From 2123fec0a12f313c15e03efab0ce378d0308d78d Mon Sep 17 00:00:00 2001 From: efiacor Date: Fri, 9 Dec 2022 13:40:55 +0000 Subject: [DMAAP] Remove AAF dependency Remove DMaaP NodePorts Update dmaap-bc postgres setup and dbc-client image used by DCAE Use the http port of the dbcClient in the dmaapProvisioning job Signed-off-by: efiacor Change-Id: Ie4888b58b6f7e1405ed67625900da89e58b5cb79 Issue-ID: DMAAP-1573 --- kubernetes/dmaap/components/dmaap-bc/Chart.yaml | 10 +- kubernetes/dmaap/components/dmaap-bc/README.md | 25 -- .../dmaap-bc/resources/config/buscontroller.env | 1 - .../dmaap-bc/resources/config/dmaapbc.properties | 189 ++--------- .../resources/dcaeLocations/san-francisco.json | 1 - .../components/dmaap-bc/resources/dmaap/onap.json | 6 +- .../dmaap-bc/resources/feeds/test_feed.json | 7 + .../components/dmaap-bc/resources/log/logback.xml | 346 +++++++++++++++++++++ .../resources/mr_clusters/san-francisco.json | 2 +- .../dmaap-bc/resources/topics/PNF_READY.json | 17 - .../resources/topics/PNF_REGISTRATION.json | 17 - .../resources/topics/mirrormakeragent.json | 37 --- .../dmaap-bc/resources/topics/test_topic.json | 13 + .../dmaap/components/dmaap-bc/templates/NOTES.txt | 34 -- .../components/dmaap-bc/templates/configmap.yaml | 43 +-- .../components/dmaap-bc/templates/deployment.yaml | 81 ++--- .../dmaap-bc/templates/dmaap-provisioning-job.yaml | 28 +- .../components/dmaap-bc/templates/ingress.yaml | 17 + .../components/dmaap-bc/templates/secrets.yaml | 1 - kubernetes/dmaap/components/dmaap-bc/values.yaml | 126 +++----- 20 files changed, 525 insertions(+), 476 deletions(-) delete mode 100644 kubernetes/dmaap/components/dmaap-bc/README.md create mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json create mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml delete mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json delete mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json delete mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json create mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json delete mode 100644 kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt (limited to 'kubernetes/dmaap/components/dmaap-bc') diff --git a/kubernetes/dmaap/components/dmaap-bc/Chart.yaml b/kubernetes/dmaap/components/dmaap-bc/Chart.yaml index 66f93cd90d..a15c2cfddf 100644 --- a/kubernetes/dmaap/components/dmaap-bc/Chart.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/Chart.yaml @@ -1,7 +1,7 @@ # Copyright © 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs,Bell Canada # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2021-2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,16 +24,16 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: postgres version: ~12.x-0 repository: '@local' - condition: PG.enabled + condition: postgres.enabled - name: repositoryGenerator version: ~12.x-0 repository: '@local' - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-bc/README.md b/kubernetes/dmaap/components/dmaap-bc/README.md deleted file mode 100644 index a6115477ec..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Helm Chart for ONAP DMaaP Applications - -ONAP includes the following Kubernetes services available in ONAP Beijing Release (more expected in future): - -1) message-router - a message bus for applications -2) dmaap-prov - an API to provision DMaaP resources - -# Service Dependencies - -message-router depends on AAF -dmaap-prov depends on AAF and Postgresql. diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env index 2b2ea4183a..00c1fe8ee8 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env @@ -16,4 +16,3 @@ # Environment settings for starting a container DMAAPBC_WAIT_TO_EXIT=Y -DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index d464428893..e13098bcf1 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -13,55 +13,50 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - - ##################################################### # # Hooks for specific environment configurations # ##################################################### # Indicator for whether to use AAF for authentication -UseAAF: {{ .Values.global.aafEnabled }} +UseAAF: false + +##################################################### +# +# HTTP Server Configuration +# +##################################################### + +# Allow http access to dbcapi +HttpAllowed: true -# Stub out southbound calls for Unit Test cases to run. e.g. not timeout -# Comment out in other environments to get default (No) -#UnitTest: Yes +# listen to http port within this container (server) +IntHttpPort: 8080 +# listen to https port within this container (server) +# set to 0 if no certificates are available. +IntHttpsPort: 0 ##################################################### # # Settings for Southbound API: Datarouter # ##################################################### - # URI to retrieve dynamic DR configuration ProvisioningURI: /internal/prov # indicator for handling feed delete: # DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility) # SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments. -Feed.deleteHandling: SimulateDelete - -########################################################### -# The following properties default to match ONAP DR instance. -# However, there are some non-ONAP DR instances that require other values. -# Sets the X-DR-ON-BEHALF-OF HTTP Header value -#DR.onBehalfHeader: -# Value for the Content-Type Header in DR Feed API -#DR.feedContentType: -# Value for the Content-Type Header in DR Subscription API -#DR.subContentType: -# -# END OF properties helpful for non-ONAP DR instance. -############################################################ +Feed.deleteHandling: DeleteOnDR ##################################################### # # Settings for Soutbound API: Postgresql # ##################################################### -# flag indicates if we are using postgresql -UsePGSQL: {{ .Values.PG.enabled }} +# flag indicates if we are using postgresql or an in memory db +UsePGSQL: {{ .Values.usePostgres }} # postgres host name # Need to connect to PG primary service, designated by service.name2 @@ -69,14 +64,12 @@ DB.host: {{ .Values.postgres.service.name2 }} # postgres schema name #DB.schema: {{ .Values.postgres.config.pgDatabase }} - # postgres user name DB.user: ${PG_USER} # postgres user password DB.cred: ${PG_PASSWORD} - ##################################################### # # Settings for Soutbound API: Message Router @@ -88,8 +81,7 @@ DB.cred: ${PG_PASSWORD} MR.multisite: false # FQDN of primary message router. -# In ONAP Casablanca, there is only 1 message router service, so use that. -# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR +# In ONAP, there is only 1 message router service, so use that. MR.CentralCname: {{ .Values.dmaapMessageRouterService }} # Indicator for whether we want hostname verification on SSL connection to MR @@ -101,117 +93,19 @@ MR.hostnameVerify: false # 2 = delete from persistent store (DB) and authorization store (AAF) MR.ClientDeleteLevel: 1 -# namespace of MR Topic Factory -MR.TopicFactoryNS: org.onap.dmaap.mr.topicFactory - -# AAF Role assigned to Topic Manager Identity -MR.TopicMgrRole: org.onap.dmaap-bc-topic-mgr.client - -# MR topic ProjectID (used in certain topic name generation formats) -MR.projectID: mr - # Use Basic Authentication when provisioning topics -MR.authentication: basicAuth +MR.authentication: none -# MR topic name style (default is FQTN_LEGACY_FORMAT) -#MR.topicStyle: FQTN_LEGACY_FORMAT +ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll # # end of MR Related Properties ################################################################################ - -##################################################### -# -# Settings for Southbound API: CADI -# -##################################################### -# path to cadi.properties -cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props - -##################################################### -# -# Settings for Southbound API: AAF proxy -# -##################################################### -# URL of the AAF server -aaf.URL: {{ .Values.aafURL }} - -# TopicMgr Identity -aaf.TopicMgrUser: {{ .Values.topicMgrUser }} - -# Password for TopicMgr identity -aaf.TopicMgrPassword: {{ .Values.topicMgrPwd }} - -# Buscontroller Admin Identity -aaf.AdminUser: {{ .Values.adminUser }} - -# Admin Password -aaf.AdminPassword: {{ .Values.adminPwd }} - -# Identity that is owner of any created namespaces for topics -aaf.NsOwnerIdentity: {{ .Values.adminUser }} - - -# this overrides the Class used for Decryption. -# This allows for a plugin encryption/decryption method if needed. -# Call this Class for decryption at runtime. -#AafDecryption.Class: com.company.proprietaryDecryptor - -# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF -# Not used in ONAP, but possibly used with Decryption override class. -#CredentialCodeKeyfile: etc/LocalKey - -# -# endof AAF Properties -#################################################### - - -##################################################### -# -# Settings for authorization of DBCAPI -# -##################################################### -# Namespace for URI values for the API used to create AAF permissions -# e.g. if ApiNamespace is X.Y.dmaapbc.api then for URI /mr_clients we create AAF perm X.Y.dmaapbc.api.mr_clients -ApiNamespace: org.onap.dmaap-bc.api - -# If API authorization is required, then implement a class to enforce it. -# This overrides the Class used for API permission check. -ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll - -##################################################### -# -# Settings for Southbound API: MirrorMaker provisioning -# -##################################################### -# AAF Role of client publishing MM prov cmds -MM.ProvRole: org.onap.dmaap-bc-mm-prov.prov - -# AAF identity when publishing MM prov cmds -MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org - -# pwd for Identity used to publish MM prov cmds -MM.ProvUserPwd: demo123456! - -# AAF Role of MirrorMaker agent subscribed to prov cmds. -MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent - ##################################################### # # Certificate Management # ##################################################### - -# Indicates how we are expecting certificates to be provided: -# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file -# legacy (default) - artifacts will be installed manually or some other way and details will be in this file -CertificateManagement: cadi - -# When CertificateManagement is cadi, then this is where all the cadi properties will be. -# Note that the cadi properties include where the cert is, and the encrypted passwords to read. -cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props - -########################################################################################### # When CertificateManagement is legacy, we need to provide more details about cert handling: #CertificateManagement: legacy # the type of keystore for https (for legacy CertificateManagment only) @@ -235,43 +129,4 @@ cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props #TrustStorePassword: changeit # # END OF legacy CertificateManagement properties -########################################################################################### - - -##################################################### -# -# HTTP Server Configuration -# -##################################################### - -# Allow http access to dbcapi -HttpAllowed: true - -# listen to http port within this container (server) -IntHttpPort: 8080 - -# listen to https port within this container (server) -# set to 0 if no certificates are available. -IntHttpsPort: 8443 - - - -inHttpsPort: 0 - -##################################################### -# -# Deprecated -# -##################################################### -# csit: stubs out some southbound APIs for csit (deprecated) -#csit: No -# name of this DMaaP instance (deprecated) -#DmaapName: demo -# external port number for https taking port mapping into account (deprecated) -#ExtHttpsPort: 443 -# path to the file used to trigger an orderly shutdown (deprecated) -#QuiesceFile: etc/SHUTDOWN -# FQDN of DR Prov Server (deprecated) -#DR.provhost: dcae-drps.domain.not.set -# root of topic namespace (decrecated) -#topicNsRoot: org.onap.dcae.dmaap +########################################################################################## diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json b/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json index ca1e740dd8..6e8e15e7ba 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json +++ b/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json @@ -1,5 +1,4 @@ { - "dcaeLayer": "kubernetes-central", "dcaeLocationName": "san-francisco" } diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json b/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json index 23b111c8f3..b2295af72e 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json +++ b/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json @@ -1,10 +1,6 @@ { -{{ if eq .Values.fixedTopicNamespace true }} - "dmaapName": "mr", -{{- else -}} "dmaapName": "{{ include "common.namespace" . }}", -{{- end}} - "drProvUrl": "https://dmaap-dr-prov", + "drProvUrl": "http://{{ .Values.dmaapDataRouterProvService }}:8080", "version": "1", "topicNsRoot": "org.onap.dmaap", "bridgeAdminTopic": "DCAE_MM_AGENT" diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json b/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json new file mode 100644 index 0000000000..d446f7f293 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json @@ -0,0 +1,7 @@ +{ + "feedName": "dmaapbc-test-feed", + "feedVersion": "1.0", + "feedDescription": "test provisioning feed", + "asprClassification": "unclassified", + "owner": "dmaapbc" +} \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml b/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml new file mode 100644 index 0000000000..a827b09f63 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml @@ -0,0 +1,346 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ${defaultPattern} + + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + ${logDirectory}/${generalLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + + + + + ${logDirectory}/${securityLogName}.log + + ${logDirectory}/${securityLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + 0 + + + + + + ${logDirectory}/${performanceLogName}.log + + ${logDirectory}/${performanceLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + 256 + + + + + + ${logDirectory}/${serverLogName}.log + + ${logDirectory}/${serverLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + 256 + + + + + + + ${logDirectory}/${policyLogName}.log + + ${logDirectory}/${policyLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + 256 + + + + + + + + ${logDirectory}/${auditLogName}.log + + ${logDirectory}/${auditLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${auditLoggerPattern} + + + + 256 + + + + + ${logDirectory}/${metricsLogName}.log + + ${logDirectory}/${metricsLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${metricsLoggerPattern} + + + + + + 256 + + + + + ${logDirectory}/${errorLogName}.log + + ${logDirectory}/${errorLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${errorLoggerPattern} + + + + + 256 + + + + + ${logDirectory}/${debugLogName}.log + + ${logDirectory}/${debugLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${debugLoggerPattern} + + + + + 256 + + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json b/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json index 9e732d2af8..05c898372a 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json +++ b/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json @@ -1,6 +1,6 @@ { "dcaeLocationName": "san-francisco", - "fqdn": "message-router", + "fqdn": "{{ .Values.dmaapMessageRouterService }}", "topicProtocol": "http", "topicPort": "3904" } diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json deleted file mode 100644 index 34197b948e..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "topicName": "PNF_READY", - "topicDescription": "This topic will be used to publish the PNF_READY events generated by the PNF REgistration Handler service in the DCAE platform.", - "owner": "PNFRegistrationHandler", - "tnxEnabled": false, - "clients": [ - { - "dcaeLocationName": "san-francisco", - "clientRole": "org.onap.dmaap.mr.PNF_READY.pub", - "action": [ - "pub", - "view" - ] - - } - ] -} diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json deleted file mode 100644 index e7325794a1..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "topicName": "PNF_REGISTRATION", - "topicDescription": "the VES collector will be publishing pnfRegistration events in this topic", - "owner": "VEScollector", - "tnxEnabled": false, - "clients": [ - { - "dcaeLocationName": "san-francisco", - "clientRole": "org.onap.dmaap.mr.PNF_REGISTRATION.sub", - "action": [ - "sub", - "view" - ] - - } - ] -} diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json deleted file mode 100644 index fb2c54ed4b..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "topicName": "mirrormakeragent", - "topicDescription": "the topic used to provision the MM agent whitelist", - "replicationCase": "REPLICATION_NONE", - "owner": "dmaap", - "tnxEnabled": false, - "partitionCount": "1", - "clients": [ - { - "dcaeLocationName": "san-francisco", - "clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org", - "action": [ - "pub", - "sub", - "view" - ] - }, - { - "dcaeLocationName": "san-francisco", - "clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org", - "action": [ - "pub", - "sub", - "view" - ] - }, - { - "dcaeLocationName": "san-francisco", - "clientIdentity": "demo@people.osaaf.org", - "action": [ - "pub", - "sub", - "view" - ] - } - ] -} \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json new file mode 100644 index 0000000000..6570ea53d7 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json @@ -0,0 +1,13 @@ +{ + "topicName": "dmaapbc-test-topic", + "topicDescription": "test provisioning topic", + "owner": "dmaapbc", + "clients": [{ + "dcaeLocationName": "san-francisco", + "clientRole": "org.onap.dmaap.mr.test.pub", + "action": [ + "pub", + "view" + ]} + ] +} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt deleted file mode 100644 index 050853cfa2..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs,Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}-prov) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml index b7c52df169..0dd75f3169 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml @@ -15,16 +15,19 @@ # limitations under the License. */}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/log/logback.xml").AsConfig . | indent 2 }} +--- apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-config namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} --- @@ -33,11 +36,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-dbc-dmaap namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/dmaap/*.json").AsConfig . | indent 2 }} --- @@ -46,11 +44,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-dbc-dcaelocations namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/dcaeLocations/*.json").AsConfig . | indent 2 }} --- @@ -59,11 +52,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-dr-nodes namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }} --- @@ -72,11 +60,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-feeds namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }} --- @@ -85,11 +68,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-mr-clusters namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/mr_clusters/*.json").AsConfig . | indent 2 }} --- @@ -98,10 +76,5 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-topics namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index a0c315426c..e7887cc332 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -24,68 +24,44 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: {{ include "common.podSecurityContext" . | indent 6 | trim}} -{{- if .Values.PG.enabled }} - initContainers: + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} + {{- if .Values.usePostgres }} - command: - sh args: - -c - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - - name: PG_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} - - name: PG_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }} volumeMounts: - - mountPath: /config-input - name: {{ include "common.name" . }}-config-input - - mountPath: /config - name: {{ include "common.name" . }}-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + - mountPath: /config-input + name: {{ include "common.name" . }}-config-input + - mountPath: /config + name: {{ include "common.name" . }}-config name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | nindent 6 }} -{{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-permission-fixer - securityContext: - runAsUser: 0 - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - command: ["chown","-Rf","1000:1001", "/opt/app/"] -# See AAF-425 for explanation of why this is needed. -# This artifact is provisioned in AAF for both pks12 and jks format and apparently -# the cadi library is not using the jks password on the jks keystore. -# So, this attempts to "fix" the credential property file until this is fixed properly. - - name: {{ include "common.name" . }}-cred-fixer - image: {{ include "repositoryGenerator.image.busybox" . }} + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - command: ["/bin/sh"] - args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ] -{{- end }} - - name: {{ include "common.name" . }}-postgres-readiness - securityContext: - runAsUser: 100 - runAsGroup: 65533 - command: + - command: - /app/ready.py args: - --container-name - {{ .Values.postgres.nameOverride }} - - --container-name - - message-router - - --container-name - - dmaap-dr-node + securityContext: + runAsUser: 100 + runAsGroup: 65533 env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + name: {{ include "common.name" . }}-postgres-readiness image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- end }} + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -96,7 +72,6 @@ spec: httpGet: port: {{ .Values.liveness.port }} path: /webapi/topics - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} @@ -104,18 +79,19 @@ spec: httpGet: port: {{ .Values.readiness.port }} path: /webapi/topics - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true -# NOTE: on the following several configMaps, careful to include / at end -# since there may be more than one file in each mountPath - name: {{ include "common.name" . }}-config mountPath: /opt/app/config/conf/ - resources: {{ include "common.resources" . | nindent 12 }} + - mountPath: /opt/app/dmaapbc/etc/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml + resources: +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} @@ -123,15 +99,24 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: localtime hostPath: path: /etc/localtime + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + {{- if .Values.usePostgres }} - name: {{ include "common.name" . }}-config-input configMap: name: {{ include "common.fullname" . }}-config - name: {{ include "common.name" . }}-config emptyDir: medium: Memory + {{- else }} + - name: {{ include "common.name" . }}-config + configMap: + name: {{ include "common.fullname" . }}-config + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml index ab6f573a34..0f6c8f9dc0 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml @@ -1,3 +1,22 @@ +{{/* + # ============LICENSE_START=================================================== + # Copyright (C) 2022 Nordix Foundation + # ============================================================================ + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # SPDX-License-Identifier: Apache-2.0 + # ============LICENSE_END===================================================== +*/}} apiVersion: batch/v1 kind: Job metadata: @@ -18,7 +37,7 @@ spec: - /app/ready.py args: - --container-name - - dmaap-bc + - {{ include "common.name" . }} env: - name: NAMESPACE valueFrom: @@ -27,17 +46,15 @@ spec: fieldPath: metadata.namespace containers: - name: dmaap-provisioning-job - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.clientImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbcClientImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DELAY value: "0" - {{- if or (include "common.onServiceMesh" .) .Values.global.allow_http }} - name: PROTO value: "http" - name: PORT value: "8080" - {{ end }} - name: REQUESTID value: "{{.Chart.Name}}-dmaap-provisioning" volumeMounts: @@ -59,7 +76,8 @@ spec: mountPath: /opt/app/config/mr_clusters/ - name: {{ include "common.fullname" . }}-topics mountPath: /opt/app/config/topics/ - resources: {{ include "common.resources" . | nindent 10 }} + resources: +{{ include "common.resources" . }} {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml index 8f87c68f1e..a90bf83c07 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml @@ -1 +1,18 @@ +{{/* +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml index 7074e4de9a..b7a31c0b0c 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml @@ -1,4 +1,3 @@ - # Modifications Copyright © 2019 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 911fee85f4..1e234242ee 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -17,8 +17,11 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefix: 302 + persistence: {} +################################################################# +# Secrets metaconfig +################################################################# secrets: - uid: pg-root-pass name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass' @@ -37,89 +40,64 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -pullPolicy: Always - # application images -image: onap/dmaap/dmaap-bc:2.0.10 +image: onap/dmaap/dmaap-bc:2.0.11 +pullPolicy: Always +#DMaaP Bus Controller client image for provisioning at deploy time +dbcClientImage: onap/dmaap/dbc-client:2.0.11 # application configuration -dmaapMessageRouterService: message-router - -# change the following value to point to Windriver instance maintained -# by AAF team. -# e.g. -#aafURL: https://aaf-onap-test.osaaf.org:8095/proxy/ -aafURL: https://aaf-service:8100/ -aafLocateUrl: https://aaf-locate:8095 -topicMgrUser: dmaap-bc@dmaap-bc.onap.org -topicMgrPwd: demo123456! -adminUser: aaf_admin@people.osaaf.org -adminPwd: demo123456! - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: dmaap-bc-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: dmaap-bc - fqi: dmaap-bc@dmaap-bc.onap.org - publicFqdn: dmaap-bc.onap.org - cadiLatitude: 0.0 - cadiLongitude: 0.0 - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - -persistence: - aafCredsPath: /opt/app/osaaf/local/ - -# for Casablanca default deployment, leave this true to -# get a topic namespace that matches MR. When set to false, -# it will compose the topic namespace using the kubernetes namespace value -fixedTopicNamespace: true - -# for quicker deployments in dev, ability to disable using postgres -PG: - enabled: true +dmaapMessageRouterService: &mr_name message-router +dmaapDataRouterProvService: &dr_prov_name dmaap-dr-prov +dmaapDataRouterNodeService: &dr_node_name dmaap-dr-node nodeSelector: {} affinity: {} +containerPort: &svc_port 8080 + +service: + type: ClusterIP + name: &svc_name dmaap-bc + ports: + - name: &port http + port: *svc_port + +ingress: + enabled: false + service: + - baseaddr: "dmaap-bc-api" + name: *svc_name + port: *svc_port + config: + ssl: "redirect" + # probe configuration parameters liveness: initialDelaySeconds: 10 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - port: api + port: *svc_port enabled: true readiness: initialDelaySeconds: 10 periodSeconds: 10 - port: api - - -service: - type: NodePort - name: dmaap-bc - ports: - - name: api - port: 8443 - plain_port: 8080 - port_protocol: http - nodePort: 42 + port: *svc_port +usePostgres: &use_pg true -# application configuration override for postgres postgres: - nameOverride: dbc-pg +# For Dev deployments, use in memory DB +# postgres +# enabled: false + enabled: true + nameOverride: &pg_name dbc-postgres service: - name: dbc-postgres + name: *pg_name name2: dbc-pg-primary name3: dbc-pg-replica container: @@ -135,23 +113,9 @@ postgres: mountSubPath: dbc/data mountInitPath: dbc -ingress: - enabled: false - service: - - baseaddr: "dmaap-bc-api" - name: "dmaap-bc" - port: 8443 - plain_port: 8080 - config: - ssl: "redirect" - # Resource Limit flavor -By Default using small flavor: small -securityContext: - user_id: 1000 - group_id: 101 - # Segregation for Different environment (Small and Large) resources: small: @@ -170,13 +134,21 @@ resources: memory: 2Gi unlimited: {} +securityContext: + user_id: 1000 + group_id: 101 + #Pods Service Account serviceAccount: - nameOverride: dmaap-bc + nameOverride: *svc_name roles: - read +readinessCheck: + wait_for: + - *mr_name + - *dr_node_name + wait_for_job_container: containers: - - 'dmaap-provisioning-job' - + - 'dmaap-provisioning-job' \ No newline at end of file -- cgit 1.2.3-korg