error.log - eelf_debug: debug.log - eelf_audit: audit.log - eelf_metrics: metrics.log - roll_frequency: hour - minimum_severity_to_log: 3 - protocols: - transport: udp - ipv4_interface: 0.0.0.0 - ipv4_port: 6162 - ipv6_interface: "::1" - ipv6_port: 6162 - publisher: - http_milliseconds_timeout: 1500 - http_retries: 3 - http_milliseconds_between_retries: 750 - http_primary_publisher: 'true' - http_peer_publisher: unavailable - max_traps_between_publishes: 10 - max_milliseconds_between_publishes: 10000 - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "2" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: dcae-snmptrap-collector - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/Chart.yaml deleted file mode 100644 index b4bde7f0fe..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/Chart.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# ============= LICENSE_START ================================================ -# ============================================================================ -# Copyright (C) 2021 Wipro Limited. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# Modifications Copyright © 2023 Deutsche Telekom AG. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============= LICENSE_END ================================================== - -apiVersion: v2 -appVersion: "London" -description: DCAE Son-handler helm chart -name: dcae-son-handler -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: postgres - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/authorizationpolicy.yaml deleted file mode 100644 index 30d173c2d8..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,136 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- $pgHost := "primary" -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }}-{{ $pgHost }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- $pgHost := "replica" -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }}-{{ $pgHost }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/configmap.yaml deleted file mode 100644 index 48a203963e..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -# ============= LICENSE_START ================================================ -# ============================================================================ -# Copyright (C) 2021 Wipro Limited. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============= LICENSE_END ================================================== -*/}} - -{{ include "dcaegen2-services-common.configMap" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/deployment.yaml deleted file mode 100644 index c8cd4d40e5..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/deployment.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -# ============= LICENSE_START ================================================ -# ============================================================================ -# Copyright (C) 2021 Wipro Limited. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============= LICENSE_END ================================================== -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/secret.yaml deleted file mode 100644 index 26b7b5dbdd..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/secret.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -# ============= LICENSE_START ================================================ -# ============================================================================ -# Copyright (C) 2021 Wipro Limited. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============= LICENSE_END ================================================== -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/service.yaml deleted file mode 100644 index 41133e5abc..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -# ============= LICENSE_START ================================================ -# ============================================================================ -# Copyright (C) 2021 Wipro Limited. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============= LICENSE_END ================================================== -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml deleted file mode 100644 index 5e16967203..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ /dev/null @@ -1,250 +0,0 @@ -# ============= LICENSE_START ================================================ -# ============================================================================ -# Copyright (C) 2021-2022 Wipro Limited. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============= LICENSE_END ================================================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &cpsCredsUID cpscreds - type: basicAuth - login: '{{ .Values.cpsCreds.identity }}' - password: '{{ .Values.cpsCreds.password }}' - passwordPolicy: required - - uid: &pgUserCredsSecretUid pg-user-creds - name: &pgUserCredsSecretName '{{ include "common.release" . }}-sonhms-pg-user-creds' - type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "sonhms-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' - login: '{{ .Values.postgres.config.pgUserName }}' - password: '{{ .Values.postgres.config.pgUserPassword }}' - passwordPolicy: generate - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.services.son-handler:2.2.1 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /var/log/ONAP/dcaegen2/services/sonhms -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Optional Policy configuration properties -# if present, policy-sync side car will be deployed -#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 -#policies: -# policyID: | -# '["com.Config_PCIMS_CONFIG_POLICY"]' - -# Probe Configuration -readiness: - initialDelaySeconds: 10 - periodSeconds: 15 - timeoutSeconds: 1 - path: /healthcheck - scheme: HTTP - port: 8080 - -# Service Configuration -service: - type: ClusterIP - name: dcae-son-handler - ports: - - name: http - port: 8080 - port_protocol: http - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: message-router-read - authorizedPrincipalsPostgres: - - serviceAccount: dcae-son-handler-read - -# Credentials -cpsCreds: - identity: cps - password: cpsr0cks! - -credentials: -- name: CPS_IDENTITY - uid: *cpsCredsUID - key: login -- name: CPS_PASSWORD - uid: *cpsCredsUID - key: password -- name: PG_USERNAME - uid: *pgUserCredsSecretUid - key: login -- name: PG_PASSWORD - uid: *pgUserCredsSecretUid - key: password - - -# Initial Application Configuration -applicationConfig: - postgres.host: &dcaeSonhmsPgPrimary dcae-sonhms-pg-primary - postgres.port: 5432 - postgres.username: ${PG_USERNAME} - postgres.password: ${PG_PASSWORD} - cps.username: ${CPS_IDENTITY} - cps.password: ${CPS_PASSWORD} - sonhandler.pollingInterval: 20 - sonhandler.pollingTimeout: 60 - cbsPollingInterval: 60 - sonhandler.numSolutions: 5 - sonhandler.minCollision: 5 - sonhandler.minConfusion: 5 - sonhandler.maximumClusters: 5 - sonhandler.badThreshold: 50 - sonhandler.poorThreshold: 70 - sonhandler.namespace: onap - sonhandler.sourceId: SONHMS - sonhandler.dmaap.server: ["message-router"] - sonhandler.bufferTime: 60 - sonhandler.cg: sonhms-cg - sonhandler.cid: sonhms-cid - sonhandler.clientType: cps - sonhandler.nearRtricUrl: "https://a1-policy-management:30294/a1-policy/v2/policies" - cps.service.url: http://cps-tbdmt:8080 - cps.get.celldata: execute/cps-ran-schemaset/get-cell-data - cps.get.nbr.list.url: execute/cps-ran-schemaset/get-nbr-list - cps.get.pci.url: execute/ran-network-schemaset/get-pci - cps.get.pnf.url: execute/ran-network-schemaset/get-pnf - sonhandler.configDb.service: http://configdb:8080 - sonhandler.oof.service: https://oof-osdf:8698 - sonhandler.oof.endpoint: /api/oof/v1/pci - sonhandler.pciOptimizer: pci - sonhandler.pciAnrOptimizer: pci_anr - sonhandler.poorCountThreshold: 3 - sonhandler.badCountThreshold: 3 - sonhandler.oofTriggerCountTimer: 30 - sonhandler.oofTriggerCountThreshold: 5 - sonhandler.policyRespTimer: 10 - sonhandler.policyNegativeAckThreshold: 3 - sonhandler.policyFixedPciTimeInterval: 30000 - sonhandler.nfNamingCode: RansimAgent - streams_publishes: - CL_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT - streams_subscribes: - performance_management_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT - fault_management_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.SEC_FAULT_OUTPUT - nbr_list_change_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/PCI-NOTIF-TOPIC-NGHBR-LIST-CHANGE-INFO - dcae_cl_response_topic: - type: message-router - dmaap_info: - topic_url: http://message-router:3904/events/DCAE_CL_RSP - service_calls: - sdnr-getpnfname: [] - sdnr-getpci: [] - sdnr-getnbrlist: [] - sdnr-getcelllist: [] - oof-req: [] - policy-req: [] - -applicationEnv: - CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' - #Temporary Dummy CBS Port Value until internal SDK library is updated - CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' - STANDALONE: 'false' - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "2" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - large: - limits: - cpu: "4" - memory: "2Gi" - requests: - cpu: "2" - memory: "2Gi" - unlimited: {} - -################################################################# -# Application configuration Overriding Defaults in the Postgres. -################################################################# -postgres: - nameOverride: &postgresName dcae-sonhms-postgres - service: - name: *postgresName - name2: *dcaeSonhmsPgPrimary - name3: dcae-sonhms-pg-replica - container: - name: - primary: dcae-sonhms-pg-primary - replica: dcae-sonhms-pg-replica - persistence: - mountSubPath: sonhms/data - mountInitPath: sonhms - config: - pgUserName: sonhms - pgDatabase: sonhms - pgUserExternalSecret: *pgUserCredsSecretName - -# Dependencies -readinessCheck: - wait_for: - services: - - '{{ .Values.postgres.service.name2 }}' - - message-router - -#Pods Service Account -serviceAccount: - nameOverride: dcae-son-handler - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml deleted file mode 100644 index 7b30414fa3..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml +++ /dev/null @@ -1,45 +0,0 @@ -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 J. F. Lucas. All rights reserved. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# Modifications Copyright © 2023 Deutsche Telekom AG. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -apiVersion: v2 -appVersion: "NewDelhi" -description: DCAE TCA (Gen 2) -name: dcae-tcagen2 -version: 13.1.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' - - name: mongodb - version: 14.12.3 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/authorizationpolicy.yaml deleted file mode 100644 index 5a9baa822f..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml deleted file mode 100644 index a7d0acd017..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 J. F. Lucas. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "dcaegen2-services-common.configMap" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml deleted file mode 100644 index be56017250..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 J. F. Lucas. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} -{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml deleted file mode 100644 index 34932b713d..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml deleted file mode 100644 index c3b0715cd6..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 J. F. Lucas. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml deleted file mode 100644 index 393d7936a0..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ /dev/null @@ -1,199 +0,0 @@ -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. -# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - # Docker Repository used by RepositoryGenerator - dockerHubRepository: docker.io - # Additions for MongoDB**************************** - # If dockerHubRepository is changes the following entry needs - # to be changed as well - imageRegistry: docker.io - imagePullSecrets: - - '{{ include "common.names.namespace" . }}-docker-registry-key' - # ************************************************* - -################################################################# -# Filebeat configuration defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.4.0 -pullPolicy: Always - -# log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /opt/logs/dcae-analytics-tca -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -secrets: - - uid: &aaiCredsUID aaicreds - type: basicAuth - login: '{{ .Values.aaiCreds.user }}' - password: '{{ .Values.aaiCreds.password }}' - passwordPolicy: required - -# dependencies -readinessCheck: - wait_for: - services: - - message-router - -# probe configuration -readiness: - initialDelaySeconds: 10 - periodSeconds: 30 - path: /actuator/health - scheme: HTTP - port: 9091 - -# service configuration -service: - type: ClusterIP - name: dcae-tcagen2 - ports: - - port: 9091 - name: http - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: message-router-read - -# mongoDB overrides -mongodb: - nameOverride: dcae-mongo - #config: - # dbName: dcaecommondb - auth: - enabled: false - databases: - - "dcaecommondb" - usernames: - - "dcae" - service: - nameOverride: dcae-mongohost - internalPort: 27017 - resources: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "500m" - memory: "1Gi" - -# Policy configuraiton properties -# if enabled, policy-sync side car will be deployed -#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 -#policies: -# duration: 300 -# policyRelease: "onap" -# policyID: | -# '["onap.vfirewall.tca","onap.vdns.tca"]' - - -aaiCreds: - user: DCAE - password: DCAE - -credentials: -- name: AAI_USERNAME - uid: *aaiCredsUID - key: login -- name: AAI_PASSWORD - uid: *aaiCredsUID - key: password - -# initial application configuration -applicationConfig: - service_calls: [] - streams_publishes: - tca_handle_out: - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT - type: message_router - streams_subscribes: - tca_handle_in: - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT - type: message_router - spring.data.mongodb.uri: mongodb://dcae-mongohost/dcae-tcagen2 - streams_subscribes.tca_handle_in.consumer_group: cg1 - streams_subscribes.tca_handle_in.consumer_ids[0]: c0 - streams_subscribes.tca_handle_in.consumer_ids[1]: c1 - streams_subscribes.tca_handle_in.message_limit: 50000 - streams_subscribes.tca_handle_in.polling.auto_adjusting.max: 60000 - streams_subscribes.tca_handle_in.polling.auto_adjusting.min: 30000 - streams_subscribes.tca_handle_in.polling.auto_adjusting.step_down: 30000 - streams_subscribes.tca_handle_in.polling.auto_adjusting.step_up: 10000 - streams_subscribes.tca_handle_in.polling.fixed_rate: 0 - streams_subscribes.tca_handle_in.timeout: -1 - tca.aai.enable_enrichment: true - tca.aai.generic_vnf_path: aai/v11/network/generic-vnfs/generic-vnf - tca.aai.node_query_path: aai/v11/search/nodes-query - tca.aai.password: ${AAI_PASSWORD} - tca.aai.url: http://aai-internal:80 - tca.aai.username: ${AAI_USERNAME} - tca.policy: "[{\"domain\":\"measurementsForVfScaling\",\"violatedMetricsPerEventName\":[{\"eventName\":\"Mfvs_eNodeB_RANKPI\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"resource=vFirewall;type=configuration\",\"policyName\":\"configuration.dcae.microservice.tca.xml\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":4000,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\"},{\"closedLoopControlName\":\"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":20000,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\"}]},{\"eventName\":\"vLoadBalancer\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"resource=vLoadBalancer;type=configuration\",\"policyName\":\"configuration.dcae.microservice.tca.xml\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":500,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\"},{\"closedLoopControlName\":\"CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":5000,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\"}]}]},{\"domain\":\"measurement\",\"metricsPerEventName\":[{\"eventName\":\"vFirewallBroadcastPackets\",\"controlLoopSchemaType\":\"VM\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":300,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\",\"closedLoopEventStatus\":\"ABATED\"},{\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":700,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]},{\"eventName\":\"vLoadBalancer\",\"controlLoopSchemaType\":\"VM\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":300,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]},{\"eventName\":\"Measurement_vGMUX\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.additionalMeasurements[*].arrayOfFields[0].value\",\"thresholdValue\":0,\"direction\":\"EQUAL\",\"severity\":\"MAJOR\",\"closedLoopEventStatus\":\"ABATED\"},{\"closedLoopControlName\":\"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.additionalMeasurements[*].arrayOfFields[0].value\",\"thresholdValue\":0,\"direction\":\"GREATER\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]}]}]" - tca.processing_batch_size: 10000 - tca.enable_abatement: true - tca.enable_ecomp_logging: true - -applicationEnv: - #Temporary Dummy CBS Port Value until internal SDK library is updated - CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: dcae-tcagen2 - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/Chart.yaml deleted file mode 100644 index 4d1eb4a595..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (c) 2021 AT&T Intellectual Property -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# Modifications Copyright © 2023 Deutsche Telekom AG. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -apiVersion: v2 -appVersion: "London" -description: DCAE VES-Mapper Microservice -name: dcae-ves-mapper -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/authorizationpolicy.yaml deleted file mode 100644 index 5a9baa822f..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/configmap.yaml deleted file mode 100644 index a914446c99..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/deployment.yaml deleted file mode 100644 index 0ad66b62a9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/secret.yaml deleted file mode 100644 index 6b70356ca9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/service.yaml deleted file mode 100644 index cf11d2a0c5..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml deleted file mode 100644 index b886ae40d3..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml +++ /dev/null @@ -1,199 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.5.0 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /opt/app/VESAdapter/logs -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Dependencies -readinessCheck: - wait_for: - services: - - message-router - -# Service Configuration -service: - type: ClusterIP - name: dcae-ves-mapper - ports: - - name: http - port: 80 - port_protocol: http - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: message-router-read - -# application environments -applicationEnv: - LOG4J_FORMAT_MSG_NO_LOOKUPS: 'true' - CONFIG_BINDING_SERVICE_SERVICE_PORT: '10000' # Workaround until DCAEGEN2-3098 is addressed - CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' - - -# Initial Application Configuration -applicationConfig: - app_preferences: - collectors: - - identifier: notification-id - mapping-files: - - defaultMappingFile-rcc-notification: "<?xml version='1.0' encoding='UTF-8'?><smooks-resource-list - xmlns='http://www.milyn.org/xsd/smooks-1.1.xsd' xmlns:jb='http://www.milyn.org/xsd/smooks/javabean-1.4.xsd' - xmlns:json='http://www.milyn.org/xsd/smooks/json-1.1.xsd'><json:reader rootName='vesevent' - keyWhitspaceReplacement='-'><json:keyMap><json:key from='date&time' to='date-and-time' - /></json:keyMap></json:reader><jb:bean class='org.onap.dcaegen2.ves.domain.ves70.VesEvent' - beanId='vesEvent' createOnElement='vesevent'><jb:wiring property='event' beanIdRef='event' - /></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves70.Event' beanId='event' - createOnElement='vesevent'><jb:wiring property='commonEventHeader' beanIdRef='commonEventHeader' - /><jb:wiring property='pnfRegistrationFields' beanIdRef='pnfRegistrationFields' - /></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves70.CommonEventHeader' - beanId='commonEventHeader' createOnElement='vesevent'><jb:expression property='version'>org.onap.dcaegen2.ves.domain.ves70.CommonEventHeader.Version._4_0_1</jb:expression><jb:expression - property='eventType'>'pnfRegistration'</jb:expression><jb:expression property='vesEventListenerVersion'>org.onap.dcaegen2.ves.domain.ves70.CommonEventHeader.VesEventListenerVersion._7_0_1</jb:expression><jb:expression - property='eventId' execOnElement='vesevent'>'registration_'+commonEventHeader.ts1</jb:expression><jb:expression - property='reportingEntityName'>'VESMapper'</jb:expression><jb:expression property='domain'>org.onap.dcaegen2.ves.domain.ves70.CommonEventHeader.Domain.PNF_REGISTRATION</jb:expression><jb:expression - property='eventName' execOnElement='vesevent'>commonEventHeader.domain</jb:expression><jb:value - property='sequence' data='0' default='0' decoder='Long' /><jb:expression property='lastEpochMicrosec' - execOnElement='vesevent'>commonEventHeader.ts1</jb:expression><jb:expression - property='startEpochMicrosec' execOnElement='vesevent'>commonEventHeader.ts1</jb:expression><jb:expression - property='priority'>org.onap.dcaegen2.ves.domain.ves70.CommonEventHeader.Priority.NORMAL</jb:expression><jb:expression - property='sourceName' execOnElement='vesevent'>pnfRegistrationFields.vendorName+'-'+pnfRegistrationFields.serialNumber</jb:expression></jb:bean><jb:bean - class='org.onap.dcaegen2.ves.domain.ves70.PnfRegistrationFields' beanId='pnfRegistrationFields' - createOnElement='vesevent'><jb:expression property='pnfRegistrationFieldsVersion'>org.onap.dcaegen2.ves.domain.ves70.PnfRegistrationFields.PnfRegistrationFieldsVersion._2_0</jb:expression><jb:value - property='serialNumber' data='pnfRegistration/serialNumber' /><jb:value property='lastServiceDate' - data='pnfRegistration/lastServiceDate' /><jb:value property='manufactureDate' - data='pnfRegistration/manufactureDate' /><jb:value property='modelNumber' - data='pnfRegistration/modelNumber' /><jb:value property='oamV4IpAddress' data='pnfRegistration/oamV4IpAddress' - /><jb:value property='oamV6IpAddress' data='pnfRegistration/oamV6IpAddress' - /><jb:value property='softwareVersion' data='pnfRegistration/softwareVersion' - /><jb:value property='unitFamily' data='pnfRegistration/unitFamily' /><jb:value - property='unitType' data='pnfRegistration/unitType' /><jb:value property='vendorName' - data='pnfRegistration/vendorName' /><jb:wiring property='additionalFields' - beanIdRef='alarmAdditionalInformation' /></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves70.AlarmAdditionalInformation' - beanId='alarmAdditionalInformation' createOnElement='vesevent'><jb:wiring - property='additionalProperties' beanIdRef='additionalFields2' /></jb:bean><jb:bean - beanId='additionalFields2' class='java.util.HashMap' createOnElement='vesevent/pnfRegistration/additionalFields'><jb:value - data='pnfRegistration/additionalFields/*'/></jb:bean></smooks-resource-list>" - stream_publisher: ves-pnfRegistration - stream_subscriber: rcc-notification - - identifier: notify OID - mapping-files: - - defaultMappingFile-snmp-notification: "<?xml version='1.0' encoding='UTF-8'?><smooks-resource-list - xmlns='http://www.milyn.org/xsd/smooks-1.1.xsd' xmlns:jb='http://www.milyn.org/xsd/smooks/javabean-1.4.xsd' - xmlns:json='http://www.milyn.org/xsd/smooks/json-1.1.xsd'><json:reader rootName='vesevent' - keyWhitspaceReplacement='-'><json:keyMap><json:key from='date&time' to='date-and-time' - /></json:keyMap></json:reader><jb:bean class='org.onap.dcaegen2.ves.domain.ves54.VesEvent' - beanId='vesEvent' createOnElement='vesevent'><jb:wiring property='event' beanIdRef='event' - /></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves54.Event' beanId='event' - createOnElement='vesevent'><jb:wiring property='commonEventHeader' beanIdRef='commonEventHeader' - /><jb:wiring property='faultFields' beanIdRef='faultFields' /></jb:bean><jb:bean - class='org.onap.dcaegen2.ves.domain.ves54.CommonEventHeader' beanId='commonEventHeader' - createOnElement='vesevent'><jb:expression property='version'>'3.0'</jb:expression><jb:expression - property='eventType'>'FaultField'</jb:expression><jb:expression property='eventId' - execOnElement='vesevent'>'XXXX'</jb:expression><jb:expression property='reportingEntityName'>'VESMapper'</jb:expression><jb:expression - property='domain'>org.onap.dcaegen2.ves.domain.ves54.CommonEventHeader.Domain.FAULT</jb:expression><jb:expression - property='eventName' execOnElement='vesevent'>commonEventHeader.domain</jb:expression><jb:value - property='sequence' data='0' default='0' decoder='Long' /><jb:value property='lastEpochMicrosec' - data='#/time-received' /><jb:value property='startEpochMicrosec' data='#/time-received' - /><jb:expression property='priority'>org.onap.dcaegen2.ves.domain.ves54.CommonEventHeader.Priority.NORMAL</jb:expression><jb:expression - property='sourceName'>'VesAdapter'</jb:expression></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves54.FaultFields' - beanId='faultFields' createOnElement='vesevent'><jb:value property='faultFieldsVersion' - data='2.0' default='2.0' decoder='Double' /><jb:value property='alarmCondition' - data='#/trap-category' /><jb:expression property='specificProblem'>'SNMP Fault'</jb:expression><jb:expression - property='vfStatus'>org.onap.dcaegen2.ves.domain.ves54.FaultFields.VfStatus.ACTIVE</jb:expression><jb:expression - property='eventSeverity'>org.onap.dcaegen2.ves.domain.ves54.FaultFields.EventSeverity.MINOR</jb:expression><jb:wiring - property='alarmAdditionalInformation' beanIdRef='alarmAdditionalInformationroot' - /></jb:bean><jb:bean class='java.util.ArrayList' beanId='alarmAdditionalInformationroot' - createOnElement='vesevent'><jb:wiring beanIdRef='alarmAdditionalInformation' - /></jb:bean><jb:bean class='org.onap.dcaegen2.ves.domain.ves54.AlarmAdditionalInformation' - beanId='alarmAdditionalInformation' createOnElement='varbinds/element'><jb:value - property='name' data='#/varbind_oid' /><jb:value property='value' data='#/varbind_value' - /></jb:bean></smooks-resource-list>" - stream_publisher: ves-fault - stream_subscriber: snmp-notification - streams_publishes: - ves-fault: - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.SEC_FAULT_OUTPUT - type: message_router - ves-pnfRegistration: - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.VES_PNFREG_OUTPUT - type: message_router - streams_subscribes: - rcc-notification: - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.DCAE_RCC_OUTPUT - type: message_router - snmp-notification: - dmaap_info: - topic_url: http://message-router:3904/events/unauthenticated.ONAP-COLLECTOR-SNMPTRAP - type: message_router - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "2" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: dcae-ves-mapper - roles: - - read diff --git a/kubernetes/dcaegen2-services/resources/expected-components.json b/kubernetes/dcaegen2-services/resources/expected-components.json index 7c4c3fba4c..c91552ed43 100644 --- a/kubernetes/dcaegen2-services/resources/expected-components.json +++ b/kubernetes/dcaegen2-services/resources/expected-components.json @@ -40,7 +40,7 @@ */}} {{- $ctx := . -}} -{{- $components := list "dcae-hv-ves-collector" "dcae-prh" "dcae-tcagen2" "dcae-ves-collector" "dcae-ves-openapi-manager" -}} +{{- $components := list "dcae-hv-ves-collector" "dcae-prh" "dcae-ves-collector" "dcae-ves-openapi-manager" -}} {{- $enabled := dict "enabled" list -}} {{- range $components -}} {{- if index $ctx.Values . "enabled" -}} diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml index ba3607f047..6efbf36c66 100644 --- a/kubernetes/dcaegen2-services/values.yaml +++ b/kubernetes/dcaegen2-services/values.yaml @@ -28,9 +28,6 @@ filebeatConfig: # Control deployment of DCAE microservices at ONAP installation time dcae-ves-openapi-manager: enabled: true -dcae-datafile-collector: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-datalake-admin-ui: enabled: false logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' @@ -40,45 +37,15 @@ dcae-datalake-des: dcae-datalake-feeder: enabled: false logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' -dcae-heartbeat: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-hv-ves-collector: enabled: true logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' -dcae-kpi-ms: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-ms-healthcheck: enabled: true logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' -dcae-pm-mapper: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' -dcae-pmsh: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-prh: enabled: true logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' -dcae-restconf-collector: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' -dcae-slice-analysis-ms: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' -dcae-snmptrap-collector: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' -dcae-son-handler: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' -dcae-tcagen2: - enabled: true - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-ves-collector: enabled: true logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' -dcae-ves-mapper: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' diff --git a/kubernetes/dmaap/Chart.yaml b/kubernetes/dmaap/Chart.yaml deleted file mode 100644 index 31c57e31d0..0000000000 --- a/kubernetes/dmaap/Chart.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs,Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021-2022 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP DMaaP components -name: dmaap -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: message-router - version: ~13.x-0 - repository: 'file://components/message-router' - condition: message-router.enabled - - name: dmaap-dr-node - version: ~13.x-0 - repository: 'file://components/dmaap-dr-node' - condition: dmaap-dr-node.enabled - - name: dmaap-dr-prov - version: ~13.x-0 - repository: 'file://components/dmaap-dr-prov' - condition: dmaap-dr-prov.enabled - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dmaap/Makefile b/kubernetes/dmaap/Makefile deleted file mode 100644 index 5bedb4a7b9..0000000000 --- a/kubernetes/dmaap/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) - @rm -f */Chart.lock -%: - @: diff --git a/kubernetes/dmaap/README.md b/kubernetes/dmaap/README.md deleted file mode 100644 index 33362926b0..0000000000 --- a/kubernetes/dmaap/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs,Bell Canada -# Copyright (c) 2023 J. F.Lucas. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Helm Chart for ONAP DMaaP Applications - -ONAP DMaaP includes the following Kubernetes services: - -1) message-router - a message bus for applications -2) dmaap-data-router - an API to provision data feeds for consumers diff --git a/kubernetes/dmaap/components/Makefile b/kubernetes/dmaap/components/Makefile deleted file mode 100644 index 89fff87d25..0000000000 --- a/kubernetes/dmaap/components/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) - @rm -f */Chart.lock -%: - @: diff --git a/kubernetes/dmaap/components/dmaap-dr-node/.helmignore b/kubernetes/dmaap/components/dmaap-dr-node/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml deleted file mode 100644 index 7d773830cd..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml +++ /dev/null @@ -1,223 +0,0 @@ -<!-- - ============LICENSE_START======================================================= - Copyright (C) 2019 Nordix Foundation. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - SPDX-License-Identifier: Apache-2.0 - ============LICENSE_END========================================================= ---> -<configuration scan="true" scanPeriod="3 seconds" debug="false"> - - <property name="logDir" value="/var/log/onap/datarouter" /> - <!-- log file names --> - <property name="auditLog" value="audit" /> - <property name="errorLog" value="error" /> - <property name="debugLog" value="debug" /> - <property name="metricsLog" value="metrics" /> - <property name="jettyLog" value="jetty" /> - - <!-- log file names --> - <property name="defaultPattern" value="%d{MM/dd-HH:mm:ss.SSS}|%logger|%X{RequestId}|%X{InvocationId}|%X{ServiceInstanceId}|%thread|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{Timer}%n|%msg%n" /> - <property name="logDirectory" value="${logDir}" /> - - <!-- Example evaluator filter applied against console appender --> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - - <!-- The EELFAppender is used to record events to the general application - log --> - - - <appender name="Audit" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${auditLog}.log</file> - <filter class="org.onap.dmaap.datarouter.node.eelf.AuditFilter"> - </filter> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLog}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>50MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="Audit" /> - </appender> - - <!-- ============================================================================ --> - - <appender name="Metrics" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${metricsLog}.log</file> - <filter class="org.onap.dmaap.datarouter.node.eelf.MetricsFilter"> - </filter> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLog}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>50MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="Metrics" /> - </appender> - - <!-- ============================================================================ --> - - - <appender name="Debug" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${debugLog}.log</file> - <filter class="org.onap.dmaap.datarouter.node.eelf.DebugFilter"> - </filter> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLog}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>50MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="Debug" /> - </appender> - - <!-- ============================================================================ --> - - <appender name="Error" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${errorLog}.log</file> - <filter class="org.onap.dmaap.datarouter.node.eelf.ErrorFilter"> - </filter> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLog}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>50MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="Error"/> - </appender> - - <!-- ============================================================================ --> - <appender name="Jetty" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${jettyLog}.log</file> - <filter class="org.onap.dmaap.datarouter.node.eelf.JettyFilter" /> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${jettyLog}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>50MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncJettyLog" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="Jetty" /> - <includeCallerData>true</includeCallerData> - </appender> - - <!-- ============================================================================ --> - - - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger name="com.att.eelf" level="info" additivity="false"> - <appender-ref ref="asyncAudit" /> - </logger> - - <logger name="com.att.eelf" additivity="false"> - <appender-ref ref="asyncMetrics" /> - </logger> - - <logger name="com.att.eelf" additivity="false"> - <appender-ref ref="asyncDebug" /> - </logger> - - <logger name="com.att.eelf.error" additivity="false"> - <appender-ref ref="asyncError" /> - </logger> - - <logger name="log4j.logger.org.eclipse.jetty" additivity="false"> - <appender-ref ref="asyncJettyLog"/> - </logger> - - - <root level="{{.Values.logLevel}}"> - <appender-ref ref="asyncAudit" /> - <appender-ref ref="asyncMetrics" /> - <appender-ref ref="asyncDebug" /> - <appender-ref ref="asyncError" /> - <appender-ref ref="asyncJettyLog" /> - <appender-ref ref="STDOUT" /> - </root> - -</configuration>
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties deleted file mode 100644 index 21d7c20abd..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ /dev/null @@ -1,109 +0,0 @@ -{{/* -#------------------------------------------------------------------------------- -# ============LICENSE_START================================================== -# * org.onap.dmaap -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- -# -# Configuration parameters fixed at startup for the DataRouter node -# -# URL to retrieve dynamic configuration -# -#ProvisioningURL: ${DRTR_PROV_INTURL} -*/}} -ProvisioningURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/prov - -# -# URL to upload PUB/DEL/EXP logs -# -#LogUploadURL: ${DRTR_LOG_URL} -LogUploadURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/logs - -# -# The port number for http as seen within the server -# -#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080} -IntHttpPort={{ .Values.containerPort }} -# -# The port number for https as seen within the server -# -IntHttpsPort={{ .Values.containerPort }} -# -# The external port number for https taking port mapping into account -# -ExtHttpsPort=443 -# -# The minimum interval between fetches of the dynamic configuration -# from the provisioning server -# -MinProvFetchInterval=10000 -# -# The minimum interval between saves of the redirection data file -# -MinRedirSaveInterval=10000 -# -# The path to the directory where log files are stored -# -LogDir={{ .Values.persistence.event.path }} -# -# The retention interval (in days) for log files -# -LogRetention=30 -# -# The path to the directories where data and meta data files are stored -# -SpoolDir={{ .Values.persistence.spool.path }} -# -# The path to the redirection data file -# -RedirectionFile = etc/redirections.dat -# -# The type of keystore for https -KeyStoreType = PKCS12 -# -# The type of truststore for https -TrustStoreType = jks -# -# The path to the file used to trigger an orderly shutdown -QuiesceFile = etc/SHUTDOWN -# -# The key used to generate passwords for node to node transfers -NodeAuthKey = Node123! -# -# DR_NODE DEFAULT ENABLED TLS PROTOCOLS -NodeHttpsProtocols = TLSv1.1|TLSv1.2 -# -# AAF CADI enabled flag -CadiEnabled = false -# -# AAF type to generate permission string -AAFType = org.onap.dmaap-dr.feed -# -# AAF default instance to generate permission string - default should be legacy -AAFInstance = legacy -# -# AAF action to generate permission string - default should be publish -AAFAction = publish -# -# AAF Props file path -AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props -# -# https security required for publish request -TlsEnabled = false
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml deleted file mode 100644 index ce64cabc92..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-node-props - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/node.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml deleted file mode 100644 index f288af9b29..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* - # ============LICENSE_START=================================================== - # Copyright (C) 2022 Nordix Foundation, Orange. - # ============================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END===================================================== -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml deleted file mode 100644 index 59b7b8c30e..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* - # ============LICENSE_START=================================================== - # Copyright (C) 2020 Nordix Foundation, Orange. - # ============================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END===================================================== -*/}} - -{{ include "common.replicaPV" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml deleted file mode 100644 index 8ada88319d..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* - # ============LICENSE_START=================================================== - # Copyright (C) 2020 Nordix Foundation, Orange. - # ============================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END===================================================== -*/}} - -{{ include "common.replicaPV" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml deleted file mode 100644 index 2795a2b5e5..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ /dev/null @@ -1,96 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - serviceName: {{ include "common.servicename" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - {{ include "common.podSecurityContext" . | indent 6 | trim}} - initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 8 }} - - name: {{ include "common.name" . }}-permission-fixer - securityContext: - runAsUser: 0 - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["chown","-Rf","1000:1001", "/opt/app/"] - volumeMounts: - - name: {{ include "common.fullname" . }}-spool - mountPath: {{ .Values.persistence.spool.path }} - - name: {{ include "common.fullname" . }}-event-logs - mountPath: {{ .Values.persistence.event.path }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 12 }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{.Values.liveness.port}} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{.Values.readiness.port}} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: {{ .Values.persistence.spool.path }} - name: {{ include "common.fullname" . }}-spool - - mountPath: {{ .Values.persistence.event.path }} - name: {{ include "common.fullname" . }}-event-logs - - mountPath: /opt/app/datartr/etc/node.properties - name: {{ include "common.fullname" . }}-config - subPath: node.properties - - mountPath: /opt/app/datartr/etc/logback.xml - name: {{ include "common.fullname" . }}-log-conf - subPath: logback.xml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 10 }} - {{- end }} - {{- include "common.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-node-props - items: - - key: node.properties - path: node.properties - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - {{- if not .Values.persistence.enabled }} - - name: {{ include "common.fullname" . }}-event-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-spool - emptyDir: {} - {{- end }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) | indent 4 | trim }} - - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) | indent 4 | trim }} -{{- end }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml deleted file mode 100644 index e3f0595b1f..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - dmaapDrProvName: dmaap-dr-prov - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/dmaap/datarouter-node:2.1.15 -pullPolicy: Always - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# application configuration - see parent values chart -# dr uses the EELF Logging framework https://github.com/att/EELF -# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF -logLevel: "DEBUG" - -containerPort: &svc_port 8080 - -service: - type: ClusterIP - name: dmaap-dr-node - ports: - - name: http - port: *svc_port - -ingress: - enabled: false - service: - - baseaddr: "dmaap-dr-node-api" - name: "dmaap-dr-node" - port: *svc_port - config: - ssl: "redirect" - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: *svc_port - -readiness: - initialDelaySeconds: 30 - periodSeconds: 10 - port: *svc_port - -## Persist data to a persistent volume -persistence: - enabled: true - mountPath: /dockerdata-nfs - spool: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - mountSubPath: data-router/dr-node/spool-data - size: 2Gi - path: /opt/app/datartr/spool - labels: - app.kubernetes.io/component: spool - - event: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - mountSubPath: data-router/dr-node/event-logs - path: /opt/app/datartr/logs - size: 2Gi - labels: - app.kubernetes.io/component: event-logs - -# Resource Limit flavor -By Default using small -flavor: small - -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: dmaap-dr-node - roles: - - read - -securityContext: - user_id: 1000 - group_id: 1000 - -readinessCheck: - wait_for: - services: - - dmaap-dr-prov diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/.helmignore b/kubernetes/dmaap/components/dmaap-dr-prov/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml deleted file mode 100644 index fb3ff1236d..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP DMaaP Data Router Provisioning Server -name: dmaap-dr-prov -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: mariadb-galera - version: ~13.x-0 - repository: '@local' - condition: global.mariadbGalera.localCluster - - name: mariadb-init - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml deleted file mode 100644 index 9a3c383f8f..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml +++ /dev/null @@ -1,406 +0,0 @@ -<!-- - ============LICENSE_START======================================================= - Copyright (C) 2019 Nordix Foundation. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - SPDX-License-Identifier: Apache-2.0 - ============LICENSE_END========================================================= ---> -<configuration scan="true" scanPeriod="3 seconds" debug="true"> - <!--<jmxConfigurator /> --> - <!-- directory path for all other type logs --> - <!-- property name="logDir" value="/home/eby/dr2/logs" / --> - <property name="logDir" value="/opt/app/datartr/logs" /> - - <!-- directory path for debugging type logs --> - <!-- property name="debugDir" value="/home/eby/dr2/debug-logs" /--> - - <!-- specify the component name - <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" --> - <!-- This creates the MSO directory in in the LogDir which is not needed, mentioned last directory of the path--> - <!-- property name="componentName" value="logs"></property --> - - <!-- log file names --> - <property name="generalLogName" value="apicalls" /> - <!-- name="securityLogName" value="security" --> - <!-- name="performanceLogName" value="performance" --> - <!-- name="serverLogName" value="server" --> - <!-- name="policyLogName" value="policy"--> - <property name="errorLogName" value="errors" /> - <!-- name="metricsLogName" value="metrics" --> - <property name="debugLogName" value="debug"/> - <property name="jettyLogName" value="jetty"/> - <property name="defaultPattern" value="%d{MM/dd-HH:mm:ss.SSS}|%logger|%X{RequestId}|%X{InvocationId}|%X{ServiceInstanceId}|%thread|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{Timer}|%msg%n" /> - <property name="jettyLoggerPattern" value="%d{MM/dd-HH:mm:ss.SSS}|%logger|%thread|%.-5level|%msg%n" /> - - <property name="debugLoggerPattern" value="%d{MM/dd-HH:mm:ss.SSS}|%logger|%X{RequestId}|%X{InvocationId}|%X{ServiceInstanceId}|%thread|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{Timer}|[%caller{3}]|%msg%n" /> - - <property name="logDirectory" value="${logDir}" /> - <!-- property name="debugLogDirectory" value="${debugDir}/${componentName}" /--> - - - <!-- Example evaluator filter applied against console appender --> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - - <!-- The EELFAppender is used to record events to the general application - log --> - - - <appender name="EELF" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${generalLogName}.log</file> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>INFO</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${generalLogName}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>50MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELF" /> - </appender> - - <!-- EELF Security Appender. This appender is used to record security events - to the security log file. Security events are separate from other loggers - in EELF so that security log records can be captured and managed in a secure - way separate from the other logs. This appender is set to never discard any - events. --> - <!--appender name="EELFSecurity" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${securityLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>5MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <discardingThreshold>0</discardingThreshold> - <appender-ref ref="EELFSecurity" /> - </appender--> - - <!-- EELF Performance Appender. This appender is used to record performance - records. --> - <!--appender name="EELFPerformance" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${performanceLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>5MB</maxFileSize> - </triggeringPolicy> - <encoder> - <outputPatternAsHeader>true</outputPatternAsHeader> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFPerformance" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFPerformance" /> - </appender--> - - <!-- EELF Server Appender. This appender is used to record Server related - logging events. The Server logger and appender are specializations of the - EELF application root logger and appender. This can be used to segregate Server - events from other components, or it can be eliminated to record these events - as part of the application root log. --> - <!--appender name="EELFServer" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${serverLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>5MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFServer" /> - </appender--> - - - <!-- EELF Policy Appender. This appender is used to record Policy engine - related logging events. The Policy logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - <!--appender name="EELFPolicy" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${policyLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>5MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFPolicy" > - </appender--> - - - <!-- EELF Audit Appender. This appender is used to record audit engine - related logging events. The audit logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - - <!--appender name="EELFAudit" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>5MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFAudit" /> - </appender--> - - <!--appender name="EELFMetrics" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>5MB</maxFileSize> - </triggeringPolicy> - <encoder--> - <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - - %msg%n"</pattern> --> - <!--pattern>${defaultPattern}</pattern> - </encoder> -</appender> - - -<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFMetrics"/> -</appender--> - - <appender name="EELFError" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${errorLogName}.log</file> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLogName}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>50MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFError"/> - </appender> - - <!-- ============================================================================ --> - <appender name="jettylog" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${jettyLogName}.log</file> - <filter class="org.onap.dmaap.datarouter.provisioning.eelf.JettyFilter" /> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${jettyLogName}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>50MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${jettyLoggerPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFjettylog" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="jettylog" /> - <includeCallerData>true</includeCallerData> - </appender> - - <!-- ============================================================================ --> - - - <appender name="EELFDebug" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${debugLogName}.log</file> - <filter class="org.onap.dmaap.datarouter.provisioning.eelf.DebugTraceFilter" /> - <rollingPolicy - class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLogName}.%i.log.zip - </fileNamePattern> - <minIndex>1</minIndex> - <maxIndex>9</maxIndex> - </rollingPolicy> - <triggeringPolicy - class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> - <maxFileSize>50MB</maxFileSize> - </triggeringPolicy> - <encoder> - <pattern>${defaultPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - - - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger name="com.att.eelf" level="info" additivity="false"> - <appender-ref ref="asyncEELF" /> - </logger> - - <logger name="com.att.eelf.error" level="error" additivity="false"> - <appender-ref ref="asyncEELFError" /> - </logger> - - <logger name="log4j.logger.org.eclipse.jetty" additivity="false" level="info"> - <appender-ref ref="asyncEELFjettylog"/> - </logger> - - <logger name="com.att.eelf.debug" level="debug" additivity="false"> - <appender-ref ref="asyncEELFDebug" /> - </logger> - - <logger name="com.att.eelf.server" level="info" additivity="false"> - <appender-ref ref="asyncEELFServer" /> - </logger> - - <!-- logger name="com.att.eelf.security" level="info" additivity="false"> - <appender-ref ref="asyncEELFSecurity" /> - </logger> - <logger name="com.att.eelf.perf" level="info" additivity="false"> - <appender-ref ref="asyncEELFPerformance" /> - </logger> - - <logger name="com.att.eelf.policy" level="info" additivity="false"> - <appender-ref ref="asyncEELFPolicy" /> - </logger> - - <logger name="com.att.eelf.audit" level="info" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - - <logger name="com.att.eelf.metrics" level="info" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - - <logger name="com.att.eelf.debug" level="debug" additivity="false"> - <appender-ref ref="asyncEELFDebug" /> - </logger--> - - <root level="{{.Values.logLevel}}"> - <appender-ref ref="asyncEELF" /> - <appender-ref ref="asyncEELFError" /> - <appender-ref ref="asyncEELFjettylog" /> - <appender-ref ref="asyncEELFDebug" /> - <appender-ref ref="STDOUT" /> - </root> -</configuration>
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties deleted file mode 100644 index a56de3cd3b..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties +++ /dev/null @@ -1,44 +0,0 @@ -{{/* -#------------------------------------------------------------------------------- -# ============LICENSE_START================================================== -# * org.onap.dmaap -# * =========================================================================== -# * Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# * =========================================================================== -# * Licensed under the Apache License, Version 2.0 (the "License"); -# * you may not use this file except in compliance with the License. -# * You may obtain a copy of the License at -# * -# * http://www.apache.org/licenses/LICENSE-2.0 -# * -# * Unless required by applicable law or agreed to in writing, software -# * distributed under the License is distributed on an "AS IS" BASIS, -# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# * See the License for the specific language governing permissions and -# * limitations under the License. -# * ============LICENSE_END==================================================== -# * -# * ECOMP is a trademark and service mark of AT&T Intellectual Property. -# * -#------------------------------------------------------------------------------- -*/}} - - -#Jetty Server properties -org.onap.dmaap.datarouter.provserver.http.port = {{ .Values.containerPort }} -org.onap.dmaap.datarouter.provserver.https.relaxation = true - -org.onap.dmaap.datarouter.provserver.tlsenabled = false -org.onap.dmaap.datarouter.nodeserver.http.port = 8080 - -org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs -org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool -org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc -org.onap.dmaap.datarouter.provserver.logretention = 30 - -# Database access -org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver -org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}} -org.onap.dmaap.datarouter.db.login = ${DB_USERNAME} -org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD} - diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml deleted file mode 100644 index 1cd524423e..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} ---- -{{ include "common.log.configMap" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml deleted file mode 100644 index 197638e654..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - {{ include "common.podSecurityContext" . | indent 6 | trim}} - initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 12 }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - httpGet: - port: {{ .Values.liveness.port }} - path: /internal/prov - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - httpGet: - port: {{ .Values.liveness.port }} - path: /internal/prov - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - env: - - name: DB_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }} - - name: DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }} - volumeMounts: - - mountPath: /opt/app/datartr/etc/provserver.properties - name: {{ include "common.fullname" . }}-config - subPath: provserver.properties - - mountPath: /opt/app/datartr/etc/logback.xml - name: {{ include "common.fullname" . }}-log-conf - subPath: logback.xml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-configmap - items: - - key: provserver.properties - path: provserver.properties - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml deleted file mode 100644 index f288af9b29..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* - # ============LICENSE_START=================================================== - # Copyright (C) 2022 Nordix Foundation, Orange. - # ============================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END===================================================== -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml deleted file mode 100644 index 34932b713d..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml deleted file mode 100644 index 306b0f17eb..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml deleted file mode 100644 index c13ba57c83..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ /dev/null @@ -1,153 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - mariadbGalera: &mariadbGalera - # flag to enable the DB creation via mariadb-operator - useOperator: true - #This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster - localCluster: false - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - name: &dbUserSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-credentials' - uid: 'dmaap-dr-db-user-credentials' - type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "dmaap-dr-db-user-credentials" (index .Values "mariadb-galera" "db" "externalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "db" "user" }}' - password: '{{ index .Values "mariadb-galera" "db" "password" }}' - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/dmaap/datarouter-prov:2.1.15 -pullPolicy: Always - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -containerPort: &svc_port 8080 - -service: - type: ClusterIP - name: dmaap-dr-prov - ports: - - name: &port http - port: *svc_port - -ingress: - enabled: false - service: - - baseaddr: "dmaap-dr-prov-api" - name: "dmaap-dr-prov" - port: *svc_port - config: - ssl: "redirect" - -readinessCheck: - wait_for: - jobs: - - '{{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job' - -# dr uses the EELF Logging framework https://github.com/att/EELF -# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF -logLevel: "DEBUG" - -# probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - port: *svc_port - -readiness: - initialDelaySeconds: 60 - periodSeconds: 10 - port: *svc_port - -# mariadb-galera configuration -mariadb-galera: - nameOverride: &dbServer dmaap-dr-db - replicaCount: 1 - mariadbOperator: - galera: - enabled: false - db: - name: &mysqlDbName datarouter - user: datarouter - # password: - externalSecret: *dbUserSecretName - service: - name: *dbServer - nfsprovisionerPrefix: dmaap-dr-db - persistence: - size: 1Gi - mountSubPath: data-router/dr-db-data - serviceAccount: - nameOverride: *dbServer - -mariadb-init: - config: - userCredentialsExternalSecret: *dbUserSecretName - mysqlDatabase: *mysqlDbName - nameOverride: dmaap-dr-mariadb-init - serviceAccount: - nameOverride: dmaap-dr-mariadb-init - -# Resource Limit flavor -By Default using small -flavor: small - -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} - -#Pods Security Context -securityContext: - user_id: 1000 - group_id: 1000 - -#Pods Service Account -serviceAccount: - nameOverride: dmaap-dr-prov - roles: - - read diff --git a/kubernetes/dmaap/components/message-router/.helmignore b/kubernetes/dmaap/components/message-router/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/dmaap/components/message-router/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/dmaap/components/message-router/Chart.yaml b/kubernetes/dmaap/components/message-router/Chart.yaml deleted file mode 100644 index adc0599e94..0000000000 --- a/kubernetes/dmaap/components/message-router/Chart.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2022 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Message Router -name: message-router -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dmaap/components/message-router/Makefile b/kubernetes/dmaap/components/message-router/Makefile deleted file mode 100644 index ef273d0e9b..0000000000 --- a/kubernetes/dmaap/components/message-router/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties deleted file mode 100755 index 2dea84d289..0000000000 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties +++ /dev/null @@ -1,135 +0,0 @@ -{{/* -# LICENSE_START======================================================= -# org.onap.dmaap -# ================================================================================ -# Copyright © 2017 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2021-2022 Nordix Foundation -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -# -# ECOMP is a trademark and service mark of AT&T Intellectual Property. -# -############################################################################### -############################################################################### -*/}} -## -## Kafka Connection -## -## Items below are passed through to Kafka's producer and consumer -## configurations (after removing "kafka.") -## if you want to change request.required.acks it can take this one value -#kafka.request.required.acks=-1 -kafka.metadata.broker.list={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 -config.zk.servers=127.0.0.1:{{ .Values.zkTunnelService.internalPort }} -consumer.timeout.ms=100 -zookeeper.connection.timeout.ms=6000 -zookeeper.session.timeout.ms=20000 -zookeeper.sync.time.ms=2000 -auto.commit.interval.ms=1000 -fetch.message.max.bytes =1000000 -auto.commit.enable=false - -#(backoff*retries > zksessiontimeout) -kafka.rebalance.backoff.ms=10000 -kafka.rebalance.max.retries=6 - - -############################################################################### -## -## Secured Config -## -## Some data stored in the config system is sensitive -- API keys and secrets, -## for example. to protect it, we use an encryption layer for this section -## of the config. -## -## The key is a base64 encode AES key. This must be created/configured for -## each installation. -#cambria.secureConfig.key= -## -## The initialization vector is a 16 byte value specific to the secured store. -## This must be created/configured for each installation. -#cambria.secureConfig.iv= - -## Southfield Sandbox -cambria.secureConfig.key=b/7ouTn9FfEw2PQwL0ov/Q== -cambria.secureConfig.iv=wR9xP5k5vbz/xD0LmtqQLw== -authentication.adminSecret=fe3cCompound -#cambria.secureConfig.key[pc569h]=YT3XPyxEmKCTLI2NK+Sjbw== -#cambria.secureConfig.iv[pc569h]=rMm2jhR3yVnU+u2V9Ugu3Q== - - -############################################################################### -## -## Consumer Caching -## -## Kafka expects live connections from the consumer to the broker, which -## obviously doesn't work over connectionless HTTP requests. The Cambria -## server proxies HTTP requests into Kafka consumer sessions that are kept -## around for later re-use. Not doing so is costly for setup per request, -## which would substantially impact a high volume consumer's performance. -## -## This complicates Cambria server failover, because we often need server -## A to close its connection before server B brings up the replacement. -## - -## The consumer cache is normally enabled. -#cambria.consumer.cache.enabled=true - -## Cached consumers are cleaned up after a period of disuse. The server inspects -## consumers every sweepFreqSeconds and will clean up any connections that are -## dormant for touchFreqMs. -#cambria.consumer.cache.sweepFreqSeconds=15 -cambria.consumer.cache.touchFreqMs=120000 -##stickforallconsumerrequests=false -## The cache is managed through ZK. The default value for the ZK connection -## string is the same as config.zk.servers. -#cambria.consumer.cache.zkConnect=${config.zk.servers} - -## -## Shared cache information is associated with this node's name. The default -## name is the hostname plus the HTTP service port this host runs on. (The -## hostname is determined via InetAddress.getLocalHost ().getCanonicalHostName(), -## which is not always adequate.) You can set this value explicitly here. -## -#cambria.api.node.identifier=<use-something-unique-to-this-instance> - -#cambria.rateLimit.maxEmptyPollsPerMinute=30 -#cambria.rateLimitActual.delay.ms=10 - -############################################################################### -## -## Metrics Reporting -## -## This server can report its metrics periodically on a topic. -## -#metrics.send.cambria.enabled=true -#metrics.send.cambria.topic=cambria.apinode.metrics #msgrtr.apinode.metrics.dmaap -#metrics.send.cambria.sendEverySeconds=60 - -cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache -consumer.timeout=17 -default.partitions=3 -default.replicas=3 -############################################################################## -#100mb -maxcontentlength=10000 - -############################################################################## -##AAF Properties -forceAAF=false -useCustomAcls=false - -kafka.max.poll.interval.ms=300000 -kafka.heartbeat.interval.ms=60000 -kafka.session.timeout.ms=240000 -kafka.max.poll.records=1000 diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml deleted file mode 100644 index 949a893197..0000000000 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml +++ /dev/null @@ -1,204 +0,0 @@ -<!-- - ============LICENSE_START======================================================= - Copyright © 2019 AT&T Intellectual Property. All rights reserved. - Modifications Copyright © 2021-2022 Nordix Foundation - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - --> - -<configuration scan="true" scanPeriod="3 seconds" debug="true"> - <contextName>${module.ajsc.namespace.name}</contextName> - <jmxConfigurator /> - <property name="logDirectory" value="${AJSC_HOME}/log" /> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - </pattern> - </encoder> - </appender> - - <appender name="INFO" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>INFO</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - </appender> - - <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender"> - - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - - <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - - - <!-- Msgrtr related loggers --> - <logger name="org.onap.dmaap.dmf.mr.service" level="TRACE" /> - <logger name="org.onap.dmaap.dmf.mr.service.impl" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.resources" level="TRACE" /> - <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.backends" level="TRACE" /> - <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="TRACE" /> - <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.beans" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.constants" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.exception" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.listener" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="TRACE" /> - <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="TRACE" /> - - - - <logger name="org.onap.dmaap.dmf.mr.security" level="TRACE" /> - <logger name="org.onap.dmaap.dmf.mr.security.impl" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.transaction" level="TRACE" /> - <logger name="com.att.dmf.mr.transaction.impl" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="TRACE" /> - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="TRACE" /> - - <logger name="org.onap.dmaap.dmf.mr.utils" level="TRACE" /> - <logger name="org.onap.dmaap.mr.filter" level="TRACE" /> - - <!--<logger name="com.att.nsa.cambria.*" level="TRACE" />--> - - <!-- Msgrtr loggers in ajsc --> - <logger name="org.onap.dmaap.service" level="TRACE" /> - <logger name="org.onap.dmaap" level="TRACE" /> - - - <!-- Spring related loggers --> - <logger name="org.springframework" level="TRACE" additivity="false"/> - <logger name="org.springframework.beans" level="TRACE" additivity="false"/> - <logger name="org.springframework.web" level="TRACE" additivity="false" /> - <logger name="com.blog.spring.jms" level="TRACE" additivity="false" /> - - <!-- AJSC Services (bootstrap services) --> - <logger name="ajsc" level="TRACE" additivity="false"/> - <logger name="ajsc.RouteMgmtService" level="TRACE" additivity="false"/> - <logger name="ajsc.ComputeService" level="TRACE" additivity="false" /> - <logger name="ajsc.VandelayService" level="TRACE" additivity="false"/> - <logger name="ajsc.FilePersistenceService" level="TRACE" additivity="false"/> - <logger name="ajsc.UserDefinedJarService" level="TRACE" additivity="false" /> - <logger name="ajsc.UserDefinedBeansDefService" level="TRACE" additivity="false" /> - <logger name="ajsc.LoggingConfigurationService" level="TRACE" additivity="false" /> - - <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet - logging) --> - <logger name="ajsc.utils" level="TRACE" additivity="false"/> - <logger name="ajsc.utils.DME2Helper" level="TRACE" additivity="false" /> - <logger name="ajsc.filters" level="TRACE" additivity="false" /> - <logger name="ajsc.beans.interceptors" level="TRACE" additivity="false" /> - <logger name="ajsc.restlet" level="TRACE" additivity="false" /> - <logger name="ajsc.servlet" level="TRACE" additivity="false" /> - <logger name="com.att" level="TRACE" additivity="false" /> - <logger name="com.att.ajsc.csi.logging" level="TRACE" additivity="false" /> - <logger name="com.att.ajsc.filemonitor" level="TRACE" additivity="false"/> - - <logger name="com.att.nsa.dmaap.util" level="TRACE" additivity="false"/> - <logger name="com.att.cadi.filter" level="TRACE" additivity="false" /> - - - <!-- Other Loggers that may help troubleshoot --> - <logger name="net.sf" level="TRACE" additivity="false" /> - <logger name="org.apache.commons.httpclient" level="TRACE" additivity="false"/> - <logger name="org.apache.commons" level="TRACE" additivity="false" /> - <logger name="org.apache.coyote" level="TRACE" additivity="false"/> - <logger name="org.apache.jasper" level="TRACE" additivity="false"/> - - <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. - May aid in troubleshooting) --> - <logger name="org.apache.camel" level="TRACE" additivity="false" /> - <logger name="org.apache.cxf" level="TRACE" additivity="false" /> - <logger name="org.apache.camel.processor.interceptor" level="TRACE" additivity="false"/> - <logger name="org.apache.cxf.jaxrs.interceptor" level="TRACE" additivity="false" /> - <logger name="org.apache.cxf.service" level="TRACE" additivity="false" /> - <logger name="org.restlet" level="TRACE" additivity="false" /> - <logger name="org.apache.camel.component.restlet" level="TRACE" additivity="false" /> - <logger name="org.apache.kafka" level="TRACE" additivity="false" /> - <logger name="org.apache.zookeeper" level="TRACE" additivity="false" /> - <logger name="org.I0Itec.zkclient" level="TRACE" additivity="false" /> - - <!-- logback internals logging --> - <logger name="ch.qos.logback.classic" level="TRACE" additivity="false"/> - <logger name="ch.qos.logback.core" level="TRACE" additivity="false" /> - - <!-- logback jms appenders & loggers definition starts here --> - <!-- logback jms appenders & loggers definition starts here --> - <appender name="auditLogs" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <appender name="perfLogs" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>1000</queueSize> - <discardingThreshold>0</discardingThreshold> - <appender-ref ref="Audit-Record-Queue" /> - </appender> - - <logger name="AuditRecord" level="TRACE" additivity="FALSE"> - <appender-ref ref="STDOUT" /> - </logger> - <logger name="AuditRecord_DirectCall" level="TRACE" additivity="FALSE"> - <appender-ref ref="STDOUT" /> - </logger> - <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>1000</queueSize> - <discardingThreshold>0</discardingThreshold> - <appender-ref ref="Performance-Tracker-Queue" /> - </appender> - <logger name="PerfTrackerRecord" level="TRACE" additivity="FALSE"> - <appender-ref ref="ASYNC-perf" /> - <appender-ref ref="perfLogs" /> - </logger> - <!-- logback jms appenders & loggers definition ends here --> - - <root level="TRACE"> - <appender-ref ref="DEBUG" /> - <appender-ref ref="ERROR" /> - <appender-ref ref="INFO" /> - <appender-ref ref="STDOUT" /> - </root> - -</configuration> diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml deleted file mode 100644 index 3f786ad950..0000000000 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021-2022 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/dmaap/MsgRtrApi.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logback-xml-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }} - diff --git a/kubernetes/dmaap/components/message-router/templates/ingress.yaml b/kubernetes/dmaap/components/message-router/templates/ingress.yaml deleted file mode 100644 index a90bf83c07..0000000000 --- a/kubernetes/dmaap/components/message-router/templates/ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/dmaap/components/message-router/templates/service.yaml b/kubernetes/dmaap/components/message-router/templates/service.yaml deleted file mode 100644 index 8d13879023..0000000000 --- a/kubernetes/dmaap/components/message-router/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml deleted file mode 100644 index ede6cb025e..0000000000 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ /dev/null @@ -1,156 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021-2022 Nordix Foundation -# Modifications Copyright © 2023 DTAG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: StatefulSet -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - serviceName: {{ include "common.servicename" . }} - replicas: 1 - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.liveness.port }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - successThreshold: {{ .Values.liveness.successThreshold }} - failureThreshold: {{ .Values.liveness.failureThreshold }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.readiness.port }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - successThreshold: {{ .Values.readiness.successThreshold }} - failureThreshold: {{ .Values.readiness.failureThreshold }} - startupProbe: - tcpSocket: - port: {{ .Values.startup.port }} - initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} - periodSeconds: {{ .Values.startup.periodSeconds }} - timeoutSeconds: {{ .Values.startup.timeoutSeconds }} - successThreshold: {{ .Values.startup.successThreshold }} - failureThreshold: {{ .Values.startup.failureThreshold }} - env: - - name: JAASLOGIN - valueFrom: - secretKeyRef: - name: strimzi-kafka-admin - key: sasl.jaas.config - - name: SASLMECH - value: scram-sha-512 - - name: enableCadi - value: "true" - - name: useZkTopicStore - value: "false" - volumeMounts: - - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties - subPath: MsgRtrApi.properties - name: appprops - - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml - subPath: logback.xml - name: logback - resources: {{ include "common.resources" . | nindent 12 }} - - name: {{ .Values.zkTunnelService.name }} - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zkTunnelService.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /opt/stunnel/stunnel_run.sh - ports: - - containerPort: {{ .Values.zkTunnelService.internalPort }} - name: {{ .Values.zkTunnelService.portName }} - protocol: {{ .Values.zkTunnelService.protocol }} - env: - - name: LOG_LEVEL - value: {{ .Values.zkTunnelService.logLevel }} - - name: STRIMZI_ZOOKEEPER_CONNECT - value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.zkTunnelService.internalPort }}' - livenessProbe: - exec: - command: - - /opt/stunnel/stunnel_healthcheck.sh - - '{{ .Values.zkTunnelService.internalPort }}' - failureThreshold: 3 - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - exec: - command: - - /opt/stunnel/stunnel_healthcheck.sh - - '{{ .Values.zkTunnelService.internalPort }}' - failureThreshold: 3 - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /etc/cluster-operator-certs/ - name: cluster-operator-certs - - mountPath: /etc/cluster-ca-certs/ - name: cluster-ca-certs - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: appprops - configMap: - name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap - - name: logback - configMap: - name: {{ include "common.fullname" . }}-logback-xml-configmap - - name: cluster-operator-certs - secret: - defaultMode: 288 - secretName: {{ include "common.release" . }}-strimzi-cluster-operator-certs - - name: cluster-ca-certs - secret: - defaultMode: 288 - secretName: {{ include "common.release" . }}-strimzi-cluster-ca-cert - {{- include "common.imagePullSecrets" . | nindent 6 }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "common.fullname" . }}-zk-network-policy - namespace: {{ include "common.namespace" . }} -spec: - podSelector: - matchLabels: - strimzi.io/name: {{ include "common.release" . }}-strimzi-zookeeper - ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: {{ include "common.name" . }} - ports: - - port: {{ .Values.zkTunnelService.internalPort }} - protocol: {{ .Values.zkTunnelService.protocol }} - policyTypes: - - Ingress diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml deleted file mode 100644 index ab6a31ee2e..0000000000 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ /dev/null @@ -1,117 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021-2022 Nordix Foundation -# Modifications Copyright © 2023 DTAG -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/dmaap/dmaap-mr:1.4.4 -pullPolicy: Always - -#Strimzi zookeeper_tunnel config -zkTunnelService: - type: ClusterIP - name: zk-tunnel-svc - portName: tcp-zk-tunnel - protocol: TCP - internalPort: 2181 - logLevel: debug - image: scholzj/zoo-entrance:latest - -nodeSelector: {} - -affinity: {} - -containerPort: &svc_port 3904 - -service: - type: ClusterIP - name: message-router - ports: - - name: api - port: *svc_port - port_protocol: http - -ingress: - enabled: false - service: - - baseaddr: "dmaap-mr-api" - name: "message-router" - port: *svc_port - config: - ssl: "redirect" - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 15 - successThreshold: 1 - failureThreshold: 3 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - port: *svc_port - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - port: *svc_port - -# periodSeconds is set longer to avoid DMaaP 429 error -startup: - initialDelaySeconds: 90 - periodSeconds: 30 - timeoutSeconds: 15 - successThreshold: 1 - failureThreshold: 70 - port: *svc_port - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "2" - memory: "4Gi" - requests: - cpu: "1" - memory: "2Gi" - large: - limits: - cpu: "4" - memory: "8Gi" - requests: - cpu: "2" - memory: "4Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: message-router - roles: - - read diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml deleted file mode 100644 index 6faab9cdbc..0000000000 --- a/kubernetes/dmaap/values.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs,Bell Canada -# Modifications Copyright © 2021-2022 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} -#Component overrides -message-router: - enabled: true -dmaap-dr-node: - enabled: true -dmaap-dr-prov: - enabled: true - -#Pods Service Account -serviceAccount: - nameOverride: dmaap - roles: - - read diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index f60a2d35d0..08ced6e879 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -271,7 +271,7 @@ deploy() { #So cache the results to prevent repeated execution. ALL_HELM_RELEASES=$(helm ls -q) - for subchart in strimzi roles-wrapper repository-wrapper cassandra mariadb-galera postgres ; do + for subchart in roles-wrapper repository-wrapper strimzi cassandra mariadb-galera postgres ; do SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml SUBCHART_ENABLED=0 diff --git a/kubernetes/holmes/.helmignore b/kubernetes/holmes/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/holmes/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/holmes/Chart.yaml b/kubernetes/holmes/Chart.yaml deleted file mode 100644 index 7a8a23a42f..0000000000 --- a/kubernetes/holmes/Chart.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 ZTE -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP DCAE HOLMES -name: holmes -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: postgres - version: ~13.x-0 - repository: '@local' - condition: global.postgres.localCluster - - name: postgres-init - version: ~13.x-0 - repository: '@local' - condition: global.postgres.globalCluster - - name: holmes-rule-mgmt - version: ~13.x-0 - repository: 'file://components/holmes-rule-mgmt' - - name: holmes-engine-mgmt - version: ~13.x-0 - repository: 'file://components/holmes-engine-mgmt' diff --git a/kubernetes/holmes/Makefile b/kubernetes/holmes/Makefile deleted file mode 100644 index 08ed7cb9da..0000000000 --- a/kubernetes/holmes/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/holmes/components/Makefile b/kubernetes/holmes/components/Makefile deleted file mode 100644 index 9544d70f33..0000000000 --- a/kubernetes/holmes/components/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/.helmignore b/kubernetes/holmes/components/holmes-engine-mgmt/.helmignore deleted file mode 100644 index 50af031725..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml deleted file mode 100644 index df7f2c0c72..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Modifications Copyright © 2021 ZTE -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -appVersion: "2.0" -description: Holmes Engine Management -name: holmes-engine-mgmt -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml deleted file mode 100644 index 34c4024059..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml +++ /dev/null @@ -1,18 +0,0 @@ -server: - port: 9102 - servlet: - context-path: /api/holmes-engine-mgmt/v1 - -logging: - config: classpath:logback-spring.xml - -spring: - application: - name: Holmes Engine Management - datasource: - dirver-class-name: org.postgresql.Driver - url: jdbc:postgresql://${URL_JDBC}:${DB_PORT}/${DB_NAME} - username: ${JDBC_USERNAME} - password: ${JDBC_PASSWORD} - mvc: - throw-exception-if-no-handler-found: true
\ No newline at end of file diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/cfy.json b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/cfy.json deleted file mode 100644 index dfa58b098f..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/cfy.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "services_calls": {}, - "streams_publishes": { - "dcae_cl_out": { - "dmaap_info": { - "topic_url": "http://message-router.onap:3904/events/unauthenticated.DCAE_CL_OUTPUT" - }, - "type": "message_router" - } - }, - "streams_subscribes": { - "ves_fault": { - "dmaap_info": { - "topic_url": "http://message-router.onap:3904/events/unauthenticated.SEC_FAULT_OUTPUT" - }, - "type": "message_router" - } - } -} diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml deleted file mode 100644 index 9a16390856..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml +++ /dev/null @@ -1,72 +0,0 @@ -# -# Copyright 2017 ZTE Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -server: - type: simple - rootPath: '/api/holmes-engine-mgmt/v1/*' - applicationContextPath: / - adminContextPath: /admin - connector: - type: http - port: 9102 - validateCerts: false - validatePeers: false - - -# Logging settings. -logging: - - # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL. - level: INFO - - # Logger-specific levels. - loggers: - - # Sets the level for 'com.example.app' to DEBUG. - org.onap.holmes.engine: ALL - - appenders: - - type: console - threshold: INFO - timeZone: UTC - logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n" - - type: file - threshold: ERROR - logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n" - currentLogFilename: /var/log/ONAP/holmes/engine-d-error.log - archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-error-%d{yyyy-MM-dd}.log.gz - archivedFileCount: 7 - - type: file - threshold: INFO - logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n" - currentLogFilename: /var/log/ONAP/holmes/engine-d-debug.log - archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-debug-%d{yyyy-MM-dd}.log.gz - archivedFileCount: 7 - - -database: - driverClass: org.postgresql.Driver - user: ${JDBC_USERNAME} - password: ${JDBC_PASSWORD} - url: jdbc:postgresql://${URL_JDBC}:${DB_PORT}/${DB_NAME} - properties: - charSet: UTF-8 - maxWaitForConnection: 1s - validationQuery: "/* MyService Health Check */ SELECT 1" - minSize: 8 - maxSize: 100 - checkConnectionWhileIdle: false - evictionInterval: 10s - minIdleTime: 1s diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql deleted file mode 100644 index e5eecb1a5a..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql +++ /dev/null @@ -1,50 +0,0 @@ --- --- Copyright 2017 ZTE Corporation. --- --- Licensed under the Apache License, Version 2.0 (the "License"); --- you may not use this file except in compliance with the License. --- You may obtain a copy of the License at --- --- http://www.apache.org/licenses/LICENSE-2.0 --- --- Unless required by applicable law or agreed to in writing, software --- distributed under the License is distributed on an "AS IS" BASIS, --- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. --- See the License for the specific language governing permissions and --- limitations under the License. --- -\c postgres - -/******************CREATE NEW DATABASE AND USER***************************/ -CREATE DATABASE ${DB_NAME}; - -CREATE ROLE ${JDBC_USERNAME} with PASSWORD '${JDBC_PASSWORD}' LOGIN; - -\encoding UTF8; - -/******************CREATE NEW TABLE***************************/ -\c ${DB_NAME}; - -CREATE TABLE IF NOT EXISTS ALARM_INFO ( - EVENTID VARCHAR(150) NOT NULL, - EVENTNAME VARCHAR(150) NOT NULL, - ALARMISCLEARED SMALLINT NOT NULL, - ROOTFLAG SMALLINT NOT NULL, - STARTEPOCHMICROSEC BIGINT NOT NULL, - LASTEPOCHMICROSEC BIGINT NOT NULL, - SOURCEID VARCHAR(150) NOT NULL, - SOURCENAME VARCHAR(150) NOT NULL, - SEQUENCE SMALLINT NOT NULL, - PRIMARY KEY (EVENTID, SEQUENCE, SOURCENAME) -); - -CREATE TABLE IF NOT EXISTS ENGINE_ENTITY ( - ID VARCHAR(150) NOT NULL, - IP VARCHAR(128) NOT NULL, - PORT SMALLINT NOT NULL, - LASTMODIFIED BIGINT NOT NULL, - PRIMARY KEY (ID) -); - -GRANT ALL PRIVILEGES ON ALARM_INFO TO ${JDBC_USERNAME}; -GRANT ALL PRIVILEGES ON ENGINE_ENTITY TO ${JDBC_USERNAME}; diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/configmap.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/configmap.yaml deleted file mode 100644 index 76b339faea..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }} diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml deleted file mode 100644 index 641f032ce4..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml +++ /dev/null @@ -1,145 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 ZTE Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -{{- $sum := "" }} -{{- range $path, $bytes := .Files.Glob "resources/config/*.json"}} -{{- $sum = $.Files.Get $path | sha256sum | print $sum }} -{{- end }} - annotations: - checksum/config: {{ $sum | sha256sum }} - -spec: - replicas: 1 - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - {{- if .Values.global.postgres.localCluster }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }} - {{ else }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }} - {{- end }} - - name: {{ include "common.name" . }}-env-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - "cd /hemconfig && for PFILE in `find . -type f -not -name '*.json'`; do envsubst < ${PFILE} > /config/${PFILE##*/}; done" - env: - - name: JDBC_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} - - name: DB_NAME - value: {{ .Values.config.pgConfig.dbName }} - - name: URL_JDBC - value: {{ .Values.config.pgConfig.dbHost }} - - name: DB_PORT - value: "{{ .Values.config.pgConfig.dbPort }}" - - name: AAI_ADDR - value: aai - - name: AAI_PORT - value: "{{ .Values.config.aai.aaiPort }}" - - name: AAI_USERNAME - value: {{ .Values.config.aai.username }} - - name: AAI_PASSWORD - value: {{ .Values.config.aai.password }} - - name: NAMESPACE - value: {{ include "common.namespace" . }} - volumeMounts: - - mountPath: /hemconfig - name: {{ include "common.fullname" . }}-config - - mountPath: /config - name: {{ include "common.fullname" . }}-env-config - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: {{ include "common.resources" . | nindent 10 }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - volumeMounts: - - name: {{ include "common.fullname" . }}-env-config - mountPath: /opt/hemconfig - - name: {{ include "common.fullname" . }}-config - mountPath: /opt/hemtopics - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - httpGet: - path: {{ .Values.liveness.path }} - port: {{ .Values.liveness.port }} - scheme: {{ .Values.liveness.scheme }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- end }} - readinessProbe: - httpGet: - path: {{ .Values.readiness.path }} - port: {{ .Values.readiness.port }} - scheme: {{ .Values.readiness.scheme }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - failureThreshold: 1 - successThreshold: 1 - timeoutSeconds: 1 - env: - - name: CONSUL_HOST - value: consul-server.{{ include "common.namespace" . }} - - name: CONFIG_BINDING_SERVICE - value: config-binding-service - - name: MSB_IAG_SERVICE_PROTOCOL - value: {{ .Values.global.msbProtocol }} - - name: MSB_IAG_SERVICE_HOST - value: {{ .Values.global.msbServiceName }}.{{ include "common.namespace" . }} - - name: MSB_IAG_SERVICE_PORT - value: {{ .Values.global.msbPort | quote }} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: PGPASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} - - name: JDBC_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} - - name: DB_NAME - value: {{ .Values.config.pgConfig.dbName }} - - name: URL_JDBC - value: {{ .Values.config.pgConfig.dbHost }} - - name: DB_PORT - value: "{{ .Values.config.pgConfig.dbPort }}" - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - defaultMode: 422 - name: {{ include "common.fullname" . }} - - name: {{ include "common.fullname" . }}-env-config - emptyDir: - medium: Memory - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/secret.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/secret.yaml deleted file mode 100644 index 34932b713d..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/service.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/service.yaml deleted file mode 100644 index 70abf763e0..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml deleted file mode 100644 index bd06bcd1ee..0000000000 --- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml +++ /dev/null @@ -1,137 +0,0 @@ -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 ZTE Corporation Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefixExt: 302 - msbProtocol: http - msbServiceName: msb-iag - msbPort: 80 - postgres: - localCluster: false - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/holmes/engine-management:12.0.1 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 - -################################################################# -# Secrets metaconfig -################################################################# -secrets: -- uid: pg-user-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.pgConfig.dbUserCredsExternalSecret) . }}' - login: '{{ .Values.config.pgConfig.dbUser }}' - password: '{{ .Values.config.pgConfig.dbUserPassword }}' - -# application configuration -config: - logstashServiceName: log-ls - logstashPort: 5044 - # Addresses of other ONAP entities - address: - consul: - host: consul-server - port: 8500 - pgConfig: - dbName: defaultName - dbHost: defaultHost - dbPort: 1234 - dbUser: admin - dbUserPassword: admin - # dbUserCredsExternalSecret - msb: - serviceName: msb-iag - port: 80 - aai: - aaiPort: 80 - username: AAI - password: AAI - -service: - type: ClusterIP - name: holmes-engine-mgmt - ports: - - name: http-rest - port: &svc_port 9102 - annotations: - msb.onap.org/service-info: | - {{ if .Values.global.msbEnabled -}}[ - { - "serviceName": "holmes-engine-mgmt", - "version": "v1", - "url": "/api/holmes-engine-mgmt/v1", - "path":"/api/holmes-engine-mgmt/v1", - "protocol": "REST", - "visualRange":"0|1", - "port": "9102", - "enable_ssl": false - } - ]{{ end }} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - path: /api/holmes-engine-mgmt/v1/healthcheck - scheme: HTTP - port: *svc_port - enabled: true - -readiness: - initialDelaySeconds: 30 - periodSeconds: 30 - path: /api/holmes-engine-mgmt/v1/healthcheck - scheme: HTTP - port: *svc_port - -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} - -readinessCheck: - wait_for_global: - jobs: - - '{{ include "common.release" . }}-holmes-postgres-init-config-job' - wait_for_local: - services: - - '{{ .Values.global.postgres.service.name2 }}' - -#Pods Service Account -serviceAccount: - nameOverride: holmes-engine-mgmt - roles: - - read diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/.helmignore b/kubernetes/holmes/components/holmes-rule-mgmt/.helmignore deleted file mode 100644 index 50af031725..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml deleted file mode 100644 index 4263913b25..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Modifications Copyright © 2021 ZTE -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -appVersion: "2.0" -description: Holmes Rule Management -name: holmes-rule-mgmt -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml deleted file mode 100644 index 2ff0fa6d52..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml +++ /dev/null @@ -1,18 +0,0 @@ -server: - port: 9101 - servlet: - context-path: /api/holmes-rule-mgmt/v1 - -logging: - config: classpath:logback-spring.xml - -spring: - application: - name: Holmes Rule Management - datasource: - dirver-class-name: org.postgresql.Driver - url: jdbc:postgresql://${URL_JDBC}:${DB_PORT}/${DB_NAME} - username: ${JDBC_USERNAME} - password: ${JDBC_PASSWORD} - mvc: - throw-exception-if-no-handler-found: true
\ No newline at end of file diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/onap-holmes_rulemgt-createobj.sql b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/onap-holmes_rulemgt-createobj.sql deleted file mode 100644 index 0464a5f8fd..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/onap-holmes_rulemgt-createobj.sql +++ /dev/null @@ -1,57 +0,0 @@ --- --- Copyright 2017 ZTE Corporation. --- --- Licensed under the Apache License, Version 2.0 (the "License"); --- you may not use this file except in compliance with the License. --- You may obtain a copy of the License at --- --- http://www.apache.org/licenses/LICENSE-2.0 --- --- Unless required by applicable law or agreed to in writing, software --- distributed under the License is distributed on an "AS IS" BASIS, --- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. --- See the License for the specific language governing permissions and --- limitations under the License. --- -\c postgres - -/******************CREATE NEW DATABASE AND USER***************************/ -CREATE DATABASE ${DB_NAME}; - -CREATE ROLE ${JDBC_USERNAME} with PASSWORD '${JDBC_PASSWORD}' LOGIN; - -\encoding UTF8; - -/******************DELETE OLD TABLE AND CREATE NEW***************************/ -\c ${DB_NAME}; - -CREATE TABLE IF NOT EXISTS APLUS_RULE ( - RID VARCHAR(30) NOT NULL, - NAME VARCHAR(150) NOT NULL, - CTRLLOOP VARCHAR(150) NOT NULL, - DESCRIPTION VARCHAR(4000) NULL, - ENABLE SMALLINT NOT NULL, - TEMPLATEID BIGINT NOT NULL, - ENGINEID VARCHAR(20) NOT NULL, - ENGINETYPE VARCHAR(20) NOT NULL, - CREATOR VARCHAR(20) NOT NULL, - CREATETIME TIMESTAMP NOT NULL, - UPDATOR VARCHAR(20) NULL, - UPDATETIME TIMESTAMP NULL, - PARAMS VARCHAR(4000) NULL, - CONTENT VARCHAR(20000) NOT NULL, - VENDOR VARCHAR(100) NOT NULL, - ENGINEINSTANCE VARCHAR(100) NOT NULL, - PACKAGE VARCHAR(255) NULL, - PRIMARY KEY (RID), - UNIQUE (NAME) -); - -CREATE INDEX IDX_APLUS_RULE_NAME ON APLUS_RULE (NAME); -CREATE INDEX IDX_APLUS_RULE_CTRLLOOP ON APLUS_RULE (CTRLLOOP); -CREATE INDEX IDX_APLUS_RULE_ENABLE ON APLUS_RULE (ENABLE); -CREATE INDEX IDX_APLUS_RULE_TEMPLATEID ON APLUS_RULE (TEMPLATEID); -CREATE INDEX IDX_APLUS_RULE_ENGINEID ON APLUS_RULE (ENGINEID); -CREATE INDEX IDX_APLUS_RULE_ENGINETYPE ON APLUS_RULE (ENGINETYPE); - -GRANT ALL PRIVILEGES ON APLUS_RULE TO ${JDBC_USERNAME}; diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml deleted file mode 100644 index 3b7218855a..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml +++ /dev/null @@ -1,66 +0,0 @@ -apidescription: ZTE Holmes rule Management rest API - -# use the simple server factory if you only want to run on a single port -#server: -# type: simple -# connector: -# type: http -# port: 12003 - -server: - type: simple - rootPath: '/api/holmes-rule-mgmt/v1/*' - applicationContextPath: / - adminContextPath: /admin - connector: - type: http - port: 9101 - validateCerts: false - validatePeers: false - -# Logging settings. -logging: - - # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL. - level: INFO - - # Logger-specific levels. - loggers: - - # Sets the level for 'com.example.app' to DEBUG. - org.onap.holmes.rulemgt: ALL - - appenders: - - type: console - threshold: INFO - timeZone: UTC - logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n" - - type: file - threshold: ERROR - #logFormat: "%nopexception%logger\n|%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX,UTC}\n|%level\n|%message\n|%X{InvocationID}\n|%rootException\n|%marker\n|%thread\n|%n \r\n" - logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n" - currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-error.log - archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-error-%d{yyyy-MM-dd}.log.gz - archivedFileCount: 7 - - type: file - threshold: INFO - logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n" - currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-debug.log - archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-debug-%d{yyyy-MM-dd}.log.gz - archivedFileCount: 7 - -#database -database: - driverClass: org.postgresql.Driver - user: ${JDBC_USERNAME} - password: ${JDBC_PASSWORD} - url: jdbc:postgresql://${URL_JDBC}:${DB_PORT}/${DB_NAME} - properties: - charSet: UTF-8 - maxWaitForConnection: 1s - validationQuery: "/* MyService Health Check */ SELECT 1" - minSize: 8 - maxSize: 100 - checkConnectionWhileIdle: false - evictionInterval: 10s - minIdleTime: 1s diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl deleted file mode 100644 index 814aeedf03..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl +++ /dev/null @@ -1,88 +0,0 @@ -package org.onap.holmes.droolsRule; - -import org.onap.holmes.common.dmaap.DmaapService; -import org.onap.holmes.common.api.stat.VesAlarm; -import org.onap.holmes.common.aai.CorrelationUtil; -import org.onap.holmes.common.dmaap.entity.PolicyMsg; -import org.onap.holmes.common.utils.SpringContextUtil; -import org.onap.holmes.common.utils.DroolsLog; - -rule "Relation_analysis_Rule" -salience 200 -no-loop true - when - $root : VesAlarm(alarmIsCleared == 0, - $sourceId: sourceId, sourceId != null && !sourceId.equals(""), - $sourceName: sourceName, sourceName != null && !sourceName.equals(""), - $startEpochMicrosec: startEpochMicrosec, - eventName in ("Fault_MultiCloud_VMFailure"), - $eventId: eventId) - $child : VesAlarm( eventId != $eventId, parentId == null, - CorrelationUtil.getInstance().isTopologicallyRelated(sourceId, $sourceId, $sourceName), - eventName in ("Fault_MME_eNodeB out of service alarm"), - startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000) - then - DroolsLog.printInfo("==========================================================="); - DroolsLog.printInfo("Relation_analysis_Rule: rootId=" + $root.getEventId() + ", childId=" + $child.getEventId()); - $child.setParentId($root.getEventId()); - update($child); -end - -rule "root_has_child_handle_Rule" -salience 150 -no-loop true - when - $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, $eventId: eventId) - $child : VesAlarm(eventId != $eventId, parentId == $eventId) - then - DroolsLog.printInfo("==========================================================="); - DroolsLog.printInfo("root_has_child_handle_Rule: rootId=" + $root.getEventId() + ", childId=" + $child.getEventId()); - DmaapService dmaapService = SpringContextUtil.getBean(DmaapService.class); - PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, $child, "org.onap.holmes.droolsRule"); - dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out"); - $root.setRootFlag(1); - update($root); -end - -rule "root_no_child_handle_Rule" -salience 100 -no-loop true - when - $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, - sourceId != null && !sourceId.equals(""), - sourceName != null && !sourceName.equals(""), - eventName in ("Fault_MultiCloud_VMFailure")) - then - DroolsLog.printInfo("==========================================================="); - DroolsLog.printInfo("root_no_child_handle_Rule: rootId=" + $root.getEventId()); - DmaapService dmaapService = SpringContextUtil.getBean(DmaapService.class); - PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, "org.onap.holmes.droolsRule"); - dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out"); - $root.setRootFlag(1); - update($root); -end - -rule "root_cleared_handle_Rule" -salience 100 -no-loop true - when - $root : VesAlarm(alarmIsCleared == 1, rootFlag == 1) - then - DroolsLog.printInfo("==========================================================="); - DroolsLog.printInfo("root_cleared_handle_Rule: rootId=" + $root.getEventId()); - DmaapService dmaapService = SpringContextUtil.getBean(DmaapService.class); - PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, "org.onap.holmes.droolsRule"); - dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out"); - retract($root); -end - -rule "child_handle_Rule" -salience 100 -no-loop true - when - $child : VesAlarm(alarmIsCleared == 1, rootFlag == 0) - then - DroolsLog.printInfo("==========================================================="); - DroolsLog.printInfo("child_handle_Rule: childId=" + $child.getEventId()); - retract($child); -end
\ No newline at end of file diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json deleted file mode 100644 index 70f9dd09db..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json +++ /dev/null @@ -1,6 +0,0 @@ -[ - { - "closedControlLoopName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b", - "file": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl" - } -] diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml deleted file mode 100644 index 3d54264723..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-general-config -data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rule-config -data: {{ tpl (.Files.Glob "resources/rules/*").AsConfig . | nindent 2 }} diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml deleted file mode 100644 index e71187c557..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml +++ /dev/null @@ -1,140 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 ZTE Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -{{- $sum := "" }} -{{- range $path, $bytes := .Files.Glob "resources/rules/*"}} -{{- $sum = $.Files.Get $path | sha256sum | print $sum }} -{{- end }} - annotations: - checksum/rules: {{ $sum | sha256sum }} -spec: - replicas: 1 - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - {{- if .Values.global.postgres.localCluster }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }} - {{ else }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }} - {{- end }} - - name: {{ include "common.name" . }}-env-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - "cd /hrmconfig && for PFILE in `find . -type f -not -name '*.json'`; do envsubst < ${PFILE} > /config/${PFILE##*/}; done" - env: - - name: JDBC_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} - - name: DB_NAME - value: {{ .Values.config.pgConfig.dbName }} - - name: URL_JDBC - value: {{ .Values.config.pgConfig.dbHost }} - - name: DB_PORT - value: "{{ .Values.config.pgConfig.dbPort }}" - - name: NAMESPACE - value: {{ include "common.namespace" . }} - volumeMounts: - - mountPath: /hrmconfig - name: {{ include "common.fullname" . }}-general-config - - mountPath: /config - name: {{ include "common.fullname" . }}-env-config - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: {{ include "common.resources" . | nindent 10 }} - ports: {{ include "common.containerPorts" . | nindent 8 }} - volumeMounts: - - name: {{ include "common.fullname" . }}-env-config - mountPath: /opt/hrmconfig - - name: {{ include "common.fullname" . }}-rule-config - mountPath: /opt/hrmrules - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - httpGet: - path: {{ .Values.liveness.path }} - port: {{ .Values.liveness.port }} - scheme: {{ .Values.liveness.scheme }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- end }} - readinessProbe: - httpGet: - path: {{ .Values.readiness.path }} - port: {{ .Values.readiness.port }} - scheme: {{ .Values.readiness.scheme }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - failureThreshold: 1 - successThreshold: 1 - timeoutSeconds: 1 - env: - - name: CONSUL_HOST - value: consul-server.{{ include "common.namespace" . }} - - name: CONFIG_BINDING_SERVICE - value: config-binding-service - - name: MSB_IAG_SERVICE_PROTOCOL - value: {{ .Values.global.msbProtocol }} - - name: MSB_IAG_SERVICE_HOST - value: {{ .Values.global.msbServiceName }}.{{ include "common.namespace" . }} - - name: MSB_IAG_SERVICE_PORT - value: {{ .Values.global.msbPort | quote}} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: PGPASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} - - name: JDBC_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} - - name: DB_NAME - value: {{ .Values.config.pgConfig.dbName }} - - name: URL_JDBC - value: {{ .Values.config.pgConfig.dbHost }} - - name: DB_PORT - value: "{{ .Values.config.pgConfig.dbPort }}" - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-general-config - configMap: - defaultMode: 422 - name: {{ include "common.fullname" . }}-general-config - - name: {{ include "common.fullname" . }}-rule-config - configMap: - defaultMode: 422 - name: {{ include "common.fullname" . }}-rule-config - - name: {{ include "common.fullname" . }}-env-config - emptyDir: - medium: Memory - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/ingress.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/ingress.yaml deleted file mode 100644 index bcc60a0953..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/secret.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/secret.yaml deleted file mode 100644 index 34932b713d..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/service.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/service.yaml deleted file mode 100644 index 70abf763e0..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml deleted file mode 100644 index a7e0e25a17..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml +++ /dev/null @@ -1,149 +0,0 @@ -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 ZTE Corporation Intellectual Property. All rights reserved. -# Modifications 2023 Deutsche Telekom -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration. -################################################################# -global: - nodePortPrefixExt: 302 - msbProtocol: http - msbServiceName: msb-iag - msbPort: 80 - postgres: - localCluster: false - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/holmes/rule-management:12.0.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 - -################################################################# -# Secrets metaconfig -################################################################# -secrets: -- uid: pg-user-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.pgConfig.dbUserCredsExternalSecret) . }}' - login: '{{ .Values.config.pgConfig.dbUser }}' - password: '{{ .Values.config.pgConfig.dbUserPassword }}' - -# application configuration -config: - logstashServiceName: log-ls - logstashPort: 5044 - # Addresses of other ONAP entities - address: - consul: - host: consul-server - port: 8500 - pgConfig: - dbName: defaultName - dbHost: defaultHost - dbPort: 1234 - dbUser: admin - dbUserPassword: admin - # dbUserCredsExternalSecret - -service: - type: NodePort - name: holmes-rule-mgmt - ports: - - name: http-rest - port: &svc_port 9101 - nodePort: 92 - - name: http-ui - port: &ui_port 9104 - nodePort: 93 - annotations: - msb.onap.org/service-info: | - {{ if .Values.global.msbEnabled -}}[ - { - "serviceName": "holmes-rule-mgmt", - "version": "v1", - "url": "/api/holmes-rule-mgmt/v1", - "path":"/api/holmes-rule-mgmt/v1", - "protocol": "REST", - "visualRange":"0|1", - "port": "9101", - "enable_ssl": false - } - ]{{ end }} - -ingress: - enabled: false - service: - - baseaddr: "holmes-rule-mgmt" - name: "holmes-rule-mgmt" - path: "/api/holmes-rule-mgmt/v1" - port: *svc_port - - baseaddr: "holmes-rule-mgmt-ui" - name: "holmes-rule-mgmt" - path: "/iui/holmes" - port: *ui_port - config: - ssl: "redirect" - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - port: *svc_port - periodSeconds: 10 - path: /api/holmes-rule-mgmt/v1/healthcheck - enabled: true - scheme: HTTP - -readiness: - initialDelaySeconds: 30 - port: *svc_port - periodSeconds: 30 - path: /api/holmes-rule-mgmt/v1/healthcheck - scheme: HTTP - -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "1Gi" - unlimited: {} - -readinessCheck: - wait_for_global: - jobs: - - '{{ include "common.release" . }}-holmes-postgres-init-config-job' - wait_for_local: - services: - - '{{ .Values.global.postgres.service.name2 }}' - -#Pods Service Account -serviceAccount: - nameOverride: holmes-rule-mgmt - roles: - - read diff --git a/kubernetes/holmes/values.yaml b/kubernetes/holmes/values.yaml deleted file mode 100644 index 4ede9a15fd..0000000000 --- a/kubernetes/holmes/values.yaml +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 - #Service Names of the postgres db to connect to. - #Override it to dbc-pg if localCluster is enabled. - postgres: - #This flag allows SO to instantiate its own mariadb-galera cluster - #When changing it to "true", also set "globalCluster: false" - #as the dependency check will not work otherwise (Chart.yaml) - localCluster: false - globalCluster: true - service: - name: pgset - name2: &postgres tcp-pgset-primary - name3: tcp-pgset-replica - container: - name: postgres -secrets: -- uid: pg-root-pass - name: &pgRootPassSecretName '{{ include "common.release" . }}-holmes-pg-root-pass' - type: password - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "holmes-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' - password: '{{ .Values.postgres.config.pgRootPassword }}' -- uid: pg-user-creds - name: &pgUserCredsSecretName '{{ include "common.release" . }}-holmes-pg-user-creds' - type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "holmes-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' - login: '{{ .Values.postgres.config.pgUserName }}' - password: '{{ .Values.postgres.config.pgUserPassword }}' - passwordPolicy: generate - -################################################################# -# Application configuration defaults. -################################################################# -pullPolicy: IfNotPresent - -config: - logstashServiceName: log-ls - logstashPort: 5044 - -# application configuration override for postgres -postgres: - nameOverride: holmes-pg - service: - name: holmes-postgres - name2: &dbHost holmes-postgres-primary - name3: holmes-postgres-replica - container: - name: - primary: holmes-postgres-primary - replica: holmes-postgres-replica - config: - pgUserName: holmes - pgDatabase: &dbName holmes - pgUserExternalSecret: *pgUserCredsSecretName - pgRootPasswordExternalSecret: *pgRootPassSecretName - pgPort: &dbPort "5432" - persistence: - mountSubPath: holmes/data - mountInitPath: holmes - -postgres-init: - nameOverride: holmes-postgres-init - config: - pgUserName: holmes - pgDatabase: *dbName - pgDataPath: data - pgUserExternalSecret: *pgUserCredsSecretName - # pgPrimaryPassword: password - # pgUserPassword: password - # pgRootPassword: password - serviceAccount: - nameOverride: holmes-postgres-init - -holmes-engine-mgmt: - config: - pgConfig: - dbName: *dbName - # dbHost: *dbHost - dbHost: *postgres - dbPort: *dbPort - dbUserCredsExternalSecret: *pgUserCredsSecretName - -holmes-rule-mgmt: - config: - pgConfig: - dbName: *dbName - # dbHost: *dbHost - dbHost: *postgres - dbPort: *dbPort - dbUserCredsExternalSecret: *pgUserCredsSecretName - -# Resource Limit flavor -By Default using small -flavor: small diff --git a/kubernetes/modeling/Chart.yaml b/kubernetes/modeling/Chart.yaml deleted file mode 100644 index 72e6b880d2..0000000000 --- a/kubernetes/modeling/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Modeling (Modeling) -name: modeling -version: 13.0.0 - -dependencies: - - name: modeling-etsicatalog - version: ~13.x-0 - repository: 'file://components/modeling-etsicatalog' diff --git a/kubernetes/modeling/Makefile b/kubernetes/modeling/Makefile deleted file mode 100644 index 08ed7cb9da..0000000000 --- a/kubernetes/modeling/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/modeling/components/Makefile b/kubernetes/modeling/components/Makefile deleted file mode 100644 index 9544d70f33..0000000000 --- a/kubernetes/modeling/components/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/modeling/components/modeling-etsicatalog/.helmignore b/kubernetes/modeling/components/modeling-etsicatalog/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/modeling/components/modeling-etsicatalog/Chart.yaml b/kubernetes/modeling/components/modeling-etsicatalog/Chart.yaml deleted file mode 100644 index 80db5cc8b9..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Modeling - Etsicatalog -name: modeling-etsicatalog -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: mariadb-galera - version: ~13.x-0 - repository: '@local' - condition: global.mariadbGalera.localCluster - - name: mariadb-init - version: ~13.x-0 - repository: '@local' - condition: global.mariadbGalera.globalCluster - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 0bc14ea908..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,41 +0,0 @@ -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.logstashServiceName}}:{{.Values.config.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml deleted file mode 100644 index 5ac5fefe92..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml +++ /dev/null @@ -1,54 +0,0 @@ -version: 1 -disable_existing_loggers: False - -loggers: - catalog: - handlers: [cataloglocal_handler, catalog_handler] - level: "DEBUG" - propagate: False - django: - handlers: [django_handler] - level: "DEBUG" - propagate: False - tosca: - handlers: [cataloglocal_handler, catalog_handler] - level: "DEBUG" - propagate: False -handlers: - cataloglocal_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/runtime_catalog.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 - catalog_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/modeling/etsicatalog/runtime_catalog.log" - formatter: - "mdcFormat" - maxBytes: 52428800 - backupCount: 10 - django_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/django.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 -formatters: - standard: - format: - "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s" - mdcFormat: - format: - "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml deleted file mode 100644 index fc16d8c0a0..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/server/*").AsConfig . | indent 2 }} ---- -{{ include "common.log.configMap" . }} diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml deleted file mode 100644 index fbe3e0ca07..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - initContainers: - - command: - - /app/ready.py - args: -{{- if .Values.global.mariadbGalera.localCluster }} - - --service-name - - {{ index .Values "mariadb-galera" "service" "name" }} -{{- else }} - - --job-name - - {{ include "common.release" . }}-etsicatalog-db-config-job -{{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - {{ if .Values.config.msb_enabled }} - {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - {{ end }} - - command: - - /bin/sh - - -c - - chown -R 1000:1000 /service/modeling/etsicatalog/static - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-init - volumeMounts: - - name: {{ include "common.fullname" . }}-etsicatalog - mountPath: /service/modeling/etsicatalog/static - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - {{- if and (include "common.needTLS" .) (eq .Values.config.ssl_enabled true) }} - - name: SSL_ENABLED - value: "true" - {{- else }} - - name: SSL_ENABLED - value: "false" - {{- end }} - - name: MSB_ENABLED - value: "{{ .Values.config.msb_enabled }}" - {{- if (include "common.needTLS" .) }} - - name: MSB_ADDR - value: "{{ .Values.config.msbProtocol }}s://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}" - - name: SDC_ADDR - value: "{{ .Values.config.sdcProtocol }}s://{{ .Values.config.sdcServiceName }}:{{ .Values.config.sdcPort }}" - {{- else }} - - name: MSB_ADDR - value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPlainPort }}" - - name: SDC_ADDR - value: "{{ .Values.config.sdcProtocol }}://{{ .Values.config.sdcServiceName }}:{{ .Values.config.sdcPlainPort }}" - {{- end }} - - name: DMAAP_ENABLED - value: "{{ .Values.config.dmaap_enabled }}" - - name: DMAAP_ADDR - value: "{{ .Values.config.dmaapProtocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.config.dmaapServiceName }}:{{ .Values.config.dmaapPort }}" - - name: DB_IP - value: "{{ include "common.mariadbService" . }}" - - name: DB_PORT - value: "{{ include "common.mariadbPort" . }}" - - name: DB_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "login") | indent 12 }} - - name: DB_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "password") | indent 12 }} - volumeMounts: - - name: {{ include "common.fullname" . }}-etsicatalog - mountPath: /service/modeling/etsicatalog/static - - name: {{ include "common.fullname" . }}-logs - mountPath: {{ .Values.log.path }} - - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/modeling/etsicatalog/config/log.yml - subPath: log.yml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - {{ include "common.log.sidecar" . | nindent 8 }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-etsicatalog - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-logconfig - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - - {{ include "common.log.volumes" . | nindent 8 }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/pv.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/pv.yaml deleted file mode 100644 index d672025068..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/templates/pv.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/pvc.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/pvc.yaml deleted file mode 100644 index e04a0b3ed3..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/templates/pvc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}} diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml deleted file mode 100644 index 8bfebf1679..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{/*# Copyright (c) 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml deleted file mode 100644 index 688c04b06c..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "parser", - "version": "v1", - "url": "/api/parser/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, - "visualRange":"1" - }, - { - "serviceName": "catalog", - "version": "v1", - "url": "/api/catalog/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, - "visualRange":"1" - }, - { - "serviceName": "nsd", - "version": "v1", - "url": "/api/nsd/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, - "visualRange":"1" - }, - { - "serviceName": "vnfpkgm", - "version": "v1", - "url": "/api/vnfpkgm/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml deleted file mode 100644 index 83cfde8a7b..0000000000 --- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml +++ /dev/null @@ -1,203 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - - persistence: - mountPath: /dockerdata-nfs - - mariadbGalera: - # flag to enable the DB creation via mariadb-operator - useOperator: true - #This flag allows SO to instantiate its own mariadb-galera cluster - #When changing it to "true", also set "globalCluster: false" - #as the dependency check will not work otherwise (Chart.yaml) - localCluster: false - globalCluster: true - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - - centralizedLoggingEnabled: true - -readinessCheck: - wait_for: - services: - - msb-iag - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: modeling-db-secret - name: &dbSecretName '{{ include "common.release" . }}-modeling-db-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.db.userPassword }}' - -################################################################# -# Dependencies configuration -################################################################# - -mariadb-galera: - db: - user: &dbUser etsicatalog - externalSecret: *dbSecretName - name: &mysqlDbName etsicatalog - nameOverride: &modeling-db modeling-db - service: - name: *modeling-db - internalPort: 3306 - nfsprovisionerPrefix: modeling - persistence: - mountSubPath: modeling/data - enabled: true - disableNfsProvisioner: true - serviceAccount: - nameOverride: *modeling-db - replicaCount: 1 - mariadbOperator: - galera: - enabled: false - -mariadb-init: - config: - userCredentialsExternalSecret: *dbSecretName - mysqlDatabase: *mysqlDbName - # nameOverride should be the same with common.name - nameOverride: etsicatalog-db - serviceAccount: - nameOverride: etsicatalog-db - -################################################################# -# Application configuration defaults. -################################################################# -config: - #application configuration about msb - ssl_enabled: false - msb_enabled: false - msbProtocol: http - msbServiceName: msb-iag - msbPort: 443 - msbPlainPort: 80 - sdcProtocol: http - sdcServiceName: sdc-be - sdcPort: 8443 - sdcPlainPort: 8080 - dmaap_enabled: false - dmaapProtocol: http - dmaapServiceName: message-router-external - dmaapPort: 3905 - - #application configuration user password about mariadb - db: - userName: *dbUser - # userPassword: password - # userCredentialsExternalSecret: some-secret - -# application image -flavor: small - -image: onap/modeling/etsicatalog:1.0.14 -pullPolicy: Always - -#Istio sidecar injection policy -istioSidecar: true - -# flag to enable debugging - application support required -debugEnabled: false - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -## Persist data to a persitent volume -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: modeling/etsicatalog - -service: - type: ClusterIP - name: modeling-etsicatalog - portName: http - externalPort: 8806 - internalPort: 8806 -# nodePort: 30806 - -ingress: - enabled: false - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "200m" - memory: "500Mi" - requests: - cpu: "100m" - memory: "200Mi" - large: - limits: - cpu: "400m" - memory: "1Gi" - requests: - cpu: "200m" - memory: "500Mi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: modeling-etsicatalog - roles: - - read - -#Log configuration -log: - path: /var/log/onap diff --git a/kubernetes/modeling/values.yaml b/kubernetes/modeling/values.yaml deleted file mode 100644 index 0a1aec01cc..0000000000 --- a/kubernetes/modeling/values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -global: - persistence: - mountPath: /dockerdata-nfs - -# application configuration -config: - logstashServiceName: log-ls - logstashPort: 5044 diff --git a/kubernetes/msb/Chart.yaml b/kubernetes/msb/Chart.yaml deleted file mode 100644 index 67db10be70..0000000000 --- a/kubernetes/msb/Chart.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 ZTE -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP MicroServices Bus -name: msb -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: kube2msb - version: ~13.x-0 - repository: 'file://components/kube2msb' - - name: msb-consul - version: ~13.x-0 - repository: 'file://components/msb-consul' - - name: msb-discovery - version: ~13.x-0 - repository: 'file://components/msb-discovery' - - name: msb-eag - version: ~13.x-0 - repository: 'file://components/msb-eag' - - name: msb-iag - version: ~13.x-0 - repository: 'file://components/msb-iag' - diff --git a/kubernetes/msb/Makefile b/kubernetes/msb/Makefile deleted file mode 100644 index 08ed7cb9da..0000000000 --- a/kubernetes/msb/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/msb/components/Makefile b/kubernetes/msb/components/Makefile deleted file mode 100644 index 9544d70f33..0000000000 --- a/kubernetes/msb/components/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/msb/components/kube2msb/.helmignore b/kubernetes/msb/components/kube2msb/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/msb/components/kube2msb/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/msb/components/kube2msb/Chart.yaml b/kubernetes/msb/components/kube2msb/Chart.yaml deleted file mode 100644 index 2e823e69b8..0000000000 --- a/kubernetes/msb/components/kube2msb/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v2 -description: ONAP MicroServices Bus Kube2MSB Registrator -name: kube2msb -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/msb/components/kube2msb/templates/deployment.yaml b/kubernetes/msb/components/kube2msb/templates/deployment.yaml deleted file mode 100644 index b83d4c9d99..0000000000 --- a/kubernetes/msb/components/kube2msb/templates/deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - serviceAccountName: msb - initContainers: - - command: - - /app/ready.py - args: - - --service-name - - msb-discovery - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: KUBE_MASTER_URL - value: {{ .Values.config.kubeMasterUrl }} - - name: MSB_URL - value: {{tpl $.Values.config.discoveryUrl .}} - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/msb/components/kube2msb/values.yaml b/kubernetes/msb/components/kube2msb/values.yaml deleted file mode 100644 index bdc7c06b3b..0000000000 --- a/kubernetes/msb/components/kube2msb/values.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/oom/kube2msb:1.2.6 -pullPolicy: Always -istioSidecar: true - -# application configuration -config: - routeLabels: "visualRange:1" - kubeMasterUrl: https://kubernetes.default:443 - discoveryUrl: http://msb-discovery.{{include "common.namespace" .}}:10081 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: {} - -readiness: {} - -service: {} - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "1" - memory: "500Mi" - requests: - cpu: "0.5" - memory: "500Mi" - large: - limits: - cpu: "2" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - unlimited: {} diff --git a/kubernetes/msb/components/msb-consul/.helmignore b/kubernetes/msb/components/msb-consul/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/msb/components/msb-consul/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/msb/components/msb-consul/Chart.yaml b/kubernetes/msb/components/msb-consul/Chart.yaml deleted file mode 100644 index 356ca84972..0000000000 --- a/kubernetes/msb/components/msb-consul/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v2 -description: ONAP MicroServices Bus Consul -name: msb-consul -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh deleted file mode 100755 index 18692d8afa..0000000000 --- a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/sh - -#!/usr/bin/dumb-init /bin/sh -# As of docker 1.13, using docker run --init achieves the same outcome than dumb-init. - -set -e -set -x - -CONSUL_BIND= -if [ -n "$CONSUL_BIND_INTERFACE" ]; then - CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1) - if [ -z "$CONSUL_BIND_ADDRESS" ]; then - echo "Could not find IP for interface '$CONSUL_BIND_INTERFACE', exiting" - exit 1 - fi - - CONSUL_BIND="-bind=$CONSUL_BIND_ADDRESS" - echo "==> Found address '$CONSUL_BIND_ADDRESS' for interface '$CONSUL_BIND_INTERFACE', setting bind option..." -fi - -# You can set CONSUL_CLIENT_INTERFACE to the name of the interface you'd like to -# bind client intefaces (HTTP, DNS, and RPC) to and this will look up the IP and -# pass the proper -client= option along to Consul. -CONSUL_CLIENT= -if [ -n "$CONSUL_CLIENT_INTERFACE" ]; then - CONSUL_CLIENT_ADDRESS=$(ip -o -4 addr list $CONSUL_CLIENT_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1) - if [ -z "$CONSUL_CLIENT_ADDRESS" ]; then - echo "Could not find IP for interface '$CONSUL_CLIENT_INTERFACE', exiting" - exit 1 - fi - - CONSUL_CLIENT="-client=$CONSUL_CLIENT_ADDRESS" - echo "==> Found address '$CONSUL_CLIENT_ADDRESS' for interface '$CONSUL_CLIENT_INTERFACE', setting client option..." -fi - -# CONSUL_DATA_DIR is exposed as a volume for possible persistent storage. The -# CONSUL_CONFIG_DIR isn't exposed as a volume but you can compose additional -# config files in there if you use this image as a base, or use CONSUL_LOCAL_CONFIG -# below. -CONSUL_DATA_DIR=/consul/data -CONSUL_CONFIG_DIR=/consul/config - -# You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some -# Consul configuration JSON without having to bind any volumes. -if [ -n "$CONSUL_LOCAL_CONFIG" ]; then - echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json" -fi - -# If the user is trying to run Consul directly with some arguments, then -# pass them to Consul. -if echo "$1" | grep '^-' >/dev/null; then - set -- consul "$@" -fi - -# Look for Consul subcommands. -if [ "$1" = 'agent' ]; then - shift - set -- consul agent \ - -data-dir="$CONSUL_DATA_DIR" \ - -config-dir="$CONSUL_CONFIG_DIR" \ - $CONSUL_BIND \ - $CONSUL_CLIENT \ - "$@" -elif [ "$1" = 'version' ]; then - # This needs a special case because there's no help output. - set -- consul "$@" -elif consul --help "$1" 2>&1 | grep -q "consul $1"; then - # We can't use the return code to check for the existence of a subcommand, so - # we have to use grep to look for a pattern in the help output. - set -- consul "$@" -fi - -# If we are running Consul, make sure it executes as the proper user. -if [ "$1" = 'consul' ]; then - # If the data or config dirs are bind mounted then chown them. - # Note: This checks for root ownership as that's the most common case. - if [ "$(stat -c %u /consul/data)" != "$(id -u consul)" ]; then - chown consul:consul /consul/data - fi - if [ "$(stat -c %u /consul/config)" != "$(id -u consul)" ]; then - chown consul:consul /consul/config - fi - - # If requested, set the capability to bind to privileged ports before - # we drop to the non-root user. Note that this doesn't work with all - # storage drivers (it won't work with AUFS). - if [ ! -z ${CONSUL_ALLOW_PRIVILEGED_PORTS+x} ]; then - setcap "cap_net_bind_service=+ep" /bin/consul - fi - -# Instead of using this we run our pod as a non-root user. -# set -- su-exec consul:consul "$@" -fi - -exec "$@" diff --git a/kubernetes/msb/components/msb-consul/templates/NOTES.txt b/kubernetes/msb/components/msb-consul/templates/NOTES.txt deleted file mode 100644 index e0cea22074..0000000000 --- a/kubernetes/msb/components/msb-consul/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/msb/components/msb-consul/templates/deployment.yaml b/kubernetes/msb/components/msb-consul/templates/deployment.yaml deleted file mode 100644 index d229590da0..0000000000 --- a/kubernetes/msb/components/msb-consul/templates/deployment.yaml +++ /dev/null @@ -1,89 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - command: - - docker-entrypoint.sh - args: - - "agent" - - "-dev" - - "-client" - - "0.0.0.0" - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - volumeMounts: - - mountPath: /usr/local/bin/docker-entrypoint.sh - name: entrypoint - subPath: docker-entrypoint.sh - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: entrypoint - configMap: - name: {{ include "common.fullname" . }}-entrypoint - defaultMode: 0777 - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/msb/components/msb-consul/templates/ingress.yaml b/kubernetes/msb/components/msb-consul/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/msb/components/msb-consul/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/msb/components/msb-consul/templates/service.yaml b/kubernetes/msb/components/msb-consul/templates/service.yaml deleted file mode 100644 index af735b6e74..0000000000 --- a/kubernetes/msb/components/msb-consul/templates/service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: http-{{ .Values.service.name }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: http-{{ .Values.service.name }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/msb/components/msb-consul/values.yaml b/kubernetes/msb/components/msb-consul/values.yaml deleted file mode 100644 index 37ccf988d8..0000000000 --- a/kubernetes/msb/components/msb-consul/values.yaml +++ /dev/null @@ -1,95 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: library/consul:1.4.3 -pullPolicy: Always -istioSidecar: true - -# application configuration -config: {} - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: msb-consul - externalPort: 8500 - internalPort: 8500 - nodePort: 85 - -ingress: - enabled: false - service: - - baseaddr: "msb-consul-api" - name: "msb-consul" - port: 8500 - config: - ssl: "none" - -flavor: small - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "1" - memory: "500Mi" - requests: - cpu: "0.5" - memory: "500Mi" - large: - limits: - cpu: "2" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - unlimited: {} - -securityContext: - fsGroup: 1000 - runAsUser: 100 - runAsGroup: 1000 - -#Pods Service Account -serviceAccount: - nameOverride: msb-consul - roles: - - read diff --git a/kubernetes/msb/components/msb-discovery/.helmignore b/kubernetes/msb/components/msb-discovery/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/msb/components/msb-discovery/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/msb/components/msb-discovery/Chart.yaml b/kubernetes/msb/components/msb-discovery/Chart.yaml deleted file mode 100644 index 545bc0082a..0000000000 --- a/kubernetes/msb/components/msb-discovery/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v2 -description: ONAP MicroServices Bus Discovery -name: msb-discovery -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/msb/components/msb-discovery/resources/config/logback.xml b/kubernetes/msb/components/msb-discovery/resources/config/logback.xml deleted file mode 100644 index 174a6c5f9b..0000000000 --- a/kubernetes/msb/components/msb-discovery/resources/config/logback.xml +++ /dev/null @@ -1,138 +0,0 @@ -<!--# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. --> -<configuration scan="false" debug="true"> - <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> - <property name="p_lvl" value="%level"/> - <property name="p_log" value="%logger"/> - <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> - <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_thr" value="%thread"/> - <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> - - <property name="logDir" value="/var/log/onap" /> - <property name="debugDir" value="/var/log/onap" /> - - <property name="componentName" value="msb"></property> - <property name="subComponentName" value="msb-discovery"></property> - - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - - <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - - <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" /> - <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" /> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> - - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>${errorPattern}</pattern> - </encoder> - </appender> - - <appender name="EELFAudit" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <encoder> - <pattern>${auditPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - - <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <encoder> - <pattern>${metricPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFMetrics"/> - </appender> - - <appender name="EELFError" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - <encoder> - <pattern>${errorPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFError"/> - </appender> - - <appender name="EELFDebug" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${debugLogDirectory}/${debugLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <encoder> - <pattern>${debugPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - - <logger name="com.att.eelf.audit" level="info" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - - <logger name="com.att.eelf.metrics" level="info" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - - <logger name="com.att.eelf.error" level="debug" additivity="false"> - <appender-ref ref="asyncEELFError" /> - </logger> - - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - <appender-ref ref="STDOUT" /> - </root> - -</configuration> - diff --git a/kubernetes/msb/components/msb-discovery/templates/NOTES.txt b/kubernetes/msb/components/msb-discovery/templates/NOTES.txt deleted file mode 100644 index e0cea22074..0000000000 --- a/kubernetes/msb/components/msb-discovery/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/msb/components/msb-discovery/templates/configmap.yaml b/kubernetes/msb/components/msb-discovery/templates/configmap.yaml deleted file mode 100644 index 33c77e5eae..0000000000 --- a/kubernetes/msb/components/msb-discovery/templates/configmap.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/msb/components/msb-discovery/templates/deployment.yaml b/kubernetes/msb/components/msb-discovery/templates/deployment.yaml deleted file mode 100644 index 4f286535dc..0000000000 --- a/kubernetes/msb/components/msb-discovery/templates/deployment.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - initContainers: - - command: - - /app/ready.py - args: - - --service-name - - msb-consul - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: CONSUL_IP - value: msb-consul.{{ include "common.namespace" . }} - volumeMounts: - - mountPath: /usr/local/discover-works/logs - name: {{ include "common.fullname" . }}-logs - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # Filebeat sidecar container - {{ include "common.log.sidecar" . | nindent 8 }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/msb/components/msb-discovery/templates/ingress.yaml b/kubernetes/msb/components/msb-discovery/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/msb/components/msb-discovery/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/msb/components/msb-discovery/templates/service.yaml b/kubernetes/msb/components/msb-discovery/templates/service.yaml deleted file mode 100644 index af735b6e74..0000000000 --- a/kubernetes/msb/components/msb-discovery/templates/service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: http-{{ .Values.service.name }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: http-{{ .Values.service.name }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/msb/components/msb-discovery/values.yaml b/kubernetes/msb/components/msb-discovery/values.yaml deleted file mode 100644 index b8c361a296..0000000000 --- a/kubernetes/msb/components/msb-discovery/values.yaml +++ /dev/null @@ -1,95 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/msb/msb_discovery:1.3.0 -pullPolicy: Always -istioSidecar: true - -# application configuration -config: {} - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: msb-discovery - externalPort: 10081 - internalPort: 10081 - nodePort: 81 - -ingress: - enabled: false - service: - - baseaddr: "msb-discovery-api" - name: "msb-discovery" - port: 10081 - config: - ssl: "none" - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "500Mi" - requests: - cpu: "0.5" - memory: "500Mi" - large: - limits: - cpu: "2" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: msb-discovery - roles: - - read - -#Logs configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/msb/components/msb-eag/.helmignore b/kubernetes/msb/components/msb-eag/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/msb/components/msb-eag/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/msb/components/msb-eag/Chart.yaml b/kubernetes/msb/components/msb-eag/Chart.yaml deleted file mode 100644 index d42c99388d..0000000000 --- a/kubernetes/msb/components/msb-eag/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v2 -description: ONAP MicroServices Bus Internal API Gateway -name: msb-eag -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/msb/components/msb-eag/resources/config/logback.xml b/kubernetes/msb/components/msb-eag/resources/config/logback.xml deleted file mode 100644 index 472d8ce735..0000000000 --- a/kubernetes/msb/components/msb-eag/resources/config/logback.xml +++ /dev/null @@ -1,138 +0,0 @@ -<!--# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. --> -<configuration scan="false" debug="true"> - <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> - <property name="p_lvl" value="%level"/> - <property name="p_log" value="%logger"/> - <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> - <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_thr" value="%thread"/> - <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> - - <property name="logDir" value="/var/log/onap" /> - <property name="debugDir" value="/var/log/onap" /> - - <property name="componentName" value="msb"></property> - <property name="subComponentName" value="msb-eag"></property> - - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - - <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - - <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" /> - <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" /> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> - - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>${errorPattern}</pattern> - </encoder> - </appender> - - <appender name="EELFAudit" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <encoder> - <pattern>${auditPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - - <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <encoder> - <pattern>${metricPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFMetrics"/> - </appender> - - <appender name="EELFError" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - <encoder> - <pattern>${errorPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFError"/> - </appender> - - <appender name="EELFDebug" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${debugLogDirectory}/${debugLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <encoder> - <pattern>${debugPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - - <logger name="com.att.eelf.audit" level="info" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - - <logger name="com.att.eelf.metrics" level="info" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - - <logger name="com.att.eelf.error" level="debug" additivity="false"> - <appender-ref ref="asyncEELFError" /> - </logger> - - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - <appender-ref ref="STDOUT" /> - </root> - -</configuration> - diff --git a/kubernetes/msb/components/msb-eag/templates/NOTES.txt b/kubernetes/msb/components/msb-eag/templates/NOTES.txt deleted file mode 100644 index e0cea22074..0000000000 --- a/kubernetes/msb/components/msb-eag/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml deleted file mode 100644 index da2afc3bfc..0000000000 --- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml +++ /dev/null @@ -1,96 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --service-name - - msb-discovery - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{- include "common.containerPorts" . | indent 10 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: CONSUL_IP - value: msb-consul.{{ include "common.namespace" . }} - - name: SDCLIENT_IP - value: msb-discovery.{{ include "common.namespace" . }} - - name: ROUTE_LABELS - value: {{ .Values.config.routeLabels }} - volumeMounts: - - mountPath: /usr/local/apiroute-works/logs - name: {{ include "common.fullname" . }}-logs - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - # side car containers - {{ include "common.log.sidecar" . | nindent 8 }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/msb/components/msb-eag/templates/ingress.yaml b/kubernetes/msb/components/msb-eag/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/msb/components/msb-eag/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/msb/components/msb-eag/templates/service.yaml b/kubernetes/msb/components/msb-eag/templates/service.yaml deleted file mode 100644 index eeeafc15fc..0000000000 --- a/kubernetes/msb/components/msb-eag/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml deleted file mode 100644 index 49f0be78f5..0000000000 --- a/kubernetes/msb/components/msb-eag/values.yaml +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/msb/msb_apigateway:1.6.0 -pullPolicy: Always -istioSidecar: true - -# application configuration -config: - routeLabels: "visualRange:0" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: NodePort - name: msb-eag - # for liveness and readiness probe only - # internalPort: - internalPort: 80 - ports: - - name: msb-eag - port: 80 - port_protocol: http - nodePort: '84' - -ingress: - enabled: false - service: - - baseaddr: "msb-eag-ui" - name: "msb-eag" - port: 80 - config: - ssl: "redirect" - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "500Mi" - requests: - cpu: "0.5" - memory: "500Mi" - large: - limits: - cpu: "2" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: msb-eag - roles: - - read - -#Logs configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/msb/components/msb-iag/.helmignore b/kubernetes/msb/components/msb-iag/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/msb/components/msb-iag/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/msb/components/msb-iag/Chart.yaml b/kubernetes/msb/components/msb-iag/Chart.yaml deleted file mode 100644 index 50fa020c8b..0000000000 --- a/kubernetes/msb/components/msb-iag/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v2 -description: ONAP MicroServices Bus Internal API Gateway -name: msb-iag -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/msb/components/msb-iag/resources/config/logback.xml b/kubernetes/msb/components/msb-iag/resources/config/logback.xml deleted file mode 100644 index a93d4ec56f..0000000000 --- a/kubernetes/msb/components/msb-iag/resources/config/logback.xml +++ /dev/null @@ -1,138 +0,0 @@ -<!--# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. --> -<configuration scan="false" debug="true"> - <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> - <property name="p_lvl" value="%level"/> - <property name="p_log" value="%logger"/> - <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/> - <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> - <property name="p_thr" value="%thread"/> - <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> - - <property name="logDir" value="/var/log/onap" /> - <property name="debugDir" value="/var/log/onap" /> - - <property name="componentName" value="msb"></property> - <property name="subComponentName" value="msb-iag"></property> - - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - - <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" /> - - <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" /> - <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" /> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> - - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>${errorPattern}</pattern> - </encoder> - </appender> - - <appender name="EELFAudit" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <encoder> - <pattern>${auditPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - - <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <encoder> - <pattern>${metricPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFMetrics"/> - </appender> - - <appender name="EELFError" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - <encoder> - <pattern>${errorPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFError"/> - </appender> - - <appender name="EELFDebug" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${debugLogDirectory}/${debugLogName}.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern> - </rollingPolicy> - <encoder> - <pattern>${debugPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - - <logger name="com.att.eelf.audit" level="info" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - - <logger name="com.att.eelf.metrics" level="info" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - - <logger name="com.att.eelf.error" level="debug" additivity="false"> - <appender-ref ref="asyncEELFError" /> - </logger> - - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - <appender-ref ref="STDOUT" /> - </root> - -</configuration> - diff --git a/kubernetes/msb/components/msb-iag/templates/NOTES.txt b/kubernetes/msb/components/msb-iag/templates/NOTES.txt deleted file mode 100644 index e0cea22074..0000000000 --- a/kubernetes/msb/components/msb-iag/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/msb/components/msb-iag/templates/configmap.yaml b/kubernetes/msb/components/msb-iag/templates/configmap.yaml deleted file mode 100644 index 7214c8a95f..0000000000 --- a/kubernetes/msb/components/msb-iag/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml deleted file mode 100644 index da2afc3bfc..0000000000 --- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml +++ /dev/null @@ -1,96 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --service-name - - msb-discovery - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{- include "common.containerPorts" . | indent 10 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: CONSUL_IP - value: msb-consul.{{ include "common.namespace" . }} - - name: SDCLIENT_IP - value: msb-discovery.{{ include "common.namespace" . }} - - name: ROUTE_LABELS - value: {{ .Values.config.routeLabels }} - volumeMounts: - - mountPath: /usr/local/apiroute-works/logs - name: {{ include "common.fullname" . }}-logs - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - # side car containers - {{ include "common.log.sidecar" . | nindent 8 }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/msb/components/msb-iag/templates/ingress.yaml b/kubernetes/msb/components/msb-iag/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/msb/components/msb-iag/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/msb/components/msb-iag/templates/service.yaml b/kubernetes/msb/components/msb-iag/templates/service.yaml deleted file mode 100644 index eeeafc15fc..0000000000 --- a/kubernetes/msb/components/msb-iag/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml deleted file mode 100644 index 19b500a62c..0000000000 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/msb/msb_apigateway:1.6.0 -pullPolicy: Always -istioSidecar: true - -# application configuration -config: - routeLabels: "visualRange:1" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: NodePort - name: msb-iag - # for liveness and readiness probe only - # internalPort: - internalPort: 80 - ports: - - name: msb-iag - port: 80 - port_protocol: http - nodePort: '83' - -ingress: - enabled: false - service: - - baseaddr: "msb-iag-ui" - name: "msb-iag" - port: 80 - config: - ssl: "redirect" - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "500Mi" - requests: - cpu: "0.5" - memory: "500Mi" - large: - limits: - cpu: "2" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: msb-iag - roles: - - read - -#Logs configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/msb/resources/config/log/discovery/logback.xml b/kubernetes/msb/resources/config/log/discovery/logback.xml deleted file mode 100644 index d590c3afbe..0000000000 --- a/kubernetes/msb/resources/config/log/discovery/logback.xml +++ /dev/null @@ -1,40 +0,0 @@ -<!--# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. --> -<?xml version="1.0" encoding="UTF-8"?> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="msb" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="discovery" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> diff --git a/kubernetes/msb/resources/config/log/eag/logback.xml b/kubernetes/msb/resources/config/log/eag/logback.xml deleted file mode 100644 index 03d2b10fe1..0000000000 --- a/kubernetes/msb/resources/config/log/eag/logback.xml +++ /dev/null @@ -1,40 +0,0 @@ -<!--# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. --> -<?xml version="1.0" encoding="UTF-8"?> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="msb" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="eag" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> diff --git a/kubernetes/msb/resources/config/log/filebeat/filebeat.yml b/kubernetes/msb/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 2ba652719f..0000000000 --- a/kubernetes/msb/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,56 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/msb/resources/config/log/iag/logback.xml b/kubernetes/msb/resources/config/log/iag/logback.xml deleted file mode 100644 index 8c89320bd0..0000000000 --- a/kubernetes/msb/resources/config/log/iag/logback.xml +++ /dev/null @@ -1,40 +0,0 @@ -<!--# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. --> -<?xml version="1.0" encoding="UTF-8"?> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="msb" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="iag" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> diff --git a/kubernetes/msb/templates/configmap.yaml b/kubernetes/msb/templates/configmap.yaml deleted file mode 100644 index 385a37f9ea..0000000000 --- a/kubernetes/msb/templates/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada , ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{ include "common.log.configMap" . }} diff --git a/kubernetes/msb/templates/serviceaccount.yaml b/kubernetes/msb/templates/serviceaccount.yaml deleted file mode 100644 index 50cbebf984..0000000000 --- a/kubernetes/msb/templates/serviceaccount.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: msb - namespace: {{ include "common.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "common.namespace" . }}-msb-binding - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: msb - namespace: {{ include "common.namespace" . }} diff --git a/kubernetes/msb/values.yaml b/kubernetes/msb/values.yaml deleted file mode 100644 index 4f1b659f1e..0000000000 --- a/kubernetes/msb/values.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - centralizedLoggingEnabled: true - -# application configuration -config: - logstashServiceName: log-ls - logstashPort: 5044 - -msb-discovery: - logConfigMapNamePrefix: '{{ include "common.release" . }}-msb' -msb-eag: - logConfigMapNamePrefix: '{{ include "common.release" . }}-msb' -msb-iag: - logConfigMapNamePrefix: '{{ include "common.release" . }}-msb' diff --git a/kubernetes/multicloud/Chart.yaml b/kubernetes/multicloud/Chart.yaml index 48a3b9631a..cecef8c2e2 100644 --- a/kubernetes/multicloud/Chart.yaml +++ b/kubernetes/multicloud/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP multicloud broker name: multicloud -version: 13.1.0 +version: 15.0.0 dependencies: - name: common @@ -35,26 +35,6 @@ dependencies: version: ~13.x-0 repository: 'file://components/multicloud-k8s' condition: multicloud-k8s.enabled - - name: multicloud-pike - version: ~13.x-0 - repository: 'file://components/multicloud-pike' - condition: multicloud-pike.enabled - - name: multicloud-prometheus - version: ~13.x-0 - repository: 'file://components/multicloud-prometheus' - condition: multicloud-prometheus.enabled - - name: multicloud-starlingx - version: ~13.x-0 - repository: 'file://components/multicloud-starlingx' - condition: multicloud-starlingx.enabled - - name: multicloud-vio - version: ~13.x-0 - repository: 'file://components/multicloud-vio' - condition: multicloud-vio.enabled - - name: multicloud-windriver - version: ~13.x-0 - repository: 'file://components/multicloud-windriver' - condition: multicloud-windriver.enabled - name: serviceAccount version: ~13.x-0 repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml index 8d50814fd0..5dc375290a 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml @@ -27,7 +27,7 @@ dependencies: # be published independently to a repo (at this point) repository: '@local' - name: mongodb - version: 14.12.3 + version: ~14.12.x-0 repository: '@local' - name: etcd version: ~13.x-0 diff --git a/kubernetes/multicloud/components/multicloud-pike/.helmignore b/kubernetes/multicloud/components/multicloud-pike/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/multicloud/components/multicloud-pike/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/multicloud/components/multicloud-pike/Chart.yaml b/kubernetes/multicloud/components/multicloud-pike/Chart.yaml deleted file mode 100644 index 74d6b8ce29..0000000000 --- a/kubernetes/multicloud/components/multicloud-pike/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright (c) 2018 Intel Corporation. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP multicloud OpenStack Pike Plugin -name: multicloud-pike -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml deleted file mode 100644 index 9c82852f79..0000000000 --- a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml +++ /dev/null @@ -1,48 +0,0 @@ -{{/* -# Copyright (c) 2018 Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -version: 1 -disable_existing_loggers: False - -loggers: - pike: - handlers: [console_handler, file_handler] - level: "DEBUG" - propagate: False - newton_base: - handlers: [console_handler, file_handler] - level: "DEBUG" - propagate: False - common: - handlers: [console_handler, file_handler] - level: "DEBUG" - propagate: False - -handlers: - console_handler: - level: "DEBUG" - class: "logging.StreamHandler" - formatter: "standard" - file_handler: - level: "DEBUG" - class: "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/multicloud/openstack/pike/pike.log" - formatter: "standard" - maxBytes: 52428800 - backupCount: 10 - -formatters: - standard: - format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-pike/templates/NOTES.txt deleted file mode 100644 index 7adeb620b5..0000000000 --- a/kubernetes/multicloud/components/multicloud-pike/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright (c) 2018 Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/configmap.yaml deleted file mode 100644 index df5f76a478..0000000000 --- a/kubernetes/multicloud/components/multicloud-pike/templates/configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -# Copyright (c) 2018 Intel Corporation. -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml deleted file mode 100644 index 1822695eab..0000000000 --- a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{/* -# Copyright (c) 2018 Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - containers: - - env: - - name: MSB_PROTO - value: "http" - - name: MSB_ADDR - value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" - - name: AAI_ADDR - value: "aai.{{ include "common.namespace" . }}" - - name: AAI_PORT - value: "{{ .Values.config.aai.aaiPort }}" - - name: AAI_SCHEMA_VERSION - value: "{{ .Values.config.aai.schemaVersion }}" - - name: AAI_USERNAME - value: "{{ .Values.config.aai.username }}" - - name: AAI_PASSWORD - value: "{{ .Values.config.aai.password }}" - - name: SSL_ENABLED - value: "false" - name: {{ include "common.name" . }} - volumeMounts: - - mountPath: "{{ .Values.log.path }}" - name: pike-log - - mountPath: /opt/pike/pike/pub/config/log.yml - name: pike-logconfig - subPath: log.yml - resources: {{ include "common.resources" . | nindent 10 }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/sh"] - args: ["-c", "/bin/sh /opt/pike/run.sh"] - ports: {{ include "common.containerPorts" . | nindent 10 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - httpGet: - path: /api/multicloud-pike/v0/swagger.json - port: {{ .Values.service.internalPort }} - scheme: HTTP - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - successThreshold: {{ .Values.liveness.successThreshold }} - failureThreshold: {{ .Values.liveness.failureThreshold }} - {{ end }} - # side car containers - {{ include "common.log.sidecar" . | nindent 6 }} - - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: memcached - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: pike-log - emptyDir: {} - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - - name: pike-logconfig - configMap: - name: {{ include "common.fullname" . }}-log-configmap - {{- include "common.imagePullSecrets" . | nindent 6 }} - restartPolicy: Always diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/ingress.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/ingress.yaml deleted file mode 100644 index bcc60a0953..0000000000 --- a/kubernetes/multicloud/components/multicloud-pike/templates/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/service.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/service.yaml deleted file mode 100644 index adbb87c70d..0000000000 --- a/kubernetes/multicloud/components/multicloud-pike/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright (c) 2018 Intel Corporation. -# Modifications Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/multicloud/components/multicloud-pike/values.yaml b/kubernetes/multicloud/components/multicloud-pike/values.yaml deleted file mode 100644 index 643daa7e3f..0000000000 --- a/kubernetes/multicloud/components/multicloud-pike/values.yaml +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright (c) 2018 Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/multicloud/openstack-pike:1.5.7 -pullPolicy: Always - -# application configuration -config: - msbgateway: msb-iag - msbPort: 80 - aai: - aaiPort: 80 - schemaVersion: v13 - username: AAI - password: AAI - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 5 - enabled: true - -service: - type: NodePort - internalPort: 9007 - ports: - - name: http - port: 9007 - nodePort: '96' - annotations: - msb.onap.org/service-info: | - {{ if .Values.global.msbEnabled -}}[ - { - "serviceName": "multicloud-pike", - "version": "v0", - "url": "/api/multicloud-pike/v0", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - }, - { - "serviceName": "multicloud-pike", - "version": "v1", - "url": "/api/multicloud-pike/v1", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - } - ]{{ end }} - -ingress: - enabled: false - service: - - baseaddr: 'multicloud-pike-api' - name: 'multicloud-pike' - port: 9007 - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "4Gi" - requests: - cpu: "10m" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "8Gi" - requests: - cpu: "20m" - memory: "2Gi" - unlimited: {} - -# memcached image resource -memcached: memcached:alpine3.15 - -#Pods Service Account -serviceAccount: - nameOverride: multicloud-pike - roles: - - read - -#Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/multicloud/components/multicloud-prometheus/Chart.yaml b/kubernetes/multicloud/components/multicloud-prometheus/Chart.yaml deleted file mode 100644 index 2ed930aa65..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/Chart.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Multicloud Prometheus -name: multicloud-prometheus -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: prometheus-alertmanager - version: ~13.x-0 - repository: 'file://components/prometheus-alertmanager' - - name: prometheus-grafana - version: ~13.x-0 - repository: 'file://components/prometheus-grafana' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/Chart.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/Chart.yaml deleted file mode 100644 index b4643db800..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Multicloud Prometheus Alert Manager -name: prometheus-alertmanager -version: 13.0.0 diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/resources/config/alertmanager.yml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/resources/config/alertmanager.yml deleted file mode 100644 index 3dd1acb5b0..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/resources/config/alertmanager.yml +++ /dev/null @@ -1,14 +0,0 @@ -global: {} - # slack_api_url: '' - -receivers: - - name: default-receiver - # slack_configs: - # - channel: '@you' - # send_resolved: true - -route: - group_wait: 10s - group_interval: 5m - receiver: default-receiver - repeat_interval: 3h
\ No newline at end of file diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/deployment.yaml deleted file mode 100644 index 185aa1e47b..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/deployment.yaml +++ /dev/null @@ -1,98 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.alertmanager.enabled -}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - name: {{ include "common.name" . }} - spec: - containers: - - name: {{ include "common.name" . }}-configmap-reload - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - args: - - --volume-dir=/etc/config - - --webhook-url=http://localhost:9093/-/reload - volumeMounts: - - name: {{ include "common.fullname" . }}-config - mountPath: /etc/config - readOnly: true - - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - args: - - --config.file=/etc/config/alertmanager.yml - - --storage.path={{ .Values.persistence.containerMountPath }} - resources: -{{ toYaml .Values.resources | indent 10 }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{- if .Values.readiness.enabled }} - readinessProbe: - httpGet: - path: /#/status - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - {{ end -}} - volumeMounts: - - name: {{ include "common.fullname" . }}-config - mountPath: /etc/config - - name: {{ include "common.fullname" . }}-storage - mountPath: {{ .Values.persistence.containerMountPath }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }} - - name: {{ include "common.fullname" . }}-storage - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - {{- include "common.imagePullSecrets" . | nindent 6 }} - restartPolicy: Always -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pv.yaml deleted file mode 100644 index aa1485da57..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pv.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.alertmanager.enabled -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pvc.yaml deleted file mode 100644 index 918d002cdb..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pvc.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.alertmanager.enabled -}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}} - -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml deleted file mode 100644 index a21ec43d9b..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.alertmanager.enabled -}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - - name: {{ .Values.service.portName }} - {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} - {{- else -}} - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - {{- end}} - protocol: TCP -{{- if .Values.service.meshpeer.enabled }} - - name: {{ .Values.service.meshpeer.portName }} - port: {{ .Values.service.meshpeer.port }} - targetPort: {{ .Values.service.meshpeer.port }} - protocol: TCP -{{- end }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/values.yaml deleted file mode 100644 index 5b48f73a45..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/values.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -#Alertmanager Configuration -image: - repository: prom/alertmanager - tag: v0.15.2 - -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: multicloud/prometheus/alertmanager - containerMountPath: /alertmanager/data - -#Service configuration for this chart -service: - type: ClusterIP - name: multicloud-prometheus-alertmanager - portName: prometheus-alertmanager - internalPort: 9093 - externalPort: 9093 - - meshpeer: - enabled: false - portName: multicloud-prometheus-meshpeer - port: 6783 - -# probe configuration parameters -readiness: - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 30 - enabled: true - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -ingress: - enabled: false - -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "4Gi" - requests: - cpu: "10m" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "8Gi" - requests: - cpu: "20m" - memory: "2Gi" - unlimited: {} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/Chart.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/Chart.yaml deleted file mode 100644 index cc89de3d26..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# Modifications Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Multicloud Grafana for Prometheus -name: prometheus-grafana -version: 13.0.0 diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/resources/config/grafana.ini b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/resources/config/grafana.ini deleted file mode 100644 index 9dc0f09cd9..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/resources/config/grafana.ini +++ /dev/null @@ -1,11 +0,0 @@ -paths: - data: /var/lib/grafana/data - logs: /var/log/grafana - plugins: /var/lib/grafana/plugins - provisioning: /etc/grafana/provisioning -analytics: - check_for_updates: true -log: - mode: console -grafana_net: - url: https://grafana.net
\ No newline at end of file diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/configmap.yaml deleted file mode 100644 index ab570896db..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/configmap.yaml +++ /dev/null @@ -1,96 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.grafana.enabled -}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{- if .Values.datasources }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboards }} - download_dashboards.sh: | - #!/usr/bin/env sh - set -euf - {{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{- range $value.providers }} - mkdir -p {{ .options.path }} - {{- end }} - {{- end }} - {{- end }} - {{- range $provider, $dashboards := .Values.dashboards }} - {{- range $key, $value := $dashboards }} - {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} - curl -sk \ - --connect-timeout 60 \ - --max-time 60 \ - -H "Accept: application/json" \ - -H "Content-Type: application/json;charset=UTF-8" \ - {{- if $value.url -}}{{ $value.url }}{{- else -}} https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download{{- end -}}{{ if $value.datasource }}| sed 's|\"datasource\":[^,]*|\"datasource\": \"{{ $value.datasource }}\"|g'{{ end }} \ - > /var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json - {{- end }} - {{- end }} - {{- end }} -{{- end }} - -{{- if .Values.dashboards }} - {{- range $provider, $dashboards := .Values.dashboards }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" $ }}-dashboards-{{ $provider }} - namespace: {{ include "common.namespace" $ }} - labels: - app: {{ include "common.name" $ }} - chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} - release: {{ include "common.release" $ }} - heritage: {{ $.Release.Service }} - dashboard-provider: {{ $provider }} -data: - {{- range $key, $value := $dashboards }} - {{- if hasKey $value "json" }} - {{ $key }}.json: | -{{ $value.json | indent 4 }} - {{- end }} - {{- end }} - {{- end }} - -{{- end }} -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/deployment.yaml deleted file mode 100644 index e578feb96d..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/deployment.yaml +++ /dev/null @@ -1,137 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.grafana.enabled -}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - name: {{ include "common.name" . }} - spec: - {{- if .Values.dashboards }} - initContainers: - - name: {{ include "common.name" . }}-download-dashboards - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["sh", "/etc/grafana/download_dashboards.sh"] - volumeMounts: - - name: {{ include "common.fullname" . }}-config - mountPath: "/etc/grafana/download_dashboards.sh" - subPath: download_dashboards.sh - - name: {{ include "common.fullname" . }}-storage - mountPath: {{ .Values.persistence.containerMountPath }} - {{- end }} - - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: -{{ toYaml .Values.resources | indent 10 }} - ports: - - containerPort: {{ .Values.service.internalPort }} - protocol: TCP - {{- if .Values.liveness.enabled }} - livenessProbe: - httpGet: - path: /api/health - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end -}} - {{- if .Values.readiness.enabled }} - readinessProbe: - httpGet: - path: /api/health - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - {{ end -}} - volumeMounts: - - name: {{ include "common.fullname" . }}-config - mountPath: "/etc/grafana/grafana.ini" - subPath: grafana.ini - - name: {{ include "common.fullname" . }}-storage - mountPath: {{ .Values.persistence.containerMountPath }} - {{- if .Values.dashboards }} - {{- range $provider, $dashboards := .Values.dashboards }} - {{- range $key, $value := $dashboards }} - {{- if hasKey $value "json" }} - - name: {{ include "common.fullname" $ }}-dashboards-{{ $provider }} - mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" - subPath: "{{ $key }}.json" - {{- end }} - {{- end }} - {{- end }} - {{- end -}} - {{- if .Values.datasources }} - - name: {{ include "common.fullname" . }}-config - mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml" - subPath: datasources.yaml - {{- end }} - {{- if .Values.dashboardProviders }} - - name: {{ include "common.fullname" . }}-config - mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml" - subPath: dashboardproviders.yaml - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }} - - name: {{ include "common.fullname" . }}-storage - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.dashboards }} - {{- range keys .Values.dashboards }} - - name: {{ include "common.fullname" $ }}-dashboards-{{ . }} - configMap: - name: {{ include "common.fullname" $ }}-dashboards-{{ . }} - {{- end }} - {{- end }} - {{- include "common.imagePullSecrets" . | nindent 6 }} - restartPolicy: Always -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pv.yaml deleted file mode 100644 index 0c7ea4b560..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pv.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.grafana.enabled -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pvc.yaml deleted file mode 100644 index 68ab6c487f..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pvc.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.grafana.enabled -}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}} - -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/service.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/service.yaml deleted file mode 100644 index 775af0afa7..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if .Values.global.grafana.enabled -}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - - name: {{ .Values.service.portName }} - {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }} - {{- else -}} - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - {{- end}} - protocol: TCP - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/values.yaml deleted file mode 100644 index 0d066bbdc7..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - persistence: {} - -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -#Alertmanager Configuration -image: - repository: grafana/grafana - tag: 5.2.4 - -downloadDashboardsImage: - repository: appropriate/curl - tag: latest - -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 10Gi - mountPath: /dockerdata-nfs - mountSubPath: multicloud/prometheus/grafana - containerMountPath: /grafana/data - -#Service configuration for this chart -service: - type: ClusterIP - name: multicloud-prometheus-grafana - portName: prometheus-grafana - internalPort: 3000 - externalPort: 3000 - -#Grafana Datasources -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Prometheus - type: prometheus - #Make sure the port number matches for the prometheus service - url: http://multicloud-prometheus:9090 - access: proxy - isDefault: true - - -#Grafana Dashboard providers -dashboardProviders: {} - -#Grafana Dashboards for importing -#This requires dashboardProviders to be enabled with some data -#The dashboards will be downloaded from the URL provided in -#dashboardProviders -dashboards: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 30 - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 30 - enabled: true - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -ingress: - enabled: false - -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "4Gi" - requests: - cpu: "10m" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "8Gi" - requests: - cpu: "20m" - memory: "2Gi" - unlimited: {} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml b/kubernetes/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml deleted file mode 100644 index 0355b48ab5..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml +++ /dev/null @@ -1,37 +0,0 @@ -global: - scrape_interval: 1m - scrape_timeout: 10s - evaluation_interval: 1m - -rule_files: - - /etc/config/rules - - /etc/config/alerts - -scrape_configs: - - job_name: prometheus - static_configs: - - targets: - - localhost:9090 - {{/* - #Add more jobs after this indent if needed - */}} - -{{- if .Values.global.alertmanager.enabled }} -alerting: - alertmanagers: - - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_namespace] - regex: {{ include "common.namespace" . }} - action: keep - - source_labels: [__meta_kubernetes_pod_label_app] - regex: prometheus - action: keep - - source_labels: [__meta_kubernetes_pod_label_component] - regex: alertmanager - action: keep - - source_labels: [__meta_kubernetes_pod_container_port_number] - regex: - action: drop -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml deleted file mode 100644 index a75ac28b2d..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-chown-init - command: ["chown", "-R", "65534:65534", "{{ .Values.persistence.containerMountPath }}"] - volumeMounts: - - name: {{ include "common.fullname" . }}-storage - mountPath: {{ .Values.persistence.containerMountPath }} - containers: - - name: {{ include "common.name" . }}-configmap-reload - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - args: - - --volume-dir=/etc/config - - --webhook-url=http://localhost:9090/-/reload - volumeMounts: - - name: {{ include "common.fullname" . }}-config - mountPath: /etc/config - readOnly: true - - - name: {{ include "common.name" . }}-server - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - args: - - --config.file=/etc/config/prometheus.yml - - --storage.tsdb.path={{ .Values.persistence.containerMountPath }} - - --web.console.libraries=/etc/prometheus/console_libraries - - --web.console.templates=/etc/prometheus/consoles - - --web.enable-lifecycle - {{- if .Values.server.enableAdminApi }} - - --web.enable-admin-api - {{- end }} - resources: -{{ toYaml .Values.resources | indent 10 }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if .Values.liveness.enabled }} - livenessProbe: - httpGet: - path: /-/healthy - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end -}} - {{- if .Values.readiness.enabled }} - readinessProbe: - httpGet: - path: /-/ready - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - {{ end -}} - volumeMounts: - - name: {{ include "common.fullname" . }}-config - mountPath: /etc/config - - name: {{ include "common.fullname" . }}-storage - mountPath: {{ .Values.persistence.containerMountPath }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }} - - name: {{ include "common.fullname" . }}-storage - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - {{- include "common.imagePullSecrets" . | nindent 6 }} - restartPolicy: Always diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/pv.yaml deleted file mode 100644 index 1b67193e7a..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/templates/pv.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/pvc.yaml deleted file mode 100644 index 77cc681743..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/templates/pvc.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/service.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/service.yaml deleted file mode 100644 index ec4e1a7011..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright 2018 Intel Corporation, Inc -# Modifications Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml deleted file mode 100644 index 20ab052169..0000000000 --- a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml +++ /dev/null @@ -1,108 +0,0 @@ -# Copyright 2018 Intel Corporation, Inc -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - alertmanager: - enabled: false - grafana: - enabled: false - configmapReload: - image: - repository: jimmidyson/configmap-reload - tag: v0.2.2 - persistence: {} - -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -#Server Configuration -image: - repository: prom/prometheus - tag: v2.4.0 - -server: - enableAdminApi: false - -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 8Gi - mountPath: /dockerdata-nfs - mountSubPath: multicloud/prometheus/server - containerMountPath: /prometheus/data - -#Service configuration for this chart -service: - type: ClusterIP - internalPort: 9090 - ports: - - name: http - port: 9090 - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 30 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 30 - timeoutSeconds: 30 - enabled: true - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -ingress: - enabled: false - -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "4Gi" - requests: - cpu: "10m" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "8Gi" - requests: - cpu: "20m" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: multicloud-prometheus - roles: - - read diff --git a/kubernetes/multicloud/components/multicloud-starlingx/.helmignore b/kubernetes/multicloud/components/multicloud-starlingx/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/multicloud/components/multicloud-starlingx/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/multicloud/components/multicloud-starlingx/Chart.yaml b/kubernetes/multicloud/components/multicloud-starlingx/Chart.yaml deleted file mode 100644 index dd0d9e5564..0000000000 --- a/kubernetes/multicloud/components/multicloud-starlingx/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright (c) 2019 Intel Corporation. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP multicloud OpenStack Starlingx Plugin -name: multicloud-starlingx -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json deleted file mode 100644 index ebc53849d6..0000000000 --- a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "name":"SDCDistributionGroup", - "restServerParameters":{ - "host":"0.0.0.0", - "port":9014, - "userName":"healthcheck", - "password":"zb!XztG34", - "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }} - }, - "receptionHandlerParameters":{ - "SDCReceptionHandler":{ - "receptionHandlerType":"SDC", - "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandler", - "receptionHandlerConfigurationName":"sdcConfiguration", - "pluginHandlerParameters":{ - "artifactForwarders":{ - "DummyForwarder":{ - "forwarderType":"DummyForwarder", - "forwarderClassName":"org.onap.policy.distribution.main.testclasses.DummyArtifactForwarder", - "forwarderConfigurationParameters": "dummyConfiguration" - } - } - } - } - }, - "receptionHandlerConfigurationParameters":{ - "sdcConfiguration":{ - "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", - "parameters":{ - "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", - "messageBusAddress": [ - "message-router.{{ include "common.namespace" . }}" - ], - "user": "multicloud", - "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", - "pollingInterval":20, - "pollingTimeout":30, - "consumerId": "multicloud-starlingx-id", - "artifactTypes": [ - "TOSCA_CSAR", - "HEAT", - "HEAT_ARTIFACT", - "HEAT_ENV", - "HEAT_NESTED", - "HEAT_VOL", - "OTHER", - "VF_MODULES_METADATA", - "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT" - ], - "consumerGroup": "multicloud-starlingx-group", - "environmentName": "AUTO", - "keystorePath": "null", - "keystorePassword": "null", - "activeserverTlsAuth": false, - "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": false, - "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, - "httpsproxyHost": "null", - "httpproxyHost": "null", - "httpsproxyPort": 8181, - "httpproxyPort": 8080 - } - } - }, - "artifactForwarderConfigurationParameters":{ - "dummyConfiguration":{ - "parameterClassName":"org.onap.policy.distribution.main.testclasses.DummyArtifactForwarderParameterGroup", - "parameters":{ - "useHttps": false, - "hostname": "null", - "port": 8081, - "userName": "null", - "password": "null", - "isManaged": true - } - } - } -} diff --git a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml deleted file mode 100644 index 243e51e665..0000000000 --- a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -# Copyright (c) 2019 Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -version: 1 -disable_existing_loggers: False - -loggers: - starlingx_base: - handlers: [console_handler, file_handler] - level: "DEBUG" - propagate: False - starlingx: - handlers: [console_handler, file_handler] - level: "DEBUG" - propagate: False - newton_base: - handlers: [console_handler, file_handler] - level: "DEBUG" - propagate: False - common: - handlers: [console_handler, file_handler] - level: "DEBUG" - propagate: False - -handlers: - console_handler: - level: "DEBUG" - class: "logging.StreamHandler" - formatter: "standard" - file_handler: - level: "DEBUG" - class: "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log" - formatter: "standard" - maxBytes: 52428800 - backupCount: 10 - -formatters: - standard: - format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-starlingx/templates/NOTES.txt deleted file mode 100644 index 746215b541..0000000000 --- a/kubernetes/multicloud/components/multicloud-starlingx/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright (c) 2019 Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/configmap.yaml deleted file mode 100644 index e271a4f233..0000000000 --- a/kubernetes/multicloud/components/multicloud-starlingx/templates/configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -# Copyright (c) 2019 Intel Corporation. -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml deleted file mode 100644 index 96942ddae5..0000000000 --- a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml +++ /dev/null @@ -1,102 +0,0 @@ -{{/* -# Copyright (c) 2019 Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - containers: - - env: - - name: MSB_PROTO - value: "http" - - name: MSB_ADDR - value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" - - name: AAI_ADDR - value: "aai.{{ include "common.namespace" . }}" - - name: AAI_PORT - value: "{{ .Values.config.aai.aaiPort }}" - - name: AAI_SCHEMA_VERSION - value: "{{ .Values.config.aai.schemaVersion }}" - - name: AAI_USERNAME - value: "{{ .Values.config.aai.username }}" - - name: AAI_PASSWORD - value: "{{ .Values.config.aai.password }}" - - name: SSL_ENABLED - value: "false" - name: {{ include "common.name" . }} - volumeMounts: - - mountPath: "{{ .Values.log.path }}" - name: starlingx-log - - mountPath: /opt/starlingx/starlingx/pub/config/log.yml - name: starlingx-logconfig - subPath: log.yml - - mountPath: /opt/artifacts/ - name: artifact-data - resources: {{ include "common.resources" . | nindent 10 }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - httpGet: - path: /api/multicloud-starlingx/v0/swagger.json - port: {{ .Values.service.internalPort }} - scheme: HTTP - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - successThreshold: {{ .Values.liveness.successThreshold }} - failureThreshold: {{ .Values.liveness.failureThreshold }} - {{ end }} - # side car containers - {{ include "common.log.sidecar" . | nindent 6 }} - - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: memcached - - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }} - name: framework-artifactbroker - command: ["/opt/app/distribution/bin/artifact-dist.sh"] - args: ["/opt/app/distribution/etc/mounted/config.json"] - ports: - - containerPort: 9014 - protocol: TCP - volumeMounts: - - mountPath: /opt/app/distribution/etc/mounted/config.json - name: starlingx-logconfig - subPath: config.json - - mountPath: /data - name: artifact-data - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: starlingx-log - emptyDir: {} - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }} - - name: starlingx-logconfig - configMap: - name: {{ include "common.fullname" . }}-log-configmap - - name: artifact-data - emptyDir: {} - {{- include "common.imagePullSecrets" . | nindent 6 }} - restartPolicy: Always diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/ingress.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/ingress.yaml deleted file mode 100644 index bcc60a0953..0000000000 --- a/kubernetes/multicloud/components/multicloud-starlingx/templates/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml deleted file mode 100644 index 6eb90e5630..0000000000 --- a/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright (c) 2019 Intel Corporation. -# Modifications Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml deleted file mode 100644 index 2f06b4b3d4..0000000000 --- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright (c) 2019 Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefixExt: 304 - artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-starlingx:1.5.7 -pullPolicy: Always - -# application configuration -config: - msbgateway: msb-iag - msbPort: 80 - aai: - aaiPort: 80 - schemaVersion: v13 - username: AAI - password: AAI - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 5 - enabled: true - -service: - type: NodePort - internalPort: 9009 - ports: - - name: http - port: 9009 - nodePort: '85' - useNodePortExt: true - annotations: - msb.onap.org/service-info: | - {{ if .Values.global.msbEnabled -}}[ - { - "serviceName": "multicloud-starlingx", - "version": "v0", - "url": "/api/multicloud-starlingx/v0", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - }, - { - "serviceName": "multicloud-starlingx", - "version": "v1", - "url": "/api/multicloud-starlingx/v1", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - } - ]{{ end }} - -ingress: - enabled: false - service: - - baseaddr: 'multicloud-starlingx-api' - name: 'multicloud-starlingx' - port: 9009 - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "4Gi" - requests: - cpu: "10m" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "8Gi" - requests: - cpu: "20m" - memory: "2Gi" - unlimited: {} - -# memcached image resource -memcached: memcached:alpine3.15 - -#Pods Service Account -serviceAccount: - nameOverride: multicloud-starlingx - roles: - - read - -#Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/multicloud/components/multicloud-vio/.helmignore b/kubernetes/multicloud/components/multicloud-vio/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/multicloud/components/multicloud-vio/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/multicloud/components/multicloud-vio/Chart.yaml b/kubernetes/multicloud/components/multicloud-vio/Chart.yaml deleted file mode 100644 index 2efafe9267..0000000000 --- a/kubernetes/multicloud/components/multicloud-vio/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP multicloud VIO plugin -name: multicloud-vio -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-vio/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-vio/resources/config/log/log.yml deleted file mode 100644 index 137a6908f3..0000000000 --- a/kubernetes/multicloud/components/multicloud-vio/resources/config/log/log.yml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -version: 1 -disable_existing_loggers: False - -loggers: - vio: - handlers: [vio_handler] - level: "DEBUG" - propagate: False -handlers: - vio_handler: - level: "DEBUG" - class: "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/multicloud/vio/vio.log" - formatter: "mdcFormat" - maxBytes: 52428800 - backupCount: 10 -formatters: - standard: - format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-vio/templates/NOTES.txt deleted file mode 100644 index befedf4578..0000000000 --- a/kubernetes/multicloud/components/multicloud-vio/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/configmap.yaml deleted file mode 100644 index ed43b24c76..0000000000 --- a/kubernetes/multicloud/components/multicloud-vio/templates/configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml deleted file mode 100644 index 9e26cc3d14..0000000000 --- a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - containers: - - env: - - name: MSB_PROTO - value: "http" - - name: MSB_ADDR - value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" - - name: AAI_ADDR - value: "aai.{{ include "common.namespace" . }}" - - name: AAI_PORT - value: "{{ .Values.config.aai.aaiPort }}" - - name: AAI_SCHEMA_VERSION - value: "{{ .Values.config.aai.schemaVersion }}" - - name: AAI_USERNAME - value: "{{ .Values.config.aai.username }}" - - name: AAI_PASSWORD - value: "{{ .Values.config.aai.password }}" - name: {{ include "common.name" . }} - volumeMounts: - - mountPath: "{{ .Values.log.path }}" - name: vio-log - - mountPath: /opt/vio/vio/pub/config/log.yml - name: vio-logconfig - subPath: log.yml - resources: {{ include "common.resources" . | nindent 10 }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - httpGet: - path: /api/multicloud-vio/v0/swagger.json - port: {{ .Values.service.internalPort }} - scheme: HTTP - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - successThreshold: {{ .Values.liveness.successThreshold }} - failureThreshold: {{ .Values.liveness.failureThreshold }} - {{ end -}} - # side car containers - {{ include "common.log.sidecar" . | nindent 6 }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: vio-log - emptyDir: {} - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }} - - name: vio-logconfig - configMap: - name: {{ include "common.fullname" . }}-log-configmap - {{- include "common.imagePullSecrets" . | nindent 6 }} - restartPolicy: Always diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/ingress.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/ingress.yaml deleted file mode 100644 index bcc60a0953..0000000000 --- a/kubernetes/multicloud/components/multicloud-vio/templates/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/service.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/service.yaml deleted file mode 100644 index 0cff91a68c..0000000000 --- a/kubernetes/multicloud/components/multicloud-vio/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/multicloud/components/multicloud-vio/values.yaml b/kubernetes/multicloud/components/multicloud-vio/values.yaml deleted file mode 100644 index 1337362a34..0000000000 --- a/kubernetes/multicloud/components/multicloud-vio/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/multicloud/vio:1.4.2 -pullPolicy: Always - -# application configuration -config: - msbgateway: msb-iag - msbPort: 80 - aai: - aaiPort: 80 - schemaVersion: v13 - username: AAI - password: AAI - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 5 - enabled: true - -service: - type: NodePort - internalPort: 9004 - ports: - - name: http - port: 9004 - nodePort: '92' - annotations: - msb.onap.org/service-info: | - {{ if .Values.global.msbEnabled -}}[ - { - "serviceName": "multicloud-vio", - "version": "v0", - "url": "/api/multicloud-vio/v0", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - }, - { - "serviceName": "multicloud-vio", - "version": "v1", - "url": "/api/multicloud-vio/v1", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - } - ]{{ end }} - -ingress: - enabled: false - service: - - baseaddr: 'multicloud-vio-api' - name: 'multicloud-vio' - port: 9004 - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "4Gi" - requests: - cpu: "10m" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "8Gi" - requests: - cpu: "20m" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: multicloud-vio - roles: - - read - -#Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/multicloud/components/multicloud-windriver/.helmignore b/kubernetes/multicloud/components/multicloud-windriver/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/multicloud/components/multicloud-windriver/Chart.yaml b/kubernetes/multicloud/components/multicloud-windriver/Chart.yaml deleted file mode 100644 index 110cba02c2..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP multicloud OpenStack WindRiver Plugin -name: multicloud-windriver -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json deleted file mode 100644 index e34637666f..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "name":"SDCDistributionGroup", - "restServerParameters":{ - "host":"0.0.0.0", - "port":9014, - "userName":"healthcheck", - "password":"zb!XztG34", - "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }} - }, - "receptionHandlerParameters":{ - "SDCReceptionHandler":{ - "receptionHandlerType":"SDC", - "receptionHandlerClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandler", - "receptionHandlerConfigurationName":"sdcConfiguration", - "pluginHandlerParameters":{ - "artifactForwarders":{ - "DummyForwarder":{ - "forwarderType":"DummyForwarder", - "forwarderClassName":"org.onap.policy.distribution.main.testclasses.DummyArtifactForwarder", - "forwarderConfigurationParameters": "dummyConfiguration" - } - } - } - } - }, - "receptionHandlerConfigurationParameters":{ - "sdcConfiguration":{ - "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", - "parameters":{ - "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", - "messageBusAddress": [ - "message-router.{{ include "common.namespace" . }}" - ], - "user": "multicloud", - "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", - "pollingInterval":20, - "pollingTimeout":30, - "consumerId": "multicloud-windriver-id", - "artifactTypes": [ - "TOSCA_CSAR", - "HEAT", - "HEAT_ARTIFACT", - "HEAT_ENV", - "HEAT_NESTED", - "HEAT_VOL", - "OTHER", - "VF_MODULES_METADATA", - "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT" - ], - "consumerGroup": "multicloud-windriver-group", - "environmentName": "AUTO", - "keystorePath": "null", - "keystorePassword": "null", - "activeserverTlsAuth": false, - "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": false, - "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, - "httpsproxyHost": "null", - "httpproxyHost": "null", - "httpsproxyPort": 8181, - "httpproxyPort": 8080 - } - } - }, - "artifactForwarderConfigurationParameters":{ - "dummyConfiguration":{ - "parameterClassName":"org.onap.policy.distribution.main.testclasses.DummyArtifactForwarderParameterGroup", - "parameters":{ - "useHttps": false, - "hostname": "null", - "port": 8081, - "userName": "null", - "password": "null", - "isManaged": true - } - } - } -} diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml deleted file mode 100644 index 80792c9c70..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml +++ /dev/null @@ -1,48 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -version: 1 -disable_existing_loggers: False - -loggers: - titanium_cloud: - handlers: [console_handler, file_handler] - level: "DEBUG" - propagate: False - newton_base: - handlers: [console_handler, file_handler] - level: "DEBUG" - propagate: False - common: - handlers: [console_handler, file_handler] - level: "DEBUG" - propagate: False - -handlers: - console_handler: - level: "DEBUG" - class: "logging.StreamHandler" - formatter: "standard" - file_handler: - level: "DEBUG" - class: "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log" - formatter: "standard" - maxBytes: 52428800 - backupCount: 10 - -formatters: - standard: - format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt deleted file mode 100644 index 6c1e709b92..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt +++ /dev/null @@ -1 +0,0 @@ -resources: {{ include "common.resources" . | indent 12 | trim}}
\ No newline at end of file diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/NOTES.txt b/kubernetes/multicloud/components/multicloud-windriver/templates/NOTES.txt deleted file mode 100644 index befedf4578..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/configmap.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/configmap.yaml deleted file mode 100644 index ed43b24c76..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml deleted file mode 100644 index 434c0d156e..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml +++ /dev/null @@ -1,116 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: ["sh", "-c", "chown -R 100:101 /data"] - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-init - volumeMounts: - - mountPath: /data - name: artifact-data - containers: - - env: - - name: MSB_PROTO - value: "http" - - name: MSB_ADDR - value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" - - name: AAI_ADDR - value: "aai.{{ include "common.namespace" . }}" - - name: AAI_PORT - value: "{{ .Values.config.aai.aaiPort }}" - - name: AAI_SCHEMA_VERSION - value: "{{ .Values.config.aai.schemaVersion }}" - - name: AAI_USERNAME - value: "{{ .Values.config.aai.username }}" - - name: AAI_PASSWORD - value: "{{ .Values.config.aai.password }}" - - name: SSL_ENABLED - value: "false" - name: {{ include "common.name" . }} - volumeMounts: - - mountPath: "{{ .Values.log.path }}" - name: windriver-log - - mountPath: /opt/windriver/titanium_cloud/pub/config/log.yml - name: windriver-logconfig - subPath: log.yml - - mountPath: /opt/artifacts/ - name: artifact-data - resources: {{ include "common.resources" . | nindent 10 }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - httpGet: - path: /api/multicloud-titaniumcloud/v1/swagger.json - port: {{ .Values.service.internalPort }} - scheme: HTTP - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - successThreshold: {{ .Values.liveness.successThreshold }} - failureThreshold: {{ .Values.liveness.failureThreshold }} - {{ end }} - # side car containers - {{ include "common.log.sidecar" . | nindent 6 }} - - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: memcached - - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }} - name: framework-artifactbroker - command: ["/opt/app/distribution/bin/artifact-dist.sh"] - args: ["/opt/app/distribution/etc/mounted/config.json"] - ports: - - containerPort: 9014 - protocol: TCP - volumeMounts: - - mountPath: /opt/app/distribution/etc/mounted/config.json - name: windriver-logconfig - subPath: config.json - - mountPath: /data - name: artifact-data - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: windriver-log - emptyDir: {} - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }} - - name: windriver-logconfig - configMap: - name: {{ include "common.fullname" . }}-log-configmap - - name: artifact-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - {{- include "common.imagePullSecrets" . | nindent 6 }} - restartPolicy: Always diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/ingress.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/ingress.yaml deleted file mode 100644 index bcc60a0953..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/pv.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/pv.yaml deleted file mode 100644 index f798053f71..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/pv.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/pvc.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/pvc.yaml deleted file mode 100644 index 3c4d646638..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/pvc.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" .}} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}} diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml deleted file mode 100644 index 578036bb8d..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml deleted file mode 100644 index 0af9df856b..0000000000 --- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml +++ /dev/null @@ -1,144 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/multicloud/openstack-windriver:1.5.7 -pullPolicy: Always - -# application configuration -config: - ssl_enabled: true - msbgateway: msb-iag - msbPort: 80 - aai: - aaiPort: 80 - schemaVersion: v13 - username: AAI - password: AAI - -service: - type: NodePort - internalPort: 9005 - ports: - - name: http - port: 9005 - nodePort: '94' - annotations: - msb.onap.org/service-info: | - {{ if .Values.global.msbEnabled -}}[ - { - "serviceName": "multicloud-titanium_cloud", - "version": "v0", - "url": "/api/multicloud-titanium_cloud/v0", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - }, - { - "serviceName": "multicloud-titaniumcloud", - "version": "v0", - "url": "/api/multicloud-titaniumcloud/v0", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - }, - { - "serviceName": "multicloud-titaniumcloud", - "version": "v1", - "url": "/api/multicloud-titaniumcloud/v1", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - } - ]{{ end }} - -ingress: - enabled: false - service: - - baseaddr: 'multicloud-titaniumcloud-api' - name: 'multicloud-titaniumcloud' - port: 9005 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 5 - enabled: true - -persistence: - enabled: true - mountPath: /dockerdata-nfs - mountSubPath: multicloud-windriver/data - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - size: 5Gi - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "4Gi" - requests: - cpu: "10m" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "8Gi" - requests: - cpu: "20m" - memory: "2Gi" - unlimited: {} - -# memcached image resource -memcached: memcached:alpine3.15 - -#Pods Service Account -serviceAccount: - nameOverride: multicloud-windriver - roles: - - read - -#Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index 033826f0e6..69063906ba 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -39,27 +39,11 @@ multicloud-fcaps: logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' multicloud-k8s: enabled: true -multicloud-pike: - enabled: true - logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' -multicloud-prometheus: - enabled: false -multicloud-starlingx: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' -multicloud-vio: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' -multicloud-windriver: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' # application configuration config: - msbgateway: msb-iag logstashServiceName: log-ls logstashPort: 5044 - msbPort: 80 aai: aaiPort: 80 schemaVersion: v13 @@ -89,28 +73,6 @@ service: - name: http port: 9001 nodePort: '91' - annotations: - msb.onap.org/service-info: | - {{ if .Values.global.msbEnabled -}}[ - { - "serviceName": "multicloud", - "version": "v0", - "url": "/api/multicloud/v0", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - }, - { - "serviceName": "multicloud", - "version": "v1", - "url": "/api/multicloud/v1", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "enable_ssl": false, - "visualRange": "1" - } - ]{{ end }} ingress: enabled: false diff --git a/kubernetes/nbi/.helmignore b/kubernetes/nbi/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/nbi/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/nbi/Chart.yaml b/kubernetes/nbi/Chart.yaml deleted file mode 100644 index 6f403f7f74..0000000000 --- a/kubernetes/nbi/Chart.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018,2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Northbound Interface -name: nbi -version: 13.1.0 - -dependencies: - - name: common - version: ~13.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - - name: mongodb - version: 14.12.3 - repository: '@local' - - name: mariadb-galera - version: ~13.x-0 - repository: '@local' - condition: global.mariadbGalera.localCluster - - name: mariadb-init - version: ~13.x-0 - repository: '@local' - condition: global.mariadbGalera.globalCluster - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/nbi/README.md b/kubernetes/nbi/README.md deleted file mode 100644 index 9d79efe618..0000000000 --- a/kubernetes/nbi/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# NBI - -## Introduction - -NBI stands for NorthBound Interface. It brings to ONAP a set of API that can be -used by external systems as BSS for example. These API are based on TMF API. - -Full description is on [ONAP Read the Doc](https://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/offeredapis/index.html). - -## Requirements - -NBI needs the following ONAP projects to work: - -- AAI -- SO -- SDC -- MSB diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml deleted file mode 100644 index 863926a8ce..0000000000 --- a/kubernetes/nbi/templates/deployment.yaml +++ /dev/null @@ -1,112 +0,0 @@ -{{/* -# Copyright © 2018 Orange -# Modifications Copyright © 2018 Amdocs, Bell Canada -# Modifications Copyright © 2020 Nokia -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 12 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - httpGet: - port: {{ .Values.service.internalPort }} - path: {{ .Values.liveness.path }} - scheme: HTTP - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - port: {{ .Values.service.internalPort }} - path: {{ .Values.readiness.path }} - scheme: HTTP - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: SPRING_DATASOURCE_URL - value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "db" "name" }} - - name: SPRING_DATASOURCE_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }} - - name: SPRING_DATASOURCE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }} - - name: SPRING_DATA_MONGODB_HOST - value: {{ .Values.mongodb.service.nameOverride }}.{{ include "common.namespace" . }} - - name: SPRING_DATA_MONGODB_PORT - value: "{{ .Values.mongodb.service.port }}" - - name: SPRING_DATA_MONGODB_DATABASE - value: {{ .Values.mongodb.config.dbName }} - - name: ONAP_LCPCLOUDREGIONID - value: {{ .Values.config.openStackRegion }} - - name: ONAP_TENANTID - value: {{ .Values.config.openStackVNFTenantId | quote }} - - name: ONAP_CLOUDOWNER - value: {{ .Values.config.cloudOwner }} - - name: ONAP_K8SCLOUDREGIONID - value: {{ .Values.config.k8sCloudRegionId }} - - name: ONAP_K8SCLOUDOWNER - value: {{ .Values.config.k8sCloudOwner }} - - name: NBI_URL - value: "http://nbi.{{ include "common.namespace" . }}:{{ .Values.service.internalPort }}/nbi/api/v4" - - name: SDC_HOST - value: "http://sdc-be.{{ include "common.namespace" . }}:8080" - - name: SDC_HEADER_ECOMPINSTANCEID - value: {{ .Values.config.ecompInstanceId }} - - name: SDC_HEADER_AUTHORIZATION - value: {{ .Values.sdc_authorization }} - - name: AAI_HOST - value: "http://aai.{{ include "common.namespace" . }}:80" - - name: AAI_HEADER_AUTHORIZATION - value: {{ .Values.aai_authorization }} - - name: SO_HOST - value: http://so.{{ include "common.namespace" . }}:8080 - {{- if .Values.so_authorization }} - - name: SO_HEADER_AUTHORIZATION - value: {{ .Values.so_authorization }} - {{- end }} - - name: DMAAP_HOST - value: "http://message-router.{{ include "common.namespace" . }}:3904" - - name: LOGGING_LEVEL_ORG_ONAP_NBI - value: {{ .Values.config.loglevel }} - - name: MSB_ENABLED - value: "{{ .Values.global.msbEnabled }}" - - name: MSB_DISCOVERY_HOST - value: "msb-discovery.{{ include "common.namespace" . }}" - - name: MSB_DISCOVERY_PORT - value: "10081" - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/nbi/templates/ingress.yaml b/kubernetes/nbi/templates/ingress.yaml deleted file mode 100644 index 06e66ebbf1..0000000000 --- a/kubernetes/nbi/templates/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/nbi/templates/secret.yaml b/kubernetes/nbi/templates/secret.yaml deleted file mode 100644 index 34932b713d..0000000000 --- a/kubernetes/nbi/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/nbi/templates/service.yaml b/kubernetes/nbi/templates/service.yaml deleted file mode 100644 index 11fae18dc1..0000000000 --- a/kubernetes/nbi/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/nbi/tests/deployment_test.yaml b/kubernetes/nbi/tests/deployment_test.yaml deleted file mode 100644 index fe9d0d2977..0000000000 --- a/kubernetes/nbi/tests/deployment_test.yaml +++ /dev/null @@ -1,205 +0,0 @@ ---- -suite: test deployment behavior -templates: - - deployment.yaml -tests: - - it: "should render with default values (global)" - asserts: - - isKind: - of: Deployment - - equal: - path: metadata.name - value: RELEASE-NAME-nbi - - equal: - path: metadata.namespace - value: NAMESPACE - - matchRegex: - path: metadata.labels.app - pattern: nbi - - matchRegex: - path: spec.template.metadata.labels.app - pattern: nbi - - equal: - path: spec.template.metadata.name - value: RELEASE-NAME-nbi - - equal: - path: spec.replicas - value: 1 - - isNull: - path: spec.template.spec.nodeSelector - - isNull: - path: spec.template.spec.affinity - - - it: "should render with default value (container)" - asserts: - - equal: - path: spec.template.spec.containers[0].name - value: nbi - - equal: - path: spec.template.spec.containers[0].image - value: nexus3.onap.org:10001/onap/externalapi/nbi:5.0.1 - - equal: - path: spec.template.spec.containers[0].imagePullPolicy - value: IfNotPresent - - contains: - path: spec.template.spec.containers[0].env - content: - name: SPRING_DATASOURCE_URL - value: jdbc:mariadb://mariadb-galera:3306/nbi - - contains: - path: spec.template.spec.containers[0].env - content: - name: SPRING_DATASOURCE_USERNAME - value: rene - - contains: - path: spec.template.spec.containers[0].env - content: - name: SPRING_DATASOURCE_PASSWORD - valueFrom: - secretKeyRef: - name: RELEASE-NAME-nbi-config - key: db-user-password - - contains: - path: spec.template.spec.containers[0].env - content: - name: SPRING_DATA_MONGODB_HOST - value: nbi-mongohost.NAMESPACE - - contains: - path: spec.template.spec.containers[0].env - content: - name: SPRING_DATA_MONGODB_PORT - value: "27017" - - contains: - path: spec.template.spec.containers[0].env - content: - name: SPRING_DATA_MONGODB_DATABASE - value: ServiceOrderDB - - contains: - path: spec.template.spec.containers[0].env - content: - name: ONAP_LCPCLOUDREGIONID - value: RegionOne - - contains: - path: spec.template.spec.containers[0].env - content: - name: ONAP_TENANTID - value: 31047205ce114b60833b23e400d6a535 - - contains: - path: spec.template.spec.containers[0].env - content: - name: ONAP_CLOUDOWNER - value: CloudOwner - - contains: - path: spec.template.spec.containers[0].env - content: - name: NBI_URL - value: http://nbi.NAMESPACE:8080/nbi/api/v4 - - contains: - path: spec.template.spec.containers[0].env - content: - name: SDC_HOST - value: http://sdc-be.NAMESPACE:8080 - - contains: - path: spec.template.spec.containers[0].env - content: - name: SDC_HEADER_ECOMPINSTANCEID - value: OOM - - contains: - path: spec.template.spec.containers[0].env - content: - name: SDC_HEADER_AUTHORIZATION - value: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= - - contains: - path: spec.template.spec.containers[0].env - content: - name: AAI_HOST - value: http://aai.NAMESPACE:80 - - contains: - path: spec.template.spec.containers[0].env - content: - name: AAI_HEADER_AUTHORIZATION - value: Basic QUFJOkFBSQ== - - contains: - path: spec.template.spec.containers[0].env - content: - name: SO_HOST - value: http://so.NAMESPACE:8080 - - contains: - path: spec.template.spec.containers[0].env - content: - name: DMAAP_HOST - value: http://message-router.NAMESPACE:3904 - - contains: - path: spec.template.spec.containers[0].env - content: - name: LOGGING_LEVEL_ORG_ONAP_NBI - value: INFO - - contains: - path: spec.template.spec.containers[0].env - content: - name: MSB_ENABLED - value: "true" - - contains: - path: spec.template.spec.containers[0].env - content: - name: MSB_DISCOVERY_HOST - value: msb-discovery.NAMESPACE - - contains: - path: spec.template.spec.containers[0].env - content: - name: MSB_DISCOVERY_PORT - value: "10081" - - equal: - path: spec.template.spec.containers[0].livenessProbe - value: - initialDelaySeconds: 180 - periodSeconds: 30 - tcpSocket: - port: 8080 - - equal: - path: spec.template.spec.containers[0].readinessProbe - value: - initialDelaySeconds: 185 - periodSeconds: 30 - tcpSocket: - port: 8080 - - contains: - path: spec.template.spec.containers[0].ports - content: - containerPort: 8080 - - equal: - path: spec.template.spec.containers[0].resources.limits.cpu - value: 1 - - equal: - path: spec.template.spec.containers[0].resources.limits.memory - value: 2Gi - - equal: - path: spec.template.spec.containers[0].resources.requests.cpu - value: 100m - - equal: - path: spec.template.spec.containers[0].resources.requests.memory - value: 1Gi - - it: "should render when deciding to use local cluster (container)" - set: - global: - mariadbGalera: - localCluster: true - asserts: - - contains: - path: spec.template.spec.containers[0].env - content: - name: SPRING_DATASOURCE_URL - value: jdbc:mariadb://nbi-galera:3306/nbi - - contains: - path: spec.template.spec.containers[0].env - content: - name: SPRING_DATASOURCE_USERNAME - value: rene - - contains: - path: spec.template.spec.containers[0].env - content: - name: SPRING_DATASOURCE_PASSWORD - valueFrom: - secretKeyRef: - name: RELEASE-NAME-nbi-nbi-galera - key: user-password diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml deleted file mode 100644 index 0d143dc6c6..0000000000 --- a/kubernetes/nbi/values.yaml +++ /dev/null @@ -1,193 +0,0 @@ -# Copyright © 2018 Orange -# Modifications Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - mariadbGalera: &mariadbGalera - # flag to enable the DB creation via mariadb-operator - useOperator: true - #This flag allows NBI to instantiate its own mariadb-galera cluster - #When changing it to "true", also set "globalCluster: false" - #as the dependency check will not work otherwise (Chart.yaml) - localCluster: false - globalCluster: true - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - msbEnabled: false - # Docker Repository used by RepositoryGenerator - dockerHubRepository: docker.io - # Additions for MongoDB**************************** - # If dockerHubRepository is changes the following entry needs - # to be changed as well - imageRegistry: docker.io - imagePullSecrets: - - '{{ include "common.names.namespace" . }}-docker-registry-key' - # ************************************************* - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: nbi-db-secret - name: &dbUserSecretName '{{ include "common.release" . }}-nbi-db-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.db.userPassword }}' - -subChartsOnly: - enabled: true - -# application image -repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:10.0.0 -pullPolicy: IfNotPresent -sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= -aai_authorization: Basic QUFJOkFBSQ== -so_authorization: - -# application configuration -config: - loglevel: INFO - logstashServiceName: log-ls - logstashPort: 5044 - cloudOwner: CloudOwner - k8sCloudRegionId: k8sregionfour - k8sCloudOwner: k8scloudowner4 - ecompInstanceId: OOM - openStackRegion: RegionOne - openStackVNFTenantId: 31047205ce114b60833b23e400d6a535 - db: - userName: &dbuser rene - # userPassword: password - # userCredentialsExternalSecret: some-secret - -mariadb-galera: - db: - user: *dbuser - externalSecret: *dbUserSecretName - name: &mysqlDbName nbi - service: - name: nbi-galera - portName: nbi-galera - internalPort: 3306 - nameOverride: &nbi-galera nbi-galera - replicaCount: 1 - mariadbOperator: - galera: - enabled: false - persistence: - enabled: true - mountSubPath: nbi/maria/data - serviceAccount: - nameOverride: *nbi-galera - -mariadb-init: - config: - userCredentialsExternalSecret: *dbUserSecretName - mysqlDatabase: *mysqlDbName - nameOverride: nbi-config - serviceAccount: - nameOverride: nbi-config - -mongodb: - nameOverride: nbi-mongo - config: - dbName: &mongoDBName ServiceOrderDB - auth: - enabled: false - databases: - - *mongoDBName - usernames: - - "nbi" - service: - nameOverride: nbi-mongohost - internalPort: 27017 - resources: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "500m" - memory: "1Gi" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - path: /nbi/api/v4/status - initialDelaySeconds: 180 - periodSeconds: 30 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - path: /nbi/api/v4/status - initialDelaySeconds: 185 - periodSeconds: 30 - -service: - type: NodePort - portName: api - name: nbi - internalPort: 8080 - ports: - - name: http - port: 8080 - nodePort: '74' - -ingress: - enabled: false - service: - - baseaddr: "nbi-api" - name: "nbi" - port: 8080 - config: - ssl: "redirect" -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "2" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "4" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: nbi - roles: - - read diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index 45d8da170b..a035097004 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -15,8 +15,8 @@ apiVersion: v2 name: onap -version: 14.0.0 -appVersion: NewDelhi +version: 15.0.0 +appVersion: Oslo description: Open Network Automation Platform (ONAP) home: https://www.onap.org/ sources: @@ -25,8 +25,12 @@ icon: https://wiki.onap.org/download/thumbnails/1015829/onap_704x271%20copy.png? kubeVersion: ">=1.19.11-0" dependencies: + - name: authentication + version: ~14.x-0 + repository: '@local' + condition: authentication:enabled - name: aai - version: ~13.x-0 + version: ~14.x-0 repository: '@local' condition: aai.enabled - name: cassandra @@ -37,10 +41,6 @@ dependencies: version: ~13.x-0 repository: '@local' condition: cds.enabled - - name: cli - version: ~13.x-0 - repository: '@local' - condition: cli.enabled - name: common version: ~13.x-0 repository: '@local' @@ -49,33 +49,17 @@ dependencies: repository: '@local' condition: cps.enabled - name: dcaegen2-services - version: ~13.x-0 + version: ~15.x-0 repository: '@local' condition: dcaegen2-services.enabled - - name: holmes - version: ~13.x-0 - repository: '@local' - condition: holmes.enabled - - name: dmaap - version: ~13.x-0 - repository: '@local' - condition: dmaap.enabled - name: mariadb-galera version: ~13.x-0 repository: '@local' condition: mariadb-galera.enabled - - name: msb - version: ~13.x-0 - repository: '@local' - condition: msb.enabled - name: multicloud - version: ~13.x-0 + version: ~15.x-0 repository: '@local' condition: multicloud.enabled - - name: nbi - version: ~13.x-0 - repository: '@local' - condition: nbi.enabled - name: policy version: ~14.x-0 repository: '@local' @@ -88,10 +72,6 @@ dependencies: version: ~13.x-0 repository: '@local' condition: postgres.enabled - - name: oof - version: ~13.x-0 - repository: '@local' - condition: oof.enabled - name: repository-wrapper version: ~13.x-0 repository: '@local' @@ -104,7 +84,7 @@ dependencies: repository: '@local' condition: sdc.enabled - name: sdnc - version: ~13.x-0 + version: ~15.x-0 repository: '@local' condition: sdnc.enabled - name: so @@ -119,18 +99,6 @@ dependencies: version: ~13.x-0 repository: '@local' condition: uui.enabled - - name: vfc - version: ~13.x-0 - repository: '@local' - condition: vfc.enabled - - name: vnfsdk - version: ~13.x-0 - repository: '@local' - condition: vnfsdk.enabled - - name: modeling - version: ~13.x-0 - repository: '@local' - condition: modeling.enabled - name: platform version: ~13.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml index 468aab8c18..554bacd51f 100644 --- a/kubernetes/onap/resources/overrides/environment.yaml +++ b/kubernetes/onap/resources/overrides/environment.yaml @@ -61,37 +61,6 @@ cassandra: readiness: timeoutSeconds: 30 periodSeconds: 60 -holmes: - holmes-rule-mgmt: - liveness: - initialDelaySeconds: 120 - readiness: - initialDelaySeconds: 120 - holmes-engine-mgmt: - liveness: - initialDelaySeconds: 120 - readiness: - initialDelaySeconds: 120 -dmaap: - dmaap-bus-controller: - liveness: - initialDelaySeconds: 120 - readiness: - initialDelaySeconds: 120 - dmaap-dr-prov: - liveness: - initialDelaySeconds: 120 - readiness: - initialDelaySeconds: 120 - mariadb: - liveness: - initialDelaySeconds: 180 - periodSeconds: 60 - dmaap-dr-node: - liveness: - initialDelaySeconds: 120 - readiness: - initialDelaySeconds: 120 mariadb-galera: liveness: initialDelaySeconds: 30 @@ -101,19 +70,6 @@ mariadb-galera: initialDelaySeconds: 120 readiness: initialDelaySeconds: 120 -modeling: - mariadb-galera: - liveness: - initialDelaySeconds: 180 - periodSeconds: 60 -oof: - oof-has: - music: - music-cassandra: - liveness: - periodSeconds: 120 - readiness: - periodSeconds: 60 sdc: sdc-fe: liveness: @@ -159,11 +115,6 @@ sdnc: initialDelaySeconds: 60 readiness: initialDelaySeconds: 60 - dmaap-listener: - liveness: - initialDelaySeconds: 120 - readiness: - initialDelaySeconds: 120 mariadb-galera: liveness: initialDelaySeconds: 180 @@ -190,8 +141,3 @@ uui: initialDelaySeconds: 120 readiness: initialDelaySeconds: 120 -vfc: - mariadb-galera: - liveness: - initialDelaySeconds: 180 - periodSeconds: 60 diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index 4c1a418777..159c800d4f 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -74,36 +74,16 @@ cassandra: enabled: true cds: enabled: true -cli: - enabled: false cps: enabled: false dcaegen2-services: enabled: false -holmes: - enabled: false -dmaap: - enabled: true - message-router: - enabled: true - dmaap-dr-prov: - enabled: false - dmaap-dr-node: - enabled: false -oof: - enabled: true mariadb-galera: enabled: true msb: enabled: true multicloud: enabled: false -nbi: - enabled: true - config: - # openstack configuration - openStackRegion: "Yolo" - openStackVNFTenantId: "1234" policy: enabled: true portal-ng: @@ -117,21 +97,16 @@ sdc: enabled: true sdnc: enabled: false - replicaCount: 1 - mysql: replicaCount: 1 so: enabled: true - replicaCount: 1 - liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: false - # so server configuration config: # message router configuration @@ -149,9 +124,3 @@ strimzi: enabled: false uui: enabled: true -vfc: - enabled: false -vnfsdk: - enabled: false -modeling: - enabled: false diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-gatewayapi.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-gatewayapi.yaml index ba7b50e53c..b4b7741be3 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-gatewayapi.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-gatewayapi.yaml @@ -62,84 +62,40 @@ mariadb-galera: enabled: true postgres: enabled: true +authentication: + enabled: true aai: enabled: true cds: enabled: true -cli: - enabled: true cps: enabled: true -dcaegen2: - enabled: true dcaegen2-services: enabled: true - dcae-datafile-collector: - enabled: true dcae-datalake-admin-ui: enabled: true dcae-datalake-des: enabled: true dcae-datalake-feeder: enabled: true - dcae-heartbeat: - enabled: true dcae-hv-ves-collector: enabled: true - dcae-kpi-ms: - enabled: true dcae-ms-healthcheck: enabled: true - dcae-pm-mapper: - enabled: true - dcae-pmsh: - enabled: true dcae-prh: enabled: true - dcae-restconf-collector: - enabled: true - dcae-slice-analysis-ms: - enabled: true - dcae-snmptrap-collector: - enabled: true - dcae-son-handler: - enabled: true - dcae-tcagen2: - enabled: true dcae-ves-collector: enabled: true applicationConfig: auth.method: "noAuth" - dcae-ves-mapper: - enabled: true dcae-ves-openapi-manager: enabled: true -holmes: - enabled: true -dmaap: - enabled: true - message-router: - enabled: true - dmaap-dr-prov: - enabled: true - dmaap-dr-node: - enabled: true -oof: - enabled: true -msb: - enabled: true multicloud: enabled: true -nbi: - enabled: true platform: enabled: true cmpv2-cert-service: enabled: false - keycloak-init: - enabled: true - oauth2-proxy: - enabled: true policy: enabled: true portal-ng: @@ -150,6 +106,16 @@ sdc: enabled: true sdnc: enabled: true + network-name-gen: + enabled: true + dgbuilder: + enabled: true + ueb-listener: + enabled: true + sdnc-ansible-server: + enabled: true + sdnc-web: + enabled: true so: enabled: true strimzi: @@ -158,11 +124,5 @@ strimzi: enabled: true uui: enabled: true -vfc: - enabled: true -vnfsdk: - enabled: true -modeling: - enabled: true a1policymanagement: enabled: true diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml index cc830424e2..c4b5e0969f 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml @@ -63,84 +63,40 @@ mariadb-galera: enabled: true postgres: enabled: true +authentication: + enabled: true aai: enabled: true cds: enabled: true -cli: - enabled: true cps: enabled: true -dcaegen2: - enabled: true dcaegen2-services: enabled: true - dcae-datafile-collector: - enabled: true dcae-datalake-admin-ui: enabled: true dcae-datalake-des: enabled: true dcae-datalake-feeder: enabled: true - dcae-heartbeat: - enabled: true dcae-hv-ves-collector: enabled: true - dcae-kpi-ms: - enabled: true dcae-ms-healthcheck: enabled: true - dcae-pm-mapper: - enabled: true - dcae-pmsh: - enabled: true dcae-prh: enabled: true - dcae-restconf-collector: - enabled: true - dcae-slice-analysis-ms: - enabled: true - dcae-snmptrap-collector: - enabled: true - dcae-son-handler: - enabled: true - dcae-tcagen2: - enabled: true dcae-ves-collector: enabled: true applicationConfig: auth.method: "noAuth" - dcae-ves-mapper: - enabled: true dcae-ves-openapi-manager: enabled: true -holmes: - enabled: true -dmaap: - enabled: true - message-router: - enabled: true - dmaap-dr-prov: - enabled: true - dmaap-dr-node: - enabled: true -oof: - enabled: true -msb: - enabled: true multicloud: enabled: true -nbi: - enabled: true platform: enabled: true cmpv2-cert-service: enabled: false - keycloak-init: - enabled: true - oauth2-proxy: - enabled: true policy: enabled: true portal-ng: @@ -151,6 +107,16 @@ sdc: enabled: true sdnc: enabled: true + network-name-gen: + enabled: true + dgbuilder: + enabled: true + ueb-listener: + enabled: true + sdnc-ansible-server: + enabled: true + sdnc-web: + enabled: true so: enabled: true strimzi: @@ -159,11 +125,5 @@ strimzi: enabled: true uui: enabled: true -vfc: - enabled: true -vnfsdk: - enabled: true -modeling: - enabled: true a1policymanagement: enabled: true diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index e5fd78e9ef..c90614b650 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -39,35 +39,42 @@ mariadb-galera: enabled: true postgres: enabled: true - +authentication: + enabled: true aai: enabled: true cds: enabled: true -cli: - enabled: true cps: enabled: true dcaegen2-services: enabled: true -holmes: - enabled: true -dmaap: - enabled: true - message-router: + dcae-datalake-admin-ui: enabled: true - dmaap-dr-prov: + dcae-datalake-des: enabled: true - dmaap-dr-node: + dcae-datalake-feeder: + enabled: true + dcae-hv-ves-collector: + enabled: true + dcae-ms-healthcheck: + enabled: true + dcae-prh: + enabled: true + dcae-restconf-collector: + enabled: false + dcae-ves-collector: + enabled: true + applicationConfig: + auth.method: "noAuth" + dcae-ves-openapi-manager: enabled: true -oof: - enabled: true -msb: - enabled: true multicloud: enabled: true -nbi: +platform: enabled: true + cmpv2-cert-service: + enabled: false policy: enabled: true portal-ng: @@ -78,6 +85,16 @@ sdc: enabled: true sdnc: enabled: true + network-name-gen: + enabled: true + dgbuilder: + enabled: true + ueb-listener: + enabled: true + sdnc-ansible-server: + enabled: true + sdnc-web: + enabled: true so: enabled: true strimzi: @@ -86,8 +103,6 @@ strimzi: enabled: true uui: enabled: true -vfc: +a1policymanagement: enabled: true -vnfsdk: - enabled: true - + 55,15 39% diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 027f8b3225..444d904453 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -25,72 +25,34 @@ mariadb-galera: enabled: true postgres: enabled: true +authentication: + enabled: true aai: enabled: true cds: enabled: true -cli: - enabled: true cps: enabled: true dcaegen2-services: enabled: true - dcae-datafile-collector: - enabled: true dcae-datalake-admin-ui: enabled: true dcae-datalake-des: enabled: true dcae-datalake-feeder: enabled: true - dcae-heartbeat: - enabled: true dcae-hv-ves-collector: enabled: true - dcae-kpi-ms: - enabled: true dcae-ms-healthcheck: enabled: true - dcae-pm-mapper: - enabled: true - dcae-pmsh: - enabled: true dcae-prh: enabled: true - dcae-restconf-collector: - enabled: true - dcae-slice-analysis-ms: - enabled: true - dcae-snmptrap-collector: - enabled: true - dcae-son-handler: - enabled: true - dcae-tcagen2: - enabled: true dcae-ves-collector: enabled: true - dcae-ves-mapper: - enabled: true dcae-ves-openapi-manager: enabled: true -holmes: - enabled: true -dmaap: - enabled: true - message-router: - enabled: true - dmaap-dr-prov: - enabled: true - dmaap-dr-node: - enabled: true -oof: - enabled: true -msb: - enabled: true multicloud: enabled: true -nbi: - enabled: true policy: enabled: true portal-ng: @@ -101,6 +63,16 @@ sdc: enabled: true sdnc: enabled: true + network-name-gen: + enabled: true + dgbuilder: + enabled: true + ueb-listener: + enabled: true + sdnc-ansible-server: + enabled: true + sdnc-web: + enabled: true so: enabled: true strimzi: @@ -109,12 +81,6 @@ strimzi: enabled: true uui: enabled: true -vfc: - enabled: true -vnfsdk: - enabled: true -modeling: - enabled: true platform: enabled: true a1policymanagement: diff --git a/kubernetes/onap/resources/overrides/onap-vfw.yaml b/kubernetes/onap/resources/overrides/onap-vfw.yaml index 14748ddb2e..5ce3a97488 100644 --- a/kubernetes/onap/resources/overrides/onap-vfw.yaml +++ b/kubernetes/onap/resources/overrides/onap-vfw.yaml @@ -25,20 +25,6 @@ aai: enabled: true dcaegen2-services: enabled: true -holmes: - enabled: true -dmaap: - enabled: true - message-router: - enabled: true - dmaap-dr-prov: - enabled: false - dmaap-dr-node: - enabled: false -oof: - enabled: true -msb: - enabled: true policy: enabled: true portal-ng: diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index dc5da35113..6877e33875 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -63,32 +63,14 @@ aai: cassandra: enabled: true replicaCount: 3 -cli: - enabled: false cps: enabled: false dcaegen2-services: enabled: false -dmaap: - enabled: true - message-router: - enabled: true - dmaap-dr-prov: - enabled: true - dmaap-dr-node: - enabled: true -holmes: - enabled: false mariadb-galera: enabled: true -msb: - enabled: false multicloud: enabled: false -nbi: - enabled: false -oof: - enabled: false policy: enabled: false portal-ng: @@ -130,10 +112,5 @@ strimzi: enabled: true uui: enabled: false -vfc: - enabled: false -vnfsdk: - enabled: false cds: enabled: true - diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 5f48a5e2ed..6ca0e26b1e 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -96,6 +96,9 @@ global: # mariadb client image mariadbImage: bitnami/mariadb:10.5.8 + # mongodb server image + mongodbImage: percona/percona-server-mongodb:7.0.5-3 + # nginx server image nginxImage: bitnami/nginx:1.21.4 @@ -199,6 +202,9 @@ global: tls: true # be aware that linkerd is not well tested engine: "istio" # valid value: istio or linkerd + # if nativeSidecars are enabled in Istio, this value can be set to "true" + # and will disable the deployment of sidecar killer containers in jobs + nativeSidecars: false # Global Istio Authorization Policy configuration authorizationPolicies: @@ -297,6 +303,8 @@ global: # to customize the ONAP deployment. ################################################################# +authentication: + enabled: false aai: enabled: false cassandra: diff --git a/kubernetes/oof/.helmignore b/kubernetes/oof/.helmignore deleted file mode 100644 index 68ffb32406..0000000000 --- a/kubernetes/oof/.helmignore +++ /dev/null @@ -1 +0,0 @@ -components/ diff --git a/kubernetes/oof/Chart.yaml b/kubernetes/oof/Chart.yaml deleted file mode 100755 index 6be063fc4c..0000000000 --- a/kubernetes/oof/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Optimization Framework -name: oof -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: oof-has - version: ~13.x-0 - repository: 'file://components/oof-has' - condition: oof-has.enabled - - name: oof-templates - version: ~13.x-0 - repository: 'file://components/oof-templates' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile deleted file mode 100644 index eea1b7aefb..0000000000 --- a/kubernetes/oof/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/oof/components/Makefile b/kubernetes/oof/components/Makefile deleted file mode 100755 index f09e21e75c..0000000000 --- a/kubernetes/oof/components/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/oof/components/oof-has/.helmignore b/kubernetes/oof/components/oof-has/.helmignore deleted file mode 100644 index 68ffb32406..0000000000 --- a/kubernetes/oof/components/oof-has/.helmignore +++ /dev/null @@ -1 +0,0 @@ -components/ diff --git a/kubernetes/oof/components/oof-has/Chart.yaml b/kubernetes/oof/components/oof-has/Chart.yaml deleted file mode 100755 index 79f19c176c..0000000000 --- a/kubernetes/oof/components/oof-has/Chart.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Homing and Allocation Service -name: oof-has -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: etcd - version: ~13.x-0 - repository: '@local' - condition: etcd.enabled - - name: etcd-init - version: ~13.x-0 - repository: '@local' - condition: etcd-init.enabled - - name: oof-has-api - version: ~13.x-0 - repository: 'file://components/oof-has-api' - condition: oof-has-api.enabled - - name: oof-has-controller - version: ~13.x-0 - repository: 'file://components/oof-has-controller' - condition: oof-has-controller.enabled - - name: oof-has-data - version: ~13.x-0 - repository: 'file://components/oof-has-data' - condition: oof-has-data.enabled - - name: oof-has-reservation - version: ~13.x-0 - repository: 'file://components/oof-has-reservation' - condition: oof-has-reservation.enabled - - name: oof-has-solver - version: ~13.x-0 - repository: 'file://components/oof-has-solver' - condition: oof-has-solver.enabled - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - diff --git a/kubernetes/oof/components/oof-has/Makefile b/kubernetes/oof/components/oof-has/Makefile deleted file mode 100644 index 2de7c19587..0000000000 --- a/kubernetes/oof/components/oof-has/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/kubernetes/oof/components/oof-has/components/Makefile deleted file mode 100755 index 6d0030d4cf..0000000000 --- a/kubernetes/oof/components/oof-has/components/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml deleted file mode 100755 index c6c07bd8ef..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Homing and Allocation Servicei - API -name: oof-has-api -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: oof-templates - version: ~13.x-0 - repository: 'file://../../../oof-templates' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt deleted file mode 100755 index 1ec56d38b3..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml deleted file mode 100755 index 703d8bb7c4..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Copyright (C) 2020 Wipro Limited. -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/sh","-c"] - args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"] - ports: - - containerPort: {{ .Values.uwsgi.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.uwsgi.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.uwsgi.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: {{ include "oof.etcd.env" . | nindent 10 }} - volumeMounts: - - mountPath: /usr/local/etc/conductor/conductor.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: conductor.conf - - mountPath: /usr/local/bin/log.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: log.conf - resources: {{ include "common.resources" . | nindent 12 }} - - name: {{ include "common.name" . }}-nginx - image: {{ include "repositoryGenerator.image.nginx" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /bin/sh - args: - - "-c" - - | - /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh - ports: - - containerPort: {{ .Values.service.internalPort }} - name: http - {{- if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /opt/bitnami/nginx/conf/nginx.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: nginx.conf - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ .Values.global.commonConfigPrefix }}-config - configMap: - name: {{ .Values.global.commonConfigPrefix }}-configmap - items: - - key: nginx.conf - path: nginx.conf - - key: conductor.conf - path: conductor.conf - - key: log.conf - path: log.conf - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml deleted file mode 100644 index 2afc5dad2a..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{/*# Copyright © 2020 Samsung, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml deleted file mode 100644 index c5fe2be5da..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml deleted file mode 100755 index b77b592c08..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml deleted file mode 100755 index 0d7bd7c995..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware -# Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -global: # global defaults - nodePortPrefix: 302 - image: - optf_has: onap/optf-has:2.3.1 - -################################################################# -# secrets metaconfig -################################################################# -secrets: - - uid: oof-has-etcd-secret - name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.etcd.appUser }}' - password: '{{ .Values.config.etcd.appPassword }}' - passwordPolicy: required - -config: - etcd: - appUser: user - appPassword: pass - -service: - type: NodePort - name: oof-has-api - internalPort: 8091 - ports: - - name: http - port: 8091 - nodePort: '75' - -#backend container info -uwsgi: - internalPort: 8080 -replicaCount: 1 -nodeSelector: {} -affinity: {} -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -ingress: - enabled: false - service: - - baseaddr: "oof-has-api" - name: "oof-has-api" - port: 8091 - config: - ssl: "redirect" - -readinessCheck: - wait_for: - apps: - - oof-has-controller - -#Pods Service Account -serviceAccount: - nameOverride: oof-has-api - roles: - - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml deleted file mode 100755 index 9c155e8525..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Homing and Allocation Sservice - Controller -name: oof-has-controller -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: oof-templates - version: ~13.x-0 - repository: 'file://../../../oof-templates' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml deleted file mode 100755 index 2367da742e..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - python - args: - - /usr/local/bin/conductor-controller - - --config-file=/usr/local/bin/conductor.conf - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if .Values.liveness.enabled }} - livenessProbe: - exec: - command: - - cat - - /usr/local/bin/healthy.sh - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - exec: - command: - - cat - - /usr/local/bin/healthy.sh - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: {{ include "oof.etcd.env" . | nindent 10 }} - volumeMounts: - - mountPath: /usr/local/bin/conductor.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: conductor.conf - - mountPath: /usr/local/bin/log.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: log.conf - - mountPath: /usr/local/bin/healthy.sh - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: healthy.sh - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ .Values.global.commonConfigPrefix }}-config - configMap: - name: {{ .Values.global.commonConfigPrefix }}-configmap - items: - - key: conductor.conf - path: conductor.conf - - key: log.conf - path: log.conf - - key: healthy.sh - path: healthy.sh - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml deleted file mode 100644 index c5fe2be5da..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml deleted file mode 100755 index 7cbfafbc76..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -global: - image: - optf_has: onap/optf-has:2.3.1 - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: oof-has-etcd-secret - name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.etcd.appUser }}' - password: '{{ .Values.config.etcd.appPassword }}' - passwordPolicy: required - -config: - etcd: - appUser: user - appPassword: pass - -ingress: - enabled: false -replicaCount: 1 -nodeSelector: {} -affinity: {} -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -readinessCheck: - wait_for: - jobs: - - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job' - -#Pods Service Account -serviceAccount: - nameOverride: oof-has-controller - roles: - - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml deleted file mode 100755 index 142f6e563e..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Homing and Allocation Service - Data Component -name: oof-has-data -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: oof-templates - version: ~13.x-0 - repository: 'file://../../../oof-templates' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml deleted file mode 100755 index 765d3dbda4..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - python - args: - - /usr/local/bin/conductor-data - - --config-file=/usr/local/bin/conductor.conf - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if .Values.liveness.enabled }} - livenessProbe: - exec: - command: - - cat - - /usr/local/bin/healthy.sh - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - exec: - command: - - cat - - /usr/local/bin/healthy.sh - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: {{ include "oof.etcd.env" . | nindent 10 }} - volumeMounts: - - mountPath: /usr/local/bin/conductor.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: conductor.conf - - mountPath: /usr/local/bin/log.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: log.conf - - mountPath: /usr/local/bin/healthy.sh - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: healthy.sh - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ .Values.global.commonConfigPrefix }}-config - configMap: - name: {{ .Values.global.commonConfigPrefix }}-configmap - items: - - key: conductor.conf - path: conductor.conf - - key: log.conf - path: log.conf - - key: healthy.sh - path: healthy.sh - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml deleted file mode 100644 index c5fe2be5da..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml deleted file mode 100755 index 37e131ba91..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -global: - image: - optf_has: onap/optf-has:2.3.1 - -################################################################# -# secrets metaconfig -################################################################# -secrets: - - uid: oof-has-etcd-secret - name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.etcd.appUser }}' - password: '{{ .Values.config.etcd.appPassword }}' - passwordPolicy: required - -config: - etcd: - appUser: user - appPassword: pass - -ingress: - enabled: false -replicaCount: 1 -nodeSelector: {} -affinity: {} -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -readinessCheck: - wait_for: - jobs: - - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job' - -#Pods Service Account -serviceAccount: - nameOverride: oof-has-data - roles: - - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml deleted file mode 100755 index 2e7666ca06..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Homing and Allocation Sevice - Reservation Component -name: oof-has-reservation -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: oof-templates - version: ~13.x-0 - repository: 'file://../../../oof-templates' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml deleted file mode 100755 index d7b53346e9..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - python - args: - - /usr/local/bin/conductor-reservation - - --config-file=/usr/local/bin/conductor.conf - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if .Values.liveness.enabled }} - livenessProbe: - exec: - command: - - cat - - /usr/local/bin/healthy.sh - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - readinessProbe: - exec: - command: - - cat - - /usr/local/bin/healthy.sh - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - {{ end -}} - env: {{ include "oof.etcd.env" . | nindent 10 }} - volumeMounts: - - mountPath: /usr/local/bin/conductor.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: conductor.conf - - mountPath: /usr/local/bin/log.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: log.conf - - mountPath: /usr/local/bin/healthy.sh - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: healthy.sh - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ .Values.global.commonConfigPrefix }}-config - configMap: - name: {{ .Values.global.commonConfigPrefix }}-configmap - items: - - key: conductor.conf - path: conductor.conf - - key: log.conf - path: log.conf - - key: healthy.sh - path: healthy.sh - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml deleted file mode 100644 index c5fe2be5da..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml deleted file mode 100755 index 6a1bc53582..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -global: - image: - optf_has: onap/optf-has:2.3.1 - -################################################################# -# secrets metaconfig -################################################################# -secrets: - - uid: oof-has-etcd-secret - name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.etcd.appUser }}' - password: '{{ .Values.config.etcd.appPassword }}' - passwordPolicy: required - -config: - etcd: - appUser: user - appPassword: pass - -ingress: - enabled: false -replicaCount: 1 -nodeSelector: {} -affinity: {} -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -readinessCheck: - wait_for: - jobs: - - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job' - -#Pods Service Account -serviceAccount: - nameOverride: oof-has-reservation - roles: - - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml deleted file mode 100755 index 7fe3d0c8ca..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Homing and Allocation Service - Solver Component -name: oof-has-solver -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: oof-templates - version: ~13.x-0 - repository: 'file://../../../oof-templates' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml deleted file mode 100755 index 5d9c0763b5..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - python - args: - - /usr/local/bin/conductor-solver - - --config-file=/usr/local/bin/conductor.conf - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if .Values.liveness.enabled }} - livenessProbe: - exec: - command: - - cat - - /usr/local/bin/healthy.sh - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - exec: - command: - - cat - - /usr/local/bin/healthy.sh - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: {{ include "oof.etcd.env" . | nindent 10 }} - volumeMounts: - - mountPath: /usr/local/bin/conductor.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: conductor.conf - - mountPath: /usr/local/bin/log.conf - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: log.conf - - mountPath: /usr/local/bin/healthy.sh - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: healthy.sh - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ .Values.global.commonConfigPrefix }}-config - configMap: - name: {{ .Values.global.commonConfigPrefix }}-configmap - items: - - key: conductor.conf - path: conductor.conf - - key: log.conf - path: log.conf - - key: healthy.sh - path: healthy.sh - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml deleted file mode 100644 index c5fe2be5da..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml deleted file mode 100755 index e0a9b0cdd1..0000000000 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -global: - image: - optf_has: onap/optf-has:2.3.1 - -################################################################# -# secrets metaconfig -################################################################# -secrets: - - uid: oof-has-etcd-secret - name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.etcd.appUser }}' - password: '{{ .Values.config.etcd.appPassword }}' - passwordPolicy: required - -config: - etcd: - appUser: user - appPassword: pass - -ingress: - enabled: false -replicaCount: 1 -nodeSelector: {} -affinity: {} -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -readinessCheck: - wait_for: - jobs: - - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job' - -#Pods Service Account -serviceAccount: - nameOverride: oof-has-solver - roles: - - read diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf deleted file mode 100755 index 511c0cd6de..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf +++ /dev/null @@ -1,706 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware, Intel Corporation. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -[DEFAULT] - -# -# From conductor -# - -# Configuration file for WSGI definition of API. (string value) -api_paste_config = /usr/local/etc/conductor/api_paste.ini - -# Music keyspace for content (string value) -#keyspace = conductor - -# Delay time (Seconds) for MUSIC requests. Set it to 2 seconds by default. -# (integer value) -#delay_time = 2 - -# (boolean value) -#HPA_enabled = true - -# -# From oslo.log -# - -# If set to true, the logging level will be set to DEBUG instead of the default -# INFO level. (boolean value) -# Note: This option can be changed without restarting. -#debug = false -debug = true - -# The name of a logging configuration file. This file is appended to any -# existing logging configuration files. For details about logging configuration -# files, see the Python logging module documentation. Note that when logging -# configuration files are used then all logging configuration is set in the -# configuration file and other logging configuration options are ignored (for -# example, logging_context_format_string). (string value) -# Note: This option can be changed without restarting. -# Deprecated group/name - [DEFAULT]/log_config -#log_config_append = <None> -log_config_append = /usr/local/bin/log.conf - -# Defines the format string for %%(asctime)s in log records. Default: -# %(default)s . This option is ignored if log_config_append is set. (string -# value) -#log_date_format = %Y-%m-%d %H:%M:%S - -# (Optional) Name of log file to send logging output to. If no default is set, -# logging will go to stderr as defined by use_stderr. This option is ignored if -# log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logfile -#log_file = <None> - -# (Optional) The base directory used for relative log_file paths. This option -# is ignored if log_config_append is set. (string value) -# Deprecated group/name - [DEFAULT]/logdir -#log_dir = <None> - -# Uses logging handler designed to watch file system. When log file is moved or -# removed this handler will open a new log file with specified path -# instantaneously. It makes sense only if log_file option is specified and -# Linux platform is used. This option is ignored if log_config_append is set. -# (boolean value) -#watch_log_file = false - -# Use syslog for logging. Existing syslog format is DEPRECATED and will be -# changed later to honor RFC5424. This option is ignored if log_config_append -# is set. (boolean value) -#use_syslog = false - -# Enable journald for logging. If running in a systemd environment you may wish -# to enable journal support. Doing so will use the journal native protocol -# which includes structured metadata in addition to log messages.This option is -# ignored if log_config_append is set. (boolean value) -#use_journal = false - -# Syslog facility to receive log lines. This option is ignored if -# log_config_append is set. (string value) -#syslog_log_facility = LOG_USER - -# Use JSON formatting for logging. This option is ignored if log_config_append -# is set. (boolean value) -#use_json = false - -# Log output to standard error. This option is ignored if log_config_append is -# set. (boolean value) -#use_stderr = false - -# Format string to use for log messages with context. (string value) -#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s - -# Format string to use for log messages when context is undefined. (string -# value) -#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s - -# Additional data to append to log message when logging level for the message -# is DEBUG. (string value) -#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d - -# Prefix each line of exception output with this format. (string value) -#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s - -# Defines the format string for %(user_identity)s that is used in -# logging_context_format_string. (string value) -#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s - -# List of package logging levels in logger=LEVEL pairs. This option is ignored -# if log_config_append is set. (list value) -#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO - -# Enables or disables publication of error events. (boolean value) -#publish_errors = false - -# The format for an instance that is passed with the log message. (string -# value) -#instance_format = "[instance: %(uuid)s] " - -# The format for an instance UUID that is passed with the log message. (string -# value) -#instance_uuid_format = "[instance: %(uuid)s] " - -# Interval, number of seconds, of log rate limiting. (integer value) -#rate_limit_interval = 0 - -# Maximum number of logged messages per rate_limit_interval. (integer value) -#rate_limit_burst = 0 - -# Log level name used by rate limiting: CRITICAL, ERROR, INFO, WARNING, DEBUG -# or empty string. Logs with level greater or equal to rate_limit_except_level -# are not filtered. An empty string means that all levels are filtered. (string -# value) -#rate_limit_except_level = CRITICAL - -# Enables or disables fatal status of deprecations. (boolean value) -#fatal_deprecations = false - -[auth] -appkey = "" - -[aaf_api] - -# -# From conductor -# - -# is_aaf_enabled. (boolean value) -is_aaf_enabled = false - -# aaf_cache_expiry_hrs. (integer value) -aaf_cache_expiry_hrs = 3 - -# aaf_url. (string value) -aaf_url = - -# aaf_cert_file. (string value) -#aaf_cert_file = <None> - -# aaf_cert_key_file. (string value) -#aaf_cert_key_file = <None> - -# aaf_ca_bundle_file. (string value) -#aaf_ca_bundle_file = -aaf_ca_bundle_file = - -# aaf_retries. (integer value) -#aaf_retries = 3 - -# aaf_timeout. (integer value) -#aaf_timeout = 100 - -# aaf_user_roles. (list value) -#aaf_permissions = {"type": "org.onap.oof.access","instance": "*","action": "*"} - - -[aaf_sms] - -# -# From conductor -# - -# is_enabled. (boolean value) -is_enabled = false - -# Base URL for SMS, up to and not including the version, and without a trailing -# slash. (string value) -aaf_sms_url = - - -# Timeout for SMS API Call (integer value) -#aaf_sms_timeout = 30 - -# Path to the cacert that will be used to verify If this is None, verify will -# be False and the server certis not verified by the client. (string value) -#aaf_ca_certs = AAF_RootCA.cer -aaf_ca_certs = /usr/local/bin/AAF_RootCA.cer - -# Domain UUID - A unique UUID generated when the domainfor HAS is created by -# administrator during deployment (string value) -#secret_domain = has - - -[aai] - -# -# From conductor -# - -# Interval with which to refresh the local cache, in minutes. (integer value) -#cache_refresh_interval = 1440 -cache_refresh_interval = 1 - -# Interval with which to refresh the local complex cache, in minutes. (integer -# value) -#complex_cache_refresh_interval = 1440 -complex_cache_refresh_interval = 60 - -# Data Store table prefix. (string value) -#table_prefix = aai - -# Base URL for A&AI, up to and not including the version, and without a -# trailing slash. (string value) -server_url = http://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai - -# Timeout for A&AI Rest Call (string value) -#aai_rest_timeout = 30 - -# Number of retry for A&AI Rest Call (string value) -#aai_retries = 3 - -# The version of A&AI in v# format. (string value) -server_url_version = v21 - -# SSL/TLS certificate file in pem format. This certificate must be registered -# with the A&AI endpoint. (string value) -certificate_file = - -# Private Certificate Key file in pem format. (string value) -certificate_key_file = - -# Certificate Authority Bundle file in pem format. Must contain the appropriate -# trust chain for the Certificate file. (string value) -#certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = - -# Username for AAI. (string value) -username = OOF - -# Password for AAI. (string value) -password = OOF - - -[api] - -# -# From conductor -# - -# Toggle Pecan Debug Middleware. (boolean value) -#pecan_debug = false - -# Default maximum number of items returned by API request. (integer value) -# Minimum value: 1 -#default_api_return_limit = 100 - -[conductor_api] - -# -# From conductor -# - -# Base URL for plans. (string value) -#server_url = - -# username for plans. (string value) -#username = -username = admin1 - -# password for plans. (string value) -#password = -password = plan.15 - -# auth toggling. (boolean value) -basic_auth_secure = true - - -[controller] - -# -# From conductor -# - -# Timeout for planning requests. Default value is 10. (integer value) -# Minimum value: 1 -#timeout = 10 -timeout = 200 - -# Maximum number of result sets to return. Default value is 1. (integer value) -# Minimum value: 1 -#limit = 1 - -# Number of workers for controller service. Default value is 1. (integer value) -# Minimum value: 1 -#workers = 1 - -# Set to True when controller will run in active-active mode. When set to -# False, controller will flush any abandoned messages at startup. The -# controller always restarts abandoned template translations at startup. -# (boolean value) -#concurrent = false -concurrent = true - -# Time between checking for new plans. Default value is 1. (integer value) -# Minimum value: 1 -#polling_interval = 1 - -# (integer value) -# Minimum value: 1 -#max_translation_counter = 1 - -# (string value) -opt_schema_file = /opt/has/conductor/etc/conductor/opt_schema.json - -[data] - -# -# From conductor -# - -# Number of workers for data service. Default value is 1. (integer value) -# Minimum value: 1 -#workers = 1 - -# Set to True when data will run in active-active mode. When set to False, data -# will flush any abandoned messages at startup. (boolean value) -#concurrent = false -concurrent = true - -# Default value is -8000, which is the diameter of the earth. The distance -# cannot larger than this value (floating point value) -#existing_placement_cost = -8000.0 - -# (floating point value) -#cloud_candidate_cost = 2.0 - -# (floating point value) -#service_candidate_cost = 1.0 - - -[inventory_provider] - -# -# From conductor -# - -# Extensions list to use (list value) -extensions = aai,generator - - -[messaging_server] - -# -# From conductor -# - -# Music keyspace for messages (string value) -#keyspace = conductor_rpc - -# Wait interval while checking for a message response. Default value is 1 -# second. (integer value) -# Minimum value: 1 -#check_interval = 1 - -# Overall message response timeout. Default value is 120 seconds. (integer -# value) -# Minimum value: 1 -#response_timeout = 120 - -# Timeout for detecting a VM is down, and other VMs can pick the plan up. -# Default value is 5 minutes. (integer value) (integer value) -# Minimum value: 1 -timeout = 300 - -# Number of workers for messaging service. Default value is 1. (integer value) -# Minimum value: 1 -#workers = 1 - -# Time between checking for new messages. Default value is 1. (integer value) -# Minimum value: 1 -#polling_interval = 1 - -# Log debug messages. Default value is False. (boolean value) -#debug = false - - -[multicloud] - -# -# From conductor -# - -# Base URL for Multicloud without a trailing slash. (string value) -#server_url = http://msb.onap.org/api/multicloud -server_url = http://{{.Values.config.msb.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.msb.port}}/api/multicloud - -# Timeout for Multicloud Rest Call (string value) -#multicloud_rest_timeout = 30 - -# Number of retry for Multicloud Rest Call (string value) -#multicloud_retries = 3 - -# The version of Multicloud API. (string value) -#server_url_version = v0 - - -[db_options] - -# db_backend to use -db_backend = {{.Values.config.dbBackend}} - -# Use music mock api -music_mock = False - - -[etcd_api] - -# host/ip address of etcd server -host = {{.Values.config.etcd.serviceName}}.{{ include "common.namespace" . }} - -# port of etcd server -port = {{.Values.config.etcd.port}} - -# username for etcd authentication -username = - -# password for etcd authentication -password = - - -[prometheus] - -# -# From conductor -# - -# Prometheus Metrics Endpoint (list value) -#metrics_port = 8000,8001,8002,8003,8004 - - -[reservation] - -# -# From conductor -# - -# Number of workers for reservation service. Default value is 1. (integer -# value) -# Minimum value: 1 -#workers = 1 - -# Number of times reservation/release should be attempted. (integer value) -#reserve_retries = 1 - -# Timeout for detecting a VM is down, and other VMs can pick the plan up and -# resereve. Default value is 600 seconds. (integer value) (integer value) -# Minimum value: 1 -#timeout = 600 - -# Set to True when reservation will run in active-active mode. When set to -# False, reservation will restart any orphaned reserving requests at startup. -# (boolean value) -#concurrent = false -concurrent = true - -# (integer value) -# Minimum value: 1 -#max_reservation_counter = 1 - - -[sdnc] - -# -# From conductor -# - -# Interval with which to refresh the local cache, in minutes. (integer value) -#cache_refresh_interval = 1440 - -# Data Store table prefix. (string value) -#table_prefix = sdnc - -# Base URL for SDN-C, up to and including the version. (string value) -server_url = https://controller:8443/restconf/ - -# Basic Authentication Username (string value) -#username = <None> -username = admin - -# Basic Authentication Password (string value) -#password = <None> -password = Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - -# Timeout for SDNC Rest Call (string value) -#sdnc_rest_timeout = 30 - -# Retry Numbers for SDNC Rest Call (string value) -#sdnc_retries = 3 - -[service_controller] - -# -# From conductor -# - -# Extensions list to use (list value) -#extensions = sdnc - - -[solver] - -# -# From conductor -# - -# Number of workers for solver service. Default value is 1. (integer value) -# Minimum value: 1 -#workers = 1 - -# The timeout value for solver service. Default value is 480 seconds. (integer -# value) -# Minimum value: 1 -#solver_timeout = 480 - -# Set to True when solver will run in active-active mode. When set to False, -# solver will restart any orphaned solving requests at startup. (boolean value) -#concurrent = false -concurrent = true - -# Timeout for detecting a VM is down, and other VMs can pick the plan up. This -# value should be larger than solver_timeoutDefault value is 10 minutes. -# (integer value) (integer value) -# Minimum value: 1 -#timeout = 600 - -# (integer value) -# Minimum value: 1 -#max_solver_counter = 1 - - -[vim_controller] - -# -# From conductor -# - -# Extensions list to use (list value) -#extensions = multicloud - - -[sdc] - -# -# From conductor -# - -# Data Store table prefix. (string value) -#table_prefix = sdc - -# Base URL for SDC, up to and not including the version, and without a -# trailing slash. (string value) -#server_url = https://controller:8443/sdc -server_url = http://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc - -# Timeout for SDC Rest Call (string value) -#sdc_rest_timeout = 30 - -# Number of retry for SDC Rest Call (string value) -#sdc_retries = 3 - -# The version of A&AI in v# format. (string value) -server_url_version = v1 - -# SSL/TLS certificate file in pem format. This certificate must be registered -# with the SDC endpoint. (string value) -#certificate_file = certificate.pem -certificate_file = - -# Private Certificate Key file in pem format. (string value) -#certificate_key_file = certificate_key.pem -certificate_key_file = - -# Certificate Authority Bundle file in pem format. Must contain the appropriate -# trust chain for the Certificate file. (string value) -#certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = - -# Username for SDC. (string value) -#username = - -# Password for SDC. (string value) -#password = - -temp_path = "/tmp/nsttemplates" - - -[cps] - -# -# From conductor -# - -# Data Store table prefix. (string value) -#table_prefix = cps - -# Base URL for CPS, up to and not including the version, and without a -# trailing slash. (string value) -#yet to be finalized -#server_url = https://cps.api.simpledemo.onap.org:8443/cps -server_url=http://{{.Values.config.cps.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.cps.port}}/ - -# Timeout for CPS Rest Call (string value) -#cps_rest_timeout = 30 - -# Number of retry for CPS Rest Call (string value) -#cps_retries = 3 - - -# SSL/TLS certificate file in pem format. This certificate must be registered -# with the CPS endpoint. (string value) -#certificate_file = certificate.pem -certificate_file = - -# Private Certificate Key file in pem format. (string value) -#certificate_key_file = certificate_key.pem -certificate_key_file = - -# Certificate Authority Bundle file in pem format. Must contain the appropriate -# trust chain for the Certificate file. (string value) -#certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = - -# Username for CPS. (string value) -#username = - -# Password for CPS. (string value) -#password = - -get_ta_list_url = "/api/v1/execute/ran-coverage-area/get_ta_list" - -[dcae] - -# -# From conductor -# -# -# Data Store table prefix. (string value) -#table_prefix = dcae - -# Base URL for DCAE, up to and not including the version, and without a -# trailing slash. (string value) -server_url = http://{{.Values.config.dcae.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}} - -# Timeout for DCAE Rest Call (string value) -#dcae_rest_timeout = 30 - -# Number of retry for DCAE Rest Call (string value) -#dcae_retries = 3 - -# The version of A&AI in v# format. (string value) -server_url_version = v1 - -# SSL/TLS certificate file in pem format. This certificate must be registered -# with the SDC endpoint. (string value) -#certificate_file = certificate.pem -certificate_file = - -# Private Certificate Key file in pem format. (string value) -#certificate_key_file = certificate_key.pem -certificate_key_file = - -# Certificate Authority Bundle file in pem format. Must contain the appropriate -# trust chain for the Certificate file. (string value) -#certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = - -# Username for DCAE. (string value) -#username = - -# Password for DCAE. (string value) -#password = - -get_slice_config_url = "/api/v1/slices-config" diff --git a/kubernetes/oof/components/oof-has/resources/config/healthy.sh b/kubernetes/oof/components/oof-has/resources/config/healthy.sh deleted file mode 100755 index 5495e4271b..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/healthy.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{/* -# Controller is a process that reads from Music Q -# It uses no ports (TCP or HTTP). The PROB will check -# if the controller process exists or not. In case -# it exists, it will send 0, else send 1 so k8s can i -# restart the container -*/}} - -pid="$(pgrep -f '/usr/local/bin/conductor')" -if [ -z "$pid" ] -then - echo 1 -else - echo 0 -fi diff --git a/kubernetes/oof/components/oof-has/resources/config/log.conf b/kubernetes/oof/components/oof-has/resources/config/log.conf deleted file mode 100755 index c9bf3fabc9..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/log.conf +++ /dev/null @@ -1,82 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -[loggers] -keys=root - -[handlers] -keys=trfhand,consoleHandler,audithand,metrichand,errhand,debughand - -[logger_root] -level=NOTSET -handlers=trfhand,consoleHandler,audithand,metrichand,errhand,debughand - -[handler_consoleHandler] -class=StreamHandler -level=INFO -formatter=generic -args=(sys.stdout,) - -[handler_trfhand] -class=handlers.TimedRotatingFileHandler -level=NOTSET -formatter=generic -args=('/var/log/conductor/application.log','midnight', 1, 10) - -[handler_audithand] -class=handlers.TimedRotatingFileHandler -level=INFO -formatter=audit -args=('/var/log/conductor/audit.log', 'midnight', 1, 10) - -[handler_metrichand] -class=handlers.TimedRotatingFileHandler -level=INFO -formatter=metric -args=('/var/log/conductor/metric.log','midnight', 1, 10) - -[handler_errhand] -class=handlers.TimedRotatingFileHandler -level=ERROR -formatter=error -args=('/var/log/conductor/error.log','midnight', 1, 10) - -[handler_debughand] -class=handlers.TimedRotatingFileHandler -level=DEBUG -formatter=generic -args=('/var/log/conductor/debug.log','midnight', 1, 10) - -[formatters] -keys=generic,audit,metric,error - -[formatter_audit] -format=%(asctime)s|%(asctime)s|00000000-0000-0000-0000-000000000000||%(thread)d||Conductor|N/A|COMPLETE|200|sucessful||%(levelname)s|||0|%(module)s|||||||||%(name)s : [-] %(message)s -datefmt= - -[formatter_metric] -format=%(asctime)s|%(asctime)s|00000000-0000-0000-0000-000000000000||%(thread)d||Conductor|N/A|N/A|N/A|COMPLETE|200|sucessful||%(levelname)s|||0|%(module)s||||||||||%(name)s : [-] %(message)s -datefmt= - -[formatter_error] -format=%(asctime)s|00000000-0000-0000-0000-000000000000|%(thread)d|Conductor|N/A|N/A|N/A|ERROR|500|N/A|%(name)s : [-] %(message)s -datefmt= - -[formatter_generic] -format=%(asctime)s||%(thread)d|%(levelname)s|%(module)s|%(name)s: [-] %(message)s -datefmt= diff --git a/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml b/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml deleted file mode 100755 index 8b1e926e10..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf deleted file mode 100644 index 1c1094dacb..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf +++ /dev/null @@ -1,27 +0,0 @@ -events { - worker_connections 768; - # multi_accept on; -} - -http { - # ... - upstream conductor_uwsgi { - server 127.0.0.1:8080; - } - - server { - - listen 8091; - server_name oof; - - location / { - include /opt/bitnami/nginx/conf/uwsgi_params; - uwsgi_pass conductor_uwsgi; - - uwsgi_param Host $host; - uwsgi_param X-Real-IP $remote_addr; - uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for; - uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto; - } - } -} diff --git a/kubernetes/oof/components/oof-has/templates/configmap.yaml b/kubernetes/oof/components/oof-has/templates/configmap.yaml deleted file mode 100755 index 35581366e6..0000000000 --- a/kubernetes/oof/components/oof-has/templates/configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.global.commonConfigPrefix }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/oof/components/oof-has/templates/secret.yaml b/kubernetes/oof/components/oof-has/templates/secret.yaml deleted file mode 100644 index c5fe2be5da..0000000000 --- a/kubernetes/oof/components/oof-has/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml deleted file mode 100755 index 33558c4567..0000000000 --- a/kubernetes/oof/components/oof-has/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware -# Modifications Copyright © 2018 Intel Corporation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - commonConfigPrefix: onap-oof-has - image: - optf_has: onap/optf-has:2.3.1 - persistence: - enabled: true - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: oof-has-etcd-root-password - name: &root-password '{{ include "common.release" . }}-has-etcd-root-password' - type: password - password: '{{ .Values.config.etcd.rootPassword }}' - policy: generate - - uid: oof-has-etcd-secret - name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.etcd.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.etcd.appUser }}' - password: '{{ .Values.config.etcd.appPassword }}' - passwordPolicy: generate - -pullPolicy: Always -nodePortPrefix: 302 -dataRootDir: /dockerdata-nfs -config: - dbBackend: etcd - aai: - serviceName: aai - port: 80 - msb: - serviceName: msb-iag - port: 80 - sdc: - serviceName: sdc-be - port: 8080 - cps: - serviceName: cps-tbdmt - port: 8080 - dcae: - serviceName: dcae-slice-analysis-ms - port: 8080 - etcd: - serviceName: &etcd-service oof-has-etcd - port: 2379 - appUser: conductor -# rootPassword: -# appPassword: -# userCredentialsExternalSecret: -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "2Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "4Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} - -#component overrides -oof-has-api: &has-config - enabled: true - config: - etcd: - userCredentialsExternalSecret: *user-creds - configJobNameOverride: &job-name oof-has-etcd-config -oof-has-controller: *has-config -oof-has-data: *has-config -oof-has-reservation: *has-config -oof-has-solver: *has-config - -#etcd subchart configurations -etcd: - enabled: true - replicaCount: 3 - nameOverride: &etcd-container oof-has-etcd - service: - name: *etcd-service - persistence: - mountSubPath: oof/etcd/data - enabled: true - flavor: &etcd-flavor large - resources: &etcd-resources - small: - limits: - cpu: "100m" - memory: "300Mi" - requests: - cpu: "10m" - memory: "70Mi" - large: - limits: - cpu: "200m" - memory: "1Gi" - requests: - cpu: "50m" - memory: "300Mi" - unlimited: {} - -etcd-init: - enabled: true - nameOverride: *job-name - etcd: - serviceName: *etcd-service - port : 2379 - containerName: *etcd-container - config: - userRootSecret: *root-password - userCredentialsExternalSecret: *user-creds - appRole: conductor - keyPrefix: conductor - flavor: *etcd-flavor - resources: *etcd-resources - serviceAccount: - nameOverride: *job-name - -# Python doesn't support well dollar sign in password -passwordStrengthOverride: basic diff --git a/kubernetes/oof/components/oof-templates/Chart.yaml b/kubernetes/oof/components/oof-templates/Chart.yaml deleted file mode 100755 index 946be1fd2d..0000000000 --- a/kubernetes/oof/components/oof-templates/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP OOF helm templates -name: oof-templates -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - diff --git a/kubernetes/oof/components/oof-templates/templates/_secret.tpl b/kubernetes/oof/components/oof-templates/templates/_secret.tpl deleted file mode 100644 index 0b04f7120b..0000000000 --- a/kubernetes/oof/components/oof-templates/templates/_secret.tpl +++ /dev/null @@ -1,6 +0,0 @@ -{{- define "oof.etcd.env" -}} -- name: OS_ETCD_API__USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-has-etcd-secret" "key" "login") | indent 2 }} -- name: OS_ETCD_API__PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-has-etcd-secret" "key" "password") | indent 2 }} -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/oof/components/oof-templates/values.yaml b/kubernetes/oof/components/oof-templates/values.yaml deleted file mode 100644 index a97238e9af..0000000000 --- a/kubernetes/oof/components/oof-templates/values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml deleted file mode 100644 index 394bece9d9..0000000000 --- a/kubernetes/oof/resources/config/conf/common_config.yaml +++ /dev/null @@ -1,175 +0,0 @@ -osdf_system: - libpath: /opt/app/osdf/libs - osdf_ports: - internal: 8699 # inside the Docker container, the app listens to this port - external: 8698 # clients use this port on DockerHost - osdf_ip_default: 0.0.0.0 - -osdf_temp: # special configuration required for "workarounds" or testing - local_policies: - global_disabled: True - local_placement_policies_enabled: True - local_slice_selection_policies_enabled: True - local_nst_selection_policies_enabled: True - placement_policy_dir_vcpe: "./test/policy-local-files/" - placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components) - - Affinity_vCPE_1.json - - Attribute_vNS_1.json - #- Capacity_vGMuxInfra.json - #- Capacity_vG_1.json - - Distance_vG_1.json - - Distance_vGMuxInfra_1.json - - hpa_policy_vG_1.json - - hpa_policy_vGMuxInfra_1.json - - Placement_Optimization_1.json - - QueryPolicy_vCPE.json - - vnfPolicy_vG.json - - vnfPolicy_vGMuxInfra.json - placement_policy_dir_vfw: "./test/policy-local-files/" - placement_policy_files_vfw: # workaroud for policy platform glitches (or "work-arounds" for other components) - #- Capacity_vFW_1.json - - Distance_vFW_1.json - - hpa_policy_vFW_1.json - - Placement_Optimization_1.json - - QueryPolicy_vFW.json - - vnfPolicy_vFW.json - placement_policy_dir_vfw_td: "./test/policy-local-files/" - placement_policy_files_vfw_td: - - vnfPolicy_vFW_TD.json - - vnfPolicy_vPGN_TD.json - - affinity_vFW_TD.json - - QueryPolicy_vFW_TD.json - slice_selection_policy_dir_embb-nst: "./test/policy-local-files/slice-selection-files/" - slice_selection_policy_files_embb-nst: - - query_policy_nsi.json - - threshold_policy_nsi.json - - vnf_policy_nsi_shared_case.json - nst_selection_policy_dir_nst: "./test/policy-local-files/nst-selection-files/" - nst_selection_policy_files_nst: - - query_policy_nst.json - - attribute_policy_nst.json - - vnf_policy_nst.json - - optimization_policy_nst.json - -service_info: - vCPE: - vcpeHostName: requestParameters.vcpeHostName - e2eVpnKey: requestParameters.e2eVpnKey - vFW: - vcpeHostName: requestParameters.vcpeHostName - e2eVpnKey: requestParameters.e2eVpnKey - -references: - service_name: - source: request - value: serviceInfo.serviceName - resource: - source: request - value: placementInfo.placementDemands.resourceModuleName - subscriber_role: - source: onap.policies.optimization.SubscriberPolicy - value: properties.properties.subscriberRole - resource_sharing_level: - source: request - value: serviceProfile.resourceSharingLevel - slice_scope: - source: request - value: slice_scope - reuse_preference: - source: request - value: preferReuse - -policy_info: - prioritization_attributes: - policy_type: - - type - resources: - - properties.resources - - properties.objectiveParameter.parameterAttributes.resources - service_name: - - properties.services - - slice_selection: - policy_fetch: by_scope - policy_scope: - - - scope: - - get_param: slice_scope - services: - - get_param: service_name - resources: - - get_param: service_name - - nst_selection: - policy_fetch: by_scope - policy_scope: - - - scope: - - OSDF_GUILIN - services: - - nst - resources: - - nst - - nsst_selection: - policy_fetch: by_scope - policy_scope: - - - scope: - - OSDF_GUILIN - services: - - nsst - resources: - - nsst - - subnet_selection: - policy_fetch: by_scope - policy_scope: - - scope: - - OSDF_GUILIN - services: - - get_param: service_name - resources: - - get_param: service_name - - placement: - policy_fetch: by_scope - policy_scope: - - - scope: - - OSDF_FRANKFURT - geography: - - US - services: - - get_param: service_name - resources: - - get_param: resource - # - - # - get_param: service_name - # - get_param: subscriber_role - default: # if no explicit service related information is needed - policy_fetch: by_name - policy_scope: none - -PCI: - ML: - average_ho_threshold: 10000 - latest_ho_threshold: 500 - DES: - service_id: ho_metric - filter: - interval: 10 - ml_enabled: false - -nxi_termination: - query_templates: - nsi: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','e2eserviceprofile-service')" - nsi_with_profile: "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}') > service-instance*('service-role','e2eserviceprofile-service')('service-instance-id','{{ printf "{{profile_id}}" }}')" - nssi: - - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'CN') > service-instance*('service-role','nsi')" - - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'TN_BH') > service-instance*('service-role','nsi')" - - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN') > service-instance*('service-role','nsi')" - - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN_NF') > service-instance*('workload-context','AN')" - - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'TN_MH') > service-instance*('workload-context','AN')" - - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'TN_FH') > service-instance*('workload-context','AN')" - - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN_NF') > service-instance*('workload-context','AN')" diff --git a/kubernetes/oof/resources/config/conf/log.yml b/kubernetes/oof/resources/config/conf/log.yml deleted file mode 100644 index 3966ea28c0..0000000000 --- a/kubernetes/oof/resources/config/conf/log.yml +++ /dev/null @@ -1,101 +0,0 @@ -version: 1 -disable_existing_loggers: True - -loggers: - error: - handlers: [error_handler, console_handler] - level: "WARN" - propagate: True - debug: - handlers: [debug_handler, console_handler] - level: "DEBUG" - propagate: True - metrics: - handlers: [metrics_handler, console_handler] - level: "INFO" - propagate: True - audit: - handlers: [audit_handler, console_handler] - level: "INFO" - propagate: True -handlers: - debug_handler: - level: "DEBUG" - class: "logging.handlers.TimedRotatingFileHandler" - filename: "logs/debug.log" - formatter: "debugFormat" - when: midnight - interval: 1 - utc: True - delay: False - backupCount: 10 - error_handler: - level: "WARN" - class: "logging.handlers.TimedRotatingFileHandler" - filename: "logs/error.log" - formatter: "errorFormat" - when: midnight - interval: 1 - utc: True - delay: False - backupCount: 10 - metrics_handler: - level: "INFO" - class: "logging.handlers.TimedRotatingFileHandler" - filename: "logs/metrics.log" - formatter: "metricsFormat" - when: midnight - interval: 1 - utc: True - delay: False - backupCount: 10 - audit_handler: - level: "INFO" - class: "logging.handlers.TimedRotatingFileHandler" - filename: "logs/audit.log" - formatter: "auditFormat" - when: midnight - interval: 1 - utc: True - delay: False - backupCount: 10 - console_handler: - level: "DEBUG" - class: "logging.StreamHandler" - formatter: "metricsFormat" - -formatters: - standard: - format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - debugFormat: - format: "%(mdc)s" - datefmt: "%Y-%m-%dT%H:%M:%S" - mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s" - (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter - errorFormat: - format: "%(mdc)s" - datefmt: "%Y-%m-%dT%H:%M:%S" - mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\ - |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s" - (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter - auditFormat: - format: "%(mdc)s" - datefmt: "%Y-%m-%dT%H:%M:%S" - mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\ - |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\ - |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\ - |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s" - (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter - metricsFormat: - format: "%(mdc)s" - datefmt: "%Y-%m-%dT%H:%M:%S" - mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\ - |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\ - |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\ - |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s" - (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter - mdcFormat: - format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s" - mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}" - (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter - diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml deleted file mode 100755 index 818d4f340a..0000000000 --- a/kubernetes/oof/resources/config/conf/osdf_config.yaml +++ /dev/null @@ -1,76 +0,0 @@ -placementVersioningEnabled: {{ .Values.config.placementVersioningEnabled }} - -# Placement API latest version numbers to be set in HTTP header -placementMajorVersion: {{ .Values.config.placementMajorVersion }} -placementMinorVersion: {{ .Values.config.placementMinorVersion }} -placementPatchVersion: {{ .Values.config.placementPatchVersion }} - -# Placement API default version numbers to be set in HTTP header -placementDefaultMajorVersion: {{ .Values.config.placementDefaultMajorVersion }} -placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }} -placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }} - -# Credentials for Conductor -conductorUrl: {{ .Values.config.conductorUrl.http }} -conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }} -conductorMaxRetries: {{ .Values.config.conductorMaxRetries }} -# versions to be set in HTTP header -conductorMinorVersion: {{ .Values.config.conductorMinorVersion }} - -# Policy Platform -- requires ClientAuth, Authorization, and Environment -policyPlatformUrl: {{ .Values.config.policyPlatformUrl.http }} -policyPlatformEnv: {{ .Values.config.policyPlatformEnv }} - -# Credentials for DMaaP -messageReaderHosts: {{ .Values.config.messageReaderHosts }} -messageReaderTopic: {{ .Values.config.messageReaderTopic }} - -# Credentials for SDC -sdcUrl: {{ .Values.config.sdcUrl }} -sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }} - -is_aaf_enabled: False -aaf_cache_expiry_mins: 5 -aaf_url: -aaf_user_roles: - -# Secret Management Service from AAF -aaf_sms_url: -aaf_sms_timeout: 30 -secret_domain: '' -aaf_ca_certs: '' - -configClientType: {{ .Values.config.configClientType }} - -# config db api -configDbUrl: {{ .Values.config.configDbUrl }} -configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }} -configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }} - -# cps api -cpsUrl: {{ .Values.config.cps.Url }} -cpsCellListUrl: {{ .Values.config.cps.cellListUrl }} -cpsNbrListUrl: {{ .Values.config.cps.nbrListUrl }} - -# AAI api -aaiUrl: {{ .Values.config.aaiUrl.http }} -aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }} -aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }} -aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }} -controllerQueryUrl: {{ .Values.config.controllerQueryUrl }} -aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }} -dslQueryPath: /aai/v23/dsl?format= - -#DES api -desUrl: {{ .Values.config.desUrl.http }} -desApiPath: {{ .Values.config.desApiPath }} -desHeaders: - Accept: application/json - Content-Type: application/json -desUsername: {{ .Values.config.desUsername }} -desPassword: {{ .Values.config.desPassword }} - -#key -appkey: '' - -activateConsulConfig: False diff --git a/kubernetes/oof/resources/config/conf/slicing_config.yaml b/kubernetes/oof/resources/config/conf/slicing_config.yaml deleted file mode 100644 index 97ed73d524..0000000000 --- a/kubernetes/oof/resources/config/conf/slicing_config.yaml +++ /dev/null @@ -1,98 +0,0 @@ -app_info: - NSI: - app_name: slice_selection - requirements_field: serviceProfile - model_info: NSTInfo - NSSI: - app_name: subnet_selection - requirements_field: sliceProfile - model_info: NSSTInfo - -attribute_mapping: - camel_to_snake: - maxBandwidth: max_bandwidth - jitter: jitter - sST: sst - latency: latency - resourceSharingLevel: resource_sharing_level - uEMobilityLevel: ue_mobility_level - maxNumberofUEs: max_number_of_ues - dLThptPerUE: dl_thpt_per_ue - uLThptPerUE: ul_thpt_per_ue - sNSSAI: s_nssai - pLMNIdList: plmn_id_list - plmnIdList: plmn_id_List - activityFactor: activity_factor - coverageAreaTAList: coverage_area_ta_list - availability: availability - cSAvailabilityTarget: cs_availability_target - reliability: reliability - cSReliabilityMeanTime: cs_reliability_mean_time - dLThptPerSlice: dl_thpt_per_slice - expDataRateDL: exp_data_rate_dl - uLThptPerSlice: ul_thpt_per_slice - expDataRateUL: exp_data_rate_ul - maxPktSize: max_pkt_size - msgSizeByte: msg_size_byte - maxNumberofConns: max_number_of_conns - maxNumberofPDUSession: max_number_of_pdu_session - termDensity: terminal_density - survivalTime: survival_time - areaTrafficCapDL: area_traffic_cap_dl - areaTrafficCapUL: area_traffic_cap_ul - overallUserDensity: overall_user_density - transferIntervalTarget: transfer_interval_target - expDataRate: exp_data_rate - security: security - maxThroughput: max_throughput - sliceProfileId: slice_profile_id - snssaiList: s_nssai_list - domainType: domain_type - logicInterfaceId: logical_interface_id - ipAddress: ip_address - nextHopInfo: next_hop_info - perfReq: perf_req - - snake_to_camel: - max_bandwidth: maxBandwidth - jitter: jitter - sst: sST - latency: latency - resource_sharing_level: resourceSharingLevel - ue_mobility_level: uEMobilityLevel - max_number_of_ues: maxNumberofUEs - dl_thpt_per_ue: dLThptPerUE - ul_thpt_per_ue: uLThptPerUE - s_nssai: sNSSAI - plmn_id_list: pLMNIdList - plmn_id_List: plmnIdList - activity_factor: activityFactor - coverage_area_ta_list: coverageAreaTAList - availability: availability - cs_availability_target: cSAvailabilityTarget - reliability: reliability - cs_reliability_mean_time: cSReliabilityMeanTime - dl_thpt_per_slice: dLThptPerSlice - exp_data_rate_dl: expDataRateDL - ul_thpt_per_slice: uLThptPerSlice - exp_data_rate_ul: expDataRateUL - max_pkt_size: maxPktSize - msg_size_byte: msgSizeByte - max_number_of_conns: maxNumberofConns - max_number_of_pdu_session: maxNumberofPDUSession - terminal_density: termDensity - survival_time: survivalTime - area_traffic_cap_dl: areaTrafficCapDL - area_traffic_cap_ul: areaTrafficCapUL - overall_user_density: overallUserDensity - transfer_interval_target: transferIntervalTarget - exp_data_rate: expDataRate - security: security - max_throughput: maxThroughput - slice_profile_id: sliceProfileId - s_nssai_list: snssaiList - domain_type: domainType - logical_interface_id: logicInterfaceId - ip_address: ipAddress - next_hop_info: nextHopInfo - perf_req: perfReq diff --git a/kubernetes/oof/templates/NOTES.txt b/kubernetes/oof/templates/NOTES.txt deleted file mode 100644 index acb7dd94b3..0000000000 --- a/kubernetes/oof/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/oof/templates/configmap.yaml b/kubernetes/oof/templates/configmap.yaml deleted file mode 100644 index 59920a63bd..0000000000 --- a/kubernetes/oof/templates/configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/conf/*").AsConfig . | indent 2 }} diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml deleted file mode 100644 index 5eb0fc0c6a..0000000000 --- a/kubernetes/oof/templates/deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /bin/sh - args: - - "-c" - - | - python osdfapp.py - ports: - - containerPort: {{ .Values.service.internalPort }} - name: http - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - volumeMounts: - - mountPath: /opt/osdf/config/osdf_config.yaml - name: {{ include "common.fullname" . }}-config - subPath: osdf_config.yaml - - mountPath: /opt/osdf/config/common_config.yaml - name: {{ include "common.fullname" . }}-config - subPath: common_config.yaml - - mountPath: /opt/osdf/config/log.yml - name: {{ include "common.fullname" . }}-config - subPath: log.yml - - mountPath: /opt/osdf/config/slicing_config.yaml - name: {{ include "common.fullname" . }}-config - subPath: slicing_config.yaml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-configmap - items: - - key: osdf_config.yaml - path: osdf_config.yaml - - key: common_config.yaml - path: common_config.yaml - - key: log.yml - path: log.yml - - key: slicing_config.yaml - path: slicing_config.yaml - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/oof/templates/ingress.yaml b/kubernetes/oof/templates/ingress.yaml deleted file mode 100644 index 99c7f87970..0000000000 --- a/kubernetes/oof/templates/ingress.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# Modifications Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/oof/templates/secret.yaml b/kubernetes/oof/templates/secret.yaml deleted file mode 100644 index c5fe2be5da..0000000000 --- a/kubernetes/oof/templates/secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (C) 2020 Wipro Limited. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/templates/service.yaml b/kubernetes/oof/templates/service.yaml deleted file mode 100644 index 418f89ac93..0000000000 --- a/kubernetes/oof/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T,VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml deleted file mode 100644 index 738df14015..0000000000 --- a/kubernetes/oof/values.yaml +++ /dev/null @@ -1,157 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/optf-osdf:3.0.8 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - msbgateway: msb-iag - msbPort: 80 - placementVersioningEnabled: True - # Placement API latest version numbers to be set in HTTP header - placementMajorVersion: "1" - placementMinorVersion: "0" - placementPatchVersion: "0" - # Placement API default version numbers to be set in HTTP header - placementDefaultMajorVersion: "1" - placementDefaultMinorVersion: "0" - placementDefaultPatchVersion: "0" - - # Url and credentials for Conductor. - conductorUrl: - http: http://oof-has-api:8091/v1/plans/ - conductorPingWaitTime: 10 - conductorMaxRetries: 30 - # versions to be set in HTTP header - conductorMinorVersion: 0 - # Url and credentials for the Policy Platform - policyPlatformUrl: - http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision - policyPlatformEnv: TEST # Environment for policy platform - # Credentials for the message reader - A placeholder. - messageReaderHosts: NA - messageReaderTopic: NA - # Credentials for the SDC interface - A placeholder. - sdcUrl: NA - sdcONAPInstanceID: NA - - configClientType: cps - - # config db api - configDbUrl: http://configdb:8080 - configDbGetCellListUrl: 'api/sdnc-config-db/v3/getCellList' - configDbGetNbrListUrl: 'api/sdnc-config-db/v3/getNbrList' - - # cps api - cps: - url: cps-tbdmt:8080/execute - cellListUrl: 'ran-network/getCellList' - nbrListUrl: 'ran-network/getNbrList' - - #aai api - aaiUrl: - http: http://aai:80 - aaiGetLinksUrl: /aai/v16/network/logical-links - aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/ - aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list - controllerQueryUrl: /aai/v19/query?format=resource - aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up - #des api - desUrl: - http: http://des.url:8080 - desApiPath: /datalake/v1/exposure/ - desUsername: '' - desPassword: '' -# default number of instances -replicaCount: 1 -nodeSelector: {} -affinity: {} -# Resource Limit flavor -By Default using small -flavor: small - -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - - unlimited: {} -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 -service: - type: NodePort - name: oof-osdf - internalPort: 8699 - ports: - - name: http - port: 8698 - nodePort: '48' -ingress: - enabled: false - service: - - baseaddr: "oof-osdf-api" - name: "oof-osdf" - port: 8698 - config: - ssl: "redirect" - -#component overrides - -oof-has: - enabled: true - -readinessCheck: - wait_for: - services: - - policy-xacml-pdp - -#Pods Service Account -serviceAccount: - nameOverride: oof - roles: - - read diff --git a/kubernetes/platform/Chart.yaml b/kubernetes/platform/Chart.yaml index aec56cf9a1..c3f776803e 100644 --- a/kubernetes/platform/Chart.yaml +++ b/kubernetes/platform/Chart.yaml @@ -3,6 +3,7 @@ # Modifications Copyright © 2020 Nokia # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,11 +35,3 @@ dependencies: version: ~13.x-0 repository: '@local' condition: chartmuseum.enabled - - name: keycloak-init - version: ~13.x-0 - repository: '@local' - condition: keycloak-init.enabled - - name: oauth2-proxy - version: ~13.x-0 - repository: '@local' - condition: oauth2-proxy.enabled diff --git a/kubernetes/platform/components/chartmuseum/templates/deployment.yaml b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml index 3956255fb2..fea1a1a614 100644 --- a/kubernetes/platform/components/chartmuseum/templates/deployment.yaml +++ b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml @@ -27,21 +27,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: {{ include "common.podSecurityContext" . | indent 7 | trim}} - initContainers: - - name: volume-permissions - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - "-c" - - | - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} //chartmuseum-persist - securityContext: - runAsUser: 0 - volumeMounts: - - name: chart-persistent - mountPath: "/chartmuseum-persist" containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.image }} diff --git a/kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json b/kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json deleted file mode 100644 index d845c60cfb..0000000000 --- a/kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json +++ /dev/null @@ -1,426 +0,0 @@ -{ - "id": "ONAP", - "realm": "ONAP", - "enabled": true, - "roles": { - "realm": [ - { - "name": "onap_admin", - "description": "User role for administration tasks in the portal.", - "composite": false, - "clientRole": false, - "containerId": "onap", - "attributes": {} - }, - { - "name": "user", - "composite": false, - "clientRole": false, - "containerId": "onap", - "attributes": {} - }, - { - "name": "admin", - "composite": false, - "clientRole": false, - "containerId": "onap", - "attributes": {} - }, - { - "name": "onap_designer", - "description": "User role for designer tasks in the portal.", - "composite": false, - "clientRole": false, - "containerId": "onap", - "attributes": {} - }, - { - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "onap", - "attributes": {} - }, - { - "name": "onap_operator", - "description": "User role for operator tasks in the portal.", - "composite": false, - "clientRole": false, - "containerId": "onap", - "attributes": {} - }, - { - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "onap", - "attributes": {} - }, - { - "name": "default-roles-onap", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "onap", - "attributes": {} - } - ] - }, - "groups": [ - { - "name": "admins", - "path": "/admins", - "attributes": {}, - "realmRoles": [], - "clientRoles": {}, - "subGroups": [] - } - ], - "clients": [ - { - "clientId": "oauth2-proxy", - "name": "Oauth2 Proxy", - "description": "", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "5YSOkJz99WHv8enDZPknzJuGqVSerELp", - "redirectUris": [ - "*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "tls-client-certificate-bound-access-tokens": "false", - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "acr.loa.map": "{}", - "require.pushed.authorization.requests": "false", - "oauth2.device.authorization.grant.enabled": "false", - "display.on.consent.screen": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "token.response.type.bearer.lower-case": "false", - "use.refresh.tokens": "true" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "name": "SDC-User", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "multivalued": "false", - "userinfo.token.claim": "true", - "user.attribute": "sdc_user", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "sdc_user", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "groups", - "microprofile-jwt" - ] - }, - { - "clientId": "portal-app", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "{{ .Values.portalUrl }}/*", - "http://localhost/*" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "true", - "post.logout.redirect.uris": "{{ .Values.portalUrl }}/*", - "oauth2.device.authorization.grant.enabled": "false", - "display.on.consent.screen": "false", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "name": "User-Roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "roles", - "multivalued": "true", - "userinfo.token.claim": "true" - } - }, - { - "name": "SDC-User", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "sdc_user", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "sdc_user", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "clientId" : "portal-bff", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "frontchannel.logout.session.required" : "false", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "use.refresh.tokens" : "true", - "oidc.ciba.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "require.pushed.authorization.requests" : "false", - "saml.client.signature" : "false", - "saml.allow.ecp.flow" : "false", - "id.token.as.detached.signature" : "false", - "saml.assertion.signature" : "false", - "client.secret.creation.time" : "1665048112", - "saml.encrypt" : "false", - "saml.server.signature" : "false", - "exclude.session.state.from.auth.response" : "false", - "saml.artifact.binding" : "false", - "saml_force_name_id_format" : "false", - "acr.loa.map" : "{}", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "token.response.type.bearer.lower-case" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } - ], - "users": [ - { - "createdTimestamp" : 1664965113698, - "username" : "onap-admin", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "attributes" : { - "sdc_user" : [ "cs0008" ] - }, - "credentials" : [ { - "type" : "password", - "createdDate" : 1664965134586, - "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-onap", "onap_admin" ], - "notBefore" : 0, - "groups" : [ ] - }, { - "createdTimestamp" : 1665048354760, - "username" : "onap-designer", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "attributes" : { - "sec_user" : [ "cs0008" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-onap", "onap_designer" ], - "notBefore" : 0, - "groups" : [ ] - }, { - "createdTimestamp" : 1665048547054, - "username" : "onap-operator", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "attributes" : { - "sdc_user" : [ "cs0008" ] - }, - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-onap", "onap_operator" ], - "notBefore" : 0, - "groups" : [ ] - }, { - "createdTimestamp" : 1665048112458, - "username" : "service-account-portal-bff", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "portal-bff", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "default-roles-onap" ], - "clientRoles" : { - "realm-management" : [ "manage-realm", "manage-users" ] - }, - "notBefore" : 0, - "groups" : [ ] - } - ], - "clientScopes": [ - { - "name": "groups", - "description": "Membership to a group", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "gui.order": "", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-group-membership-mapper", - "consentRequired": false, - "config": { - "full.path": "false", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "userinfo.token.claim": "true" - } - } - ] - } - ], - "attributes": { - "frontendUrl": "{{ .Values.KEYCLOAK_URL }}", - "acr.loa.map": "{\"ABC\":\"5\"}" - } -} diff --git a/kubernetes/platform/components/keycloak-init/values.yaml b/kubernetes/platform/components/keycloak-init/values.yaml deleted file mode 100644 index a33ef2c932..0000000000 --- a/kubernetes/platform/components/keycloak-init/values.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright © 2022, Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -global: - # Global ingress configuration - ingress: - enabled: false - virtualhost: - baseurl: "simpledemo.onap.org" - -KEYCLOAK_URL: &kc-url "https://keycloak-ui.simpledemo.onap.org/auth/" -PORTAL_URL: "https://portal-ui.simpledemo.onap.org" - -onap-keycloak-config-cli: - image: - pullSecrets: - - name: onap-docker-registry-key - #existingSecret: "keycloak-keycloakx-admin-creds" - env: - KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/ - KEYCLOAK_SSLVERIFY: "false" - KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true" - secrets: - KEYCLOAK_PASSWORD: secret - existingConfigSecret: "keycloak-config-cli-config-realms" - -serviceAccount: - nameOverride: keycloak-init - roles: - - read diff --git a/kubernetes/platform/components/oauth2-proxy/Chart.yaml b/kubernetes/platform/components/oauth2-proxy/Chart.yaml deleted file mode 100644 index 13da57793c..0000000000 --- a/kubernetes/platform/components/oauth2-proxy/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright © 2022 Deutsche Telekom -# ================================================================================ -# Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE) -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -apiVersion: v2 -version: 13.0.0 -description: ONAP Oauth2-proxy -name: oauth2-proxy -sources: -- https://github.com/oauth2-proxy/manifests - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' - - name: onap-oauth2-proxy - version: 6.10.1 - repository: 'file://components/oauth2-proxy'
\ No newline at end of file diff --git a/kubernetes/platform/components/oauth2-proxy/Makefile b/kubernetes/platform/components/oauth2-proxy/Makefile deleted file mode 100644 index 5970a97115..0000000000 --- a/kubernetes/platform/components/oauth2-proxy/Makefile +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# Modifications Copyright © 2020 Nokia -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/platform/components/oauth2-proxy/components/Makefile b/kubernetes/platform/components/oauth2-proxy/components/Makefile deleted file mode 100755 index 9544d70f33..0000000000 --- a/kubernetes/platform/components/oauth2-proxy/components/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/.helmignore b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/.helmignore deleted file mode 100644 index 825c007791..0000000000 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj - -OWNERS diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml deleted file mode 100644 index 9d31c28541..0000000000 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -metrics: - enabled: true - serviceMonitor: - enabled: true diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt deleted file mode 100644 index aa749e0b9d..0000000000 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that oauth2-proxy has started, run: - - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.name" . }}" diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml deleted file mode 100644 index 7ba0273ab2..0000000000 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.alphaConfig.enabled }} -{{- if not .Values.alphaConfig.existingConfig }} -apiVersion: v1 -kind: ConfigMap -metadata: -{{- if .Values.alphaConfig.annotations }} - annotations: {{- toYaml .Values.alphaConfig.annotations | nindent 4 }} -{{- end }} - labels: - app: {{ template "oauth2-proxy.name" . }} - {{- include "oauth2-proxy.labels" . | indent 4 }} - name: {{ template "oauth2-proxy.fullname" . }}-alpha -data: - oauth2_proxy.yml: | - --- - server: - BindAddress: '0.0.0.0:4180' - {{- if .Values.alphaConfig.serverConfigData }} - {{- toYaml .Values.alphaConfig.serverConfigData | nindent 6 }} - {{- end }} - {{- if .Values.metrics.enabled }} - metricsServer: - BindAddress: '0.0.0.0:44180' - {{- if .Values.alphaConfig.metricsConfigData }} - {{- toYaml .Values.alphaConfig.metricsConfigData | nindent 6 }} - {{- end }} - {{- end }} - {{- if .Values.alphaConfig.configData }} - {{- toYaml .Values.alphaConfig.configData | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml deleted file mode 100644 index 6d0a9d7c59..0000000000 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if or .Values.serviceAccount.enabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - app: {{ template "oauth2-proxy.name" . }} -{{- include "oauth2-proxy.labels" . | indent 4 }} - name: {{ template "oauth2-proxy.serviceAccountName" . }} -automountServiceAccountToken : {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end -}} diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml deleted file mode 100644 index 9c29d1bfd1..0000000000 --- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.servicemonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "oauth2-proxy.fullname" . }} -{{- if .Values.metrics.servicemonitor.namespace }} - namespace: {{ .Values.metrics.servicemonitor.namespace }} -{{- else }} - namespace: {{ .Release.Namespace | quote }} -{{- end }} - labels: - prometheus: {{ .Values.metrics.servicemonitor.prometheusInstance }} - app: {{ template "oauth2-proxy.name" . }} -{{- include "oauth2-proxy.labels" . | indent 4 }} -{{- if .Values.metrics.servicemonitor.labels }} -{{ toYaml .Values.metrics.servicemonitor.labels | indent 4}} -{{- end }} -spec: - jobLabel: {{ template "oauth2-proxy.fullname" . }} - selector: - matchLabels: - {{- include "oauth2-proxy.selectorLabels" . | indent 6 }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: metrics - path: "/metrics" - interval: {{ .Values.metrics.servicemonitor.interval }} - scrapeTimeout: {{ .Values.metrics.servicemonitor.scrapeTimeout }} -{{- end }} diff --git a/kubernetes/platform/components/oauth2-proxy/values.yaml b/kubernetes/platform/components/oauth2-proxy/values.yaml deleted file mode 100644 index 81a9986d3d..0000000000 --- a/kubernetes/platform/components/oauth2-proxy/values.yaml +++ /dev/null @@ -1,74 +0,0 @@ -onap-oauth2-proxy: - # Oauth client configuration specifics - config: - cookieSecret: "CbgXFXDJ16laaCfChtFBpKy1trNEmJZDIjaiaIMLyRA=" - configFile: |- - email_domains = [ "*" ] # Restrict to these E-Mail Domains, a wildcard "*" allows any email - - alphaConfig: - enabled: true - configData: - providers: - - clientID: "oauth2-proxy" - clientSecret: "5YSOkJz99WHv8enDZPknzJuGqVSerELp" - id: oidc-istio - provider: oidc # We use the generic 'oidc' provider - loginURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/auth - #redeemURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/token - redeemURL: http://keycloak-http.keycloak/auth/realms/ONAP/protocol/openid-connect/token - profileURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/userinfo - validateURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/userinfo - scope: "openid email profile groups" - #allowedGroups: - # - admins # List all groups managed at our your IdP which should be allowed access - # - infrateam - # - anothergroup - oidcConfig: - emailClaim: email # Name of the clain in JWT containing the E-Mail - groupsClaim: groups # Name of the claim in JWT containing the Groups - userIDClaim: email # Name of the claim in JWT containing the User ID - audienceClaims: ["aud"] - insecureAllowUnverifiedEmail: true - insecureSkipIssuerVerification: true - skipDiscovery: true # You can try using the well-knwon endpoint directly for auto discovery, here we won't use it - issuerURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP - jwksURL: http://keycloak-http.keycloak/auth/realms/ONAP/protocol/openid-connect/certs - upstreamConfig: - upstreams: - - id: static_200 - path: / - static: true - staticCode: 200 - # Headers that should be added to responses from the proxy - injectResponseHeaders: # Send this headers in responses from oauth2-proxy - - name: X-Auth-Request-Preferred-Username - values: - - claim: preferred_username - - name: X-Auth-Request-Email - values: - - claim: email - - extraArgs: - cookie-secure: "false" - cookie-domain: ".simpledemo.onap.org" # Replace with your base domain - cookie-samesite: lax - cookie-expire: 12h # How long our Cookie is valid - auth-logging: true # Enable / Disable auth logs - request-logging: true # Enable / Disable request logs - standard-logging: true # Enable / Disable the standart logs - show-debug-on-error: true # Disable in production setups - skip-provider-button: true # We only have one provider configured (Keycloak) - silence-ping-logging: true # Keeps our logs clean - whitelist-domain: ".simpledemo.onap.org" # Replace with your base domain - - # Enables and configure the automatic deployment of the redis subchart - redis: - # provision an instance of the redis sub-chart - enabled: false - - -serviceAccount: - nameOverride: oauth2-proxy - roles: - - read - diff --git a/kubernetes/platform/values.yaml b/kubernetes/platform/values.yaml index 5cc7612473..95c98f6eb4 100644 --- a/kubernetes/platform/values.yaml +++ b/kubernetes/platform/values.yaml @@ -34,15 +34,11 @@ global: # Control deployment of Platform services at ONAP installation time chartmuseum: - enabled: true + enabled: false cmpv2-cert-provider: enabled: true oom-cert-service: enabled: true -keycloak-init: - enabled: false -oauth2-proxy: - enabled: false flavor: small # default number of instances diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index b305ef48e1..9b631c7af5 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -1,7 +1,8 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018, 2020 AT&T # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021, 2022, 2023, 2024 Nordix Foundation +# Modifications Copyright © 2021-2024 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,7 @@ apiVersion: v2 description: ONAP Policy name: policy -version: 14.0.0 +version: 14.0.5 dependencies: - name: common @@ -27,7 +28,7 @@ dependencies: - name: mariadb-galera version: ~13.x-0 repository: '@local' - condition: global.mariadbGalera.localCluster + condition: global.mariadbGalera.useInPolicy,global.mariadbGalera.localCluster - name: policy-nexus version: ~14.x-0 repository: 'file://components/policy-nexus' @@ -80,10 +81,6 @@ dependencies: version: ~14.x-0 repository: 'file://components/policy-clamp-runtime-acm' condition: policy-clamp-runtime-acm.enabled - - name: policy-gui - version: ~14.x-0 - repository: 'file://components/policy-gui' - condition: policy-gui.enabled - name: repositoryGenerator version: ~13.x-0 repository: '@local' @@ -96,4 +93,4 @@ dependencies: - name: postgres version: ~13.x-0 repository: '@local' - condition: global.postgres.localCluster + condition: global.postgres.useInPolicy,global.postgres.localCluster diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml index c8a2862326..4ec4725860 100755 --- a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml @@ -2,7 +2,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024 Nordix Foundation -# Modification (C) 2023 Deutsche Telekom. All rights reserved. +# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy APEX PDP name: policy-apex-pdp -version: 14.0.0 +version: 14.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml index de3e6d1004..3b25dc55a3 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml @@ -3,7 +3,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright © 2022 Nordix Foundation -# Modification (C) 2023 Deutsche Telekom. All rights reserved. +# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,6 +30,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: ["/bin/sh", "-cx"] args: @@ -62,8 +63,10 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config + {{ include "common.containerSecurityContext" . | indent 8 | trim }} containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: [ "/bin/sh", "-cx" ] @@ -104,7 +107,8 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: policy-logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} - name: apexconfig-input configMap: name: {{ include "common.fullname" . }}-configmap @@ -112,4 +116,5 @@ spec: - name: apexconfig emptyDir: medium: Memory + sizeLimit: 64Mi {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml index 4259381afe..6fc37c3d01 100644 --- a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml @@ -14,4 +14,3 @@ # limitations under the License. */}} {{ include "common.kafkauser" . }} - diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 3fd1a26f36..0c83a55651 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -2,7 +2,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright © 2022 Nordix Foundation -# Modification (C) 2023 Deutsche Telekom. All rights reserved. +# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -47,7 +47,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:3.1.2 +image: onap/policy-apex-pdp:3.1.3 pullPolicy: Always # flag to enable debugging - application support required @@ -114,12 +114,20 @@ resources: memory: "2Gi" unlimited: {} +securityContext: + user_id: 100 + group_id: 102 + #Pods Service Account serviceAccount: nameOverride: policy-apex-pdp roles: - read +dirSizes: + logDir: + sizeLimit: 500Mi + metrics: serviceMonitor: # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml index 32c22cbe6c..f5c876646b 100755 --- a/kubernetes/policy/components/policy-api/Chart.yaml +++ b/kubernetes/policy/components/policy-api/Chart.yaml @@ -2,7 +2,7 @@ # Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024 Nordix Foundation -# Modification (C) 2023 Deutsche Telekom. All rights reserved. +# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Design API name: policy-api -version: 14.0.0 +version: 14.0.2 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml index 4e73dc0b5b..c39a27bdeb 100644 --- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml +++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2022 Bell Canada. All rights reserved. # Modifications Copyright (C) 2022 AT&T Intellectual Property. # Modification (C) 2023 Deutsche Telekom. All rights reserved. +# Modifications Copyright © 2024 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,7 +32,7 @@ spring: password: "${RESTSERVER_PASSWORD}" mvc.converters.preferred-json-mapper: gson datasource: -{{ if not .Values.global.postgres.localCluster }} +{{ if .Values.global.mariadbGalera.useInPolicy }} url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin driverClassName: org.mariadb.jdbc.Driver username: "${SQL_USER}" diff --git a/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-api/templates/configmap.yaml b/kubernetes/policy/components/policy-api/templates/configmap.yaml index 9ab25fe2ac..6bb96fc1e5 100755 --- a/kubernetes/policy/components/policy-api/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-api/templates/configmap.yaml @@ -37,4 +37,4 @@ binaryData: {{- end }} {{- end }} data: -{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index 8de035e5d1..f89945f90e 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -1,3 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2024 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} @@ -7,15 +27,16 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - /app/ready.py args: - --job-name -{{ if not .Values.global.postgres.localCluster }} - - {{ include "common.release" . }}-policy-galera-config +{{ if .Values.global.mariadbGalera.useInPolicy }} + - {{ include "common.release" . }}-policy-galera-migrator-config {{ else }} - - {{ include "common.release" . }}-policy-pg-config + - {{ include "common.release" . }}-policy-pg-migrator-config {{ end }} env: - name: NAMESPACE @@ -25,6 +46,7 @@ spec: fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} name: {{ include "common.name" . }}-readiness resources: limits: @@ -54,9 +76,11 @@ spec: name: apiconfig-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/api/bin/policy-api.sh"] @@ -85,6 +109,14 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/api/etc/logback.xml + subPath: logback.xml + name: apiconfig-processed - mountPath: /opt/app/policy/api/etc/mounted name: apiconfig-processed resources: {{ include "common.resources" . | nindent 12 }} @@ -105,4 +137,11 @@ spec: - name: apiconfig-processed emptyDir: medium: Memory + sizeLimit: 64Mi + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index c76be2fb23..902268f41a 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -1,7 +1,8 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2022 Bell Canada. All rights reserved. -# Modification (C) 2023 Deutsche Telekom. All rights reserved. +# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved. +# Modifications Copyright © 2024 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +26,9 @@ global: nodePortPrefix: 304 persistence: {} postgres: - localCluster: false + useInPolicy: false + mariadbGalera: + useInPolicy: true ################################################################# # Secrets metaconfig @@ -48,7 +51,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:3.1.2 +image: onap/policy-api:3.1.3 pullPolicy: Always # flag to enable debugging - application support required @@ -77,7 +80,7 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 60 + initialDelaySeconds: 120 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container @@ -89,7 +92,7 @@ readiness: api: /policy/api/v1/healthcheck successThreshold: 1 failureThreshold: 3 - timeout: 60 + timeout: 120 service: type: ClusterIP @@ -125,6 +128,16 @@ resources: memory: "2Gi" unlimited: {} +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: policy-api diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml index e35dd3d6f0..a9d27d60a8 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2022-2024 Nordix Foundation. All rights reserved. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp A1PMS Participant name: policy-clamp-ac-a1pms-ppnt -version: 14.0.0 +version: 14.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml index 31aa1b746a..5bfa825e18 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml @@ -81,5 +81,3 @@ server: context-path: /onap/policy/clamp/acm/a1pmsparticipant ssl: enabled: false - - diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml index d34da146a5..b9eb83b3c5 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2022-2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +28,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - sh @@ -50,9 +52,11 @@ spec: name: ac-a1pms-ppnt-config-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"] @@ -75,6 +79,14 @@ spec: volumeMounts: - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-a1pms-ppnt-config-processed + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/clamp/etc/logback.xml + subPath: logback.xml + name: ac-a1pms-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -93,4 +105,11 @@ spec: - name: ac-a1pms-ppnt-config-processed emptyDir: medium: Memory + sizeLimit: 64Mi + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml index 19f522a71e..66aadf12c7 100644 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml @@ -1,21 +1,21 @@ -{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml index 3f5e7dfc0d..a23e732c8b 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2022-2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,7 +41,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-a1pms-ppnt:7.1.2 +image: onap/policy-clamp-ac-a1pms-ppnt:7.1.3 pullPolicy: Always componentName: &componentName policy-clamp-ac-a1pms-ppnt @@ -115,6 +116,17 @@ resources: cpu: "1" memory: "2Gi" unlimited: {} + +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: *componentName diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml index faa7014a79..979aa4f598 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021-2022, 2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Http Participant name: policy-clamp-ac-http-ppnt -version: 14.0.0 +version: 14.0.1 dependencies: - name: common @@ -31,4 +32,3 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' - diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml index a04c37fe3d..d447360dd9 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -80,4 +80,3 @@ server: context-path: /onap/httpparticipant ssl: enabled: false - diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml index e502c1a091..dd7db7acee 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2021-2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +28,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - sh @@ -50,9 +52,11 @@ spec: name: ac-http-ppnt-config-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/clamp/bin/http-participant.sh"] @@ -75,6 +79,14 @@ spec: volumeMounts: - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-http-ppnt-config-processed + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/clamp/etc/logback.xml + subPath: logback.xml + name: ac-http-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -93,4 +105,11 @@ spec: - name: ac-http-ppnt-config-processed emptyDir: medium: Memory + sizeLimit: 64Mi + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml index e676ff13d7..be2449f890 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml @@ -1,21 +1,21 @@ -{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index 0bcc66e4e1..8593a3d316 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021-2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -41,7 +42,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-http-ppnt:7.1.2 +image: onap/policy-clamp-ac-http-ppnt:7.1.3 pullPolicy: Always componentName: &componentName policy-clamp-ac-http-ppnt @@ -106,6 +107,17 @@ resources: cpu: "1" memory: "2Gi" unlimited: {} + +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: *componentName diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml index aa6d08a3de..5a1cb6e80b 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2021 Nordix Foundation. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021-2022, 2024 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop K8s Participant name: policy-clamp-ac-k8s-ppnt -version: 14.0.0 +version: 14.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml index 8a6cf830ca..efd5a6cd53 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml @@ -33,4 +33,4 @@ data: {{ tpl (.Files.Glob "resources/config/KubernetesParticipantParameters.yaml").AsConfig . | indent 2 }} {{ toYaml .Values.repoList | indent 4 }} {{- end }} -{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml index cfc2fc7fac..a97ab22577 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2021-2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +28,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - sh @@ -50,9 +52,11 @@ spec: name: ac-k8s-ppnt-config-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"] @@ -75,6 +79,14 @@ spec: volumeMounts: - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-k8s-ppnt-config-processed + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/clamp/etc/logback.xml + subPath: logback.xml + name: ac-k8s-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -93,4 +105,11 @@ spec: - name: ac-k8s-ppnt-config-processed emptyDir: medium: Memory + sizeLimit: 64Mi + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml index 2439223192..02a6292df7 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml @@ -36,4 +36,3 @@ subjects: - kind: ServiceAccount name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} namespace: {{ include "common.namespace" . }} - diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index 35530405bd..5e43b94965 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021-2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,7 +43,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-k8s-ppnt:7.1.2 +image: onap/policy-clamp-ac-k8s-ppnt:7.1.3 pullPolicy: Always componentName: &componentName policy-clamp-ac-k8s-ppnt @@ -108,6 +109,16 @@ resources: memory: "2Gi" unlimited: {} +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: *componentName @@ -145,4 +156,3 @@ kafkaUser: - name: *acRuntimeTopic type: topic operations: [Read, Write] - diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml index 44c80ff879..863d07952f 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2023-2024 Nordix Foundation. All rights reserved. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Kserve Participant name: policy-clamp-ac-kserve-ppnt -version: 14.0.0 +version: 14.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml index 89cf9494a3..6613235050 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml @@ -96,5 +96,3 @@ server: context-path: /onap/policy/clamp/acm/kserveparticipant ssl: enabled: false - - diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml index 8574979cbc..3d1f4f8ca3 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +28,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - sh @@ -50,9 +52,11 @@ spec: name: ac-kserve-ppnt-config-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"] @@ -75,6 +79,14 @@ spec: volumeMounts: - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-kserve-ppnt-config-processed + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/clamp/etc/logback.xml + subPath: logback.xml + name: ac-kserve-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -93,4 +105,11 @@ spec: - name: ac-kserve-ppnt-config-processed emptyDir: medium: Memory + sizeLimit: 64Mi + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml index b7e7364eab..6fc37c3d01 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml @@ -1,16 +1,16 @@ -{{/*
-# Copyright © 2023 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{ include "common.kafkauser" . }}
+{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.kafkauser" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml index ac5ee0b72f..073ffe9618 100644 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml @@ -1,38 +1,38 @@ -{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
- - kind: ServiceAccount
- name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
- namespace: {{ include "common.namespace" . }}
+{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} + namespace: {{ include "common.namespace" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml index f19ebf0cb5..6f9868bc0d 100755 --- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -41,7 +42,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-kserve-ppnt:7.1.2 +image: onap/policy-clamp-ac-kserve-ppnt:7.1.3 pullPolicy: Always componentName: &componentName policy-clamp-ac-kserve-ppnt @@ -106,6 +107,17 @@ resources: cpu: "1" memory: "1.4Gi" unlimited: {} + +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: *componentName diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml index f860393f43..4460c18fcd 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021-2022, 2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Policy Participant name: policy-clamp-ac-pf-ppnt -version: 14.0.0 +version: 14.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index 1cd4ba318c..729a455d07 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -98,4 +98,3 @@ server: context-path: /onap/policyparticipant ssl: enabled: false - diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml index 9026309fa1..c29dca9c7d 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2021-2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +28,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - sh @@ -58,9 +60,11 @@ spec: name: ac-pf-ppnt-config-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/clamp/bin/policy-participant.sh"] @@ -83,6 +87,14 @@ spec: volumeMounts: - mountPath: /opt/app/policy/clamp/etc/mounted name: ac-pf-ppnt-config-processed + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/clamp/etc/logback.xml + subPath: logback.xml + name: ac-pf-ppnt-config-processed resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -101,4 +113,11 @@ spec: - name: ac-pf-ppnt-config-processed emptyDir: medium: Memory + sizeLimit: 64Mi + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml index e676ff13d7..be2449f890 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml @@ -1,21 +1,21 @@ -{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index 7fc4f71eeb..97bebd00d2 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021-2023 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -53,7 +54,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-pf-ppnt:7.1.2 +image: onap/policy-clamp-ac-pf-ppnt:7.1.3 pullPolicy: Always componentName: &componentName policy-clamp-ac-pf-ppnt @@ -127,6 +128,17 @@ resources: cpu: "1" memory: "2Gi" unlimited: {} + +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: *componentName diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml index bdd6c99c53..ef9a7494ec 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -1,7 +1,8 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021, 2024 Nordix Foundation. All rights reserved. # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021-2022 Nordix Foundation +# Modifications Copyright © 2021-2024 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Runtime name: policy-clamp-runtime-acm -version: 14.0.0 +version: 14.0.2 dependencies: - name: common @@ -32,5 +33,4 @@ dependencies: repository: '@local' - name: serviceAccount version: ~13.x-0 - repository: '@local' - + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 35e42c589d..2e09397806 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2023 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,8 +25,13 @@ spring: converters: preferred-json-mapper: gson datasource: - url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm + {{ if .Values.global.mariadbGalera.useInPolicy }} + url: jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/clampacm driverClassName: org.mariadb.jdbc.Driver + {{ else }} + url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/clampacm + driverClassName: org.postgresql.Driver + {{ end }} username: ${SQL_USER} password: ${SQL_PASSWORD} hikari: @@ -42,7 +47,11 @@ spring: implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy properties: hibernate: - dialect: org.hibernate.dialect.MariaDB103Dialect + {{ if .Values.global.mariadbGalera.useInPolicy }} + dialect: org.hibernate.dialect.MariaDBDialect + {{ else }} + dialect: org.hibernate.dialect.PostgreSQLDialect + {{ end }} format_sql: true metrics: @@ -105,4 +114,4 @@ management: endpoints: web: exposure: - include: health, metrics, prometheus + include: health, metrics, prometheus
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml index b0ea909e55..5a206b996e 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021-2023 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,12 +28,17 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - - /app/ready.py + - /app/ready.py args: - - --job-name - - {{ include "common.release" . }}-policy-galera-config + - --job-name +{{ if .Values.global.mariadbGalera.useInPolicy }} + - {{ include "common.release" . }}-policy-galera-migrator-config +{{ else }} + - {{ include "common.release" . }}-policy-pg-migrator-config +{{ end }} env: - name: NAMESPACE valueFrom: @@ -41,7 +47,8 @@ spec: fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-galera-config-readiness + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + name: {{ include "common.name" . }}-db-config-readiness resources: limits: cpu: "100m" @@ -60,14 +67,16 @@ spec: - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - name: RUNTIME_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }} - name: RUNTIME_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} - name: SASL_JAAS_CONFIG valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config +{{- end }} volumeMounts: - mountPath: /config-input name: ac-runtime-config @@ -75,9 +84,11 @@ spec: name: ac-runtime-config-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"] @@ -98,19 +109,39 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - mountPath: /opt/app/policy/clamp/etc/mounted - name: ac-runtime-config-processed + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/clamp/etc/logback.xml + subPath: logback.xml + name: ac-runtime-config-processed + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-runtime-config-processed resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} - name: ac-runtime-config configMap: name: {{ include "common.fullname" . }}-configmap @@ -118,4 +149,5 @@ spec: - name: ac-runtime-config-processed emptyDir: medium: Memory + sizeLimit: 64Mi {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index 6f2f230d3b..eb974d6ed2 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2023 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,10 @@ global: nodePortPrefixExt: 304 persistence: {} + postgres: + useInPolicy: false + mariadbGalera: + useInPolicy: true #Strimzi Kafka properties kafkaTopics: acRuntimeTopic: @@ -48,7 +53,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-runtime-acm:7.1.2 +image: onap/policy-clamp-runtime-acm:7.1.3 pullPolicy: Always componentName: &componentName policy-clamp-runtime-acm @@ -84,8 +89,10 @@ db: user: policy-user password: policy_user service: - name: policy-mariadb - internalPort: 3306 + mariadbName: policy-mariadb + mariadbPort: 3306 + pgName: policy-pg-primary + pgPort: 5432 # default number of instances replicaCount: 1 @@ -96,7 +103,7 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 60 + initialDelaySeconds: 120 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container @@ -122,7 +129,6 @@ serviceMesh: authorizationPolicy: authorizedPrincipals: - serviceAccount: strimzi-kafka-read - - serviceAccount: policy-gui-read flavor: small resources: @@ -142,6 +148,16 @@ resources: memory: "2Gi" unlimited: {} +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: *componentName @@ -150,8 +166,8 @@ serviceAccount: wait_for_job_container: containers: - - '{{ include "common.release" . }}-policy-galera-config' + - '{{ include "common.release" . }}-galera-migrator-config' customNaming: toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement - toscaCompositionName: org.onap.policy.clamp.acm.AutomationComposition
\ No newline at end of file + toscaCompositionName: org.onap.policy.clamp.acm.AutomationComposition diff --git a/kubernetes/policy/components/policy-distribution/Chart.yaml b/kubernetes/policy/components/policy-distribution/Chart.yaml index 3de47d06e9..b2d1cde724 100755 --- a/kubernetes/policy/components/policy-distribution/Chart.yaml +++ b/kubernetes/policy/components/policy-distribution/Chart.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +22,7 @@ apiVersion: v2 description: ONAP Policy Distribution name: policy-distribution -version: 14.0.0 +version: 14.0.1 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index 62a3bfc98e..fe08271288 100755 --- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2020 AT&T Intellectual Property. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +28,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - sh @@ -57,9 +59,11 @@ spec: name: distributionconfig image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: @@ -86,6 +90,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/distribution/etc/logback.xml + subPath: logback.xml + name: distributionconfig - mountPath: /opt/app/policy/distribution/etc/mounted name: distributionconfig resources: {{ include "common.resources" . | nindent 12 }} @@ -106,4 +118,11 @@ spec: - name: distributionconfig emptyDir: medium: Memory + sizeLimit: 64Mi + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index ba160c86b2..f93dffe1ee 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright (C) 2023 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -58,7 +59,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:3.1.2 +image: onap/policy-distribution:3.1.3 pullPolicy: Always # flag to enable debugging - application support required @@ -141,6 +142,16 @@ resources: memory: "1Gi" unlimited: {} +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: policy-distribution diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml index 63c4984ac9..25060ae593 100755 --- a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml @@ -2,6 +2,7 @@ # Modifications Copyright © 2018, 2020 AT&T Intellectual Property # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,7 @@ apiVersion: v2 description: ONAP Drools Policy Engine (PDP-D) name: policy-drools-pdp -version: 14.0.0 +version: 14.0.2 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index 2e6efae345..dc7f788405 100755..100644 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -2,6 +2,7 @@ # Copyright © 2017-2018 Amdocs, Bell Canada. # Modifications Copyright (C) 2018-2020, 2022 AT&T Intellectual Property. # Modifications Copyright (C) 2021 Bell Canada. All rights reserved. +# Modifications Copyright (C) 2024 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,7 @@ # JVM options -JVM_OPTIONS={{.Values.server.jvmOpts}} +JVM_OPTIONS={{ .Values.server.jvmOpts | quote }} # SYSTEM software configuration @@ -40,11 +41,21 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}} # Relational (SQL) DB access -SQL_HOST={{ .Values.db.name }} -SQL_PORT=3306 -JDBC_URL=jdbc:mariadb://{{ .Values.db.name }}:3306/ +{{ if .Values.global.mariadbGalera.useInPolicy }} +SQL_HOST={{ .Values.db.mariadbName }} +SQL_PORT={{ .Values.db.mariadbPort }} +JDBC_URL=jdbc:mariadb://{{ .Values.db.mariadbName }}:{{ .Values.db.mariadbPort }}/ JDBC_OPTS= +JDBC_DRIVER=org.mariadb.jdbc.Driver MYSQL_CMD= +{{ else }} +SQL_HOST={{ .Values.db.pgName }} +SQL_PORT={{ .Values.db.pgPort }} +JDBC_URL=jdbc:postgresql://{{ .Values.db.pgName }}:{{ .Values.db.pgPort }}/ +JDBC_OPTS= +JDBC_DRIVER=org.postgresql.Driver +MYSQL_CMD= +{{ end }} # Liveness LIVENESS_CONTROLLERS=* @@ -92,7 +103,15 @@ DCAE_CONSUMER_GROUP=dcae.policy.shared # Open DMaaP KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} +KAFKA_ADDITIONAL_PROPS="{ + \"group.id\": \"${GROUP_ID}\", + \"security.protocol\": \"SASL_PLAINTEXT\", + \"sasl.mechanism\": \"${SASL}\", + \"sasl.jaas.config\": \"${JAASLOGIN}\" + }" + DMAAP_HTTPS="false" +KAFKA_HTTPS="false" # AAI @@ -122,4 +141,4 @@ SDNC_CONTEXT_URI=restconf/operations/ # CDS CDS_GRPC_HOST={{.Values.cds.grpc.svcName}} -CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}} +CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties new file mode 100644 index 0000000000..d4577b577a --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties @@ -0,0 +1,37 @@ +### +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2024 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +#Database properties +{{ if .Values.global.mariadbGalera.useInPolicy }} +jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver +jakarta.persistence.jdbc.url=${envd:JDBC_URL}pooling${envd:JDBC_OPTS} +jakarta.persistence.jdbc.user=${envd:SQL_USER} +jakarta.persistence.jdbc.password=${envd:SQL_PASSWORD} +{{ else }} +jakarta.persistence.jdbc.driver=org.postgresql.Driver +jakarta.persistence.jdbc.url=${envd:JDBC_URL}pooling${envd:JDBC_OPTS} +jakarta.persistence.jdbc.user=${envd:SQL_USER} +jakarta.persistence.jdbc.password=${envd:SQL_PASSWORD} +{{ end }} + +# default property values are commented out +#distributed.locking.expire.check.seconds=900 +#distributed.locking.retry.seconds=60 +#distributed.locking.max.retries=2
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties new file mode 100644 index 0000000000..26e10122da --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties @@ -0,0 +1,41 @@ +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright (C) 2024 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +lifecycle.pdp.group=${envd:POLICY_PDP_PAP_GROUP:defaultGroup} +lifecycle.pdp.type=${envd:POLICY_PDP_PAP_TYPE:drools} + +# Mandatory policy types that this PDP-D must support at a minimum +lifecycle.pdp.policytypes=${envd:POLICY_PDP_PAP_POLICYTYPES} + +kafka.source.topics=${envd:POLICY_PDP_PAP_TOPIC} +kafka.sink.topics=${envd:POLICY_PDP_PAP_TOPIC} + +kafka.source.topics.policy-pdp-pap.servers=${envd:KAFKA_SERVERS} +kafka.source.topics.policy-pdp-pap.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC} +kafka.source.topics.policy-pdp-pap.apiKey=${envd:POLICY_PDP_PAP_API_KEY} +kafka.source.topics.policy-pdp-pap.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET} +kafka.source.topics.policy-pdp-pap.https=${envd:KAFKA_HTTPS:false} +kafka.source.topics.policy-pdp-pap.additionalProps=${envd:KAFKA_ADDITIONAL_PROPS} + +kafka.sink.topics.policy-pdp-pap.servers=${envd:KAFKA_SERVERS} +kafka.sink.topics.policy-pdp-pap.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC} +kafka.sink.topics.policy-pdp-pap.apiKey=${envd:POLICY_PDP_PAP_API_KEY} +kafka.sink.topics.policy-pdp-pap.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET} +kafka.sink.topics.policy-pdp-pap.https=${envd:KAFKA_HTTPS:false} +kafka.sink.topics.policy-pdp-pap.additionalProps=${envd:KAFKA_ADDITIONAL_PROPS} diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-messages.conf index 006388af61..c9277b69d3 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-messages.conf @@ -1,6 +1,7 @@ {{/* # Copyright 2018-2019 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada. +# Modifications Copyright © 2024 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,4 +16,4 @@ # limitations under the License. */}} -POOLING_TOPIC=pooling +POOLING_TOPIC=policy-pdp-pooling diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml index c7322b1f94..3f45b2f6e0 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml @@ -16,4 +16,3 @@ */}} {{ include "common.service" . }} - diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index ba0e2d1a41..a24476cc74 100755..100644 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -1,6 +1,8 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property +# Modifications Copyright (C) 2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,12 +27,17 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - /app/ready.py args: - --job-name - - {{ include "common.release" . }}-policy-galera-config +{{ if .Values.global.mariadbGalera.useInPolicy }} + - {{ include "common.release" . }}-policy-galera-migrator-config +{{ else }} + - {{ include "common.release" . }}-policy-pg-migrator-config +{{ end }} env: - name: NAMESPACE valueFrom: @@ -39,6 +46,7 @@ spec: fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-db-readiness resources: limits: @@ -69,6 +77,7 @@ spec: value: {{ .Values.config.app.listener.policyPdpPapTopic }} image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-readiness resources: limits: @@ -78,12 +87,43 @@ spec: cpu: "3m" memory: "20Mi" {{- end }} + - command: + - sh + args: + - -c + - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done + env: + - name: KAFKA_URL + value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }} + - name: SASL + value: {{ .Values.kafkaUser.authenticationType | upper }} + - name: GROUP_ID + value: {{ .Values.config.kafka.consumer.groupId }} + {{- if .Values.global.useStrimziKafka }} + - name: JAASLOGIN + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config + {{- end }} + volumeMounts: + - mountPath: /config-input + name: drools-config + - mountPath: /config + name: drools-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["sh","-c"] - args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] + args: + - ls /tmp/policy-install; + /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: @@ -107,27 +147,58 @@ spec: - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: - {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} - - mountPath: /tmp/policy-install/config/{{ base $path }} - name: drools-secret - subPath: {{ base $path }} - {{- end }} - {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} - - mountPath: /tmp/policy-install/config/{{ base $path }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/etc/profile.d/base.conf + subPath: base.conf + name: drools-config-processed + - mountPath: /opt/app/policy/etc/profile.d/credentials.conf + subPath: credentials.conf + name: drools-config-processed + - mountPath: /opt/app/policy/etc/profile.d/feature-pooling-messages.conf + subPath: feature-pooling-messages.conf + name: drools-config-processed + - mountPath: /opt/app/policy/config/feature-lifecycle.properties + subPath: feature-lifecycle.properties + name: drools-config-processed + - mountPath: /opt/app/policy/config/engine-system.properties + subPath: engine-system.properties + name: drools-config-processed + - mountPath: /opt/app/policy/config/feature-distributed-locking.properties + subPath: feature-distributed-locking.properties + name: drools-config-processed + - mountPath: /opt/app/policy/config/logback.xml + subPath: logback.xml name: drools-config - subPath: {{ base $path }} - {{- end }} + - mountPath: /opt/app/policy/config/settings.xml + subPath: settings.xml + name: drools-config-processed resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} - name: drools-config configMap: name: {{ include "common.fullname" . }}-configmap @@ -137,6 +208,10 @@ spec: path: {{ base $path }} mode: 0755 {{- end }} + - name: drools-config-processed + emptyDir: + medium: Memory + sizeLimit: 64Mi - name: drools-secret secret: secretName: {{ include "common.fullname" . }}-secret diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 992cf01938..f22d642e95 100755..100644 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -1,6 +1,8 @@ # Copyright © 2017 Amdocs # Copyright © 2017, 2021 Bell Canada # Modifications Copyright © 2018-2022 AT&T Intellectual Property +# Modifications Copyright (C) 2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +21,10 @@ ################################################################# global: nodePortPrefix: 302 - + postgres: + useInPolicy: false + mariadbGalera: + useInPolicy: true ################################################################# # Secrets metaconfig ################################################################# @@ -41,7 +46,9 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:2.1.2 +# The newest images have been tested with SASL and Postgres. The images released next will have the relevant fixes +image: onap/policy-pdpd-cl:2.1.3 + pullPolicy: Always # flag to enable debugging - application support required @@ -86,7 +93,7 @@ serviceMesh: - serviceAccount: strimzi-kafka-read server: - jvmOpts: -server -XshowSettings:vm + jvmOpts: "-server -XshowSettings:vm" telemetry: user: demo@people.osaaf.org @@ -100,7 +107,10 @@ nexus: offline: true db: - name: policy-mariadb + mariadbName: policy-mariadb + pgName: policy-pg-primary + mariadbPort: 3306 + pgPort: 5432 user: policy-user password: policy_user @@ -171,6 +181,16 @@ resources: memory: "1.6Gi" unlimited: {} +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: policy-drools-pdp @@ -218,3 +238,47 @@ kafkaUser: type: topic patternType: prefix operations: [ Create, Describe, Read, Write ] + - name: a1-p-rsp + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: a1-p + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: appc-cl + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: appc-lcm-read + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: appc-lcm-write + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: dcae_cl_rsp + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: unauthenticated.dcae_cl_output + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: dcae_topic + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: policy-cl-mgt + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: sdnr-cl-rsp + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] + - name: sdnr-cl + type: topic + patternType: prefix + operations: [ Create, Describe, Read, Write ] diff --git a/kubernetes/policy/components/policy-gui/Chart.yaml b/kubernetes/policy/components/policy-gui/Chart.yaml deleted file mode 100644 index 28972b59b0..0000000000 --- a/kubernetes/policy/components/policy-gui/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021, 2024 Nordix Foundation -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -apiVersion: v2 -description: ONAP Policy GUI -name: policy-gui -version: 14.0.0 - -dependencies: - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/policy/components/policy-gui/resources/config/application.yml b/kubernetes/policy/components/policy-gui/resources/config/application.yml deleted file mode 100644 index f81a1b452a..0000000000 --- a/kubernetes/policy/components/policy-gui/resources/config/application.yml +++ /dev/null @@ -1,19 +0,0 @@ -server: - port: 2443 - ssl: - enabled: false - -clamp: - url: - disable-ssl-validation: true - disable-ssl-hostname-check: true - -apex-editor: - upload-url: - upload-userid: - -management: - endpoints: - web: - exposure: - include: health, metrics, prometheus diff --git a/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 0b3951726b..0000000000 --- a/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,59 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/policy/components/policy-gui/resources/config/logback.xml b/kubernetes/policy/components/policy-gui/resources/config/logback.xml deleted file mode 100644 index c20df8329d..0000000000 --- a/kubernetes/policy/components/policy-gui/resources/config/logback.xml +++ /dev/null @@ -1,118 +0,0 @@ -<!-- - ============LICENSE_START======================================================= - policy-gui - ================================================================================ - Copyright (C) 2021-2022 Nordix Foundation. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - --> - -<configuration scan="true" scanPeriod="30 seconds" debug="false"> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>TRACE</level> - </filter> - <encoder> - <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - </pattern> - </encoder> - </appender> - - <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${POLICY_LOGS}/error.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> - <fileNamePattern>${POLICY_LOGS}/error.%d{yyyy-MM-dd}.%i.log.zip - </fileNamePattern> - <maxFileSize>50MB</maxFileSize> - <maxHistory>30</maxHistory> - <totalSizeCap>10GB</totalSizeCap> - </rollingPolicy> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>TRACE</level> - </filter> - <encoder> - <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> - </encoder> - </appender> - - <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender"> - <appender-ref ref="ERROR" /> - </appender> - - <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${POLICY_LOGS}/debug.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> - <fileNamePattern>${POLICY_LOGS}/debug.%d{yyyy-MM-dd}.%i.log.zip - </fileNamePattern> - <maxFileSize>50MB</maxFileSize> - <maxHistory>30</maxHistory> - <totalSizeCap>10GB</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> - </encoder> - </appender> - - <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender"> - <appender-ref ref="DEBUG" /> - </appender> - - <appender name="NETWORK" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${POLICY_LOGS}/network.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> - <fileNamePattern>${POLICY_LOGS}/network.%d{yyyy-MM-dd}.%i.log.zip - </fileNamePattern> - <maxFileSize>50MB</maxFileSize> - <maxHistory>30</maxHistory> - <totalSizeCap>10GB</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> - </encoder> - </appender> - - <appender name="asyncNetwork" class="ch.qos.logback.classic.AsyncAppender"> - <appender-ref ref="NETWORK" /> - </appender> - - <logger name="network" level="TRACE" additivity="false"> - <appender-ref ref="asyncNetwork" /> - </logger> - - <logger name="org.apache" level="TRACE" additivity="false"> - <appender-ref ref="DEBUG" /> - </logger> - - <!-- Spring related loggers --> - <logger name="org.springframework" level="TRACE" additivity="false"> - <appender-ref ref="DEBUG" /> - </logger> - - <!-- GUI related loggers --> - <logger name="org.onap.policy.gui" level="TRACE" additivity="false"> - <appender-ref ref="ERROR" /> - <appender-ref ref="DEBUG" /> - </logger> - - <!-- logback internals logging --> - <logger name="ch.qos.logback.classic" level="INFO" /> - <logger name="ch.qos.logback.core" level="INFO" /> - - <root level="TRACE"> - <appender-ref ref="asyncDebug" /> - <appender-ref ref="asyncError" /> - <appender-ref ref="asyncNetwork" /> - <appender-ref ref="STDOUT" /> - </root> -</configuration> diff --git a/kubernetes/policy/components/policy-gui/templates/NOTES.txt b/kubernetes/policy/components/policy-gui/templates/NOTES.txt deleted file mode 100644 index e44f333e11..0000000000 --- a/kubernetes/policy/components/policy-gui/templates/NOTES.txt +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit https://127.0.0.1:8443 to use your application" - kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml deleted file mode 100644 index 7158c0263f..0000000000 --- a/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-gui/templates/configmap.yaml b/kubernetes/policy/components/policy-gui/templates/configmap.yaml deleted file mode 100644 index 9426b0f54f..0000000000 --- a/kubernetes/policy/components/policy-gui/templates/configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*.{xml,yaml,yml}").AsConfig . | indent 2 }} - -{{ include "common.log.configMap" . }} diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml deleted file mode 100644 index a236d5f558..0000000000 --- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml +++ /dev/null @@ -1,127 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: POLICY_LOGS - value: {{ .Values.log.path }} - volumeMounts: - - mountPath: /config-input - name: policy-gui-config - - mountPath: /config - name: policy-gui-config-processed - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /app/ready.py - args: - - --service-name - - policy-clamp-runtime-acm - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - # side car containers - {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} - # main container - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/opt/app/policy/gui/bin/policy-gui.sh"] - env: - - name: CLAMP_URL - value: http://policy-clamp-runtime-acm:6969 - ports: {{ include "common.containerPorts" . | nindent 12 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - name: logs - mountPath: {{ .Values.log.path }} - - mountPath: /opt/app/policy/gui/etc/application.yml - name: policy-gui-config-processed - subPath: application.yml - - mountPath: /opt/app/policy/gui/etc/logback.xml - name: policy-gui-config-processed - subPath: logback.xml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }} - - name: logs - emptyDir: {} - {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} - - name: policy-gui-config - configMap: - name: {{ include "common.fullname" . }}-configmap - defaultMode: 0755 - - name: policy-gui-config-processed - emptyDir: - medium: Memory - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-gui/templates/ingress.yaml b/kubernetes/policy/components/policy-gui/templates/ingress.yaml deleted file mode 100644 index e3dd7cb0f6..0000000000 --- a/kubernetes/policy/components/policy-gui/templates/ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/policy/components/policy-gui/templates/secrets.yaml b/kubernetes/policy/components/policy-gui/templates/secrets.yaml deleted file mode 100644 index 2af7fae2d9..0000000000 --- a/kubernetes/policy/components/policy-gui/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml deleted file mode 100644 index 36406228d5..0000000000 --- a/kubernetes/policy/components/policy-gui/templates/service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml deleted file mode 100644 index 6d9b712250..0000000000 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ /dev/null @@ -1,130 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -################################################################# -# Global configuration defaults. -################################################################# -global: # global defaults - nodePortPrefix: 304 - centralizedLoggingEnabled: true - -subChartsOnly: - enabled: true - -flavor: small - -# application image -image: onap/policy-gui:3.1.2 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# log configuration -log: - path: /var/log/onap/policy/gui - -################################################################# -# Application configuration defaults. -################################################################# -config: - log: - logstashServiceName: log-ls - logstashPort: 5044 - dataRootDir: /dockerdata-nfs - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 3 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - -service: - type: NodePort - name: policy-gui - internalPort: 2443 - ports: - - name: http - port: 2443 - nodePort: 43 - - # see https://wiki.onap.org/display/DW/OOM+NodePort+List - -ingress: - enabled: false - service: - - baseaddr: "policy-ui" - name: "policy-gui" - port: 2443 - config: - ssl: "redirect" - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: istio-ingress - namespace: istio-ingress - - #resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: "1" - memory: "700Mi" - requests: - cpu: "0.5" - memory: "700Mi" - large: - limits: - cpu: "2" - memory: "1.4Gi" - requests: - cpu: "1" - memory: "1.4Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: policy-gui - roles: - - read diff --git a/kubernetes/policy/components/policy-nexus/Chart.yaml b/kubernetes/policy/components/policy-nexus/Chart.yaml index 8d04647a75..dcb3c3ac72 100755 --- a/kubernetes/policy/components/policy-nexus/Chart.yaml +++ b/kubernetes/policy/components/policy-nexus/Chart.yaml @@ -2,6 +2,7 @@ # Modifications Copyright © 2018-2020 AT&T # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,7 @@ apiVersion: v2 description: ONAP Policy Nexus name: policy-nexus -version: 14.0.0 +version: 14.0.2 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml index 3d03338836..fe183cfa24 100755 --- a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,16 +25,19 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: ["sh", "-c", "chown -R 200:200 /share"] image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-init volumeMounts: - mountPath: /share name: nexus-data containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} diff --git a/kubernetes/policy/components/policy-nexus/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml index 6aee4ca230..8d13879023 100755 --- a/kubernetes/policy/components/policy-nexus/templates/service.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml @@ -15,4 +15,4 @@ # limitations under the License. */}} -{{ include "common.service" . }}
\ No newline at end of file +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml index f10d55dcee..cc75a9fe15 100755 --- a/kubernetes/policy/components/policy-nexus/values.yaml +++ b/kubernetes/policy/components/policy-nexus/values.yaml @@ -1,5 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property +# Modifications Copyright © 2024 Deutsche Telekom +# Modifications Copyright (C) 2024 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,6 +21,10 @@ global: nodePortPrefix: 302 persistence: {} + postgres: + useInPolicy: false + mariadbGalera: + useInPolicy: true ################################################################# # Application configuration defaults. @@ -97,6 +103,10 @@ resources: memory: "1Gi" unlimited: {} +securityContext: + user_id: 100 + group_id: 102 + #Pods Service Account serviceAccount: nameOverride: policy-nexus diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index 0634118a4f..2122e6fb3f 100755 --- a/kubernetes/policy/components/policy-pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -3,6 +3,7 @@ # Modified Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +23,7 @@ apiVersion: v2 description: ONAP Policy Administration (PAP) name: policy-pap -version: 14.0.0 +version: 14.0.2 dependencies: - name: common @@ -33,4 +34,4 @@ dependencies: repository: '@local' - name: serviceAccount version: ~13.x-0 - repository: '@local' + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 614116ae23..58dfc9f497 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2022 Bell Canada. All rights reserved. -# Modifications Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2022-2024 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ spring: converters: preferred-json-mapper: gson datasource: -{{ if not .Values.global.postgres.localCluster }} +{{ if .Values.global.mariadbGalera.useInPolicy }} url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin driverClassName: org.mariadb.jdbc.Driver username: "${SQL_USER}" @@ -34,9 +34,6 @@ spring: hikari: maximumPoolSize: 20 jpa: - properties: - hibernate: - dialect: org.hibernate.dialect.MariaDB103Dialect hibernate: ddl-auto: none naming: @@ -58,10 +55,6 @@ spring: naming: physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy - properties: - hibernate: - dialect: org.hibernate.dialect.PostgreSQLDialect - format_sql: true {{ end }} server: @@ -73,7 +66,6 @@ server: pap: name: PapGroup - aaf: false topic: pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }} notification.name: {{ .Values.config.kafka.topics.policyNotification }} @@ -151,13 +143,6 @@ pap: password: "${API_PASSWORD}" useHttps: false basePath: policy/api/v1/healthcheck - - clientName: distribution - hostname: policy-distribution - port: 6969 - userName: "${DISTRIBUTION_USER}" - password: "${DISTRIBUTION_PASSWORD}" - useHttps: false - basePath: healthcheck management: endpoints: diff --git a/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 9ca8b84a47..f7c400865f 100755..100644 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -2,6 +2,8 @@ # ============LICENSE_START======================================================= # Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright (C) 2022 Bell Canada. All rights reserved. +# Modifications Copyright (C) 2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,23 +30,26 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - - /app/ready.py + - /app/ready.py args: - - --job-name -{{ if not .Values.global.postgres.localCluster }} - - {{ include "common.release" . }}-policy-galera-config + - --job-name +{{ if .Values.global.mariadbGalera.useInPolicy }} + - {{ include "common.release" . }}-policy-galera-migrator-config {{ else }} - - {{ include "common.release" . }}-policy-pg-config -{{ end }} env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + - {{ include "common.release" . }}-policy-pg-migrator-config +{{ end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-db-readiness resources: limits: @@ -75,11 +80,13 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} - name: DISTRIBUTION_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} - name: JAASLOGIN valueFrom: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config +{{- end }} volumeMounts: - mountPath: /config-input name: papconfig @@ -87,9 +94,11 @@ spec: name: papconfig-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -121,19 +130,39 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: - - mountPath: /opt/app/policy/pap/etc/mounted - name: papconfig-processed + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/pap/etc/logback.xml + subPath: logback.xml + name: papconfig-processed + - name: papconfig-processed + mountPath: /opt/app/policy/pap/etc/mounted resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} - name: papconfig configMap: name: {{ include "common.fullname" . }}-configmap @@ -141,4 +170,5 @@ spec: - name: papconfig-processed emptyDir: medium: Memory + sizeLimit: 64Mi {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 4b8ed70fcc..4c6f5355e0 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -2,7 +2,8 @@ # Copyright (C) 2019 Nordix Foundation. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. -# Modifications Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2022-2024 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,7 +27,9 @@ global: nodePortPrefixExt: 304 persistence: {} postgres: - localCluster: false + useInPolicy: false + mariadbGalera: + useInPolicy: true ################################################################# # Secrets metaconfig @@ -68,7 +71,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:3.1.2 +image: onap/policy-pap:3.1.3 pullPolicy: Always # flag to enable debugging - application support required @@ -159,6 +162,16 @@ resources: memory: "2Gi" unlimited: {} +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + #Pods Service Account serviceAccount: nameOverride: policy-pap @@ -224,4 +237,3 @@ kafkaUser: type: topic patternType: prefix operations: [Create, Describe, Read, Write] - diff --git a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml index a46d6128e8..a02171ef31 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021, 2024 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +22,7 @@ apiVersion: v2 description: ONAP Policy XACML PDP (PDP-X) name: policy-xacml-pdp -version: 14.0.0 +version: 14.0.3 dependencies: - name: common diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties index d2e9c62edf..3df3578fd2 100755..100644 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -1,4 +1,22 @@ {{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2024 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + # # Properties that the embedded PDP engine uses to configure and load # @@ -49,8 +67,14 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome # # JPA Properties # +{{ if .Values.global.mariadbGalera.useInPolicy }} eclipselink.target-database=MySQL -javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver -javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory -javax.persistence.jdbc.user=${SQL_USER} -javax.persistence.jdbc.password=${SQL_PASSWORD} +jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver +jakarta.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/operationshistory +{{ else }} +eclipselink.target-database=PostgreSQL +jakarta.persistence.jdbc.driver=org.postgresql.Driver +jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/operationhistory +{{ end }} +jakarta.persistence.jdbc.user=${SQL_USER} +jakarta.persistence.jdbc.password=${SQL_PASSWORD}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml index 7158c0263f..5a9baa822f 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml @@ -14,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file +{{ include "common.authorizationPolicy" . }} diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index cda1aa4bae..828f6ec2c7 100755..100644 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -1,6 +1,8 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,12 +29,17 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - command: - /app/ready.py args: - --job-name - - {{ include "common.release" . }}-policy-galera-config +{{ if .Values.global.mariadbGalera.useInPolicy }} + - {{ include "common.release" . }}-policy-galera-migrator-config +{{ else }} + - {{ include "common.release" . }}-policy-pg-migrator-config +{{ end }} env: - name: NAMESPACE valueFrom: @@ -41,6 +48,7 @@ spec: fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-readiness resources: limits: @@ -87,9 +95,11 @@ spec: name: pdpxconfig-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] @@ -110,19 +120,87 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + - name: policy-guard + mountPath: /opt/app/policy/pdpx/apps/guard + - name: pdpxconfig-processed + mountPath: /opt/app/policy/pdpx/apps/guard/xacml.properties + subPath: xacml.properties + - name: policy-match + mountPath: /opt/app/policy/pdpx/apps/match + - name: pdpxconfig-processed + mountPath: /opt/app/policy/pdpx/apps/match/xacml.properties + subPath: xacml.properties + - name: policy-monitoring + mountPath: /opt/app/policy/pdpx/apps/monitoring + - name: pdpxconfig-processed + mountPath: /opt/app/policy/pdpx/apps/monitoring/xacml.properties + subPath: xacml.properties + - name: policy-naming + mountPath: /opt/app/policy/pdpx/apps/naming + - name: pdpxconfig-processed + mountPath: /opt/app/policy/pdpx/apps/naming/xacml.properties + subPath: xacml.properties + - name: policy-native + mountPath: /opt/app/policy/pdpx/apps/native + - name: pdpxconfig-processed + mountPath: /opt/app/policy/pdpx/apps/native/xacml.properties + subPath: xacml.properties + - name: policy-optimization + mountPath: /opt/app/policy/pdpx/apps/optimization + - name: pdpxconfig-processed + mountPath: /opt/app/policy/pdpx/apps/optimization/xacml.properties + subPath: xacml.properties + - name: logs + mountPath: /var/log/onap + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - mountPath: /opt/app/policy/pdpx/etc/logback.xml + subPath: logback.xml + name: pdpxconfig-processed - mountPath: /opt/app/policy/pdpx/etc/mounted name: pdpxconfig-processed + - mountPath: /etc/localtime + name: localtime + readOnly: true resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: policy-guard + emptyDir: + sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }} + - name: policy-match + emptyDir: + sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }} + - name: policy-monitoring + emptyDir: + sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }} + - name: policy-naming + emptyDir: + sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }} + - name: policy-native + emptyDir: + sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }} + - name: policy-optimization + emptyDir: + sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }} + - name: empty-dir + emptyDir: + sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }} + - name: logs + emptyDir: + sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }} + - name: localtime + hostPath: + path: /etc/localtime - name: pdpxconfig configMap: name: {{ include "common.fullname" . }}-configmap @@ -130,4 +208,5 @@ spec: - name: pdpxconfig-processed emptyDir: medium: Memory + sizeLimit: 64Mi {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml index 3e76c2ba36..6dabd951b9 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml @@ -18,4 +18,4 @@ # ============LICENSE_END========================================================= */}} -{{ include "common.service" . }}
\ No newline at end of file +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index c9a5a068fb..b20ab89370 100755..100644 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -1,5 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright (C) 2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,7 +23,10 @@ ################################################################# global: persistence: {} - + postgres: + useInPolicy: false + mariadbGalera: + useInPolicy: true ################################################################# # Secrets metaconfig ################################################################# @@ -49,7 +54,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:3.1.2 +image: onap/policy-xacml-pdp:3.1.3 pullPolicy: Always componentName: &componentName policy-xacml-pdp @@ -63,8 +68,10 @@ db: user: policy-user password: policy_user service: - name: policy-mariadb - internalPort: 3306 + mariadbName: policy-mariadb + mariadbPort: 3306 + pgName: policy-pg-primary + pgPort: 5432 restServer: user: healthcheck @@ -147,6 +154,18 @@ resources: memory: "2Gi" unlimited: {} +securityContext: + user_id: 100 + group_id: 102 + +dirSizes: + emptyDir: + sizeLimit: 1Gi + logDir: + sizeLimit: 500Mi + policyDir: + sizeLimit: 100Mi + #Pods Service Account serviceAccount: nameOverride: *componentName @@ -194,5 +213,3 @@ kafkaUser: type: topic patternType: prefix operations: [ Create, Describe, Read, Write ] - - diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh index f26a80fad7..913ccc7728 100644 --- a/kubernetes/policy/resources/config/db-pg.sh +++ b/kubernetes/policy/resources/config/db-pg.sh @@ -1,7 +1,7 @@ #!/bin/sh # # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2024 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,10 +20,10 @@ export PGPASSWORD=${PG_ADMIN_PASSWORD}; -psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'" +psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER \"${PG_USER}\" WITH PASSWORD '${PG_USER_PASSWORD}'" for db in migration pooling policyadmin policyclamp operationshistory clampacm do psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};" - psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};" -done + psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO \"${PG_USER}\";" +done
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh index 53921ab751..15a6e3224f 100644 --- a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh +++ b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh @@ -1,6 +1,6 @@ #!/bin/sh {{/* -# Copyright (C) 2022 Nordix Foundation. +# Copyright (C) 2022, 2024 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,8 +14,19 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB} -/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade -rc=$? -/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report -exit $rc + +for schema in ${SQL_DB}; do + echo "Initializing $schema..." + /opt/app/policy/bin/prepare_upgrade.sh ${schema} + + /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report + + /opt/app/policy/bin/db-migrator-pg -s ${schema} -o upgrade + rc=$? + + /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report + + if [ "$rc" != 0 ]; then + break + fi +done diff --git a/kubernetes/policy/resources/config/db_migrator_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_policy_init.sh index d1cc108fec..a1d8fd89ea 100644 --- a/kubernetes/policy/resources/config/db_migrator_policy_init.sh +++ b/kubernetes/policy/resources/config/db_migrator_policy_init.sh @@ -1,6 +1,6 @@ #!/bin/sh {{/* -# Copyright (C) 2021 Nordix Foundation. +# Copyright (C) 2021, 2024 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,8 +14,21 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB} -/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade -rc=$? -/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report -exit $rc + +for schema in ${SQL_DB}; do + echo "Initializing $schema..." + /opt/app/policy/bin/prepare_upgrade.sh ${schema} + + /opt/app/policy/bin/db-migrator -s ${schema} -o report + + /opt/app/policy/bin/db-migrator -s ${schema} -o upgrade + rc=$? + + /opt/app/policy/bin/db-migrator -s ${schema} -o report + + if [ "$rc" != 0 ]; then + break + fi +done + +exit $rc
\ No newline at end of file diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 3880d2383c..3886a85d11 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -1,7 +1,8 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2020 AT&T Intellectual Property -# Modifications Copyright (C) 2022 Nordix Foundation. +# Modifications Copyright (C) 2022-2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,7 +17,7 @@ # limitations under the License. */}} -{{ if not .Values.global.postgres.localCluster }} +{{ if .Values.global.mariadbGalera.useInPolicy }} apiVersion: batch/v1 kind: Job metadata: @@ -33,6 +34,7 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }}-galera-init spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} {{- include "common.imagePullSecrets" . | nindent 6 }} initContainers: {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_mariadb ) | indent 6 | trim }} @@ -40,6 +42,7 @@ spec: - name: {{ include "common.name" . }}-galera-config image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} volumeMounts: - mountPath: /dbcmd-config/db.sh name: {{ include "common.fullname" . }}-config @@ -48,7 +51,7 @@ spec: - /bin/sh - -cx - | - {{- if include "common.onServiceMesh" . }} + {{- if include "common.requireSidecarKiller" . }} echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /dbcmd-config/db.sh env: @@ -61,10 +64,11 @@ spec: - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" resources: {{ include "common.resources" . | nindent 10 }} - {{- if (include "common.onServiceMesh" .) }} + {{- if (include "common.requireSidecarKiller" .) }} - name: policy-service-mesh-wait-for-job-container image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always + {{ include "common.containerSecurityContext" . | indent 8 | trim }} command: - /bin/sh - "-c" @@ -77,6 +81,14 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + resources: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} @@ -90,7 +102,7 @@ spec: path: db.sh {{ end }} -{{ if .Values.global.postgres.localCluster }} +{{ if .Values.global.postgres.useInPolicy }} --- apiVersion: batch/v1 kind: Job @@ -108,6 +120,7 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }}-pg-init spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} {{- include "common.imagePullSecrets" . | nindent 6 }} initContainers: {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_postgres ) | indent 6 | trim }} @@ -115,6 +128,7 @@ spec: - name: {{ include "common.name" . }}-pg-config image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} volumeMounts: - mountPath: /docker-entrypoint-initdb.d/db-pg.sh name: {{ include "common.fullname" . }}-config @@ -123,7 +137,7 @@ spec: - /bin/sh - -cx - | - {{- if include "common.onServiceMesh" . }} + {{- if include "common.requireSidecarKiller" . }} echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /docker-entrypoint-initdb.d/db-pg.sh env: @@ -138,8 +152,9 @@ spec: - name: PG_PORT value: "{{ .Values.postgres.service.internalPort }}" resources: {{ include "common.resources" . | nindent 10 }} - {{- if (include "common.onServiceMesh" .) }} + {{- if (include "common.requireSidecarKiller" .) }} - name: policy-service-mesh-wait-for-job-container + {{ include "common.containerSecurityContext" . | indent 8 | trim }} image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always command: @@ -154,6 +169,14 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{ include "common.containerSecurityContext" . | indent 8 | trim }} + resources: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 10m + memory: 10Mi {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} @@ -166,97 +189,104 @@ spec: - key: db-pg.sh path: db-pg.sh {{ end }} - --- -{{ if not .Values.global.postgres.localCluster }} +{{ if .Values.global.mariadbGalera.useInPolicy }} apiVersion: batch/v1 kind: Job metadata: - name: {{ include "common.fullname" . }}-galera-config + name: {{ include "common.fullname" . }}-galera-migrator-config namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }}-galera-config + app: {{ include "common.name" . }}-galera-migrator-config release: {{ include "common.release" . }} spec: template: metadata: labels: - app: {{ include "common.name" . }}-galera-config + app: {{ include "common.name" . }}-galera-migrator-config release: {{ include "common.release" . }} - name: {{ include "common.name" . }}-galera-config + name: {{ include "common.name" . }}-galera-migrator-config spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} {{- include "common.imagePullSecrets" . | nindent 6 }} initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.fullname" . }}-galera-init - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + - name: {{ include "common.name" . }}-init-readiness + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.fullname" . }}-galera-init + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" containers: - - name: {{ include "common.name" . }}-galera-db-migrator - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /dbcmd-config/db_migrator_policy_init.sh - name: {{ include "common.fullname" . }}-config - subPath: db_migrator_policy_init.sh - command: - - /bin/sh - - -cx - - | - {{- if include "common.onServiceMesh" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - /dbcmd-config/db_migrator_policy_init.sh - env: - - name: SQL_HOST - value: "{{ index .Values "mariadb-galera" "service" "name" }}" - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: SQL_DB - value: {{ .Values.dbmigrator.schema }} - - name: POLICY_HOME - value: {{ .Values.dbmigrator.policy_home }} - - name: SCRIPT_DIRECTORY - value: "sql" - resources: {{ include "common.resources" . | nindent 10 }} - {{- if (include "common.onServiceMesh" .) }} - - name: policy-service-mesh-wait-for-job-container - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-galera-db-migrator + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /opt/app/policy/etc/db/ + name: {{ include "common.fullname" . }}-migration-writable + - mountPath: /dbcmd-config/db_migrator_policy_init.sh + name: {{ include "common.fullname" . }}-config + subPath: db_migrator_policy_init.sh + command: + - /bin/sh + - -cx + - | + {{- if include "common.requireSidecarKiller" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + /dbcmd-config/db_migrator_policy_init.sh + env: + - name: SQL_HOST + value: "{{ index .Values "mariadb-galera" "service" "name" }}" + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: SQL_DB + value: {{ .Values.dbmigrator.schemas }} + - name: POLICY_HOME + value: {{ .Values.dbmigrator.policy_home }} + - name: SCRIPT_DIRECTORY + value: "sql" + resources: {{ include "common.resources" . | nindent 12 }} + {{- if (include "common.requireSidecarKiller" .) }} + - name: policy-service-mesh-wait-for-job-container + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + image: {{ include "repositoryGenerator.image.quitQuit" . }} + imagePullPolicy: Always + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: {{ include "common.fullname" . }}-migration-writable + emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-db-configmap @@ -265,98 +295,106 @@ spec: - key: db_migrator_policy_init.sh path: db_migrator_policy_init.sh {{ end }} -{{ if .Values.global.postgres.localCluster }} +{{ if .Values.global.postgres.useInPolicy }} --- apiVersion: batch/v1 kind: Job metadata: - name: {{ include "common.fullname" . }}-pg-config + name: {{ include "common.fullname" . }}-pg-migrator-config namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }}-pg-config + app: {{ include "common.name" . }}-pg-migrator-config release: {{ include "common.release" . }} spec: template: metadata: labels: - app: {{ include "common.name" . }}-pg-config + app: {{ include "common.name" . }}-pg-migrator-config release: {{ include "common.release" . }} - name: {{ include "common.name" . }}-pg-config + name: {{ include "common.name" . }}-pg-migrator-config spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} {{- include "common.imagePullSecrets" . | nindent 6 }} initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.fullname" . }}-pg-init - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + - name: {{ include "common.name" . }}-init-readiness + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.fullname" . }}-pg-init + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" containers: - - name: {{ include "common.name" . }}-pg-db-migrator - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh - name: {{ include "common.fullname" . }}-config - subPath: db_migrator_pg_policy_init.sh - command: - - /bin/sh - - -cx - - | - {{- if include "common.onServiceMesh" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} - /dbcmd-config/db_migrator_pg_policy_init.sh - env: - - name: SQL_HOST - value: "{{ .Values.postgres.service.name2 }}" - - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: SQL_DB - value: {{ .Values.dbmigrator.schema }} - - name: POLICY_HOME - value: {{ .Values.dbmigrator.policy_home }} - - name: SCRIPT_DIRECTORY - value: "postgres" - - name: PGPASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - resources: {{ include "common.resources" . | nindent 10 }} - {{- if (include "common.onServiceMesh" .) }} - - name: policy-service-mesh-wait-for-job-container - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-pg-db-migrator + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + volumeMounts: + - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh + name: {{ include "common.fullname" . }}-config + subPath: db_migrator_pg_policy_init.sh + - mountPath: /opt/app/policy/etc/db/ + name: {{ include "common.fullname" . }}-migration-writable + command: + - /bin/sh + - -cx + - | + {{- if include "common.requireSidecarKiller" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + /dbcmd-config/db_migrator_pg_policy_init.sh + env: + - name: SQL_HOST + value: "{{ .Values.postgres.service.name2 }}" + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: SQL_DB + value: {{ .Values.dbmigrator.schemas }} + - name: POLICY_HOME + value: {{ .Values.dbmigrator.policy_home }} + - name: SCRIPT_DIRECTORY + value: "postgres" + - name: PGPASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if (include "common.requireSidecarKiller" .) }} + - name: policy-service-mesh-wait-for-job-container + image: {{ include "repositoryGenerator.image.quitQuit" . }} + imagePullPolicy: Always + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: + - name: {{ include "common.fullname" . }}-migration-writable + emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-db-configmap @@ -364,4 +402,4 @@ spec: items: - key: db_migrator_pg_policy_init.sh path: db_migrator_pg_policy_init.sh -{{ end }} +{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/templates/policy-kafka-user.yaml b/kubernetes/policy/templates/policy-kafka-user.yaml index ed399ed9c7..d004cbe116 100644 --- a/kubernetes/policy/templates/policy-kafka-user.yaml +++ b/kubernetes/policy/templates/policy-kafka-user.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2022-2023 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,16 +30,20 @@ spec: - resource: type: group name: {{ .Values.config.policyPdpPapTopic.consumer.groupId }} - operation: All + operations: + - All - resource: type: topic name: {{ .Values.config.policyPdpPapTopic.name }} - operation: All + operations: + - All - resource: type: topic name: {{ .Values.config.policyHeartbeatTopic.name }} - operation: All + operations: + - All - resource: type: topic name: {{ .Values.config.policyNotificationTopic.name }} - operation: All + operations: + - All diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 0291a0652d..67f4dbd1e5 100755..100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2020 AT&T Intellectual Property -# Modifications Copyright (C) 2021-2023 Nordix Foundation. +# Modifications Copyright (C) 2021-2024 Nordix Foundation. +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,6 +35,7 @@ global: nameOverride: *mariadbService # (optional) if localCluster=false and an external secret is used set this variable #userRootSecret: <secretName> + useInPolicy: true prometheusEnabled: false postgres: localCluster: false @@ -43,8 +45,10 @@ global: name3: tcp-pgset-replica container: name: postgres + useInPolicy: false kafkaBootstrap: strimzi-kafka-bootstrap:9092 policyKafkaUser: policy-kafka-user + useStrimziKafka: true kafkaTopics: acRuntimeTopic: name: policy.clamp-runtime-acm @@ -55,8 +59,8 @@ secrets: - uid: db-root-password name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' type: password - externalSecret: '{{ .Values.global.mariadbGalera.localCluster | - ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | + externalSecret: '{{ or .Values.global.postgres.useInPolicy .Values.global.mariadbGalera.useInPolicy | ternary ( + ( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) | ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) @@ -157,18 +161,17 @@ policy-nexus: enabled: false config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' -policy-gui: - enabled: false - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' ################################################################# # DB configuration defaults. ################################################################# dbmigrator: - image: onap/policy-db-migrator:3.1.2 - schema: policyadmin + # New released image will allow full SASL and Postgres (drools included). Tested with snapshot. Release to come later. + image: onap/policy-db-migrator:3.1.3 + # These schemas will be required with the new version of db-migrator + # schemas: "policyadmin clampacm pooling operationshistory" + schemas: "policyadmin" policy_home: "/opt/app/policy" subChartsOnly: @@ -300,8 +303,12 @@ resources: memory: "2Gi" unlimited: {} +securityContext: + user_id: 100 + group_id: 65533 + #Pods Service Account serviceAccount: nameOverride: policy roles: - - read + - read
\ No newline at end of file diff --git a/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml index ec9769d819..d925060b81 100644 --- a/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml @@ -34,7 +34,7 @@ version: 13.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: latest +appVersion: 0.1.0 dependencies: - name: common diff --git a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml index 14a0f941d1..4b62b5def2 100644 --- a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml @@ -34,7 +34,7 @@ version: 13.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: latest +appVersion: 0.1.1 dependencies: - name: common @@ -47,5 +47,5 @@ dependencies: version: ~13.x-0 repository: '@local' - name: mongodb - version: 14.12.3 + version: ~14.12.x-0 repository: '@local' diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml index 30b0944702..96088586fc 100644 --- a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml @@ -34,7 +34,7 @@ version: 13.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: latest +appVersion: 0.1.1 dependencies: - name: common @@ -47,7 +47,7 @@ dependencies: version: ~13.x-0 repository: '@local' - name: mongodb - version: 14.12.3 + version: ~14.12.x-0 repository: '@local' diff --git a/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml index 4dcb25cc3a..09178d9694 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml @@ -34,7 +34,7 @@ version: 13.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: latest +appVersion: 0.1.0 dependencies: - name: common diff --git a/kubernetes/portal-ng/components/portal-ng-ui/values.yaml b/kubernetes/portal-ng/components/portal-ng-ui/values.yaml index bf28766bda..7e154afae2 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/values.yaml +++ b/kubernetes/portal-ng/components/portal-ng-ui/values.yaml @@ -89,6 +89,7 @@ env: KEYCLOAK_REALM: ONAP KEYCLOAK_INTERNAL_URL: http://keycloakx-http.keycloak.svc.cluster.local KEYCLOAK_HOSTNAME: https://keycloak-ui.simpledemo.onap.org + CLUSTER_NAMESERVER_IP: 1.2.3.4 #Pods Service Account serviceAccount: diff --git a/kubernetes/sdc/components/sdc-be/templates/servicemonitor.yaml b/kubernetes/sdc/components/sdc-be/templates/servicemonitor.yaml new file mode 100644 index 0000000000..c0d9f212b4 --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 7f914d4bdf..752fc2cc15 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -169,6 +169,14 @@ resources: memory: "6Gi" unlimited: {} +metrics: + serviceMonitor: + enabled: true + targetPort: 8080 + path: /sdc2/rest/actuator/prometheus + basicAuth: + enabled: false + #Pods Service Account serviceAccount: nameOverride: sdc-be diff --git a/kubernetes/sdnc/Chart.yaml b/kubernetes/sdnc/Chart.yaml index f98bc4e12d..5916455c73 100644 --- a/kubernetes/sdnc/Chart.yaml +++ b/kubernetes/sdnc/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: SDN Controller name: sdnc -version: 13.0.2 +version: 15.0.0 dependencies: - name: common @@ -35,7 +35,7 @@ dependencies: repository: '@local' condition: network-name-gen.enabled - name: dgbuilder - version: ~13.x-0 + version: ~14.x-0 repository: '@local' condition: dgbuilder.enabled - name: sdnc-prom @@ -51,20 +51,16 @@ dependencies: repository: '@local' condition: sdnc.elasticsearch.enabled,elasticsearch.enabled # conditions for sdnc-subcharts - - name: dmaap-listener - version: ~13.x-0 - repository: '@local' - condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled - name: ueb-listener - version: ~13.x-0 + version: ~14.x-0 repository: '@local' condition: sdnc.ueb-listener.enabled,ueb-listener.enabled - name: sdnc-ansible-server - version: ~13.x-0 + version: ~14.x-0 repository: '@local' condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled - name: sdnc-web - version: ~13.x-0 + version: ~14.x-0 repository: '@local' condition: sdnc.sdnc-web.enabled,sdnc-web.enabled - name: repositoryGenerator diff --git a/kubernetes/sdnc/components/dgbuilder/Chart.yaml b/kubernetes/sdnc/components/dgbuilder/Chart.yaml index ff32f4e8a2..517bc393e5 100644 --- a/kubernetes/sdnc/components/dgbuilder/Chart.yaml +++ b/kubernetes/sdnc/components/dgbuilder/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: D.G. Builder application name: dgbuilder -version: 13.0.0 +version: 14.0.0 dependencies: - name: common diff --git a/kubernetes/sdnc/components/dgbuilder/values.yaml b/kubernetes/sdnc/components/dgbuilder/values.yaml index 68cb86bd7e..d22b25e5b2 100644 --- a/kubernetes/sdnc/components/dgbuilder/values.yaml +++ b/kubernetes/sdnc/components/dgbuilder/values.yaml @@ -69,7 +69,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-dgbuilder-image:1.5.1 +image: onap/ccsdk-dgbuilder-image:1.6.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/aai.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/aai.properties deleted file mode 100644 index 6a4ca4ca16..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/resources/config/aai.properties +++ /dev/null @@ -1,35 +0,0 @@ -TransportType=HTTPAUTH -Latitude =50.000000 -Longitude =-100.000000 -Version =1.0 -ServiceName =dmaap-v1.dev.dmaap.dt.saat.acsi.openecomp.org/events -Environment =TEST -Partner = BOT_R -routeOffer=MR1 -SubContextPath =/ -Protocol =http -MethodType =GET -username =admin -password =admin -contenttype =application/json -authKey=fxoW4jZrO7mdLWWa:f4KxkoBtToyoEG7suMoV8KhnkwM= -authDate=2016-02-18T13:57:37-0800 -host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} -topic=AAI-EVENT -group=jmsgrp -id=sdnc2 -timeout=15000 -limit=1000 -filter= -AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler -AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler -AFT_DME2_REQ_TRACE_ON=true -AFT_ENVIRONMENT=AFTUAT -AFT_DME2_EP_CONN_TIMEOUT=15000 -AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 -AFT_DME2_EP_READ_TIMEOUT_MS=50000 -sessionstickinessrequired=NO -DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=${ODL_USER} -sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dblib.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dblib.properties deleted file mode 100644 index 846abc2381..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dblib.properties +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -### -# ============LICENSE_START======================================================= -# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### -*/}} -org.onap.ccsdk.sli.dbtype=jdbc -org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} -org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD} -org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 -org.onap.ccsdk.sli.jdbc.connection.timeout=50 -org.onap.ccsdk.sli.jdbc.request.timeout=100 -org.onap.ccsdk.sli.jdbc.limit.init=10 -org.onap.ccsdk.sli.jdbc.limit.min=10 -org.onap.ccsdk.sli.jdbc.limit.max=20 -org.onap.dblib.connection.recovery=false diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties deleted file mode 100644 index d2b55fb131..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties +++ /dev/null @@ -1,35 +0,0 @@ -TransportType=HTTPAUTH -Latitude =50.000000 -Longitude =-100.000000 -Version =1.0 -ServiceName =message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events -Environment =TEST -Partner = BOT_R -routeOffer=MR1 -SubContextPath =/ -Protocol =http -MethodType =GET -username =admin -password =admin -contenttype =application/json -authKey=fxoW4jZrO7mdLWWa:f4KxkoBtToyoEG7suMoV8KhnkwM= -authDate=2016-02-18T13:57:37-0800 -host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} -topic=VCPE-DHCP-EVENT -group=jmsgrp -id=sdnc1 -timeout=15000 -limit=1000 -filter= -AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler -AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler -AFT_DME2_REQ_TRACE_ON=true -AFT_ENVIRONMENT=AFTUAT -AFT_DME2_EP_CONN_TIMEOUT=15000 -AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 -AFT_DME2_EP_READ_TIMEOUT_MS=50000 -sessionstickinessrequired=NO -DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=${ODL_USER} -sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties deleted file mode 100644 index 6d5afef190..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties +++ /dev/null @@ -1,35 +0,0 @@ -TransportType=HTTPNOAUTH -Latitude =50.000000 -Longitude =-100.000000 -Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events -Environment =TEST -Partner = -routeOffer=MR1 -SubContextPath =/ -Protocol =http -MethodType =GET -username =UNUSED -password =UNUSED -contenttype =application/json -authKey=UNUSED -authDate=UNUSED -host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} -topic=CM-NOTIFICATION -group=users -id=sdnc1 -timeout=15000 -limit=1000 -filter= -AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler -AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler -AFT_DME2_REQ_TRACE_ON=true -AFT_ENVIRONMENT=AFTUAT -AFT_DME2_EP_CONN_TIMEOUT=15000 -AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 -AFT_DME2_EP_READ_TIMEOUT_MS=50000 -sessionstickinessrequired=NO -DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=${ODL_USER} -sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties deleted file mode 100644 index f114a9c65b..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties +++ /dev/null @@ -1,35 +0,0 @@ -TransportType=HTTPNOAUTH -Latitude =50.000000 -Longitude =-100.000000 -Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events -Environment =TEST -Partner = -routeOffer=MR1 -SubContextPath =/ -Protocol =http -MethodType =GET -username =UNUSED -password =UNUSED -contenttype =application/json -authKey=UNUSED -authDate=UNUSED -host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} -topic=RAN-Slice-Mgmt -group=users -id=sdnc1 -timeout=15000 -limit=1000 -filter= -AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler -AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler -AFT_DME2_REQ_TRACE_ON=true -AFT_ENVIRONMENT=AFTUAT -AFT_DME2_EP_CONN_TIMEOUT=15000 -AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 -AFT_DME2_EP_READ_TIMEOUT_MS=50000 -sessionstickinessrequired=NO -DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=${ODL_USER} -sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties deleted file mode 100644 index fcb56e08c3..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties +++ /dev/null @@ -1,35 +0,0 @@ -TransportType=HTTPNOAUTH -Latitude =50.000000 -Longitude =-100.000000 -Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events -Environment =TEST -Partner = -routeOffer=MR1 -SubContextPath =/ -Protocol =http -MethodType =GET -username =UNUSED -password =UNUSED -contenttype =application/json -authKey=UNUSED -authDate=UNUSED -host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} -topic=A1-P -group=users -id=sdnc1 -timeout=15000 -limit=1000 -filter= -AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler -AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler -AFT_DME2_REQ_TRACE_ON=true -AFT_ENVIRONMENT=AFTUAT -AFT_DME2_EP_CONN_TIMEOUT=15000 -AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 -AFT_DME2_EP_READ_TIMEOUT_MS=50000 -sessionstickinessrequired=NO -DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=${ODL_USER} -sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties deleted file mode 100644 index a03871d428..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties +++ /dev/null @@ -1,35 +0,0 @@ -TransportType=HTTPNOAUTH -Latitude =50.000000 -Longitude =-100.000000 -Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events -Environment =TEST -Partner = -routeOffer=MR1 -SubContextPath =/ -Protocol =http -MethodType =GET -username =UNUSED -password =UNUSED -contenttype =application/json -authKey=UNUSED -authDate=UNUSED -host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} -topic=SDNR-CL -group=users -id=sdnc1 -timeout=15000 -limit=1000 -filter= -AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler -AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler -AFT_DME2_REQ_TRACE_ON=true -AFT_ENVIRONMENT=AFTUAT -AFT_DME2_EP_CONN_TIMEOUT=15000 -AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 -AFT_DME2_EP_READ_TIMEOUT_MS=50000 -sessionstickinessrequired=NO -DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=${ODL_USER} -sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/lcm.properties b/kubernetes/sdnc/components/dmaap-listener/resources/config/lcm.properties deleted file mode 100644 index 15f32c4248..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/resources/config/lcm.properties +++ /dev/null @@ -1,35 +0,0 @@ -TransportType=HTTPAUTH -Latitude =50.000000 -Longitude =-100.000000 -Version =1.0 -ServiceName =message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events -Environment =TEST -Partner = BOT_R -routeOffer=MR1 -SubContextPath =/ -Protocol =http -MethodType =GET -username =admin -password =admin -contenttype =application/json -authKey=fxoW4jZrO7mdLWWa:f4KxkoBtToyoEG7suMoV8KhnkwM= -authDate=2016-02-18T13:57:37-0800 -host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} -topic=SDNC-LCM-READ -group=jmsgrp -id=sdnc2 -timeout=15000 -limit=1000 -filter= -AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler -AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler -AFT_DME2_REQ_TRACE_ON=true -AFT_ENVIRONMENT=AFTUAT -AFT_DME2_EP_CONN_TIMEOUT=15000 -AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 -AFT_DME2_EP_READ_TIMEOUT_MS=50000 -sessionstickinessrequired=NO -DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=${ODL_USER} -sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml deleted file mode 100644 index 7158c0263f..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }}
\ No newline at end of file diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml deleted file mode 100644 index 110001a6a6..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml +++ /dev/null @@ -1,130 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: SDNC_DB_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: SDNC_DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: ODL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} - - name: ODL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: config-input - - mountPath: /config - name: properties - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - - command: - - /app/ready.py - args: - - --service-name - - {{ include "common.mariadbService" . }} - - --service-name - - {{ .Values.config.sdncChartName }} - - --service-name - - {{ .Values.config.msgRouterContainerName }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - command: - - /opt/onap/sdnc/dmaap-listener/bin/start-dmaap-listener.sh - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: PROPERTY_DIR - value: "{{ .Values.config.configDir }}" - - name: SDNC_CONFIG_DIR - value: "{{ .Values.config.configDir }}" - - name: LOG4J_FORMAT_MSG_NO_LOOKUPS - value: "true" - volumeMounts: - - mountPath: {{ .Values.config.configDir }}/dblib.properties - name: properties - subPath: dblib.properties - - mountPath: {{ .Values.config.configDir }}/dhcpalert.properties - name: properties - subPath: dhcpalert.properties - - mountPath: {{ .Values.config.configDir }}/lcm.properties - name: properties - subPath: lcm.properties - - mountPath: {{ .Values.config.configDir }}/aai.properties - name: properties - subPath: aai.properties - - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-CMNotify.properties - name: properties - subPath: dmaap-consumer-CMNotify.properties - - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-a1Adapter-policy.properties - name: properties - subPath: dmaap-consumer-a1Adapter-policy.properties - - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties - name: properties - subPath: dmaap-consumer-oofpcipoc.properties - - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties - name: properties - subPath: dmaap-consumer-RANSlice.properties - resources: {{ include "common.resources" . | nindent 10 }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - name: config-input - configMap: - name: {{ include "common.fullname" . }} - defaultMode: 0644 - - name: properties - emptyDir: - medium: Memory - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/secret.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/secret.yaml deleted file mode 100644 index 34932b713d..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/service.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/service.yaml deleted file mode 100644 index 77b0d878c1..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml deleted file mode 100644 index 084afa18cb..0000000000 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ /dev/null @@ -1,150 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - mariadbGalera: - # flag to enable the DB creation via mariadb-operator - useOperator: true - #This flag allows SO to instantiate its own mariadb-galera cluster - #If shared instance is used, this chart assumes that DB already exists - localCluster: false - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-secret - name: &dbSecretName '{{ include "common.release" . }}-sdnc-dmaap-listener-db-secret' - type: basicAuth - # This is a nasty trick that allows you override this secret using external one - # with the same field that is used to pass this to subchart - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-dmaap-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "config" "userName" }}' - password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' - passwordPolicy: required - - uid: odl-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' - login: '{{ .Values.config.odlUser }}' - password: '{{ .Values.config.odlPassword }}' - passwordPolicy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/sdnc-dmaap-listener-image:2.5.5 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - dmaapPort: 3904 - sdncChartName: sdnc - sdncPort: 8282 - msgRouterContainerName: message-router - configDir: /opt/onap/sdnc/data/properties - odlUser: admin - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - # odlCredsExternalSecret: some secret - -mariadb-galera: - config: - userCredentialsExternalSecret: *dbSecretName - userName: sdnctl - userPassword: gamma - mysqlDatabase: sdnctl - nameOverride: dmaap-listener-galera - service: - name: dmaap-listener-galera - portName: dmaap-listener-galera - internalPort: 3306 - replicaCount: 1 - persistence: - enabled: true - mountSubPath: dmaap-listener/maria/data - mariadbOperator: - galera: - enabled: false - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -ingress: - enabled: false - -service: - type: ClusterIP - name: sdnc-dmaap-listener - internalPort: 80 - ports: - - name: http - port: 80 - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: message-router-read - -#Resource limit flavor -By default using small -flavor: small -#Segregation for different environment (small and large) - -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "0.5" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "1" - memory: "2Gi" - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: sdnc-dmaap-listener - roles: - - read diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml index e7342b10e0..12fbd85c15 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: SDN-C Ansible Server name: sdnc-ansible-server -version: 13.0.0 +version: 14.0.0 dependencies: - name: common diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index a1c90071b0..13e7023808 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -51,7 +51,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.5.5 +image: onap/sdnc-ansible-server-image:2.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/Chart.yaml b/kubernetes/sdnc/components/sdnc-web/Chart.yaml index db331e19f5..6ffc9768a2 100644 --- a/kubernetes/sdnc/components/sdnc-web/Chart.yaml +++ b/kubernetes/sdnc/components/sdnc-web/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v2 description: SDN-C Web Server name: sdnc-web -version: 13.0.0 +version: 14.0.0 dependencies: - name: common diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index 98e44d02ab..79de4c235e 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -22,7 +22,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.5.5" +image: "onap/sdnc-web-image:2.6.1" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/Chart.yaml b/kubernetes/sdnc/components/ueb-listener/Chart.yaml index a7dff1364b..58cc32a4e7 100644 --- a/kubernetes/sdnc/components/ueb-listener/Chart.yaml +++ b/kubernetes/sdnc/components/ueb-listener/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: SDNC UEB Listener name: ueb-listener -version: 13.0.0 +version: 14.0.0 dependencies: - name: common diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index bccb1d7af6..d38f18639c 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -57,7 +57,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.5.5 +image: onap/sdnc-ueb-listener-image:2.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index dc5fe7469c..3708bd1cdd 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -216,7 +216,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.5.5 +image: onap/sdnc-image:2.6.1 # flag to enable debugging - application support required debugEnabled: false @@ -445,21 +445,6 @@ mariadb-galera: &mariadbGalera cds: enabled: false -dmaap-listener: - enabled: true - nameOverride: sdnc-dmaap-listener - mariadb-galera: - <<: *mariadbGalera - config: - <<: *mariadbGaleraConfig - mysqlDatabase: *sdncDbName - config: - sdncChartName: sdnc - dmaapPort: 3904 - sdncPort: 8282 - configDir: /opt/onap/sdnc/data/properties - odlCredsExternalSecret: *odlCredsSecretName - ueb-listener: enabled: true mariadb-galera: diff --git a/kubernetes/strimzi/Chart.yaml b/kubernetes/strimzi/Chart.yaml index 1b927d6c4d..180b42bff9 100644 --- a/kubernetes/strimzi/Chart.yaml +++ b/kubernetes/strimzi/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v2 description: ONAP Strimzi Kafka name: strimzi -version: 13.0.1 +version: 13.0.2 dependencies: - name: common @@ -31,4 +31,3 @@ dependencies: version: ~13.x-0 repository: 'file://components/strimzi-kafka-bridge' condition: strimzi-kafka-bridge.enabled - diff --git a/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml index e254d99710..ca4a4e94d3 100644 --- a/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v2 description: ONAP Strimzi Kafka Bridge name: strimzi-kafka-bridge -version: 13.0.0 +version: 13.0.1 dependencies: - name: common diff --git a/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/configmap.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/configmap.yaml index 25fbf3df77..7f4dea46e1 100644 --- a/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/configmap.yaml +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/configmap.yaml @@ -21,4 +21,3 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/config/log4j2.properties").AsConfig . | indent 2 }} - diff --git a/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml index b081e290e3..8364dfe58f 100644 --- a/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml @@ -34,6 +34,18 @@ spec: configMapKeyRef: key: log4j2.properties name: {{ include "common.fullname" . }}-kb-logging-cm + resources: + requests: + cpu: {{ .Values.resources.requests.cpu }} + memory: {{ .Values.resources.requests.memory }} + limits: + cpu: {{ .Values.resources.limits.cpu }} + memory: {{ .Values.resources.limits.memory }} template: pod: {{- include "common.imagePullSecrets" . | nindent 6 }} + securityContext: + {{- toYaml .Values.pod.securityContext | nindent 8 }} + bridgeContainer: + securityContext: + {{- toYaml .Values.bridgeContainer.securityContext | nindent 8 }} diff --git a/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml index 8a4c4cdc6c..fa7b10aa22 100644 --- a/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml @@ -33,3 +33,27 @@ config: # nameOverride is required to avoid duplication # in pod and service names ie ...-bridge-bridge-{random hex} nameOverride: strimzi-kafka + +resources: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 100m + memory: 1Gi + +pod: + securityContext: + seccompProfile: + type: RuntimeDefault +bridgeContainer: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + capabilities: + drop: + - ALL + - CAP_NET_RAW diff --git a/kubernetes/strimzi/resources/metrics/cruisecontrol-metrics-config.yml b/kubernetes/strimzi/resources/metrics/cruisecontrol-metrics-config.yml index 12c742ef35..1e59dc67a0 100644 --- a/kubernetes/strimzi/resources/metrics/cruisecontrol-metrics-config.yml +++ b/kubernetes/strimzi/resources/metrics/cruisecontrol-metrics-config.yml @@ -17,4 +17,4 @@ lowercaseOutputName: true rules: - pattern: kafka.cruisecontrol<name=(.+)><>(\w+) name: kafka_cruisecontrol_$1_$2 - type: GAUGE
\ No newline at end of file + type: GAUGE diff --git a/kubernetes/strimzi/resources/metrics/kafka-metrics-config.yml b/kubernetes/strimzi/resources/metrics/kafka-metrics-config.yml index 7ad971fc16..8db35a9c8d 100644 --- a/kubernetes/strimzi/resources/metrics/kafka-metrics-config.yml +++ b/kubernetes/strimzi/resources/metrics/kafka-metrics-config.yml @@ -134,4 +134,4 @@ rules: name: kafka_$1_$2_$3 type: GAUGE labels: - quantile: "0.$4"
\ No newline at end of file + quantile: "0.$4" diff --git a/kubernetes/strimzi/resources/metrics/zookeeper-metrics-config.yml b/kubernetes/strimzi/resources/metrics/zookeeper-metrics-config.yml index 6a1eab7825..d5bf27f44d 100644 --- a/kubernetes/strimzi/resources/metrics/zookeeper-metrics-config.yml +++ b/kubernetes/strimzi/resources/metrics/zookeeper-metrics-config.yml @@ -41,4 +41,4 @@ rules: type: GAUGE labels: replicaId: "$2" - memberType: "$3"
\ No newline at end of file + memberType: "$3" diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index aee4696fe0..5f5fcd553a 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -20,6 +20,13 @@ spec: kafka: version: {{ .Values.config.kafkaVersion }} replicas: {{ .Values.replicaCount }} + resources: + limits: + cpu: {{ .Values.kafka.resources.limits.cpu }} + memory: {{ .Values.kafka.resources.limits.memory }} + requests: + cpu: {{ .Values.kafka.resources.requests.cpu }} + memory: {{ .Values.kafka.resources.requests.memory }} listeners: - name: plain port: {{ .Values.config.kafkaInternalPort }} @@ -71,8 +78,7 @@ spec: pod: {{- include "common.imagePullSecrets" . | nindent 8 }} securityContext: - runAsUser: 0 - fsGroup: 0 + {{- toYaml .Values.kafka.template.pod.securityContext | nindent 10 }} {{- if .Values.affinity.podAntiAffinity.enabled }} affinity: podAntiAffinity: @@ -85,6 +91,9 @@ spec: - {{ include "common.fullname" . }}-kafka topologyKey: "kubernetes.io/hostname" {{- end }} + kafkaContainer: + securityContext: + {{- toYaml .Values.kafka.template.kafkaContainer.securityContext | nindent 10 }} config: default.replication.factor: {{ .Values.replicaCount }} min.insync.replicas: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }} @@ -116,8 +125,7 @@ spec: pod: {{- include "common.imagePullSecrets" . | nindent 8 }} securityContext: - runAsUser: 0 - fsGroup: 0 + {{- toYaml .Values.zookeeper.template.pod.securityContext | nindent 10 }} {{- if .Values.affinity.podAntiAffinity.enabled }} affinity: podAntiAffinity: @@ -130,6 +138,9 @@ spec: - {{ include "common.fullname" . }}-zookeeper topologyKey: "kubernetes.io/hostname" {{- end }} + zookeeperContainer: + securityContext: + {{- toYaml .Values.zookeeper.template.zookeeperContainer.securityContext | nindent 10 }} replicas: {{ .Values.replicaCount }} config: ssl.hostnameVerification: false @@ -149,30 +160,76 @@ spec: configMapKeyRef: name: {{ include "common.fullname" . }} key: zookeeper-metrics-config.yml + resources: + limits: + cpu: {{ .Values.zookeeper.resources.limits.cpu }} + memory: {{ .Values.zookeeper.resources.limits.memory }} + requests: + cpu: {{ .Values.zookeeper.resources.requests.cpu }} + memory: {{ .Values.zookeeper.resources.requests.memory }} {{- end }} entityOperator: template: pod: {{- include "common.imagePullSecrets" . | nindent 8 }} - topicOperator: {} - userOperator: {} + securityContext: + {{- toYaml .Values.entityOperator.template.pod.securityContext | nindent 10 }} + topicOperatorContainer: + securityContext: + {{- toYaml .Values.entityOperator.template.topicOperatorContainer.securityContext | nindent 10 }} + userOperatorContainer: + securityContext: + {{- toYaml .Values.entityOperator.template.userOperatorContainer.securityContext | nindent 10 }} + topicOperator: + resources: + limits: + cpu: {{ .Values.entityOperator.template.topicOperator.resources.limits.cpu }} + memory: {{ .Values.entityOperator.template.topicOperator.resources.limits.memory }} + requests: + cpu: {{ .Values.entityOperator.template.topicOperator.resources.requests.cpu }} + memory: {{ .Values.entityOperator.template.topicOperator.resources.requests.memory }} + userOperator: + resources: + limits: + cpu: {{ .Values.entityOperator.template.userOperator.resources.limits.cpu }} + memory: {{ .Values.entityOperator.template.userOperator.resources.limits.memory }} + requests: + cpu: {{ .Values.entityOperator.template.userOperator.resources.requests.cpu }} + memory: {{ .Values.entityOperator.template.userOperator.resources.requests.memory }} {{- if .Values.cruiseControl.enabled }} cruiseControl: template: pod: {{- include "common.imagePullSecrets" . | nindent 8 }} + securityContext: + {{- toYaml .Values.cruiseControl.template.pod.securityContext | nindent 10 }} + cruiseControlContainer: + securityContext: + {{- toYaml .Values.cruiseControl.template.cruiseControlContainer.securityContext | nindent 10 }} metricsConfig: type: {{ .Values.cruiseControl.metricsConfig.type }} valueFrom: configMapKeyRef: name: {{ include "common.fullname" . }} key: cruisecontrol-metrics-config.yml + resources: + limits: + cpu: {{ .Values.cruiseControl.template.resources.limits.cpu }} + memory: {{ .Values.cruiseControl.template.resources.limits.memory }} + requests: + cpu: {{ .Values.cruiseControl.template.resources.requests.cpu }} + memory: {{ .Values.cruiseControl.template.resources.requests.memory }} {{- end }} {{- if .Values.metrics.kafkaExporter.enabled }} kafkaExporter: template: pod: {{- include "common.imagePullSecrets" . | nindent 8 }} + securityContext: + {{- toYaml .Values.cruiseControl.template.pod.securityContext | nindent 10 }} + container: + securityContext: + {{- toYaml .Values.kafkaExporter.template.container.securityContext | nindent 10 }} topicRegex: {{ .Values.metrics.kafkaExporter.topicRegex }} groupRegex: {{ .Values.metrics.kafkaExporter.groupRegex }} resources: diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml index 3cced3e41a..fe3ca852a9 100644 --- a/kubernetes/strimzi/values.yaml +++ b/kubernetes/strimzi/values.yaml @@ -33,7 +33,7 @@ affinity: podAntiAffinity: enabled: true config: - kafkaVersion: 3.7.0 + kafkaVersion: 3.8.0 authType: simple saslMechanism: &saslMech scram-sha-512 kafkaInternalPort: &plainPort 9092 @@ -141,6 +141,29 @@ cruiseControl: # ref. https://strimzi.io/blog/2020/06/15/cruise-control/ kafkaRebalance: enabled: false + template: + pod: + securityContext: + seccompProfile: + type: RuntimeDefault + cruiseControlContainer: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + capabilities: + drop: + - ALL + - CAP_NET_RAW + resources: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 100m + memory: 1Gi ###################### # Component overrides @@ -151,3 +174,122 @@ strimzi-kafka-bridge: saslMechanism: *saslMech kafkaInternalPort: *plainPort strimziKafkaAdminUser: *adminUser + +kafka: + template: + pod: + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + seccompProfile: + type: RuntimeDefault + kafkaContainer: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + #runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + capabilities: + drop: + - ALL + - CAP_NET_RAW + resources: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 100m + memory: 1Gi + +zookeeper: + template: + pod: + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + seccompProfile: + type: RuntimeDefault + zookeeperContainer: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + #runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + capabilities: + drop: + - ALL + - CAP_NET_RAW + resources: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 100m + memory: 1Gi + +entityOperator: + template: + pod: + securityContext: + seccompProfile: + type: RuntimeDefault + topicOperatorContainer: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + capabilities: + drop: + - ALL + - CAP_NET_RAW + userOperatorContainer: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + capabilities: + drop: + - ALL + - CAP_NET_RAW + topicOperator: + resources: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 100m + memory: 1Gi + userOperator: + resources: + limits: + cpu: '2' + memory: 2Gi + requests: + cpu: 100m + memory: 1Gi + +kafkaExporter: + template: + pod: + securityContext: + seccompProfile: + type: RuntimeDefault + container: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + capabilities: + drop: + - ALL + - CAP_NET_RAW diff --git a/kubernetes/uui/Chart.yaml b/kubernetes/uui/Chart.yaml index 7c4a5b78ca..900a6c97e1 100644 --- a/kubernetes/uui/Chart.yaml +++ b/kubernetes/uui/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP uui name: uui -version: 13.0.0 +version: 13.1.0 dependencies: - name: common @@ -39,3 +39,6 @@ dependencies: - name: uui-intent-analysis version: ~13.x-0 repository: 'file://components/uui-intent-analysis' + - name: uui-llm-adaptation + version: ~13.x-0 + repository: 'file://components/uui-llm-adaptation' diff --git a/kubernetes/uui/components/uui-intent-analysis/values.yaml b/kubernetes/uui/components/uui-intent-analysis/values.yaml index c638303d86..73903ceae9 100644 --- a/kubernetes/uui/components/uui-intent-analysis/values.yaml +++ b/kubernetes/uui/components/uui-intent-analysis/values.yaml @@ -40,7 +40,7 @@ secrets: password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate -image: onap/usecase-ui-intent-analysis:5.2.4 +image: onap/usecase-ui-intent-analysis:14.0.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cli/.helmignore b/kubernetes/uui/components/uui-llm-adaptation/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/cli/.helmignore +++ b/kubernetes/uui/components/uui-llm-adaptation/.helmignore diff --git a/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml b/kubernetes/uui/components/uui-llm-adaptation/Chart.yaml index 13e4ed7ca2..1c36c236ee 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml +++ b/kubernetes/uui/components/uui-llm-adaptation/Chart.yaml @@ -1,6 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,8 +13,8 @@ # limitations under the License. apiVersion: v2 -description: ONAP DMaaP Data Router Node Server -name: dmaap-dr-node +description: ONAP uui llm adaptation +name: uui-llm-adaptation version: 13.0.0 dependencies: @@ -26,6 +24,9 @@ dependencies: - name: repositoryGenerator version: ~13.x-0 repository: '@local' + - name: postgres + version: ~13.x-0 + repository: '@local' - name: serviceAccount version: ~13.x-0 repository: '@local' diff --git a/kubernetes/uui/components/uui-llm-adaptation/resources/config/llm-adaptation-init.sql b/kubernetes/uui/components/uui-llm-adaptation/resources/config/llm-adaptation-init.sql new file mode 100644 index 0000000000..5379c73864 --- /dev/null +++ b/kubernetes/uui/components/uui-llm-adaptation/resources/config/llm-adaptation-init.sql @@ -0,0 +1,23 @@ +-- +-- Copyright (C) 2024 CMCC, Inc. and others. All rights reserved. +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; + +create table if not exists intent( + intent_id varchar(255) primary key, + intent_name varchar(255), + intent_generateType VARCHAR (225) +);
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/configmap.yaml b/kubernetes/uui/components/uui-llm-adaptation/resources/entrypoint/run.sh index 26be310888..f1dcefa168 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/configmap.yaml +++ b/kubernetes/uui/components/uui-llm-adaptation/resources/entrypoint/run.sh @@ -1,8 +1,7 @@ {{/* -#============LICENSE_START======================================================== -# ================================================================================ -# Copyright (c) 2021 Wipro Limited. -# ================================================================================ +# +# Copyright (C) 2022 Huawei Technologies Co., Ltd. All rights reserved. +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -14,7 +13,19 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# ============LICENSE_END========================================================= +# */}} -{{ include "dcaegen2-services-common.configMap" . }} +main_path="/home/uui" +echo @main_path@ $main_path + +JAVA_PATH="$JAVA_HOME/bin/java" +JAVA_OPTS="-Xms50m -Xmx128m" +echo @JAVA_PATH@ $JAVA_PATH +echo @JAVA_OPTS@ $JAVA_OPTS + +jar_path="$main_path/usecase-ui-llm-adaptation.jar" +echo @jar_path@ $jar_path + +echo "Starting usecase-ui-llm-adaptation..." +$JAVA_PATH $JAVA_OPTS -classpath $jar_path -jar $jar_path $SPRING_OPTS diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/configmap.yaml b/kubernetes/uui/components/uui-llm-adaptation/templates/configmap.yaml index 471c9094aa..3583c416de 100644 --- a/kubernetes/multicloud/components/multicloud-prometheus/templates/configmap.yaml +++ b/kubernetes/uui/components/uui-llm-adaptation/templates/configmap.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright 2018 Intel Corporation, Inc +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,10 +19,13 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-entrypoint + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }} diff --git a/kubernetes/uui/components/uui-llm-adaptation/templates/deployment.yaml b/kubernetes/uui/components/uui-llm-adaptation/templates/deployment.yaml new file mode 100644 index 0000000000..d2824d1bbb --- /dev/null +++ b/kubernetes/uui/components/uui-llm-adaptation/templates/deployment.yaml @@ -0,0 +1,74 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["sh", "-c"] + args: + - ". /uui/run.sh" + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: POSTGRES_IP + value: {{ .Values.postgres.service.name2 }} + - name: POSTGRES_PORT + value: "{{ .Values.postgres.service.externalPort }}" + - name: POSTGRES_DB_NAME + value: {{ .Values.postgres.config.pgDatabase }} + - name: POSTGRES_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: POSTGRES_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} +{{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} +{{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 10 }} +{{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} +{{- end }} +{{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} +{{- end }} + volumeMounts: + - mountPath: /uui/run.sh + name: entrypoint + subPath: run.sh + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: entrypoint + configMap: + name: {{ include "common.fullname" . }}-entrypoint + defaultMode: 0755 + {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/vnfsdk/templates/job.yaml b/kubernetes/uui/components/uui-llm-adaptation/templates/job.yaml index a6966a7708..90d6d63dab 100644 --- a/kubernetes/vnfsdk/templates/job.yaml +++ b/kubernetes/uui/components/uui-llm-adaptation/templates/job.yaml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2023 Deutsche Telekom +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -47,7 +46,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy}} + imagePullPolicy: {{ .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness resources: limits: @@ -59,7 +58,7 @@ spec: containers: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.image.postgres" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + imagePullPolicy: {{ .Values.pullPolicy }} env: - name: PGUSER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} @@ -69,13 +68,14 @@ spec: - /bin/sh - -c - | - psql -h $(VNFSDK_DBPRI_SERVICE_HOST) -f /aaa/init/marketplace_tables_postgres.sql + psql -h $(UUI_ADAPTATION_PG_PRIMARY_SERVICE_HOST) -f /aaa/init/llm-adaptation-init.sql -d {{ .Values.postgres.config.pgDatabase }} volumeMounts: - name: init-data - mountPath: /aaa/init/marketplace_tables_postgres.sql - subPath: marketplace_tables_postgres.sql + mountPath: /aaa/init/llm-adaptation-init.sql + subPath: llm-adaptation-init.sql {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- include "common.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: init-data configMap: diff --git a/kubernetes/holmes/templates/secrets.yaml b/kubernetes/uui/components/uui-llm-adaptation/templates/secrets.yaml index 34932b713d..638e02c1e5 100644 --- a/kubernetes/holmes/templates/secrets.yaml +++ b/kubernetes/uui/components/uui-llm-adaptation/templates/secrets.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2020 Samsung Electronics +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/uui/components/uui-llm-adaptation/templates/service.yaml index 306b0f17eb..33e96ef8c4 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml +++ b/kubernetes/uui/components/uui-llm-adaptation/templates/service.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/uui/components/uui-llm-adaptation/values.yaml b/kubernetes/uui/components/uui-llm-adaptation/values.yaml new file mode 100644 index 0000000000..f5804efb20 --- /dev/null +++ b/kubernetes/uui/components/uui-llm-adaptation/values.yaml @@ -0,0 +1,126 @@ +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for uui llm adaptation. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + passwordStrength: long + +#Pods Service Account +serviceAccount: + nameOverride: uui-llm-adaptation + roles: + - read + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-uui-adaptation-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "uui-adaptation-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-uui-adaptation-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "uui-adaptation-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + +image: onap/usecase-ui-llm-adaptation:14.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false +flavor: small +replicaCount: 1 +nodeSelector: {} +affinity: {} + +service: + type: ClusterIP + name: uui-llm-adaptation + ports: + - name: http-rest + port: &svc_port 8084 + +liveness: + initialDelaySeconds: 120 + port: *svc_port + periodSeconds: 10 + enabled: true + +readiness: + initialDelaySeconds: 60 + port: *svc_port + periodSeconds: 10 + +# application configuration override for postgres +postgres: + nameOverride: &postgresName uui-adaptation-postgres + service: + name: *postgresName + name2: uui-adaptation-pg-primary + name3: uui-adaptation-pg-replica + container: + name: + primary: uui-adaptation-pg-primary + replica: uui-adaptation-pg-replica + config: + pgUserName: uui + pgDatabase: uuiadaptation + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName + persistence: + mountSubPath: uui/uuiadaptation/data + mountInitPath: uui + +readinessCheck: + wait_for: + services: + - '{{ .Values.postgres.service.name2 }}' + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' + +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: "2" + memory: "1Gi" + requests: + cpu: "1" + memory: "200Mi" + large: + limits: + cpu: "4" + memory: "2Gi" + requests: + cpu: "2" + memory: "1Gi" + unlimited: {} + diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index d1bc3379d0..6e715bd7a9 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -48,7 +48,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui-server:5.2.2 +image: onap/usecase-ui-server:14.0.0 pullPolicy: Always # application configuration diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index b7893bc0fa..2cc0837f41 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -25,7 +25,7 @@ subChartsOnly: flavor: small # application image -image: onap/usecase-ui:5.2.2 +image: onap/usecase-ui:14.0.0 pullPolicy: Always # application configuration diff --git a/kubernetes/vfc/Chart.yaml b/kubernetes/vfc/Chart.yaml deleted file mode 100644 index 0965d00905..0000000000 --- a/kubernetes/vfc/Chart.yaml +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP Virtual Function Controller (VF-C) -name: vfc -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: mariadb-galera - version: ~13.x-0 - repository: '@local' - condition: global.mariadbGalera.localCluster - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: vfc-generic-vnfm-driver - version: ~13.x-0 - repository: 'file://components/vfc-generic-vnfm-driver' - condition: vfc-generic-vnfm-driver.enabled - - name: vfc-huawei-vnfm-driver - version: ~13.x-0 - repository: 'file://components/vfc-huawei-vnfm-driver' - condition: vfc-huawei-vnfm-driver.enabled - - name: vfc-nslcm - version: ~13.x-0 - repository: 'file://components/vfc-nslcm' - condition: vfc-nslcm.enabled - - name: vfc-redis - version: ~13.x-0 - repository: 'file://components/vfc-redis' - condition: vfc-redis.enabled - - name: vfc-vnflcm - version: ~13.x-0 - repository: 'file://components/vfc-vnflcm' - condition: vfc-vnflcm.enabled - - name: vfc-vnfmgr - version: ~13.x-0 - repository: 'file://components/vfc-vnfmgr' - condition: vfc-vnfmgr.enabled - - name: vfc-vnfres - version: ~13.x-0 - repository: 'file://components/vfc-vnfres' - condition: vfc-vnfres.enabled - - name: vfc-zte-vnfm-driver - version: ~13.x-0 - repository: 'file://components/vfc-zte-vnfm-driver' - condition: vfc-zte-vnfm-driver.enabled diff --git a/kubernetes/vfc/Makefile b/kubernetes/vfc/Makefile deleted file mode 100644 index 08ed7cb9da..0000000000 --- a/kubernetes/vfc/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/vfc/components/Makefile b/kubernetes/vfc/components/Makefile deleted file mode 100644 index 9544d70f33..0000000000 --- a/kubernetes/vfc/components/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -ifneq ($(SKIP_LINT),TRUE) - HELM_LINT_CMD := $(HELM_BIN) lint -else - HELM_LINT_CMD := echo "Skipping linting of" -endif - -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi - @sleep 3 - #@$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */Chart.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/.helmignore b/kubernetes/vfc/components/vfc-generic-vnfm-driver/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/Chart.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/Chart.yaml deleted file mode 100644 index a8f441dce4..0000000000 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP VFC - Generic VNFM Driver -name: vfc-generic-vnfm-driver -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml deleted file mode 100644 index 844f993df1..0000000000 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml +++ /dev/null @@ -1,53 +0,0 @@ -version: 1 -disable_existing_loggers: False - -loggers: - driver: - handlers: [gvnfmdriverlocal_handler, gvnfmdriver_handler] - level: "DEBUG" - propagate: False - django: - handlers: [django_handler] - level: "DEBUG" - propagate: False -handlers: - console: - class: "logging.StreamHandler" - formatter: "standard" - gvnfmdriverlocal_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/runtime_gvnfmdriver.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 - gvnfmdriver_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/vfc/gvnfmdriver/runtime_gvnfmdriver.log" - formatter: - "mdcFormat" - maxBytes: 52428800 - backupCount: 10 - django_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/django.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 -formatters: - standard: - format: - "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s" - mdcFormat: - format: - "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml deleted file mode 100644 index 83f658f751..0000000000 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml deleted file mode 100644 index 4cd1100988..0000000000 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - - name: SSL_ENABLED - value: "true" - {{- else }} - - name: SSL_ENABLED - value: "false" - {{- end }} - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" - volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: "{{ .Values.log.path }}" - - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/vfc/gvnfmdriver/config/log.yml - subPath: log.yml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - {{ include "common.log.sidecar" . | nindent 8 }} - volumes: - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-logconfig - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml deleted file mode 100644 index 85498aeca8..0000000000 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "gvnfmdriver", - "version": "v1", - "url": "/api/gvnfmdriver/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml deleted file mode 100644 index c96712be4f..0000000000 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - config: - ssl_enabled: false - -################################################################# -# Application configuration defaults. -################################################################# -# application image -flavor: small - -image: onap/vfc/gvnfmdriver:1.4.4 -pullPolicy: Always - -#Istio sidecar injection policy -istioSidecar: true - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: vfc-generic-vnfm-driver - portName: http - externalPort: 8484 - internalPort: 8484 -# nodePort: 30484 - -ingress: - enabled: false - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "200m" - memory: "500Mi" - requests: - cpu: "100m" - memory: "200Mi" - large: - limits: - cpu: "400m" - memory: "1Gi" - requests: - cpu: "200m" - memory: "500Mi" - unlimited: {} - -# Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/.helmignore b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml deleted file mode 100644 index 37158d942d..0000000000 --- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP VFC - Huawei VNFM Driver -name: vfc-huawei-vnfm-driver -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties deleted file mode 100644 index e2036398fe..0000000000 --- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -############################################################################### -# Copyright 2016, Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -############################################################################### -*/}} -log4j.rootLogger=INFO,root -log4j.appender.root.Append=true - -#Log Directory -logDir=/var/log/onap -componentName=vfc -subComponentName=huaweivnfmdriver -log4j.appender.root.File=${logDir}/${componentName}/${subComponentName}/vnfmadapterservice.log - -log4j.appender.root.layout.ConversionPattern=%d %-5p [%t][%X{moduleID}][%C %L] %m%n -log4j.appender.root.layout=org.apache.log4j.PatternLayout -log4j.appender.root.MaxBackupIndex=50 -log4j.appender.root.MaxFileSize=20MB -log4j.appender.root=org.apache.log4j.RollingFileAppender
\ No newline at end of file diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml deleted file mode 100644 index ff22976b17..0000000000 --- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}" - {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - - name: SSL_ENABLED - value: "true" - {{- else }} - - name: SSL_ENABLED - value: "false" - {{- end }} - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" - volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: {{ .Values.log.path }} - - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/vfc/hwvnfmdriver/config/log4j.properties - subPath: log4j.properties - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - {{ include "common.log.sidecar" . | nindent 8 }} - volumes: - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-logconfig - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml deleted file mode 100644 index def3fa2a54..0000000000 --- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "huaweivnfmdriver", - "version": "v1", - "url": "/api/huaweivnfmdriver/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - name: {{ .Values.service.portName }} - port: {{ .Values.service.internalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - - name: {{ .Values.service.portName }}s - port: {{ .Values.service.internalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}s - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml deleted file mode 100644 index 040ad08694..0000000000 --- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - config: - ssl_enabled: false - -################################################################# -# Application configuration defaults. -################################################################# -# application image -flavor: small - -image: onap/vfc/nfvo/svnfm/huawei:1.3.9 -pullPolicy: Always - -#Istio sidecar injection policy -istioSidecar: true - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: vfc-huawei-vnfm-driver - portName: http - externalPort: 8482 - internalPort: 8482 - externalPort2: 8483 - internalPort2: 8483 -# nodePort: 30482 - -ingress: - enabled: false - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "200m" - memory: "2Gi" - requests: - cpu: "100m" - memory: "1Gi" - large: - limits: - cpu: "400m" - memory: "4Gi" - requests: - cpu: "200m" - memory: "2Gi" - unlimited: {} - -# Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/vfc/components/vfc-nslcm/.helmignore b/kubernetes/vfc/components/vfc-nslcm/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/components/vfc-nslcm/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/components/vfc-nslcm/Chart.yaml b/kubernetes/vfc/components/vfc-nslcm/Chart.yaml deleted file mode 100644 index 3bef3a8743..0000000000 --- a/kubernetes/vfc/components/vfc-nslcm/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP VFC - NS Life Cycle Management -name: vfc-nslcm -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/vfc/components/vfc-nslcm/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-nslcm/resources/config/logging/log.yml deleted file mode 100644 index c88606239e..0000000000 --- a/kubernetes/vfc/components/vfc-nslcm/resources/config/logging/log.yml +++ /dev/null @@ -1,53 +0,0 @@ -version: 1 -disable_existing_loggers: False - -loggers: - nslcm: - handlers: [nslcmlocal_handler, nslcm_handler] - level: "DEBUG" - propagate: False - django: - handlers: [django_handler] - level: "DEBUG" - propagate: False -handlers: - console: - class: "logging.StreamHandler" - formatter: "standard" - nslcmlocal_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/runtime_nslcm.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 - nslcm_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/vfc/nslcm/runtime_nslcm.log" - formatter: - "mdcFormat" - maxBytes: 52428800 - backupCount: 10 - django_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/django.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 -formatters: - standard: - format: - "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s" - mdcFormat: - format: - "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/configmap.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/configmap.yaml deleted file mode 100644 index 83f658f751..0000000000 --- a/kubernetes/vfc/components/vfc-nslcm/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml deleted file mode 100644 index 88c322fef7..0000000000 --- a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml +++ /dev/null @@ -1,134 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - initContainers: - - command: - - /app/ready.py - args: - - --service-name - - {{ include "common.mariadbService" . }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }} - command: - - sh - args: - - -c - - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - - name: SSL_ENABLED - value: "true" - {{- else }} - - name: SSL_ENABLED - value: "false" - {{- end }} - - name: MYSQL_ADDR - value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - - name: MYSQL_ROOT_USER - value: "{{ .Values.global.config.mariadb_admin }}" - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - - name: REDIS_HOST - value: "{{ .Values.global.config.redisServiceName }}" - - name: REDIS_PORT - value: "{{ .Values.global.config.redisPort }}" - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" - volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/vfc/nslcm/config/log.yml - subPath: log.yml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - {{ include "common.log.sidecar" . | nindent 8 }} - volumes: - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-logconfig - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/secrets.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/secrets.yaml deleted file mode 100644 index 246928825e..0000000000 --- a/kubernetes/vfc/components/vfc-nslcm/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright (c) 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml deleted file mode 100644 index 4ca1cb891c..0000000000 --- a/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "nslcm", - "version": "v1", - "url": "/api/nslcm/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, - "visualRange":"1" - }, - { - "serviceName": "nslcm", - "version": "v2", - "url": "/api/nslcm/v2", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/vfc/components/vfc-nslcm/values.yaml b/kubernetes/vfc/components/vfc-nslcm/values.yaml deleted file mode 100644 index 48cce40822..0000000000 --- a/kubernetes/vfc/components/vfc-nslcm/values.yaml +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - config: - ssl_enabled: false - mariadbGalera: - # flag to enable the DB creation via mariadb-operator - useOperator: true - localCluster: false - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-root-pass - externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' - type: password - password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' - policy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -flavor: small - -image: onap/vfc/nslcm:1.4.7 -pullPolicy: Always - -#Istio sidecar injection policy -istioSidecar: true - -# flag to enable debugging - application support required -debugEnabled: false - -# Local mariadb galera instance default name -mariadb-galera: - rootUser: - externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' - nameOverride: vfc-mariadb - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: vfc-nslcm - portName: http - externalPort: 8403 - internalPort: 8403 -# nodePort: 30403 - -ingress: - enabled: false - - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "200m" - memory: "500Mi" - requests: - cpu: "100m" - memory: "200Mi" - large: - limits: - cpu: "400m" - memory: "1Gi" - requests: - cpu: "200m" - memory: "500Mi" - unlimited: {} - -# Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/vfc/components/vfc-redis/.helmignore b/kubernetes/vfc/components/vfc-redis/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/components/vfc-redis/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/components/vfc-redis/Chart.yaml b/kubernetes/vfc/components/vfc-redis/Chart.yaml deleted file mode 100644 index 84736f364b..0000000000 --- a/kubernetes/vfc/components/vfc-redis/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright (C) 2018 Verizon. All Rights Reserved. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP VFC - REDIS -name: vfc-redis -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/vfc/components/vfc-redis/templates/deployment.yaml b/kubernetes/vfc/components/vfc-redis/templates/deployment.yaml deleted file mode 100644 index 02fc994599..0000000000 --- a/kubernetes/vfc/components/vfc-redis/templates/deployment.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{/* -# Copyright (C) 2018 Verizon. All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/vfc/components/vfc-redis/templates/service.yaml b/kubernetes/vfc/components/vfc-redis/templates/service.yaml deleted file mode 100644 index 23518e95f1..0000000000 --- a/kubernetes/vfc/components/vfc-redis/templates/service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -# Copyright (C) 2018 Verizon. All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/vfc/components/vfc-redis/values.yaml b/kubernetes/vfc/components/vfc-redis/values.yaml deleted file mode 100644 index 60c95b9b7c..0000000000 --- a/kubernetes/vfc/components/vfc-redis/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright (C) 2018 Verizon. All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -flavor: small - -image: onap/vfc/db:1.3.5 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 120 - periodSeconds: 10 - -service: - type: ClusterIP - name: vfc-redis - portName: http - externalPort: 6379 - internalPort: 6379 - -ingress: - enabled: false - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "200m" - memory: "500Mi" - requests: - cpu: "100m" - memory: "200Mi" - large: - limits: - cpu: "400m" - memory: "1Gi" - requests: - cpu: "200m" - memory: "500Mi" - unlimited: {}
\ No newline at end of file diff --git a/kubernetes/vfc/components/vfc-vnflcm/.helmignore b/kubernetes/vfc/components/vfc-vnflcm/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/components/vfc-vnflcm/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/components/vfc-vnflcm/Chart.yaml b/kubernetes/vfc/components/vfc-vnflcm/Chart.yaml deleted file mode 100644 index fe0ce9b4f9..0000000000 --- a/kubernetes/vfc/components/vfc-vnflcm/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP VFC - VNF Life Cycle Management -name: vfc-vnflcm -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/vfc/components/vfc-vnflcm/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-vnflcm/resources/config/logging/log.yml deleted file mode 100644 index 9dbf475beb..0000000000 --- a/kubernetes/vfc/components/vfc-vnflcm/resources/config/logging/log.yml +++ /dev/null @@ -1,53 +0,0 @@ -version: 1 -disable_existing_loggers: False - -loggers: - mgr: - handlers: [vnfmgrlocal_handler, vnfmgr_handler] - level: "DEBUG" - propagate: False - django: - handlers: [django_handler] - level: "DEBUG" - propagate: False -handlers: - console: - class: "logging.StreamHandler" - formatter: "standard" - vnfmgrlocal_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/runtime_mgr.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 - vnfmgr_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/vfc/gvnfm-vnfmgr/runtime_mgr.log" - formatter: - "mdcFormat" - maxBytes: 52428800 - backupCount: 10 - django_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/django.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 -formatters: - standard: - format: - "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s" - mdcFormat: - format: - "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/configmap.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/configmap.yaml deleted file mode 100644 index 83f658f751..0000000000 --- a/kubernetes/vfc/components/vfc-vnflcm/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml deleted file mode 100644 index e915587a4f..0000000000 --- a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml +++ /dev/null @@ -1,134 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - initContainers: - - command: - - /app/ready.py - args: - - --service-name - - {{ include "common.mariadbService" . }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }} - command: - - sh - args: - - -c - - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - - name: SSL_ENABLED - value: "true" - {{- else }} - - name: SSL_ENABLED - value: "false" - {{- end }} - - name: MYSQL_ADDR - value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - - name: MYSQL_ROOT_USER - value: "{{ .Values.global.config.mariadb_admin }}" - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - - name: REDIS_HOST - value: "{{ .Values.global.config.redisServiceName }}" - - name: REDIS_PORT - value: "{{ .Values.global.config.redisPort }}" - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" - volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: {{ .Values.log.path }} - - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/vfc/gvnfm-vnflcm/config/log.yml - subPath: log.yml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - {{ include "common.log.sidecar" . | nindent 8 }} - volumes: - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-logconfig - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/secrets.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/secrets.yaml deleted file mode 100644 index 246928825e..0000000000 --- a/kubernetes/vfc/components/vfc-vnflcm/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright (c) 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml deleted file mode 100644 index 7970e8a9b1..0000000000 --- a/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "vnflcm", - "version": "v1", - "url": "/api/vnflcm/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/vfc/components/vfc-vnflcm/values.yaml b/kubernetes/vfc/components/vfc-vnflcm/values.yaml deleted file mode 100644 index bc22a32206..0000000000 --- a/kubernetes/vfc/components/vfc-vnflcm/values.yaml +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - config: - ssl_enabled: false - mariadbGalera: - # flag to enable the DB creation via mariadb-operator - useOperator: true - localCluster: false - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-root-pass - externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' - type: password - password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' - policy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -flavor: small - -image: onap/vfc/vnflcm:1.4.3 -pullPolicy: Always - -#Istio sidecar injection policy -istioSidecar: true - -# flag to enable debugging - application support required -debugEnabled: false - -# Local mariadb galera instance default name -mariadb-galera: - rootUser: - externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' - nameOverride: vfc-mariadb - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: vfc-vnflcm - portName: http - externalPort: 8801 - internalPort: 8801 -# nodePort: 30801 - -ingress: - enabled: false - - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "200m" - memory: "500Mi" - requests: - cpu: "100m" - memory: "200Mi" - large: - limits: - cpu: "400m" - memory: "1Gi" - requests: - cpu: "200m" - memory: "500Mi" - unlimited: {} - -# Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/vfc/components/vfc-vnfmgr/.helmignore b/kubernetes/vfc/components/vfc-vnfmgr/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/components/vfc-vnfmgr/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/components/vfc-vnfmgr/Chart.yaml b/kubernetes/vfc/components/vfc-vnfmgr/Chart.yaml deleted file mode 100644 index d5ec0cfc80..0000000000 --- a/kubernetes/vfc/components/vfc-vnfmgr/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP VFC - VNF Manager -name: vfc-vnfmgr -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml deleted file mode 100644 index 9dbf475beb..0000000000 --- a/kubernetes/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml +++ /dev/null @@ -1,53 +0,0 @@ -version: 1 -disable_existing_loggers: False - -loggers: - mgr: - handlers: [vnfmgrlocal_handler, vnfmgr_handler] - level: "DEBUG" - propagate: False - django: - handlers: [django_handler] - level: "DEBUG" - propagate: False -handlers: - console: - class: "logging.StreamHandler" - formatter: "standard" - vnfmgrlocal_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/runtime_mgr.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 - vnfmgr_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/vfc/gvnfm-vnfmgr/runtime_mgr.log" - formatter: - "mdcFormat" - maxBytes: 52428800 - backupCount: 10 - django_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/django.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 -formatters: - standard: - format: - "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s" - mdcFormat: - format: - "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml deleted file mode 100644 index 83f658f751..0000000000 --- a/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml deleted file mode 100644 index 8dd9f57921..0000000000 --- a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - initContainers: - - command: - - /app/ready.py - args: - - --service-name - - {{ include "common.mariadbService" . }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }} - command: - - sh - args: - - -c - - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - - name: SSL_ENABLED - value: "true" - {{- else }} - - name: SSL_ENABLED - value: "false" - {{- end }} - - name: MYSQL_ADDR - value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - - name: REDIS_HOST - value: "{{ .Values.global.config.redisServiceName }}" - - name: REDIS_PORT - value: "{{ .Values.global.config.redisPort }}" - - name: MYSQL_ROOT_USER - value: "{{ .Values.global.config.mariadb_admin }}" - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" - volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: {{ .Values.log.path }} - - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/vfc/gvnfm-vnfmgr/config/log.yml - subPath: log.yml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - {{ include "common.log.sidecar" . | nindent 8 }} - volumes: - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-logconfig - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/secrets.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/secrets.yaml deleted file mode 100644 index 246928825e..0000000000 --- a/kubernetes/vfc/components/vfc-vnfmgr/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright (c) 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml deleted file mode 100644 index 9daf4e0e26..0000000000 --- a/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "vnfmgr", - "version": "v1", - "url": "/api/vnfmgr/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml deleted file mode 100644 index 31b5a66fd0..0000000000 --- a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - config: - ssl_enabled: false - mariadbGalera: - # flag to enable the DB creation via mariadb-operator - useOperator: true - localCluster: false - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-root-pass - externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' - type: password - password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' - policy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -flavor: small - -image: onap/vfc/vnfmgr:1.4.1 -pullPolicy: Always - -#Istio sidecar injection policy -istioSidecar: true - -# flag to enable debugging - application support required -debugEnabled: false - -# Local mariadb galera instance default name -mariadb-galera: - rootUser: - externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' - nameOverride: vfc-mariadb - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: vfc-vnfmgr - portName: http - externalPort: 8803 - internalPort: 8803 -# nodePort: 30803 - -ingress: - enabled: false - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "200m" - memory: "500Mi" - requests: - cpu: "100m" - memory: "200Mi" - large: - limits: - cpu: "400m" - memory: "1Gi" - requests: - cpu: "200m" - memory: "500Mi" - unlimited: {} - -# Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/vfc/components/vfc-vnfres/.helmignore b/kubernetes/vfc/components/vfc-vnfres/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/components/vfc-vnfres/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/components/vfc-vnfres/Chart.yaml b/kubernetes/vfc/components/vfc-vnfres/Chart.yaml deleted file mode 100644 index be05a88d7a..0000000000 --- a/kubernetes/vfc/components/vfc-vnfres/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP VFC - VNF Resource Manager -name: vfc-vnfres -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/vfc/components/vfc-vnfres/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-vnfres/resources/config/logging/log.yml deleted file mode 100644 index 7644af1e1b..0000000000 --- a/kubernetes/vfc/components/vfc-vnfres/resources/config/logging/log.yml +++ /dev/null @@ -1,53 +0,0 @@ -version: 1 -disable_existing_loggers: False - -loggers: - lcm: - handlers: [vnflcmlocal_handler, vnflcm_handler] - level: "DEBUG" - propagate: False - django: - handlers: [django_handler] - level: "DEBUG" - propagate: False -handlers: - console: - class: "logging.StreamHandler" - formatter: "standard" - vnflcmlocal_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/runtime_lcm.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 - vnflcm_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/vfc/gvnfm-vnflcm/runtime_lcm.log" - formatter: - "mdcFormat" - maxBytes: 52428800 - backupCount: 10 - django_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/django.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 -formatters: - standard: - format: - "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s" - mdcFormat: - format: - "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml deleted file mode 100644 index 83f658f751..0000000000 --- a/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml deleted file mode 100644 index f4138d256f..0000000000 --- a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml +++ /dev/null @@ -1,133 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - initContainers: - - command: - - /app/ready.py - args: - - --service-name - - {{ include "common.mariadbService" . }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - containers: - - name: {{ include "common.name" . }} - command: - - sh - args: - - -c - - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - - name: SSL_ENABLED - value: "true" - {{- else }} - - name: SSL_ENABLED - value: "false" - {{- end }} - - name: MYSQL_ADDR - value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - - name: REDIS_HOST - value: "{{ .Values.global.config.redisServiceName }}" - - name: REDIS_PORT - value: "{{ .Values.global.config.redisPort }}" - - name: MYSQL_ROOT_USER - value: "{{ .Values.global.config.mariadb_admin }}" - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" - volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/vfc/gvnfm-vnfres/config/log.yml - subPath: log.yml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - # side car containers - {{ include "common.log.sidecar" . | nindent 8 }} - volumes: - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-logconfig - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/secrets.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/secrets.yaml deleted file mode 100644 index 246928825e..0000000000 --- a/kubernetes/vfc/components/vfc-vnfres/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright (c) 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml deleted file mode 100644 index 4f583f2181..0000000000 --- a/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "vnfres", - "version": "v1", - "url": "/api/vnfres/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/vfc/components/vfc-vnfres/values.yaml b/kubernetes/vfc/components/vfc-vnfres/values.yaml deleted file mode 100644 index 2c54249de4..0000000000 --- a/kubernetes/vfc/components/vfc-vnfres/values.yaml +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - config: - ssl_enabled: false - mariadbGalera: - # flag to enable the DB creation via mariadb-operator - useOperator: true - localCluster: false - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-root-pass - externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}' - type: password - password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' - policy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -flavor: small - -image: onap/vfc/vnfres:1.4.1 -pullPolicy: Always - -#Istio sidecar injection policy -istioSidecar: true - -# flag to enable debugging - application support required -debugEnabled: false - -# Local mariadb galera instance default name -mariadb-galera: - rootUser: - externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass' - nameOverride: vfc-mariadb - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: vfc-vnfres - portName: http - externalPort: 8802 - internalPort: 8802 -# nodePort: 30802 - -ingress: - enabled: false - - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "200m" - memory: "500Mi" - requests: - cpu: "100m" - memory: "200Mi" - large: - limits: - cpu: "400m" - memory: "1Gi" - requests: - cpu: "200m" - memory: "500Mi" - unlimited: {} - -# Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/.helmignore b/kubernetes/vfc/components/vfc-zte-vnfm-driver/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/Chart.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/Chart.yaml deleted file mode 100644 index 2511b5e587..0000000000 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP VFC - ZTE VNFM Driver -name: vfc-zte-vnfm-driver -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml deleted file mode 100644 index 6c00048ff7..0000000000 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml +++ /dev/null @@ -1,53 +0,0 @@ -version: 1 -disable_existing_loggers: False - -loggers: - ztevnfmdriver: - handlers: [ztevnfmdriverlocal_handler, ztevnfmdriver_handler] - level: "DEBUG" - propagate: False - django: - handlers: [django_handler] - level: "DEBUG" - propagate: False -handlers: - console: - class: "logging.StreamHandler" - formatter: "standard" - ztevnfmdriverlocal_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/runtime_ztevnfmdriver.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 - ztevnfmdriver_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/vfc/ztevnfmdriver/runtime_ztevnfmdriver.log" - formatter: - "mdcFormat" - maxBytes: 52428800 - backupCount: 10 - django_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/django.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 -formatters: - standard: - format: - "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s" - mdcFormat: - format: - "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml deleted file mode 100644 index 83f658f751..0000000000 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml deleted file mode 100644 index c58957c2a2..0000000000 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - - name: SSL_ENABLED - value: "true" - {{- else }} - - name: SSL_ENABLED - value: "false" - {{- end }} - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" - volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: {{ .Values.log.path }} - - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/vfc/ztevnfmdriver/config/log.yml - subPath: log.yml - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - {{ include "common.log.sidecar" . | nindent 8 }} - volumes: - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-logconfig - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml deleted file mode 100644 index 8a80a87062..0000000000 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "ztevnfmdriver", - "version": "v1", - "url": "/api/ztevnfmdriver/v1", - "protocol": "REST", - "port": "{{ .Values.service.externalPort }}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml deleted file mode 100644 index 3588ba548e..0000000000 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - config: - ssl_enabled: false - -################################################################# -# Application configuration defaults. -################################################################# -# application image -flavor: small - -image: onap/vfc/ztevnfmdriver:1.4.1 -pullPolicy: Always - -#Istio sidecar injection policy -istioSidecar: true - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: vfc-zte-vnfm-driver - portName: http - externalPort: 8410 - internalPort: 8410 - -ingress: - enabled: false - - -# Configure resource requests and limits -resources: - small: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "50m" - memory: "200Mi" - large: - limits: - cpu: "200m" - memory: "1Gi" - requests: - cpu: "100m" - memory: "500Mi" - unlimited: {} - -# Log configuration -log: - path: /var/log/onap -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/vfc/resources/config/log/filebeat/filebeat.yml b/kubernetes/vfc/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 0bc14ea908..0000000000 --- a/kubernetes/vfc/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,41 +0,0 @@ -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.logstashServiceName}}:{{.Values.config.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/vfc/templates/configmap.yaml b/kubernetes/vfc/templates/configmap.yaml deleted file mode 100644 index e890b8d957..0000000000 --- a/kubernetes/vfc/templates/configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.log.configMap" . }} diff --git a/kubernetes/vfc/templates/secrets.yaml b/kubernetes/vfc/templates/secrets.yaml deleted file mode 100644 index 246928825e..0000000000 --- a/kubernetes/vfc/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright (c) 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml deleted file mode 100644 index 05b7eb1fa3..0000000000 --- a/kubernetes/vfc/values.yaml +++ /dev/null @@ -1,122 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -global: - config: - ssl_enabled: false - msbprotocol: http - msbServiceName: msb-iag - msbPort: 443 - redisServiceName: vfc-redis - redisPort: 6379 -# Becaue now oom can register the microservice to msb automatically, -# If it is set to false, vfc contanier will not register again, if it is -# set to true, vfc will register by itself. -# we use this flag to determine who is responbile for serice registeration -# and it can reduce duplicate registration. - reg_to_msb_when_start: False - mariadb_admin: &mariadbAdmin root - persistence: - mountPath: /dockerdata-nfs - mariadbGalera: &mariadbGalera - # flag to enable the DB creation via mariadb-operator - useOperator: true - #This flag allows VFC to instantiate its own mariadb-galera cluster - localCluster: false - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - centralizedLoggingEnabled: true - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-root-pass - name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass' - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "rootUser" "user" }}' - password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}' - type: password - -# application configuration -config: - logstashServiceName: log-ls - logstashPort: 5044 - -mariadb-galera: &localMariadb - rootUser: - user: *mariadbAdmin - # password: - externalSecret: *dbRootPassSecret - nameOverride: &dbServer vfc-mariadb - service: - name: *dbServer - portName: *dbServer - internalPort: 3306 - nfsprovisionerPrefix: vfc - persistence: - mountSubPath: vfc/data - enabled: true - disableNfsProvisioner: true - serviceAccount: - nameOverride: *dbServer - replicaCount: 1 - mariadbOperator: - galera: - enabled: false - -vfc-generic-vnfm-driver: - enabled: true - logConfigMapNamePrefix: '{{ include "common.release" . }}-vfc' - -vfc-huawei-vnfm-driver: - enabled: true - logConfigMapNamePrefix: '{{ include "common.release" . }}-vfc' - -vfc-nslcm: - enabled: true - mariadb-galera: *localMariadb - logConfigMapNamePrefix: '{{ include "common.release" . }}-vfc' - -vfc-redis: - enabled: true - -vfc-vnflcm: - enabled: true - mariadb-galera: *localMariadb - logConfigMapNamePrefix: '{{ include "common.release" . }}-vfc' - -vfc-vnfmgr: - enabled: true - mariadb-galera: *localMariadb - logConfigMapNamePrefix: '{{ include "common.release" . }}-vfc' - -vfc-vnfres: - enabled: true - mariadb-galera: *localMariadb - logConfigMapNamePrefix: '{{ include "common.release" . }}-vfc' - -# sub-chart configuration -vfc-workflow: - service: - externalPort: 10550 - -vfc-workflow-engine: - config: - workflowPort: 10550 - -vfc-zte-vnfm-driver: - enabled: true - logConfigMapNamePrefix: '{{ include "common.release" . }}-vfc' diff --git a/kubernetes/vnfsdk/Chart.yaml b/kubernetes/vnfsdk/Chart.yaml deleted file mode 100644 index bf0dbe6640..0000000000 --- a/kubernetes/vnfsdk/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP VNF SDK -name: vnfsdk -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: postgres - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml deleted file mode 100644 index 09b6551c00..0000000000 --- a/kubernetes/vnfsdk/resources/config/configuration.xml +++ /dev/null @@ -1,35 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Copyright 2017 Huawei Technologies Co., Ltd. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<!DOCTYPE configuration -PUBLIC "//mybatis.org//DTD Config 3.0//EN" -"http://mybatis.org/dtd/mybatis-3-config.dtd"> -<configuration> - <environments default="development"> - <environment id="development"> - <transactionManager type="JDBC" /> - <dataSource type="UNPOOLED"> - <property name="driver" value="org.postgresql.Driver" /> - <property name="url" value="jdbc:postgresql://{{.Values.postgres.service.name2}}:{{.Values.postgres.service.externalPort}}/marketplaceDB" /> - <property name="username" value="${PG_USER}" /> - <property name="password" value="${PG_PASSWORD}" /> - </dataSource> - </environment> - </environments> - <mappers> - <mapper resource="mybatis/sql/MarketplaceMapper.xml" /> - </mappers> -</configuration> diff --git a/kubernetes/vnfsdk/resources/config/marketplace_tables_postgres.sql b/kubernetes/vnfsdk/resources/config/marketplace_tables_postgres.sql deleted file mode 100644 index c05d7f2d00..0000000000 --- a/kubernetes/vnfsdk/resources/config/marketplace_tables_postgres.sql +++ /dev/null @@ -1,25 +0,0 @@ -CREATE DATABASE "marketplaceDB"; - -\c marketplaceDB; - -DROP TABLE IF EXISTS CSAR_PACKAGE_TABLE; - -CREATE TABLE CSAR_PACKAGE_TABLE ( - CSARID VARCHAR(200) NOT NULL, - DOWNLOADURI VARCHAR(200) NULL, - REPORT VARCHAR(200) NULL, - SIZE VARCHAR(100) NULL, - FORMAT VARCHAR(100) NULL, - CREATETIME VARCHAR(100) NULL, - DELETIONPENDING VARCHAR(100) NULL, - MODIFYTIME VARCHAR(100) NULL, - SHORTDESC TEXT NULL, - NAME VARCHAR(100) NULL, - VERSION VARCHAR(20) NULL, - PROVIDER VARCHAR(300) NULL, - TYPE VARCHAR(300) NULL, - DETAILS TEXT NULL, - REMARKS TEXT NULL, - DOWNLOADCOUNT INT NULL, - CONSTRAINT csar_package_table_pkey PRIMARY KEY (CSARID) -); diff --git a/kubernetes/vnfsdk/resources/nginx/nginx.conf b/kubernetes/vnfsdk/resources/nginx/nginx.conf deleted file mode 100644 index 9d7aa78b36..0000000000 --- a/kubernetes/vnfsdk/resources/nginx/nginx.conf +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -daemon off; - -#pid /run/nginx.pid; - -events { - worker_connections 500; - # multi_accept on; -} -http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - #Comment or disable the access_log once tested to avoid runtime logs -# access_log /var/log/nginx/access.log format gzip; - access_log off; - error_log /var/log/nginx/error.log; - - server { - listen {{ .Values.service.internalPort }}; - server_name {{ .Values.service.name }}; - keepalive_timeout 70; - - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://localhost:8702; - proxy_read_timeout 90; - proxy_redirect off; - } - } -}
\ No newline at end of file diff --git a/kubernetes/vnfsdk/templates/NOTES.txt b/kubernetes/vnfsdk/templates/NOTES.txt deleted file mode 100644 index cf415bd51c..0000000000 --- a/kubernetes/vnfsdk/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/vnfsdk/templates/configmap.yaml b/kubernetes/vnfsdk/templates/configmap.yaml deleted file mode 100644 index d06379331f..0000000000 --- a/kubernetes/vnfsdk/templates/configmap.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-nginx - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/nginx/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml deleted file mode 100644 index bf9ad3e031..0000000000 --- a/kubernetes/vnfsdk/templates/deployment.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: PG_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} - - name: PG_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: init-data-input - - mountPath: /config - name: init-data - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - {{ include "common.readinessCheck.waitFor" . | nindent 6 }} - containers: - - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }} - ports: {{ include "common.containerPorts" . | nindent 8 }} - resources: {{ include "common.resources" . | nindent 10 }} - volumeMounts: - - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml - name: init-data - subPath: configuration.xml - - mountPath: /etc/nginx/nginx.conf - name: nginx - subPath: nginx.conf - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - {{- include "common.imagePullSecrets" . | nindent 6 }} - volumes: - - name: init-data-input - configMap: - name: {{ include "common.fullname" . }} - - name: nginx - configMap: - name: {{ include "common.fullname" . }}-nginx - - name: init-data - emptyDir: - medium: Memory diff --git a/kubernetes/vnfsdk/templates/ingress.yaml b/kubernetes/vnfsdk/templates/ingress.yaml deleted file mode 100644 index 1f6ec7ab0e..0000000000 --- a/kubernetes/vnfsdk/templates/ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/vnfsdk/templates/service.yaml b/kubernetes/vnfsdk/templates/service.yaml deleted file mode 100644 index 6127b2b373..0000000000 --- a/kubernetes/vnfsdk/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modification © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml deleted file mode 100644 index 723dfc3b4f..0000000000 --- a/kubernetes/vnfsdk/values.yaml +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2023 Deutsche Telekom -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - -secrets: - - uid: pg-root-pass - name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass' - type: password - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' - password: '{{ .Values.postgres.config.pgRootpassword }}' - policy: generate - - uid: pg-user-creds - name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds' - type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' - login: '{{ .Values.postgres.config.pgUserName }}' - password: '{{ .Values.postgres.config.pgUserPassword }}' - passwordPolicy: generate - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/vnfsdk/refrepo:1.6.3 -pullPolicy: Always - -# application configuration override for postgres -postgres: - nameOverride: vnfsdk-postgres - service: - name: vnfsdk-dbset - name2: vnfsdk-dbpri - name3: vnfsdk-dbrep - container: - name: - primary: vnfsdk-dbpri - replica: vnfsdk-dbrep - persistence: - mountSubPath: vnfsdk/data - mountInitPath: vnfsdk - config: - pgUserName: postgres - pgDatabase: postgres - pgUserExternalSecret: *pgUserCredsSecretName - pgRootPasswordExternalSecret: *pgRootPassSecretName - -# flag to enable debugging - application support required -debugEnabled: false - -nodeSelector: {} - -affinity: {} - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: "2000m" - memory: "4Gi" - requests: - cpu: "500m" - memory: "1Gi" - large: - limits: - cpu: "4000m" - memory: "8Gi" - requests: - cpu: "1000m" - memory: "2Gi" - unlimited: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 60 - periodSeconds: 30 - -service: - type: NodePort - name: refrepo - internalPort: 8703 - ports: - - name: http - port: 8703 - nodePort: '97' - -ingress: - enabled: false - service: - - baseaddr: "vnfsdk-refrepo-api" - name: "refrepo" - port: 8703 - config: - ssl: "redirect" - -readinessCheck: - wait_for: - services: - - '{{ .Values.postgres.service.name2 }}' - -wait_for_job_container: - containers: - - '{{ include "common.name" . }}-job' |