diff options
Diffstat (limited to 'kubernetes')
35 files changed, 400 insertions, 194 deletions
diff --git a/kubernetes/README.md b/kubernetes/README.md index 9d8d4cc9ab..696ede70c0 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -1,5 +1,8 @@ ## **Quick Start Guide** +> **WARNING**: This README is no longer maintained and will be deprecated. +> Please refer to the official OOM guide here - [OOM Guide](https://docs.onap.org/projects/onap-oom/en/latest/sections/oom_project_description.html) + This is a quick start guide describing how to deploy ONAP on Kubernetes using Helm. diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties index 8bd4494a2b..7c82d1f90d 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties @@ -25,6 +25,6 @@ resources.trust-store-password=${TRUSTSTORE_PASSWORD} resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 resources.client-cert-password=${KEYSTORE_PASSWORD} {{ else }} -resources.port=8080 +resources.port=80 resources.authType=HTTP_NOAUTH {{ end }} diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index a724129018..31ea946d9b 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -147,18 +147,19 @@ spec: subPath: logback.xml ports: - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPlainPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: diff --git a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml index 457b3576a0..9e3ffd6f56 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml @@ -25,16 +25,13 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} + - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} + port: {{ .Values.service.externalPort }} + targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} + {{- if eq .Values.service.type "NodePort" }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ ternary "s" "" (eq "true" (include "common.needTLS" .)) }} - {{- end }} + {{- end }} + type: {{ .Values.service.type }} selector: app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index ee3c5c41d9..29953b4b66 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -119,7 +119,9 @@ readiness: service: type: NodePort portName: http + externalPort: 8000 internalPort: 8000 + internalPlainPort: 9517 nodePort: 20 ingress: diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 4fc2e4b1c9..d8a944712a 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -14,13 +14,56 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} +{{/* + Create the hostname as concatination <baseaddr>.<baseurl> + - baseaddr: from component values: ingress.service.baseaddr + - baseurl: from values: global.ingress.virtualhost.baseurl + which van be overwritten in the component via: ingress.baseurlOverride +*/}} {{- define "ingress.config.host" -}} {{- $dot := default . .dot -}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} +{{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}} {{ printf "%s.%s" $baseaddr $burl }} {{- end -}} +{{/* + Helper function to add the tls route +*/}} +{{- define "ingress.config.tls" -}} +{{- $dot := default . .dot -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.ssl }} +{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} + tls: + httpsRedirect: true + - port: + number: 443 + name: https + protocol: HTTPS + tls: +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.tls }} + credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} + mode: SIMPLE + hosts: + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* + Helper function to add the route to the service +*/}} {{- define "ingress.config.port" -}} {{- $dot := default . .dot -}} {{ range .Values.ingress.service }} @@ -44,9 +87,11 @@ {{- end }} {{- end -}} +{{/* + Helper function to add the route to the service +*/}} {{- define "istio.config.route" -}} {{- $dot := default . .dot -}} -{{ range .Values.ingress.service }} http: - route: - destination: @@ -66,8 +111,10 @@ {{- end }} host: {{ .name }} {{- end -}} -{{- end -}} +{{/* + Helper function to add ssl annotations +*/}} {{- define "ingress.config.annotations.ssl" -}} {{- if .Values.ingress.config -}} {{- if .Values.ingress.config.ssl -}} @@ -85,6 +132,9 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end -}} +{{/* + Helper function to add annotations +*/}} {{- define "ingress.config.annotations" -}} {{- if .Values.ingress -}} {{- if .Values.ingress.annotations -}} @@ -94,6 +144,9 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{ include "ingress.config.annotations.ssl" . | indent 4 | trim }} {{- end -}} +{{/* + Helper function to check the existance of an override value +*/}} {{- define "common.ingress._overrideIfDefined" -}} {{- $currValue := .currVal }} {{- $parent := .parent }} @@ -109,20 +162,38 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end -}} {{- end -}} -{{- define "common.ingress" -}} +{{/* + Helper function to check, if Ingress is enabled +*/}} +{{- define "common.ingress._enabled" -}} {{- $dot := default . .dot -}} -{{- if .Values.ingress -}} - {{- $ingressEnabled := default false .Values.ingress.enabled -}} - {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }} - {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }} -{{- if $ingressEnabled }} -{{- if (include "common.onServiceMesh" .) }} -{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} - {{- $dot := default . .dot -}} +{{- if $dot.Values.ingress -}} +{{- if $dot.Values.global.ingress -}} +{{- if (default false $dot.Values.global.ingress.enabled) -}} +{{- if (default false $dot.Values.global.ingress.enable_all) -}} +true +{{- else -}} +{{- if $dot.Values.ingress.enabled -}} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* + Create Istio Ingress resources per defined service +*/}} +{{- define "common.istioIngress" -}} +{{- $dot := default . .dot -}} +{{ range $dot.Values.ingress.service }} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} +--- apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: - name: {{ include "common.fullname" . }}-gateway + name: {{ $baseaddr }}-gateway spec: selector: istio: ingressgateway # use Istio default gateway implementation @@ -132,80 +203,87 @@ spec: name: http protocol: HTTP hosts: - {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} -{{- if .Values.global.ingress.config }} -{{- if .Values.global.ingress.config.ssl }} -{{- if eq .Values.global.ingress.config.ssl "redirect" }} - tls: - httpsRedirect: true - - port: - number: 443 - name: https - protocol: HTTPS - tls: -{{- if .Values.global.ingress.config }} -{{- if .Values.global.ingress.config.tls }} - credentialName: {{ default "ingress-tls-secret" .Values.global.ingress.config.tls.secret }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} - mode: SIMPLE - hosts: - {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} + {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }} --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: - name: {{ include "common.fullname" . }}-service + name: {{ $baseaddr }}-service spec: hosts: - {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} gateways: - - {{ include "common.fullname" . }}-gateway + - {{ $baseaddr }}-gateway {{ include "istio.config.route" . | trim }} +{{- end -}} {{- end -}} -{{- else -}} + +{{/* + Create default Ingress resource +*/}} +{{- define "common.nginxIngress" -}} +{{- $dot := default . .dot -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "common.fullname" . }}-ingress + name: {{ include "common.fullname" $dot }}-ingress annotations: - {{ include "ingress.config.annotations" . }} + {{ include "ingress.config.annotations" $dot }} labels: - app: {{ .Chart.Name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + app: {{ $dot.Chart.Name }} + chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }} + release: {{ include "common.release" $dot }} + heritage: {{ $dot.Release.Service }} spec: rules: - {{ include "ingress.config.port" . | trim }} -{{- if .Values.ingress.tls }} + {{ include "ingress.config.port" $dot | trim }} +{{- if $dot.Values.ingress.tls }} tls: -{{ toYaml .Values.ingress.tls | indent 4 }} +{{ toYaml $dot.Values.ingress.tls | indent 4 }} {{- end -}} -{{- if .Values.ingress.config -}} -{{- if .Values.ingress.config.tls -}} +{{- if $dot.Values.ingress.config -}} +{{- if $dot.Values.ingress.config.tls -}} tls: - hosts: - {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} - secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }} -{{- end -}} -{{- end -}} -{{- end -}} + {{- end }} + secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }} +{{- end -}} {{- end -}} {{- end -}} + +{{/* + Create ingress template + Will create ingress template depending on the following values: + - .Values.global.ingress.enabled : enables Ingress globally + - .Values.global.ingress.enable_all : override default Ingress for all charts + - .Values.ingress.enabled : sets Ingress per chart basis + + | global.ingress.enabled | global.ingress.enable_all |ingress.enabled | result | + |------------------------|---------------------------|----------------|------------| + | false | any | any | no ingress | + | true | false | false | no ingress | + | true | true | any | ingress | + | true | false | true | ingress | + + If ServiceMesh (Istio) is enabled the respective resources are created: + - Gateway + - VirtualService + + If ServiceMesh is disabled the standard Ingress resource is creates: + - Ingress +*/}} +{{- define "common.ingress" -}} +{{- $dot := default . .dot -}} +{{- if (include "common.ingress._enabled" (dict "dot" $dot)) }} +{{- if (include "common.onServiceMesh" .) }} +{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} +{{ include "common.istioIngress" (dict "dot" $dot) }} +{{- end -}} +{{- else -}} +{{ include "common.nginxIngress" (dict "dot" $dot) }} +{{- end -}} +{{- end -}} {{- end -}} diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 379992eae8..7b88af02aa 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -242,7 +242,7 @@ spec: {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} {{- if and (include "common.onServiceMesh" $dot) (eq $serviceType "NodePort") }} -{{- $serviceType = "ClusterIP" }} +{{- $serviceType = "ClusterIP" }} {{- end }} {{- if (and (include "common.needTLS" $dot) $both_tls_and_plain) }} diff --git a/kubernetes/dmaap/Chart.yaml b/kubernetes/dmaap/Chart.yaml index 25fa15a2cf..8d84a97ba2 100644 --- a/kubernetes/dmaap/Chart.yaml +++ b/kubernetes/dmaap/Chart.yaml @@ -24,10 +24,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: dmaap-strimzi - version: ~12.x-0 - repository: 'file://components/dmaap-strimzi' - condition: dmaap-strimzi.enabled - name: message-router version: ~12.x-0 repository: 'file://components/message-router' diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties index 3acea02bff..a9b0a012a4 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties @@ -28,9 +28,9 @@ ## Items below are passed through to Kafka's producer and consumer ## configurations (after removing "kafka.") ## if you want to change request.required.acks it can take this one value -kafka.metadata.broker.list={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }} -config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }} #kafka.request.required.acks=-1 +kafka.metadata.broker.list={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }} consumer.timeout.ms=100 zookeeper.connection.timeout.ms=6000 zookeeper.session.timeout.ms=20000 diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index 0fba655a69..904c160c70 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -150,7 +150,7 @@ spec: - name: JAASLOGIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }} - name: SASLMECH - value: {{ .Values.global.saslMechanism }} + value: scram-sha-512 - name: enableCadi value: "{{ .Values.global.aafEnabled }}" - name: useZkTopicStore diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index f9904e67c8..80460ba570 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -19,15 +19,16 @@ ################################################################# global: nodePortPrefix: 302 - kafkaBootstrap: strimzi-kafka-bootstrap - saslMechanism: scram-sha-512 - kafkaInternalPort: 9092 zkTunnelService: type: ClusterIP name: zk-tunnel-svc portName: tcp-zk-tunnel internalPort: 2181 +zookeeper: + entrance: + image: scholzj/zoo-entrance:latest + ################################################################# # AAF part ################################################################# @@ -71,10 +72,6 @@ certInitializer: image: onap/dmaap/dmaap-mr:1.4.3 pullPolicy: Always -zookeeper: - entrance: - image: scholzj/zoo-entrance:latest - secrets: - uid: mr-kafka-admin-secret externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index cf65674ffd..1cb537b5f4 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -38,10 +38,7 @@ global: aafEnabled: true #Strimzi config - kafkaBootstrap: strimzi-kafka-bootstrap kafkaStrimziAdminUser: strimzi-kafka-admin - kafkaInternalPort: 9092 - saslMechanism: scram-sha-512 #Component overrides message-router: diff --git a/kubernetes/onap/resources/environments/core-onap.yaml b/kubernetes/onap/resources/environments/core-onap.yaml index abf2cd1dfa..8a4bb706d9 100644 --- a/kubernetes/onap/resources/environments/core-onap.yaml +++ b/kubernetes/onap/resources/environments/core-onap.yaml @@ -16,7 +16,7 @@ # This override file is used to deploy a core configuration. It is based on # minimal-onap.yaml and Orange accomplishments [1][2][3]. # It includes the following components: -# AAI, DMAAP, SDC, SDNC, SO (+ Cassandra) +# AAI, DMAAP Message Router, SDC, SDNC, SO (+ Cassandra), STRIMZI Kafka # # Minimal resources are also reviewed for the various containers # AAI: no override => to be fixed @@ -75,6 +75,14 @@ holmes: enabled: false dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: false + dmaap-dr-prov: + enabled: false + dmaap-dr-node: + enabled: false log: enabled: false mariadb-galera: @@ -126,6 +134,16 @@ so: openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL" openStackServiceTenantName: "$OPENSTACK_TENANT_NAME" openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD" +strimzi: + enabled: true + replicaCount: 2 + persistence: + kafka: + size: 1Gi + zookeeper: + size: 500Mbi + strimzi-kafka-bridge: + enabled: false uui: enabled: false vid: diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml index e2971f70cc..2caad2d530 100644 --- a/kubernetes/onap/resources/environments/dev.yaml +++ b/kubernetes/onap/resources/environments/dev.yaml @@ -137,6 +137,8 @@ so: mariadb: config: mariadbRootPassword: password +strimzi: + enabled: false uui: enabled: false vfc: diff --git a/kubernetes/onap/resources/environments/disable-allcharts.yaml b/kubernetes/onap/resources/environments/disable-allcharts.yaml index 092dc1ab9b..43aa4c8c05 100644 --- a/kubernetes/onap/resources/environments/disable-allcharts.yaml +++ b/kubernetes/onap/resources/environments/disable-allcharts.yaml @@ -77,6 +77,8 @@ sdnc: enabled: false so: enabled: false +strimzi: + enabled: false uui: enabled: false vfc: diff --git a/kubernetes/onap/resources/environments/minimal-onap.yaml b/kubernetes/onap/resources/environments/minimal-onap.yaml index 12cccfb9e8..7bfa258e5a 100644 --- a/kubernetes/onap/resources/environments/minimal-onap.yaml +++ b/kubernetes/onap/resources/environments/minimal-onap.yaml @@ -16,7 +16,7 @@ # This override file is used to deploy a minimal configuration to # onboard and deploy a VNF. # It includes the following components: -# A&AI, Cassandra, DMAAP, Portal, Robot, SDC, SDNC, SO, VID +# A&AI, Cassandra, DMAAP Message Router, Portal, Robot, SDC, SDNC, SO, STRIMZI Kafka, VID # # Minimal resources are also reviewed for the various containers # A&AI: no override => to be fixed @@ -70,6 +70,14 @@ holmes: enabled: false dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: false + dmaap-dr-prov: + enabled: false + dmaap-dr-node: + enabled: false log: enabled: false mariadb-galera: @@ -170,6 +178,16 @@ so: openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL" openStackServiceTenantName: "$OPENSTACK_TENANT_NAME" openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD" +strimzi: + enabled: true + replicaCount: 1 + persistence: + kafka: + size: 1Gi + zookeeper: + size: 500Mbi + strimzi-kafka-bridge: + enabled: false uui: enabled: false vid: diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index 6686e160e5..506dd4f7fe 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -102,6 +102,14 @@ holmes: enabled: false dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: false + dmaap-dr-prov: + enabled: false + dmaap-dr-node: + enabled: false log: enabled: true sniro-emulator: @@ -161,6 +169,10 @@ so: openStackServiceTenantName: "service" openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" +strimzi: + enabled: true + strimzi-kafka-bridge: + enabled: false uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml index 3f2854efd7..c78ac8abd2 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml @@ -19,6 +19,8 @@ global: ingress: enabled: true + # enable all component's Ingress interfaces + enable_all: true # All http requests via ingress will be redirected config: ssl: "redirect" @@ -112,6 +114,14 @@ holmes: enabled: true dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: true + dmaap-dr-prov: + enabled: true + dmaap-dr-node: + enabled: true oof: enabled: true msb: @@ -134,6 +144,8 @@ so: enabled: true strimzi: enabled: true + strimzi-kafka-bridge: + enabled: true uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index 54e2cf3c4f..9a090c1a41 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -19,6 +19,7 @@ global: ingress: enabled: true + enable_all: true addTestingComponents: &testing true centralizedLoggingEnabled: ¢ralizedLogging false cassandra: @@ -61,6 +62,14 @@ holmes: enabled: true dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: true + dmaap-dr-prov: + enabled: true + dmaap-dr-node: + enabled: true oof: enabled: true msb: @@ -83,6 +92,8 @@ so: enabled: true strimzi: enabled: true + strimzi-kafka-bridge: + enabled: true uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 849b55f0a9..aeac83f7ef 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -99,6 +99,14 @@ holmes: enabled: true dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: true + dmaap-dr-prov: + enabled: true + dmaap-dr-node: + enabled: true oof: enabled: true msb: @@ -121,6 +129,8 @@ so: enabled: true strimzi: enabled: true + strimzi-kafka-bridge: + enabled: true uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-vfw.yaml b/kubernetes/onap/resources/overrides/onap-vfw.yaml index 053f56e00f..fc0c94de24 100644 --- a/kubernetes/onap/resources/overrides/onap-vfw.yaml +++ b/kubernetes/onap/resources/overrides/onap-vfw.yaml @@ -37,6 +37,14 @@ holmes: enabled: true dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: false + dmaap-dr-prov: + enabled: false + dmaap-dr-node: + enabled: false log: enabled: true oof: @@ -57,5 +65,7 @@ so: enabled: true strimzi: enabled: true + strimzi-kafka-bridge: + enabled: false vid: enabled: true diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index b4d928b089..1d3b2eb5c9 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -20,7 +20,8 @@ # # Minimal resources are also reviewed for the various containers # AAI: no override => to be fixed -# DMAAP: no override # SO: no override +# DMAAP: no override +# SO: no override # SDC: new values # SDNC: no override # @@ -82,6 +83,16 @@ cps: enabled: false dcaegen2-services: enabled: false +dmaap: + enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: true + dmaap-dr-prov: + enabled: true + dmaap-dr-node: + enabled: true holmes: enabled: false log: @@ -137,6 +148,8 @@ so: openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD" strimzi: enabled: true + strimzi-kafka-bridge: + enabled: true uui: enabled: false vid: @@ -147,7 +160,4 @@ vnfsdk: enabled: false cds: enabled: true -dmaap: - enabled: true - dmaap-bc: - enabled: false + diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 8a6af16c17..bdbf5ab323 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -146,9 +146,26 @@ global: # Global ingress configuration ingress: + # generally enable ingress for ONAP components enabled: false + # enable all component's Ingress interfaces + enable_all: false + # default Ingress base URL + # can be overwritten in component vy setting ingress.baseurlOverride virtualhost: baseurl: "simpledemo.onap.org" + # All http requests via ingress will be redirected on Ingress controller + # only valid for Istio Gateway (ServiceMesh enabled) + config: + ssl: "redirect" + # you can set an own Secret containing a certificate + # only valid for Istio Gateway (ServiceMesh enabled) + # tls: + # secret: 'my-ingress-cert' + + # optional: Namespace of the Istio IngressGateway + # only valid for Istio Gateway (ServiceMesh enabled) + namespace: istio-ingress # Global Service Mesh configuration # POC Mode, don't use it in production @@ -303,9 +320,17 @@ holmes: enabled: false dmaap: enabled: false + message-router: + enabled: false + dmaap-bc: + enabled: false + dmaap-dr-prov: + enabled: false + dmaap-dr-node: + enabled: false # Today, "logging" chart that perform the central part of logging must also be # enabled in order to make it work. So `logging.enabled` must have the same -# value than centralizedLoggingEnabled +# value as centralizedLoggingEnabled log: enabled: *centralizedLogging sniro-emulator: @@ -370,8 +395,22 @@ so: # server: # monitoring: # password: demo123456! + strimzi: enabled: false + # Kafka replication & disk storage should be dimensioned + # according to each given system use case. + replicaCount: 3 + persistence: + kafka: + size: 10Gi + zookeeper: + size: 1Gi + # Strimzi kafka bridge is an optional http api towards + # kafka provided by https://strimzi.io/docs/bridge/latest/ + strimzi-kafka-bridge: + enabled: false + uui: enabled: false vfc: @@ -386,7 +425,6 @@ platform: enabled: false a1policymanagement: enabled: false - cert-wrapper: enabled: true repository-wrapper: diff --git a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml index 348609b8da..dc9a4f2dad 100644 --- a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml @@ -9,6 +9,9 @@ server: keyStorePassword: ${KEYSTORE_PASSWORD} trustStore: ${TRUSTSTORE} trustStorePassword: ${TRUSTSTORE_PASSWORD} + {{- else }} + ssl: + enabled: false {{- end }} tomcat: max-threads: 50 diff --git a/kubernetes/strimzi/Chart.yaml b/kubernetes/strimzi/Chart.yaml index 57201cff30..4ef20e19d2 100644 --- a/kubernetes/strimzi/Chart.yaml +++ b/kubernetes/strimzi/Chart.yaml @@ -13,16 +13,13 @@ # limitations under the License. apiVersion: v2 -description: ONAP Strimzi kafka +description: ONAP Strimzi Kafka name: strimzi version: 12.0.0 dependencies: - name: common version: ~12.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) repository: '@local' - name: repositoryGenerator version: ~12.x-0 @@ -30,4 +27,8 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: strimzi-kafka-bridge + version: ~12.x-0 + repository: 'file://components/strimzi-kafka-bridge' + condition: strimzi-kafka-bridge.enabled diff --git a/kubernetes/dmaap/components/dmaap-strimzi/.helmignore b/kubernetes/strimzi/components/strimzi-kafka-bridge/.helmignore index 0f976e9ff3..0f976e9ff3 100644 --- a/kubernetes/dmaap/components/dmaap-strimzi/.helmignore +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/.helmignore diff --git a/kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml index ec11510b09..8c290b2cec 100644 --- a/kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml @@ -13,20 +13,11 @@ # limitations under the License. apiVersion: v2 -description: ONAP Dmaap Strimzi Kafka Bridge -name: dmaap-strimzi +description: ONAP Strimzi Kafka Bridge +name: strimzi-kafka-bridge version: 12.0.0 dependencies: - name: common version: ~12.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - - name: repositoryGenerator - version: ~12.x-0 - repository: '@local' - - name: serviceAccount - version: ~12.x-0 repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-strimzi/Makefile b/kubernetes/strimzi/components/strimzi-kafka-bridge/Makefile index ef273d0e9b..ef273d0e9b 100644 --- a/kubernetes/dmaap/components/dmaap-strimzi/Makefile +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/Makefile diff --git a/kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml index 8dd7eb97cb..3abb04af10 100644 --- a/kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml @@ -15,23 +15,16 @@ */}} apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaBridge -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.kafkaBridgeReplicaCount }} - enableMetrics: false - bootstrapServers: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }} + replicas: {{ .Values.replicaCount }} + bootstrapServers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:{{ .Values.config.kafkaInternalPort }} authentication: - type: {{ .Values.global.saslMechanism }} - username: {{ .Values.global.kafkaStrimziAdminUser }} + type: {{ .Values.config.saslMechanism }} + username: {{ .Values.config.strimziKafkaAdminUser }} passwordSecret: - secretName: {{ .Values.global.kafkaStrimziAdminUser }} + secretName: {{ .Values.config.strimziKafkaAdminUser }} password: password + enableMetrics: {{ .Values.config.enableMetrics }} http: - port: {{ .Values.kafkaBridgePort }} + port: {{ .Values.config.port }} diff --git a/kubernetes/dmaap/components/dmaap-strimzi/values.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml index 8e8802d8c5..8a4c4cdc6c 100644 --- a/kubernetes/dmaap/components/dmaap-strimzi/values.yaml +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml @@ -16,22 +16,20 @@ # Global configuration defaults. ################################################################# global: - kafkaBootstrap: strimzi-kafka-bootstrap - kafkaStrimziAdminUser: strimzi-kafka-admin - kafkaInternalPort: 9092 - saslMechanism: scram-sha-512 ################################################################# # Application configuration defaults. ################################################################# -kafkaBridgeReplicaCount: 1 -kafkaBridgePort: 8080 +replicaCount: 1 +config: + port: 8080 + enableMetrics: false + # The following config should be set/overridden + # from parent chart kubernetes/strimzi/values.yaml + saslMechanism: parentValue + kafkaInternalPort: parentValue + strimziKafkaAdminUser: parentValue -ingress: - enabled: false - -#Pods Service Account -serviceAccount: - nameOverride: dmaap-strimzi - roles: - - read +# nameOverride is required to avoid duplication +# in pod and service names ie ...-bridge-bridge-{random hex} +nameOverride: strimzi-kafka diff --git a/kubernetes/strimzi/templates/pv-kafka.yaml b/kubernetes/strimzi/templates/pv-kafka.yaml index 616f03e788..efd4902562 100644 --- a/kubernetes/strimzi/templates/pv-kafka.yaml +++ b/kubernetes/strimzi/templates/pv-kafka.yaml @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }} +{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }} diff --git a/kubernetes/strimzi/templates/pv-zk.yaml b/kubernetes/strimzi/templates/pv-zk.yaml index 60f4ca6e79..2c5a8e3678 100644 --- a/kubernetes/strimzi/templates/pv-zk.yaml +++ b/kubernetes/strimzi/templates/pv-zk.yaml @@ -13,5 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - -{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }} +{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }} diff --git a/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml index 2653c6799c..c1bf4b8b14 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml @@ -16,14 +16,14 @@ apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaUser metadata: - name: {{ .Values.kafkaStrimziAdminUser }} + name: {{ .Values.config.strimziKafkaAdminUser }} labels: strimzi.io/cluster: {{ include "common.release" . }}-strimzi spec: authentication: - type: {{ .Values.saslMechanism }} + type: {{ .Values.config.saslMechanism }} authorization: - type: simple + type: {{ .Values.config.authType }} acls: - resource: type: group diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index 03ee56a7a4..b35485f11c 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -15,25 +15,18 @@ */}} apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: kafka: - version: {{ .Values.version }} + version: {{ .Values.config.kafkaVersion }} replicas: {{ .Values.replicaCount }} listeners: - name: plain - port: {{ .Values.kafkaInternalPort }} + port: {{ .Values.config.kafkaInternalPort }} type: internal tls: false authentication: - type: {{ .Values.saslMechanism }} + type: {{ .Values.config.saslMechanism }} - name: tls port: 9093 type: internal @@ -57,9 +50,9 @@ spec: - broker: 2 nodePort: {{ .Values.global.nodePortPrefixExt }}92 authorization: - type: simple + type: {{ .Values.config.authType }} superUsers: - - {{ .Values.kafkaStrimziAdminUser }} + - {{ .Values.config.strimziKafkaAdminUser }} template: pod: securityContext: @@ -67,21 +60,21 @@ spec: fsGroup: 0 config: default.replication.factor: {{ .Values.replicaCount }} - min.insync.replicas: {{ .Values.replicaCount }} + min.insync.replicas: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }} offsets.topic.replication.factor: {{ .Values.replicaCount }} + num.partitions: {{ mul .Values.replicaCount 2 }} transaction.state.log.replication.factor: {{ .Values.replicaCount }} - num.partitions: {{ .Values.numPartitions }} - transaction.state.log.min.isr: {{ .Values.replicaCount }} - log.message.format.version: {{ .Values.version }} - inter.broker.protocol.version: {{ .Values.version }} + transaction.state.log.min.isr: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }} + log.message.format.version: {{ .Values.config.kafkaVersion }} + inter.broker.protocol.version: {{ .Values.config.kafkaVersion }} storage: type: jbod volumes: - id: 0 type: persistent-claim - size: {{ .Values.persistenceKafka.size }} + size: {{ .Values.persistence.kafka.size }} deleteClaim: true - class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }} + class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }} zookeeper: template: pod: @@ -97,9 +90,9 @@ spec: {{- end }} storage: type: persistent-claim - size: {{ .Values.persistenceZk.size }} + size: {{ .Values.persistence.zookeeper.size }} deleteClaim: true - class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }} + class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }} entityOperator: topicOperator: {} userOperator: {} diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml index 99ccde5040..e6da1d55db 100644 --- a/kubernetes/strimzi/values.yaml +++ b/kubernetes/strimzi/values.yaml @@ -19,35 +19,49 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - ################################################################# # Application configuration defaults. ################################################################# replicaCount: 3 -numPartitions: 10 -kafkaInternalPort: 9092 -saslMechanism: scram-sha-512 -version: 3.2.3 -kafkaStrimziAdminUser: strimzi-kafka-admin -persistence: {} +config: + kafkaVersion: 3.2.3 + authType: simple + saslMechanism: &saslMech scram-sha-512 + kafkaInternalPort: &plainPort 9092 + strimziKafkaAdminUser: &adminUser strimzi-kafka-admin -persistenceKafka: - enabled: true - size: 2Gi - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - mountPath: /dockerdata-nfs - mountSubPath: strimzi-kafka/kafka -persistenceZk: - enabled: true - size: 2Gi - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce +persistence: + enabled: &pvenabled true mountPath: /dockerdata-nfs - mountSubPath: strimzi-kafka/zk + kafka: + enabled: *pvenabled + # default values of 2Gi for dev env. + # Production values should be dimensioned according to requirements. ie >= 10Gi + size: 2Gi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountPath: /dockerdata-nfs + mountSubPath: strimzi-kafka/kafka + zookeeper: + enabled: *pvenabled + size: 1Gi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountPath: /dockerdata-nfs + mountSubPath: strimzi-kafka/zk #Pods Service Account serviceAccount: nameOverride: strimzi-kafka roles: - read + +###################### +# Component overrides +###################### +strimzi-kafka-bridge: + enabled: true + config: + saslMechanism: *saslMech + kafkaInternalPort: *plainPort + strimziKafkaAdminUser: *adminUser
\ No newline at end of file |