From 2123fec0a12f313c15e03efab0ce378d0308d78d Mon Sep 17 00:00:00 2001 From: efiacor Date: Fri, 9 Dec 2022 13:40:55 +0000 Subject: [DMAAP] Remove AAF dependency Remove DMaaP NodePorts Update dmaap-bc postgres setup and dbc-client image used by DCAE Use the http port of the dbcClient in the dmaapProvisioning job Signed-off-by: efiacor Change-Id: Ie4888b58b6f7e1405ed67625900da89e58b5cb79 Issue-ID: DMAAP-1573 --- .../common/common/templates/_dmaapProvisioning.tpl | 4 + kubernetes/common/repositoryGenerator/values.yaml | 2 +- kubernetes/dmaap/components/dmaap-bc/Chart.yaml | 10 +- kubernetes/dmaap/components/dmaap-bc/README.md | 25 -- .../dmaap-bc/resources/config/buscontroller.env | 1 - .../dmaap-bc/resources/config/dmaapbc.properties | 189 ++--------- .../resources/dcaeLocations/san-francisco.json | 1 - .../components/dmaap-bc/resources/dmaap/onap.json | 6 +- .../dmaap-bc/resources/feeds/test_feed.json | 7 + .../components/dmaap-bc/resources/log/logback.xml | 346 +++++++++++++++++++++ .../resources/mr_clusters/san-francisco.json | 2 +- .../dmaap-bc/resources/topics/PNF_READY.json | 17 - .../resources/topics/PNF_REGISTRATION.json | 17 - .../resources/topics/mirrormakeragent.json | 37 --- .../dmaap-bc/resources/topics/test_topic.json | 13 + .../dmaap/components/dmaap-bc/templates/NOTES.txt | 34 -- .../components/dmaap-bc/templates/configmap.yaml | 43 +-- .../components/dmaap-bc/templates/deployment.yaml | 81 ++--- .../dmaap-bc/templates/dmaap-provisioning-job.yaml | 28 +- .../components/dmaap-bc/templates/ingress.yaml | 17 + .../components/dmaap-bc/templates/secrets.yaml | 1 - kubernetes/dmaap/components/dmaap-bc/values.yaml | 126 +++----- .../dmaap/components/dmaap-dr-node/Chart.yaml | 2 +- .../resources/config/log/filebeat/filebeat.yml | 62 ---- .../dmaap-dr-node/resources/config/logback.xml | 2 +- .../dmaap-dr-node/resources/config/node.properties | 19 +- .../components/dmaap-dr-node/templates/NOTES.txt | 33 -- .../dmaap-dr-node/templates/configmap.yaml | 24 +- .../dmaap-dr-node/templates/ingress.yaml | 20 ++ .../components/dmaap-dr-node/templates/secret.yaml | 17 - .../dmaap-dr-node/templates/statefulset.yaml | 71 ++--- .../dmaap/components/dmaap-dr-node/values.yaml | 109 +++---- .../dmaap/components/dmaap-dr-prov/Chart.yaml | 4 +- .../resources/config/log/filebeat/filebeat.yml | 63 ---- .../dmaap-dr-prov/resources/config/logback.xml | 14 +- .../resources/config/provserver.properties | 21 +- .../components/dmaap-dr-prov/templates/NOTES.txt | 33 -- .../dmaap-dr-prov/templates/configmap.yaml | 39 --- .../dmaap-dr-prov/templates/deployment.yaml | 98 ++---- .../dmaap-dr-prov/templates/ingress.yaml | 20 ++ .../dmaap-dr-prov/templates/service.yaml | 49 +-- .../dmaap/components/dmaap-dr-prov/values.yaml | 103 +++--- .../dmaap/components/message-router/Chart.yaml | 3 - .../resources/config/dmaap/MsgRtrApi.properties | 20 +- .../config/dmaap/jmx-mrservice-prometheus.yml | 4 - .../resources/config/dmaap/sys-props.properties | 165 ---------- .../resources/config/etc/ajsc-jetty.xml | 138 -------- .../resources/config/etc/cadi.properties | 19 -- .../resources/config/etc/runner-web.xml | 108 ------- .../components/message-router/templates/NOTES.txt | 34 -- .../message-router/templates/configmap.yaml | 43 +-- .../message-router/templates/ingress.yaml | 18 ++ .../message-router/templates/secrets.yaml | 33 -- .../message-router/templates/statefulset.yaml | 189 ++++------- .../dmaap/components/message-router/values.yaml | 133 ++------ .../resources/config/log/filebeat/filebeat.yml | 62 ---- kubernetes/dmaap/values.yaml | 30 +- kubernetes/nbi/templates/deployment.yaml | 2 +- .../resources/config/OnapPfConfig.json | 4 +- .../config/HttpParticipantParameters.yaml | 4 +- .../config/KubernetesParticipantParameters.yaml | 4 +- .../config/PolicyParticipantParameters.yaml | 4 +- .../resources/config/acRuntimeParameters.yaml | 4 +- .../resources/configmaps/base.conf | 2 +- .../policy-pap/resources/config/papParameters.yaml | 12 +- .../policy-xacml-pdp/resources/config/config.json | 4 +- .../config/eteshare/config/robot_properties.py | 47 ++- kubernetes/robot/values.yaml | 29 +- 68 files changed, 887 insertions(+), 2038 deletions(-) delete mode 100644 kubernetes/dmaap/components/dmaap-bc/README.md create mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json create mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml delete mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json delete mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json delete mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json create mode 100644 kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json delete mode 100644 kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt delete mode 100644 kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml delete mode 100644 kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt delete mode 100644 kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml delete mode 100644 kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml delete mode 100644 kubernetes/dmaap/components/dmaap-dr-prov/templates/NOTES.txt delete mode 100644 kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml delete mode 100644 kubernetes/dmaap/components/message-router/resources/config/dmaap/sys-props.properties delete mode 100644 kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml delete mode 100644 kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties delete mode 100644 kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml delete mode 100644 kubernetes/dmaap/components/message-router/templates/NOTES.txt create mode 100644 kubernetes/dmaap/components/message-router/templates/ingress.yaml delete mode 100644 kubernetes/dmaap/components/message-router/templates/secrets.yaml delete mode 100644 kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml (limited to 'kubernetes') diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl index 11d7501256..8b3f19f5ef 100644 --- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl +++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl @@ -104,6 +104,10 @@ image: {{ include "repositoryGenerator.image.dbcClient" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} env: + - name: PROTO + value: "http" + - name: PORT + value: "8080" - name: RESP_CACHE value: /opt/app/config/cache - name: REQUESTID diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index aa6159c2b2..5d886aa7f2 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -40,7 +40,7 @@ global: postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 - dbcClientImage: onap/dmaap/dbc-client:2.0.10 + dbcClientImage: onap/dmaap/dbc-client:2.0.11 quitQuitImage: onap/oom/readiness:4.1.0 # Default credentials diff --git a/kubernetes/dmaap/components/dmaap-bc/Chart.yaml b/kubernetes/dmaap/components/dmaap-bc/Chart.yaml index 66f93cd90d..a15c2cfddf 100644 --- a/kubernetes/dmaap/components/dmaap-bc/Chart.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/Chart.yaml @@ -1,7 +1,7 @@ # Copyright © 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs,Bell Canada # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2021-2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,16 +24,16 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: postgres version: ~12.x-0 repository: '@local' - condition: PG.enabled + condition: postgres.enabled - name: repositoryGenerator version: ~12.x-0 repository: '@local' - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-bc/README.md b/kubernetes/dmaap/components/dmaap-bc/README.md deleted file mode 100644 index a6115477ec..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Helm Chart for ONAP DMaaP Applications - -ONAP includes the following Kubernetes services available in ONAP Beijing Release (more expected in future): - -1) message-router - a message bus for applications -2) dmaap-prov - an API to provision DMaaP resources - -# Service Dependencies - -message-router depends on AAF -dmaap-prov depends on AAF and Postgresql. diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env index 2b2ea4183a..00c1fe8ee8 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env @@ -16,4 +16,3 @@ # Environment settings for starting a container DMAAPBC_WAIT_TO_EXIT=Y -DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index d464428893..e13098bcf1 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -13,55 +13,50 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - - ##################################################### # # Hooks for specific environment configurations # ##################################################### # Indicator for whether to use AAF for authentication -UseAAF: {{ .Values.global.aafEnabled }} +UseAAF: false + +##################################################### +# +# HTTP Server Configuration +# +##################################################### + +# Allow http access to dbcapi +HttpAllowed: true -# Stub out southbound calls for Unit Test cases to run. e.g. not timeout -# Comment out in other environments to get default (No) -#UnitTest: Yes +# listen to http port within this container (server) +IntHttpPort: 8080 +# listen to https port within this container (server) +# set to 0 if no certificates are available. +IntHttpsPort: 0 ##################################################### # # Settings for Southbound API: Datarouter # ##################################################### - # URI to retrieve dynamic DR configuration ProvisioningURI: /internal/prov # indicator for handling feed delete: # DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility) # SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments. -Feed.deleteHandling: SimulateDelete - -########################################################### -# The following properties default to match ONAP DR instance. -# However, there are some non-ONAP DR instances that require other values. -# Sets the X-DR-ON-BEHALF-OF HTTP Header value -#DR.onBehalfHeader: -# Value for the Content-Type Header in DR Feed API -#DR.feedContentType: -# Value for the Content-Type Header in DR Subscription API -#DR.subContentType: -# -# END OF properties helpful for non-ONAP DR instance. -############################################################ +Feed.deleteHandling: DeleteOnDR ##################################################### # # Settings for Soutbound API: Postgresql # ##################################################### -# flag indicates if we are using postgresql -UsePGSQL: {{ .Values.PG.enabled }} +# flag indicates if we are using postgresql or an in memory db +UsePGSQL: {{ .Values.usePostgres }} # postgres host name # Need to connect to PG primary service, designated by service.name2 @@ -69,14 +64,12 @@ DB.host: {{ .Values.postgres.service.name2 }} # postgres schema name #DB.schema: {{ .Values.postgres.config.pgDatabase }} - # postgres user name DB.user: ${PG_USER} # postgres user password DB.cred: ${PG_PASSWORD} - ##################################################### # # Settings for Soutbound API: Message Router @@ -88,8 +81,7 @@ DB.cred: ${PG_PASSWORD} MR.multisite: false # FQDN of primary message router. -# In ONAP Casablanca, there is only 1 message router service, so use that. -# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR +# In ONAP, there is only 1 message router service, so use that. MR.CentralCname: {{ .Values.dmaapMessageRouterService }} # Indicator for whether we want hostname verification on SSL connection to MR @@ -101,117 +93,19 @@ MR.hostnameVerify: false # 2 = delete from persistent store (DB) and authorization store (AAF) MR.ClientDeleteLevel: 1 -# namespace of MR Topic Factory -MR.TopicFactoryNS: org.onap.dmaap.mr.topicFactory - -# AAF Role assigned to Topic Manager Identity -MR.TopicMgrRole: org.onap.dmaap-bc-topic-mgr.client - -# MR topic ProjectID (used in certain topic name generation formats) -MR.projectID: mr - # Use Basic Authentication when provisioning topics -MR.authentication: basicAuth +MR.authentication: none -# MR topic name style (default is FQTN_LEGACY_FORMAT) -#MR.topicStyle: FQTN_LEGACY_FORMAT +ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll # # end of MR Related Properties ################################################################################ - -##################################################### -# -# Settings for Southbound API: CADI -# -##################################################### -# path to cadi.properties -cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props - -##################################################### -# -# Settings for Southbound API: AAF proxy -# -##################################################### -# URL of the AAF server -aaf.URL: {{ .Values.aafURL }} - -# TopicMgr Identity -aaf.TopicMgrUser: {{ .Values.topicMgrUser }} - -# Password for TopicMgr identity -aaf.TopicMgrPassword: {{ .Values.topicMgrPwd }} - -# Buscontroller Admin Identity -aaf.AdminUser: {{ .Values.adminUser }} - -# Admin Password -aaf.AdminPassword: {{ .Values.adminPwd }} - -# Identity that is owner of any created namespaces for topics -aaf.NsOwnerIdentity: {{ .Values.adminUser }} - - -# this overrides the Class used for Decryption. -# This allows for a plugin encryption/decryption method if needed. -# Call this Class for decryption at runtime. -#AafDecryption.Class: com.company.proprietaryDecryptor - -# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF -# Not used in ONAP, but possibly used with Decryption override class. -#CredentialCodeKeyfile: etc/LocalKey - -# -# endof AAF Properties -#################################################### - - -##################################################### -# -# Settings for authorization of DBCAPI -# -##################################################### -# Namespace for URI values for the API used to create AAF permissions -# e.g. if ApiNamespace is X.Y.dmaapbc.api then for URI /mr_clients we create AAF perm X.Y.dmaapbc.api.mr_clients -ApiNamespace: org.onap.dmaap-bc.api - -# If API authorization is required, then implement a class to enforce it. -# This overrides the Class used for API permission check. -ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll - -##################################################### -# -# Settings for Southbound API: MirrorMaker provisioning -# -##################################################### -# AAF Role of client publishing MM prov cmds -MM.ProvRole: org.onap.dmaap-bc-mm-prov.prov - -# AAF identity when publishing MM prov cmds -MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org - -# pwd for Identity used to publish MM prov cmds -MM.ProvUserPwd: demo123456! - -# AAF Role of MirrorMaker agent subscribed to prov cmds. -MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent - ##################################################### # # Certificate Management # ##################################################### - -# Indicates how we are expecting certificates to be provided: -# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file -# legacy (default) - artifacts will be installed manually or some other way and details will be in this file -CertificateManagement: cadi - -# When CertificateManagement is cadi, then this is where all the cadi properties will be. -# Note that the cadi properties include where the cert is, and the encrypted passwords to read. -cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props - -########################################################################################### # When CertificateManagement is legacy, we need to provide more details about cert handling: #CertificateManagement: legacy # the type of keystore for https (for legacy CertificateManagment only) @@ -235,43 +129,4 @@ cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props #TrustStorePassword: changeit # # END OF legacy CertificateManagement properties -########################################################################################### - - -##################################################### -# -# HTTP Server Configuration -# -##################################################### - -# Allow http access to dbcapi -HttpAllowed: true - -# listen to http port within this container (server) -IntHttpPort: 8080 - -# listen to https port within this container (server) -# set to 0 if no certificates are available. -IntHttpsPort: 8443 - - - -inHttpsPort: 0 - -##################################################### -# -# Deprecated -# -##################################################### -# csit: stubs out some southbound APIs for csit (deprecated) -#csit: No -# name of this DMaaP instance (deprecated) -#DmaapName: demo -# external port number for https taking port mapping into account (deprecated) -#ExtHttpsPort: 443 -# path to the file used to trigger an orderly shutdown (deprecated) -#QuiesceFile: etc/SHUTDOWN -# FQDN of DR Prov Server (deprecated) -#DR.provhost: dcae-drps.domain.not.set -# root of topic namespace (decrecated) -#topicNsRoot: org.onap.dcae.dmaap +########################################################################################## diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json b/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json index ca1e740dd8..6e8e15e7ba 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json +++ b/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json @@ -1,5 +1,4 @@ { - "dcaeLayer": "kubernetes-central", "dcaeLocationName": "san-francisco" } diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json b/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json index 23b111c8f3..b2295af72e 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json +++ b/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json @@ -1,10 +1,6 @@ { -{{ if eq .Values.fixedTopicNamespace true }} - "dmaapName": "mr", -{{- else -}} "dmaapName": "{{ include "common.namespace" . }}", -{{- end}} - "drProvUrl": "https://dmaap-dr-prov", + "drProvUrl": "http://{{ .Values.dmaapDataRouterProvService }}:8080", "version": "1", "topicNsRoot": "org.onap.dmaap", "bridgeAdminTopic": "DCAE_MM_AGENT" diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json b/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json new file mode 100644 index 0000000000..d446f7f293 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json @@ -0,0 +1,7 @@ +{ + "feedName": "dmaapbc-test-feed", + "feedVersion": "1.0", + "feedDescription": "test provisioning feed", + "asprClassification": "unclassified", + "owner": "dmaapbc" +} \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml b/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml new file mode 100644 index 0000000000..a827b09f63 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml @@ -0,0 +1,346 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ${defaultPattern} + + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + ${logDirectory}/${generalLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + + + + + + ${logDirectory}/${securityLogName}.log + + ${logDirectory}/${securityLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + + 256 + 0 + + + + + + ${logDirectory}/${performanceLogName}.log + + ${logDirectory}/${performanceLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + 256 + + + + + + ${logDirectory}/${serverLogName}.log + + ${logDirectory}/${serverLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + 256 + + + + + + + ${logDirectory}/${policyLogName}.log + + ${logDirectory}/${policyLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${defaultPattern} + + + + 256 + + + + + + + + ${logDirectory}/${auditLogName}.log + + ${logDirectory}/${auditLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${auditLoggerPattern} + + + + 256 + + + + + ${logDirectory}/${metricsLogName}.log + + ${logDirectory}/${metricsLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${metricsLoggerPattern} + + + + + + 256 + + + + + ${logDirectory}/${errorLogName}.log + + ${logDirectory}/${errorLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${errorLoggerPattern} + + + + + 256 + + + + + ${logDirectory}/${debugLogName}.log + + ${logDirectory}/${debugLogName}.%i.log.zip + + 1 + 9 + + + 50MB + + + ${debugLoggerPattern} + + + + + 256 + + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json b/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json index 9e732d2af8..05c898372a 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json +++ b/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json @@ -1,6 +1,6 @@ { "dcaeLocationName": "san-francisco", - "fqdn": "message-router", + "fqdn": "{{ .Values.dmaapMessageRouterService }}", "topicProtocol": "http", "topicPort": "3904" } diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json deleted file mode 100644 index 34197b948e..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "topicName": "PNF_READY", - "topicDescription": "This topic will be used to publish the PNF_READY events generated by the PNF REgistration Handler service in the DCAE platform.", - "owner": "PNFRegistrationHandler", - "tnxEnabled": false, - "clients": [ - { - "dcaeLocationName": "san-francisco", - "clientRole": "org.onap.dmaap.mr.PNF_READY.pub", - "action": [ - "pub", - "view" - ] - - } - ] -} diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json deleted file mode 100644 index e7325794a1..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "topicName": "PNF_REGISTRATION", - "topicDescription": "the VES collector will be publishing pnfRegistration events in this topic", - "owner": "VEScollector", - "tnxEnabled": false, - "clients": [ - { - "dcaeLocationName": "san-francisco", - "clientRole": "org.onap.dmaap.mr.PNF_REGISTRATION.sub", - "action": [ - "sub", - "view" - ] - - } - ] -} diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json deleted file mode 100644 index fb2c54ed4b..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "topicName": "mirrormakeragent", - "topicDescription": "the topic used to provision the MM agent whitelist", - "replicationCase": "REPLICATION_NONE", - "owner": "dmaap", - "tnxEnabled": false, - "partitionCount": "1", - "clients": [ - { - "dcaeLocationName": "san-francisco", - "clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org", - "action": [ - "pub", - "sub", - "view" - ] - }, - { - "dcaeLocationName": "san-francisco", - "clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org", - "action": [ - "pub", - "sub", - "view" - ] - }, - { - "dcaeLocationName": "san-francisco", - "clientIdentity": "demo@people.osaaf.org", - "action": [ - "pub", - "sub", - "view" - ] - } - ] -} \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json new file mode 100644 index 0000000000..6570ea53d7 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json @@ -0,0 +1,13 @@ +{ + "topicName": "dmaapbc-test-topic", + "topicDescription": "test provisioning topic", + "owner": "dmaapbc", + "clients": [{ + "dcaeLocationName": "san-francisco", + "clientRole": "org.onap.dmaap.mr.test.pub", + "action": [ + "pub", + "view" + ]} + ] +} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt deleted file mode 100644 index 050853cfa2..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs,Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}-prov) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml index b7c52df169..0dd75f3169 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml @@ -15,16 +15,19 @@ # limitations under the License. */}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/log/logback.xml").AsConfig . | indent 2 }} +--- apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-config namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} --- @@ -33,11 +36,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-dbc-dmaap namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/dmaap/*.json").AsConfig . | indent 2 }} --- @@ -46,11 +44,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-dbc-dcaelocations namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/dcaeLocations/*.json").AsConfig . | indent 2 }} --- @@ -59,11 +52,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-dr-nodes namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }} --- @@ -72,11 +60,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-feeds namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }} --- @@ -85,11 +68,6 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-mr-clusters namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/mr_clusters/*.json").AsConfig . | indent 2 }} --- @@ -98,10 +76,5 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-topics namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index a0c315426c..e7887cc332 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -24,68 +24,44 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: {{ include "common.podSecurityContext" . | indent 6 | trim}} -{{- if .Values.PG.enabled }} - initContainers: + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} + {{- if .Values.usePostgres }} - command: - sh args: - -c - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - - name: PG_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} - - name: PG_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }} volumeMounts: - - mountPath: /config-input - name: {{ include "common.name" . }}-config-input - - mountPath: /config - name: {{ include "common.name" . }}-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + - mountPath: /config-input + name: {{ include "common.name" . }}-config-input + - mountPath: /config + name: {{ include "common.name" . }}-config name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | nindent 6 }} -{{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-permission-fixer - securityContext: - runAsUser: 0 - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - command: ["chown","-Rf","1000:1001", "/opt/app/"] -# See AAF-425 for explanation of why this is needed. -# This artifact is provisioned in AAF for both pks12 and jks format and apparently -# the cadi library is not using the jks password on the jks keystore. -# So, this attempts to "fix" the credential property file until this is fixed properly. - - name: {{ include "common.name" . }}-cred-fixer - image: {{ include "repositoryGenerator.image.busybox" . }} + image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - command: ["/bin/sh"] - args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ] -{{- end }} - - name: {{ include "common.name" . }}-postgres-readiness - securityContext: - runAsUser: 100 - runAsGroup: 65533 - command: + - command: - /app/ready.py args: - --container-name - {{ .Values.postgres.nameOverride }} - - --container-name - - message-router - - --container-name - - dmaap-dr-node + securityContext: + runAsUser: 100 + runAsGroup: 65533 env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + name: {{ include "common.name" . }}-postgres-readiness image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- end }} + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -96,7 +72,6 @@ spec: httpGet: port: {{ .Values.liveness.port }} path: /webapi/topics - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} @@ -104,18 +79,19 @@ spec: httpGet: port: {{ .Values.readiness.port }} path: /webapi/topics - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true -# NOTE: on the following several configMaps, careful to include / at end -# since there may be more than one file in each mountPath - name: {{ include "common.name" . }}-config mountPath: /opt/app/config/conf/ - resources: {{ include "common.resources" . | nindent 12 }} + - mountPath: /opt/app/dmaapbc/etc/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml + resources: +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} @@ -123,15 +99,24 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: localtime hostPath: path: /etc/localtime + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + {{- if .Values.usePostgres }} - name: {{ include "common.name" . }}-config-input configMap: name: {{ include "common.fullname" . }}-config - name: {{ include "common.name" . }}-config emptyDir: medium: Memory + {{- else }} + - name: {{ include "common.name" . }}-config + configMap: + name: {{ include "common.fullname" . }}-config + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml index ab6f573a34..0f6c8f9dc0 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml @@ -1,3 +1,22 @@ +{{/* + # ============LICENSE_START=================================================== + # Copyright (C) 2022 Nordix Foundation + # ============================================================================ + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # SPDX-License-Identifier: Apache-2.0 + # ============LICENSE_END===================================================== +*/}} apiVersion: batch/v1 kind: Job metadata: @@ -18,7 +37,7 @@ spec: - /app/ready.py args: - --container-name - - dmaap-bc + - {{ include "common.name" . }} env: - name: NAMESPACE valueFrom: @@ -27,17 +46,15 @@ spec: fieldPath: metadata.namespace containers: - name: dmaap-provisioning-job - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.clientImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbcClientImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DELAY value: "0" - {{- if or (include "common.onServiceMesh" .) .Values.global.allow_http }} - name: PROTO value: "http" - name: PORT value: "8080" - {{ end }} - name: REQUESTID value: "{{.Chart.Name}}-dmaap-provisioning" volumeMounts: @@ -59,7 +76,8 @@ spec: mountPath: /opt/app/config/mr_clusters/ - name: {{ include "common.fullname" . }}-topics mountPath: /opt/app/config/topics/ - resources: {{ include "common.resources" . | nindent 10 }} + resources: +{{ include "common.resources" . }} {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml index 8f87c68f1e..a90bf83c07 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml @@ -1 +1,18 @@ +{{/* +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml index 7074e4de9a..b7a31c0b0c 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml @@ -1,4 +1,3 @@ - # Modifications Copyright © 2019 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 911fee85f4..1e234242ee 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -17,8 +17,11 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefix: 302 + persistence: {} +################################################################# +# Secrets metaconfig +################################################################# secrets: - uid: pg-root-pass name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass' @@ -37,89 +40,64 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -pullPolicy: Always - # application images -image: onap/dmaap/dmaap-bc:2.0.10 +image: onap/dmaap/dmaap-bc:2.0.11 +pullPolicy: Always +#DMaaP Bus Controller client image for provisioning at deploy time +dbcClientImage: onap/dmaap/dbc-client:2.0.11 # application configuration -dmaapMessageRouterService: message-router - -# change the following value to point to Windriver instance maintained -# by AAF team. -# e.g. -#aafURL: https://aaf-onap-test.osaaf.org:8095/proxy/ -aafURL: https://aaf-service:8100/ -aafLocateUrl: https://aaf-locate:8095 -topicMgrUser: dmaap-bc@dmaap-bc.onap.org -topicMgrPwd: demo123456! -adminUser: aaf_admin@people.osaaf.org -adminPwd: demo123456! - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: dmaap-bc-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: dmaap-bc - fqi: dmaap-bc@dmaap-bc.onap.org - publicFqdn: dmaap-bc.onap.org - cadiLatitude: 0.0 - cadiLongitude: 0.0 - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - -persistence: - aafCredsPath: /opt/app/osaaf/local/ - -# for Casablanca default deployment, leave this true to -# get a topic namespace that matches MR. When set to false, -# it will compose the topic namespace using the kubernetes namespace value -fixedTopicNamespace: true - -# for quicker deployments in dev, ability to disable using postgres -PG: - enabled: true +dmaapMessageRouterService: &mr_name message-router +dmaapDataRouterProvService: &dr_prov_name dmaap-dr-prov +dmaapDataRouterNodeService: &dr_node_name dmaap-dr-node nodeSelector: {} affinity: {} +containerPort: &svc_port 8080 + +service: + type: ClusterIP + name: &svc_name dmaap-bc + ports: + - name: &port http + port: *svc_port + +ingress: + enabled: false + service: + - baseaddr: "dmaap-bc-api" + name: *svc_name + port: *svc_port + config: + ssl: "redirect" + # probe configuration parameters liveness: initialDelaySeconds: 10 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - port: api + port: *svc_port enabled: true readiness: initialDelaySeconds: 10 periodSeconds: 10 - port: api - - -service: - type: NodePort - name: dmaap-bc - ports: - - name: api - port: 8443 - plain_port: 8080 - port_protocol: http - nodePort: 42 + port: *svc_port +usePostgres: &use_pg true -# application configuration override for postgres postgres: - nameOverride: dbc-pg +# For Dev deployments, use in memory DB +# postgres +# enabled: false + enabled: true + nameOverride: &pg_name dbc-postgres service: - name: dbc-postgres + name: *pg_name name2: dbc-pg-primary name3: dbc-pg-replica container: @@ -135,23 +113,9 @@ postgres: mountSubPath: dbc/data mountInitPath: dbc -ingress: - enabled: false - service: - - baseaddr: "dmaap-bc-api" - name: "dmaap-bc" - port: 8443 - plain_port: 8080 - config: - ssl: "redirect" - # Resource Limit flavor -By Default using small flavor: small -securityContext: - user_id: 1000 - group_id: 101 - # Segregation for Different environment (Small and Large) resources: small: @@ -170,13 +134,21 @@ resources: memory: 2Gi unlimited: {} +securityContext: + user_id: 1000 + group_id: 101 + #Pods Service Account serviceAccount: - nameOverride: dmaap-bc + nameOverride: *svc_name roles: - read +readinessCheck: + wait_for: + - *mr_name + - *dr_node_name + wait_for_job_container: containers: - - 'dmaap-provisioning-job' - + - 'dmaap-provisioning-job' \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml b/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml index c0a3039b3a..57f664a012 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml @@ -29,6 +29,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' - - name: certInitializer + - name: readinessCheck version: ~12.x-0 repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 6292be2d9d..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2019 The Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -# dmaap-dr-node filebeat.yml -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"] - #If enable will do load balancing among available Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml index 8b8c16c287..7d773830cd 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml @@ -211,7 +211,7 @@ - + diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties index 20030a79c8..21d7c20abd 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties @@ -28,23 +28,23 @@ # #ProvisioningURL: ${DRTR_PROV_INTURL} */}} -ProvisioningURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/prov +ProvisioningURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/prov # # URL to upload PUB/DEL/EXP logs # #LogUploadURL: ${DRTR_LOG_URL} -LogUploadURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/logs +LogUploadURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/logs # # The port number for http as seen within the server # #IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080} -IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }} +IntHttpPort={{ .Values.containerPort }} # # The port number for https as seen within the server # -IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }} +IntHttpsPort={{ .Values.containerPort }} # # The external port number for https taking port mapping into account # @@ -90,6 +90,9 @@ NodeAuthKey = Node123! # DR_NODE DEFAULT ENABLED TLS PROTOCOLS NodeHttpsProtocols = TLSv1.1|TLSv1.2 # +# AAF CADI enabled flag +CadiEnabled = false +# # AAF type to generate permission string AAFType = org.onap.dmaap-dr.feed # @@ -99,8 +102,8 @@ AAFInstance = legacy # AAF action to generate permission string - default should be publish AAFAction = publish # -# AAF CADI enabled flag -CadiEnabled = false -# # AAF Props file path -AAFPropsFilePath = {{ .Values.certInitializer.credsPath }}/org.onap.dmaap-dr.props +AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props +# +# https security required for publish request +TlsEnabled = false \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt deleted file mode 100644 index 62aeffbe80..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }} -{{- end }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml index 597da1734c..ce64cabc92 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml @@ -17,15 +17,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-configmap + name: {{ include "common.fullname" . }}-node-props namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/node.properties").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap @@ -34,18 +29,3 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-dbc-drnodes - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }} ---- -{{ include "common.log.configMap" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml index 8f87c68f1e..f288af9b29 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml @@ -1 +1,21 @@ +{{/* + # ============LICENSE_START=================================================== + # Copyright (C) 2022 Nordix Foundation, Orange. + # ============================================================================ + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # SPDX-License-Identifier: Apache-2.0 + # ============LICENSE_END===================================================== +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml deleted file mode 100644 index 9a3f011e80..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index 69f6fc1d6e..f4167afe2f 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -24,35 +24,18 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: {{ include "common.podSecurityContext" . | indent 6 | trim}} - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }} - - name: {{ include "common.name" . }}-readiness - securityContext: - runAsUser: 100 - runAsGroup: 65533 - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --container-name - - dmaap-dr-prov - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 8 }} - name: {{ include "common.name" . }}-permission-fixer securityContext: runAsUser: 0 image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - mountPath: {{ .Values.persistence.spool.path }} - name: {{ include "common.fullname" . }}-spool - - mountPath: {{ .Values.persistence.event.path }} - name: {{ include "common.fullname" . }}-event-logs command: ["chown","-Rf","1000:1001", "/opt/app/"] + volumeMounts: + - name: {{ include "common.fullname" . }}-spool + mountPath: {{ .Values.persistence.spool.path }} + - name: {{ include "common.fullname" . }}-event-logs + mountPath: {{ .Values.persistence.event.path }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -70,50 +53,44 @@ spec: port: {{.Values.readiness.port}} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - mountPath: {{ .Values.persistence.spool.path }} - name: {{ include "common.fullname" . }}-spool - - mountPath: {{ .Values.persistence.event.path }} - name: {{ include "common.fullname" . }}-event-logs - - mountPath: /etc/localtime - name: localtime - readOnly: false - - mountPath: /opt/app/datartr/etc/node.properties - name: {{ include "common.fullname" . }}-config - subPath: node.properties - - mountPath: /opt/app/datartr/etc/logback.xml - name: {{ include "common.fullname" . }}-log-conf - subPath: logback.xml - - mountPath: {{ .Values.global.loggingDirectory }} - name: logs - resources: {{ include "common.resources" . | nindent 12 }} + volumeMounts: + - mountPath: {{ .Values.persistence.spool.path }} + name: {{ include "common.fullname" . }}-spool + - mountPath: {{ .Values.persistence.event.path }} + name: {{ include "common.fullname" . }}-event-logs + - mountPath: /etc/localtime + name: localtime + readOnly: false + - mountPath: /opt/app/datartr/etc/node.properties + name: {{ include "common.fullname" . }}-config + subPath: node.properties + - mountPath: /opt/app/datartr/etc/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml + resources: +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} - # Filebeat sidecar container - {{ include "common.log.sidecar" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: localtime hostPath: path: /etc/localtime - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-configmap + name: {{ include "common.fullname" . }}-node-props items: - key: node.properties path: node.properties - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - {{ include "common.log.volumes" . | nindent 8 }} - - name: logs - emptyDir: {} {{- if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-event-logs emptyDir: {} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 6da3cda668..d2f59455bb 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -16,42 +16,16 @@ # Global configuration defaults. ################################################################# global: - loggingDirectory: /var/log/onap/datarouter persistence: {} - aafEnabled: true - centralizedLoggingEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: dmaap-dr-node-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: dmaap-dr-node - fqi: dmaap-dr-node@dmaap-dr.onap.org - public_fqdn: dmaap-dr.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop + dmaapDrProvName: dmaap-dr-prov ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.11 +image: onap/dmaap/datarouter-node:2.1.12 pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration - see parent values chart - # default number of instances replicaCount: 1 @@ -59,6 +33,29 @@ nodeSelector: {} affinity: {} +# application configuration - see parent values chart +# dr uses the EELF Logging framework https://github.com/att/EELF +# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF +logLevel: "DEBUG" + +containerPort: &svc_port 8080 + +service: + type: ClusterIP + name: dmaap-dr-node + ports: + - name: http + port: *svc_port + +ingress: + enabled: false + service: + - baseaddr: "dmaap-dr-node-api" + name: "dmaap-dr-node" + port: *svc_port + config: + ssl: "redirect" + # probe configuration parameters liveness: initialDelaySeconds: 30 @@ -66,14 +63,14 @@ liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true - port: api + port: *svc_port readiness: initialDelaySeconds: 30 periodSeconds: 10 - port: api + port: *svc_port -## Persist data to a persitent volume +## Persist data to a persistent volume persistence: enabled: true mountPath: /dockerdata-nfs @@ -97,28 +94,9 @@ persistence: labels: app.kubernetes.io/component: event-logs -################################################################# -# Secrets metaconfig -################################################################# -secrets: {} - -ingress: - enabled: false - service: - - baseaddr: "dmaap-dr-node-api" - name: "dmaap-dr-node" - port: 8443 - plain_port: 8080 - config: - ssl: "redirect" - # Resource Limit flavor -By Default using small flavor: small -securityContext: - user_id: 1000 - group_id: 1000 - # Segregation for Different environment (Small and Large) resources: small: @@ -137,33 +115,16 @@ resources: memory: 2Gi unlimited: {} -service: - type: NodePort - name: dmaap-dr-node - useNodePortExt: true - both_tls_and_plain: true - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - ports: - - name: api - port: 8443 - plain_port: 8080 - port_protocol: http - nodePort: 94 - -config: - # dr node server configuration - dmaapDrNode: - # dr uses the EELF Logging framework https://github.com/att/EELF - # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF - logLevel: "INFO" - #Pods Service Account serviceAccount: nameOverride: dmaap-dr-node roles: - read -#Log configuration -log: - path: /var/log/onap +securityContext: + user_id: 1000 + group_id: 1000 + +readinessCheck: + wait_for: + - dmaap-dr-prov diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml index 15c6e8b25b..67c4556e37 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml @@ -29,10 +29,10 @@ dependencies: - name: mariadb-init version: ~12.x-0 repository: '@local' - - name: certInitializer + - name: repositoryGenerator version: ~12.x-0 repository: '@local' - - name: repositoryGenerator + - name: readinessCheck version: ~12.x-0 repository: '@local' - name: serviceAccount diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index c8a173c531..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2019 The Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -# dmaap-dr-prov filebeat.yml -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - - /opt/app/datartr/logs/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"] - #If enable will do load balancing among available Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml index 73446ee3ec..9a3c383f8f 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml @@ -369,15 +369,17 @@ + + + + - - - - + - \ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties index 18ab41982a..a56de3cd3b 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties @@ -25,35 +25,20 @@ #Jetty Server properties -org.onap.dmaap.datarouter.provserver.http.port = {{.Values.config.dmaapDrProv.internalPort}} -org.onap.dmaap.datarouter.provserver.https.port = {{.Values.config.dmaapDrProv.internalPort2}} +org.onap.dmaap.datarouter.provserver.http.port = {{ .Values.containerPort }} org.onap.dmaap.datarouter.provserver.https.relaxation = true -org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props +org.onap.dmaap.datarouter.provserver.tlsenabled = false +org.onap.dmaap.datarouter.nodeserver.http.port = 8080 org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc org.onap.dmaap.datarouter.provserver.logretention = 30 -#DMAAP-597 (Tech Dept) REST request source IP auth -# relaxation to accommodate OOM kubernetes deploy -org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false - # Database access org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}} org.onap.dmaap.datarouter.db.login = ${DB_USERNAME} org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD} -# PROV - DEFAULT ENABLED TLS PROTOCOLS -org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2 - -# AAF config -org.onap.dmaap.datarouter.provserver.cadi.enabled = false - -org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed -org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub -org.onap.dmaap.datarouter.provserver.aaf.instance = legacy -org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish -org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-prov/templates/NOTES.txt deleted file mode 100644 index 8d29cf9e66..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.config.dmaapDrProv.servicetype }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.config.dmaapDrProv.servicetype }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{.Values.config.dmaapDrProv.externalPort}} -{{- else if contains "ClusterIP" .Values.config.dmaapDrProv.servicetype }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrProv.internalPort}} -{{- end }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml index 9031cce423..1cd524423e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml @@ -36,42 +36,3 @@ data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} --- {{ include "common.log.configMap" . }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-dbc-feeds - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-dbc-drpubs - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/dr_pubs/*.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-dbc-drsubs - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/dr_subs/*.json").AsConfig . | indent 2 }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 325ca9f2a7..f44dd7bfd0 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -15,93 +15,48 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: {{ include "common.podSecurityContext" . | indent 6 | trim}} - hostname: {{ .Values.global.dmaapDrProvName }} - initContainers: - - name: {{ include "common.name" . }}-readiness - securityContext: - runAsUser: 100 - runAsGroup: 65533 - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.global.aafEnabled }} - - {{ include "common.certInitializer.initContainer" . | nindent 8 }} - - - name: {{ include "common.name" . }}-permission-fixer - securityContext: - runAsUser: 0 - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - command: ["chown","-Rf","1000:1001", "/opt/app/"] - - {{ end }} + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.config.dmaapDrProv.internalPort }} + ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: - tcpSocket: - port: {{ .Values.config.dmaapDrProv.internalPort }} + httpGet: + port: {{ .Values.liveness.port }} + path: /internal/prov initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: - tcpSocket: - port: {{ .Values.config.dmaapDrProv.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} + httpGet: + port: {{ .Values.liveness.port }} + path: /internal/prov + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} env: - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }} - name: DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: false - - mountPath: /opt/app/datartr/etc/provserver.properties - name: {{ include "common.fullname" . }}-config - subPath: provserver.properties - - mountPath: /opt/app/datartr/etc/logback.xml - name: {{ include "common.fullname" . }}-log-conf - subPath: logback.xml - - mountPath: {{ .Values.global.loggingDirectory }} - name: logs + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: false + - mountPath: /opt/app/datartr/etc/provserver.properties + name: {{ include "common.fullname" . }}-config + subPath: provserver.properties + - mountPath: /opt/app/datartr/etc/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} @@ -112,10 +67,8 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - # Filebeat sidecar container - {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: localtime hostPath: path: /etc/localtime @@ -128,8 +81,5 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - {{ include "common.log.volumes" . | nindent 6 }} - - name: logs - emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml index 8f87c68f1e..f288af9b29 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml @@ -1 +1,21 @@ +{{/* + # ============LICENSE_START=================================================== + # Copyright (C) 2022 Nordix Foundation, Orange. + # ============================================================================ + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # SPDX-License-Identifier: Apache-2.0 + # ============LICENSE_END===================================================== +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml index 1a0143f9ae..306b0f17eb 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml @@ -14,51 +14,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - msb.onap.org/service-info: '[ - { - "serviceName": "{{ .Values.global.dmaapDrProvName }}", - "version": "v1", - "url": "/", - "protocol": "REST", - "port": "{{ .Values.global.dmaapDrProvExtPort2 }}", - "visualRange":"1" - } - ]' - -spec: - type: {{ .Values.config.dmaapDrProv.servicetype }} - ports: - {{- if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}} - {{- if .Values.global.allow_http }} - - port: {{ .Values.global.dmaapDrProvExtPort }} - targetPort: {{ .Values.config.dmaapDrProv.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort }} - name: {{ .Values.config.dmaapDrProv.portName }} - {{- end}} - - port: {{ .Values.global.dmaapDrProvExtPort2 }} - targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort2 }} - name: {{ .Values.config.dmaapDrProv.portName }}2 - {{- else -}} - - port: {{ .Values.global.dmaapDrProvExtPort }} - targetPort: {{ .Values.config.dmaapDrProv.internalPort }} - name: {{ .Values.config.dmaapDrProv.portName }} - - port: {{ .Values.global.dmaapDrProvExtPort2 }} - targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }} - name: {{ .Values.config.dmaapDrProv.portName }}2 - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 59b0765f28..6af498d548 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -16,10 +16,6 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefix: 302 - loggingDirectory: /opt/app/datartr/logs - persistence: {} - centralizedLoggingEnabled: true mariadbGalera: &mariadbGalera #This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster localCluster: false @@ -42,14 +38,9 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.11 +image: onap/dmaap/datarouter-prov:2.1.12 pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration - see parent values chart - # default number of instances replicaCount: 1 @@ -57,48 +48,46 @@ nodeSelector: {} affinity: {} -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 30 - periodSeconds: 10 +containerPort: &svc_port 8080 -## Persist data to a persitent volume -persistence: - enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - mountPath: /dockerdata-nfs +service: + type: ClusterIP + name: dmaap-dr-prov + ports: + - name: &port http + port: *svc_port ingress: enabled: false service: - baseaddr: "dmaap-dr-prov-api" name: "dmaap-dr-prov" - port: 8443 - plain_port: 8080 + port: *svc_port config: ssl: "redirect" -config: - # dr provisioning server configuration - dmaapDrProv: - servicetype: NodePort - internalPort: 8080 - internalPort2: 8443 - portName: dr-prov-port - portName2: dr-prov-port2 - nodePort: 59 - nodePort2: 69 - # dr uses the EELF Logging framework https://github.com/att/EELF - # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF - logLevel: "INFO" +readinessCheck: + wait_for: + jobs: + - '{{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job' + +# dr uses the EELF Logging framework https://github.com/att/EELF +# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF +logLevel: "DEBUG" + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: *svc_port + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + port: *svc_port # mariadb-galera configuration mariadb-galera: @@ -124,30 +113,9 @@ mariadb-init: mysqlDatabase: *mysqlDbName nameOverride: dmaap-dr-mariadb-init -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: dmaap-dr-prov-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! -# aafDeployCredsExternalSecret: some secret - fqdn: dmaap-dr-prov - fqi: dmaap-dr-prov@dmaap-dr.onap.org - publicFqdn: dmaap-dr.onap.org - cadiLatitude: 0.0 - cadiLongitude: 0.0 - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - - # Resource Limit flavor -By Default using small flavor: small -securityContext: - user_id: 1000 - group_id: 1000 - # Segregation for Different environment (Small and Large) resources: small: @@ -166,12 +134,13 @@ resources: memory: 2Gi unlimited: {} +#Pods Security Context +securityContext: + user_id: 1000 + group_id: 1000 + #Pods Service Account serviceAccount: nameOverride: dmaap-dr-prov roles: - read - -#Log configuration -log: - path: /var/log/onap diff --git a/kubernetes/dmaap/components/message-router/Chart.yaml b/kubernetes/dmaap/components/message-router/Chart.yaml index ba7beaf7f7..c221dff9a7 100644 --- a/kubernetes/dmaap/components/message-router/Chart.yaml +++ b/kubernetes/dmaap/components/message-router/Chart.yaml @@ -27,9 +27,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties index a9b0a012a4..2dea84d289 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties @@ -30,7 +30,7 @@ ## if you want to change request.required.acks it can take this one value #kafka.request.required.acks=-1 kafka.metadata.broker.list={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 -config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }} +config.zk.servers=127.0.0.1:{{ .Values.zkTunnelService.internalPort }} consumer.timeout.ms=100 zookeeper.connection.timeout.ms=6000 zookeeper.session.timeout.ms=20000 @@ -124,26 +124,10 @@ default.replicas=3 #100mb maxcontentlength=10000 - ############################################################################## -#AAF Properties -msgRtr.namespace.aaf=org.onap.dmaap.mr.topic -msgRtr.topicfactory.aaf=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic: -enforced.topic.name.AAF=org.onap.dmaap.mr +##AAF Properties forceAAF=false useCustomAcls=false -transidUEBtopicreqd=false -defaultNSforUEB=org.onap.dmaap.mr -############################################################################## -#Mirror Maker Agent - -msgRtr.mirrormakeradmin.aaf=org.onap.dmaap.mr.mirrormaker|*|admin -msgRtr.mirrormakeruser.aaf=org.onap.dmaap.mr.mirrormaker|*|user -msgRtr.mirrormakeruser.aaf.create=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic: -msgRtr.mirrormaker.timeout=15000 -msgRtr.mirrormaker.topic=org.onap.dmaap.mr.mirrormakeragent -msgRtr.mirrormaker.consumergroup=mmagentserver -msgRtr.mirrormaker.consumerid=1 kafka.max.poll.interval.ms=300000 kafka.heartbeat.interval.ms=60000 diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml deleted file mode 100644 index 3ee9fc5fe6..0000000000 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml +++ /dev/null @@ -1,4 +0,0 @@ -jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi -lowercaseOutputName: true -lowercaseOutputLabelNames: true -ssl: false \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/sys-props.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/sys-props.properties deleted file mode 100644 index cd88565ed0..0000000000 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/sys-props.properties +++ /dev/null @@ -1,165 +0,0 @@ -############################################################################### -# ============LICENSE_START======================================================= -# org.onap.dmaap -# ================================================================================ -# Copyright (c) 2017-201 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2021 Orange Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -# -# ECOMP is a trademark and service mark of AT&T Intellectual Property. -# -############################################################################### -#This file is used for defining AJSC system properties for different configuration schemes and is necessary for the AJSC to run properly. -#The sys-props.properties file is used for running locally. The template.sys-props.properties file will be used when deployed -#to a SOA/CSI Cloud node. For more information, - -#AJSC System Properties. The following properties are required for ALL AJSC services. If you are adding System Properties for your -#particular service, please add them AFTER all AJSC related System Properties. - -#For Cadi Authorization, use value="authentication-scheme-1 -CadiAuthN=authentication-scheme-1 - -#For Basic Authorization, use value="authentication-scheme-1 -authN=authentication-scheme-2 - -#Persistence used for AJSC meta-data storage. For most environments, "file" should be used. -ajscPersistence=file - -# If using hawtio for local development, these properties will allow for faster server startup and usage for local development -hawtio.authenticationEnabled=false -hawtio.config.pullOnStartup=false - -#Removes the extraneous restlet console output -org.restlet.engine.loggerFacadeClass=org.restlet.ext.slf4j.Slf4jLoggerFacade - -#server.host property to be enabled for local DME2 related testing -#server.host= - -#Enable/disable SSL (values=true/false). This property also determines which protocol to use (https if true, http otherwise), to register services into GRM through DME2. -enableSSL=false - -#Enable/disable csi logging (values=true/false). This can be disabled during local development -csiEnable=false - -#Enable/disable CAET This can be disabled during local development -isCAETEnable=true - -#Enable/disable EJB Container -ENABLE_EJB=false - -#Enable/disable OSGI -isOSGIEnable=false - -#Configure JMS Queue (WMQ/TIBCO) -JMS_BROKER=WMQ - -#Generate/Skip api docs -isApiDoc=false - - -#WMQ connectivity -JMS_WMQ_PROVIDER_URL=aftdsc://AFTUAT/34.07/-84.28 -JMS_WMQ_CONNECTION_FACTORY_NAME=aftdsc://AFTUAT/?service=CSILOG,version=1.0,bindingType=fusionBus,envContext=Q,Q30A=YES -JMS_WMQ_INITIAL_CONNECTION_FACTORY_NAME=com.att.aft.jms.FusionCtxFactory -JMS_WMQ_AUDIT_DESTINATION_NAME=queue:///CSILOGQL.M2E.DASHBOARD01.NOT.Q30A -JMS_WMQ_PERF_DESTINATION_NAME=queue:///CSILOGQL.M2E.PERFORMANCE01.NOT.Q30A - -#CSI related variables for CSM framework -csm.hostname=d1a-m2e-q112m2e1.edc.cingular.net - -#Enable/disable endpoint level logging (values=true/false). This can be disabled during local development -endpointLogging=false - -#Enable/disable trail logging and trail logging summary -enableTrailLogging=false -enableTrailLoggingSummary=false - -#SOA_CLOUD_ENV is used to register your service with dme2 and can be turned off for local development (values=true/false). -SOA_CLOUD_ENV=false - -#CONTINUE_ON_LISTENER_EXCEPTION will exit the application if there is a DME2 exception at the time of registration. -CONTINUE_ON_LISTENER_EXCEPTION=false - -#Jetty Container ThreadCount Configuration Variables -AJSC_JETTY_ThreadCount_MIN=1 -AJSC_JETTY_ThreadCount_MAX=200 -AJSC_JETTY_IDLETIME_MAX=3000 - -#Camel Context level default threadPool Profile configuration -CAMEL_POOL_SIZE=10 -CAMEL_MAX_POOL_SIZE=20 -CAMEL_KEEP_ALIVE_TIME=60 -CAMEL_MAX_QUEUE_SIZE=1000 - -#File Monitor configurations -ssf_filemonitor_polling_interval=5 -ssf_filemonitor_threadpool_size=10 - -#GRM/DME2 System Properties -AFT_DME2_CONN_IDLE_TIMEOUTMS=5000 -AJSC_ENV=SOACLOUD - -SOACLOUD_NAMESPACE=org.onap.dmaap.dev -SOACLOUD_ENV_CONTEXT=TEST -SOACLOUD_PROTOCOL=http -SOACLOUD_ROUTE_OFFER=DEFAULT - -AFT_LATITUDE=23.4 -AFT_LONGITUDE=33.6 -AFT_ENVIRONMENT=AFTUAT - -#Restlet Component Default Properties -RESTLET_COMPONENT_CONTROLLER_DAEMON=true -RESTLET_COMPONENT_CONTROLLER_SLEEP_TIME_MS=100 -RESTLET_COMPONENT_INBOUND_BUFFER_SIZE=8192 -RESTLET_COMPONENT_MIN_THREADS=1 -RESTLET_COMPONENT_MAX_THREADS=10 -RESTLET_COMPONENT_LOW_THREADS=8 -RESTLET_COMPONENT_MAX_QUEUED=0 -RESTLET_COMPONENT_MAX_CONNECTIONS_PER_HOST=-1 -RESTLET_COMPONENT_MAX_TOTAL_CONNECTIONS=-1 -RESTLET_COMPONENT_OUTBOUND_BUFFER_SIZE=8192 -RESTLET_COMPONENT_PERSISTING_CONNECTIONS=true -RESTLET_COMPONENT_PIPELINING_CONNECTIONS=false -RESTLET_COMPONENT_THREAD_MAX_IDLE_TIME_MS=60000 -RESTLET_COMPONENT_USE_FORWARDED_HEADER=false -RESTLET_COMPONENT_REUSE_ADDRESS=true - -#Externalized jar and properties file location. In CSI environments, there are a few libs that have been externalized to aid -#in CSTEM maintenance of the versions of these libs. The most important to the AJSC is the DME2 lib. Not only is this lib necessary -#for proper registration of your AJSC service on a node, but it is also necessary for running locally as well. Another framework -#used in CSI envs is the CSM framework. These 2 framework libs are shown as "provided" dependencies within the pom.xml. These -#dependencies will be copied into the target/commonLibs folder with the normal "mvn clean package" goal of the AJSC. They will -#then be added to the classpath via AJSC_EXTERNAL_LIB_FOLDERS system property. Any files (mainly property files) that need -#to be on the classpath should be added to the AJSC_EXTERNAL_PROPERTIES_FOLDERS system property. The default scenario when -#testing your AJSC service locally will utilize the target/commonLibs directory for DME2 and CSM related artifacts and 2 -#default csm properties files will be used for local testing with anything CSM knorelated. -#NOTE: we are using maven-replacer-plugin to replace "(doubleUnderscore)basedir(doubleUnderscore)" with ${basedir} within the -#target directory for running locally. Multiple folder locations can be separated by the pipe ("|") character. -#Please, NOTE: for running locally, we are setting this system property in the antBuild/build.xml "runLocal" target and in the -#"runAjsc" profile within the pom.xml. This is to most effectively use maven variables (${basedir}, most specifically. Therefore, -#when running locally, the following 2 properties should be set within the profile(s) themselves. -#Example: target/commonLibs|target/otherLibs -#AJSC_EXTERNAL_LIB_FOLDERS=__basedir__/target/commonLibs -#AJSC_EXTERNAL_PROPERTIES_FOLDERS=__basedir__/ajsc-shared-config/etc -#End of AJSC System Properties - -#Service System Properties. Please, place any Service related System Properties below. - -#msgrtr content length and error message -#100mb -maxcontentlength=10000 -msg_size_exceeds=Message size exceeds the default size. -forceAAF=false -cadi_prop_files={{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.properties \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml b/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml deleted file mode 100644 index 49196e441b..0000000000 --- a/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml +++ /dev/null @@ -1,138 +0,0 @@ - - - - - - - - - true - - - /etc/runner-web.xml - /etc/ajsc-override-web.xml - true - /extJars/json-20131018.jar - - - false - - - - - - - - - - - - - - - - - - - - - - - - - - /extApps - 10 - true - - - - - - - - - - - - - - - - - - - - - - - {{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.jks - ${KEYSTORE_PASSWORD} - ${KEYSTORE_PASSWORD} - true - - - - - - - - - - - - http/1.1 - - - - - - - - - - - - - - - - - - - - - - 30000 - - - - - - - - - - false - - - diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties deleted file mode 100644 index 596a316d77..0000000000 --- a/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties +++ /dev/null @@ -1,19 +0,0 @@ -aaf_locate_url=https://aaf-locate.onap:8095 -aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 -aaf_env=DEV -aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm - -cadi_truststore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -cadi_truststore_password=${TRUSTSTORE_PASSWORD} - -cadi_keyfile={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.keyfile - -cadi_alias={{ .Values.certInitializer.fqi }} -cadi_keystore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.p12 -cadi_keystore_password=${KEYSTORE_PASSWORD_P12} -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - -cadi_loglevel=INFO -cadi_protocols=TLSv1.1,TLSv1.2 -cadi_latitude=37.78187 -cadi_longitude=-122.26147 diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml b/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml deleted file mode 100644 index 116c52499f..0000000000 --- a/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml +++ /dev/null @@ -1,108 +0,0 @@ - - - - - - contextConfigLocation - /WEB-INF/spring-servlet.xml, - classpath:applicationContext.xml - - - - - spring.profiles.default - nooauth - - - - org.springframework.web.context.ContextLoaderListener - - - - ManagementServlet - ajsc.ManagementServlet - - - - WriteableRequestFilter - com.att.ajsc.csi.writeablerequestfilter.WriteableRequestFilter - - - - InterceptorFilter - ajsc.filters.InterceptorFilter - - preProcessor_interceptor_config_file - /etc/PreProcessorInterceptors.properties - - - postProcessor_interceptor_config_file - /etc/PostProcessorInterceptors.properties - - - - - - - DMaaPAuthFilter - DMaaPAuthFilter - org.onap.dmaap.util.DMaaPAuthFilter - - cadi_prop_files - {{.Values.certInitializer.appMountPath}}/local/cadi.properties - - - - - - RestletServlet - ajsc.restlet.RestletSpringServlet - - org.restlet.component - restletComponent - - - - - CamelServlet - ajsc.servlet.AjscCamelServlet - - - - - springSecurityFilterChain - org.springframework.web.filter.DelegatingFilterProxy - - - - spring - org.springframework.web.servlet.DispatcherServlet - 1 - - - - spring - / - - - diff --git a/kubernetes/dmaap/components/message-router/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/templates/NOTES.txt deleted file mode 100644 index a44d0f76ee..0000000000 --- a/kubernetes/dmaap/components/message-router/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml index c999b79183..3f786ad950 100644 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml @@ -40,45 +40,4 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-etc - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-sys-props - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/dmaap/sys-props.properties").AsConfig . | indent 2 }} ---- -{{- if .Values.prometheus.jmx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-prometheus-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }} ---- -{{ end }} + diff --git a/kubernetes/dmaap/components/message-router/templates/ingress.yaml b/kubernetes/dmaap/components/message-router/templates/ingress.yaml new file mode 100644 index 0000000000..a90bf83c07 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/templates/ingress.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.ingress" . }} diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml deleted file mode 100644 index 50dda8a8f9..0000000000 --- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021-2022 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }} -type: Opaque ---- -{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index 904c160c70..bb42561cbe 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -22,103 +22,14 @@ metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} serviceName: {{ include "common.servicename" . }} - replicas: {{ .Values.replicaCount }} + replicas: 1 template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: - {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-update-config - command: - - sh - args: - - -c - - | - export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0); - cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - mountPath: /config - name: jetty - - mountPath: /config-input - name: etc - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- end }} containers: - {{- if .Values.prometheus.jmx.enabled }} - - name: prometheus-jmx-exporter - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - java - - -XX:+UnlockExperimentalVMOptions - - -XX:+UseCGroupMemoryLimitForHeap - - -XX:MaxRAMFraction=1 - - -XshowSettings:vm - - -jar - - jmx_prometheus_httpserver.jar - - {{ .Values.prometheus.jmx.port | quote }} - - /etc/jmx-kafka/jmx-mrservice-prometheus.yml - ports: - - containerPort: {{ .Values.prometheus.jmx.port }} - resources: - volumeMounts: - - name: jmx-config - mountPath: /etc/jmx-kafka - {{- end }} - - name: srimzi-zk-entrance - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zookeeper.entrance.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /opt/stunnel/stunnel_run.sh - ports: - - containerPort: {{ .Values.global.zkTunnelService.internalPort }} - name: zoo - protocol: TCP - env: - - name: LOG_LEVEL - value: debug - - name: STRIMZI_ZOOKEEPER_CONNECT - value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.global.zkTunnelService.internalPort }}' - livenessProbe: - exec: - command: - - /opt/stunnel/stunnel_healthcheck.sh - - '{{ .Values.global.zkTunnelService.internalPort }}' - failureThreshold: 3 - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - exec: - command: - - /opt/stunnel/stunnel_healthcheck.sh - - '{{ .Values.global.zkTunnelService.internalPort }}' - failureThreshold: 3 - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - volumeMounts: - - mountPath: /etc/cluster-operator-certs/ - name: cluster-operator-certs - - mountPath: /etc/cluster-ca-certs/ - name: cluster-ca-certs - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - cp /jetty-config/ajsc-jetty.xml /appl/dmaapMR1/etc/ - cp /jetty-config/cadi.properties {{ .Values.certInitializer.appMountPath }}/local/cadi.properties - /bin/sh /appl/startup.sh - {{- end }} ports: {{ include "common.containerPorts" . | nindent 10 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: @@ -148,58 +59,78 @@ spec: failureThreshold: {{ .Values.startup.failureThreshold }} env: - name: JAASLOGIN - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }} + valueFrom: + secretKeyRef: + name: strimzi-kafka-admin + key: sasl.jaas.config - name: SASLMECH value: scram-sha-512 - name: enableCadi - value: "{{ .Values.global.aafEnabled }}" + value: "true" - name: useZkTopicStore value: "false" - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties - subPath: MsgRtrApi.properties - name: appprops - - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml - subPath: logback.xml - name: logback - {{- if .Values.global.aafEnabled }} - - mountPath: /appl/dmaapMR1/etc/runner-web.xml - subPath: runner-web.xml - name: etc - - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/sys-props.properties - subPath: sys-props.properties - name: sys-props - - mountPath: /jetty-config - name: jetty - {{- end }} - resources: {{ include "common.resources" . | nindent 12 }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties + subPath: MsgRtrApi.properties + name: appprops + - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml + subPath: logback.xml + name: logback + resources: +{{ include "common.resources" . }} + - name: {{ .Values.zkTunnelService.name }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zkTunnelService.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /opt/stunnel/stunnel_run.sh + ports: + - containerPort: {{ .Values.zkTunnelService.internalPort }} + name: {{ .Values.zkTunnelService.portName }} + protocol: {{ .Values.zkTunnelService.protocol }} + env: + - name: LOG_LEVEL + value: {{ .Values.zkTunnelService.logLevel }} + - name: STRIMZI_ZOOKEEPER_CONNECT + value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.zkTunnelService.internalPort }}' + livenessProbe: + exec: + command: + - /opt/stunnel/stunnel_healthcheck.sh + - '{{ .Values.zkTunnelService.internalPort }}' + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - /opt/stunnel/stunnel_healthcheck.sh + - '{{ .Values.zkTunnelService.internalPort }}' + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /etc/cluster-operator-certs/ + name: cluster-operator-certs + - mountPath: /etc/cluster-ca-certs/ + name: cluster-ca-certs serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: localtime hostPath: path: /etc/localtime - name: appprops configMap: name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap - - name: etc - configMap: - name: {{ include "common.fullname" . }}-etc - name: logback configMap: name: {{ include "common.fullname" . }}-logback-xml-configmap - {{- if .Values.prometheus.jmx.enabled }} - - name: jmx-config - configMap: - name: {{ include "common.fullname" . }}-prometheus-configmap - {{- end }} - - name: sys-props - configMap: - name: {{ include "common.fullname" . }}-sys-props - - name: jetty - emptyDir: {} - name: cluster-operator-certs secret: defaultMode: 288 @@ -226,7 +157,7 @@ spec: matchLabels: app.kubernetes.io/name: {{ include "common.name" . }} ports: - - port: {{ .Values.global.zkTunnelService.internalPort }} - protocol: TCP + - port: {{ .Values.zkTunnelService.internalPort }} + protocol: {{ .Values.zkTunnelService.protocol }} policyTypes: - Ingress diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index 80460ba570..c68a91c689 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -18,52 +18,7 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefix: 302 - zkTunnelService: - type: ClusterIP - name: zk-tunnel-svc - portName: tcp-zk-tunnel - internalPort: 2181 - -zookeeper: - entrance: - image: scholzj/zoo-entrance:latest - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: dmaap-mr-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: dmaap-mr - fqi: dmaapmr@mr.dmaap.onap.org - public_fqdn: mr.dmaap.onap.org - cadi_longitude: "-122.26147" - cadi_latitude: "37.78187" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - appMountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops - fqi_namespace: org.onap.dmaap.mr - aaf_add_config: | - cd {{ .Values.credsPath }} - echo "*** change jks password into shell safe one" - export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - keytool -storepasswd -new "${KEYSTORE_PASSWD}" \ - -storepass "${cadi_keystore_password_jks}" \ - -keystore {{ .Values.fqi_namespace }}.jks - echo "*** set key password as same password as jks keystore password" - keytool -keypasswd -new "${KEYSTORE_PASSWD}" \ - -keystore {{ .Values.fqi_namespace }}.jks \ - -keypass "${cadi_keystore_password_jks}" \ - -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }} - echo "*** store the passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop - echo "KEYSTORE_PASSWORD_P12=${cadi_keystore_password_p12}" >> mycreds.prop - echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> mycreds.prop - echo "*** give ownership of files to the user" - chown -R 1000 . + persistence: {} ################################################################# # Application configuration defaults. @@ -72,28 +27,38 @@ certInitializer: image: onap/dmaap/dmaap-mr:1.4.3 pullPolicy: Always -secrets: - - uid: mr-kafka-admin-secret - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate +#Strimzi zookeeper_tunnel config +zkTunnelService: + type: ClusterIP + name: zk-tunnel-svc + portName: tcp-zk-tunnel + protocol: TCP + internalPort: 2181 + logLevel: debug + image: scholzj/zoo-entrance:latest -# flag to enable debugging - application support required -debugEnabled: false +nodeSelector: {} -# application configuration -config: - someConfig: blah +affinity: {} -# default number of instances -replicaCount: 1 +containerPort: &svc_port 3904 -nodeSelector: {} +service: + type: ClusterIP + name: message-router + ports: + - name: api + port: *svc_port + port_protocol: http -affinity: {} +ingress: + enabled: false + service: + - baseaddr: "dmaap-mr-api" + name: "message-router" + port: *svc_port + config: + ssl: "redirect" # probe configuration parameters liveness: @@ -104,7 +69,7 @@ liveness: failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - port: api + port: *svc_port enabled: true readiness: @@ -113,7 +78,7 @@ readiness: timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 - port: api + port: *svc_port startup: initialDelaySeconds: 10 @@ -121,43 +86,7 @@ startup: timeoutSeconds: 1 successThreshold: 1 failureThreshold: 70 - port: api - -service: - type: NodePort - name: message-router - both_tls_and_plain: true - msb: - - port: 3904 - url: "/" - version: "v1" - protocol: "REST" - visualRange: "1" - ports: - - name: api - port: 3905 - plain_port: 3904 - port_protocol: http - nodePort: 26 - -prometheus: - jmx: - enabled: false - image: solsson/kafka-prometheus-jmx-exporter@sha256 - imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 - port: 5556 - targetPort: 5555 - -ingress: - enabled: false - service: - - baseaddr: "dmaap-mr-api" - name: "message-router" - port: 3905 - plain_port: 3904 - config: - ssl: "redirect" - + port: *svc_port # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 8540903193..0000000000 --- a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2019 The Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - - /opt/app/datartr/logs/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"] - #If enable will do load balancing among available Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase \ No newline at end of file diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index 1cb537b5f4..4536f2b54b 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -18,41 +18,19 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - clientImage: onap/dmaap/dbc-client:2.0.10 - -#Global DMaaP app config - allow_http: false - - #Logstash config - logstashServiceName: log-ls - logstashPort: 5044 - - #dmaap-dr-prov server configuration - dmaapDrProvName: dmaap-dr-prov - dmaapDrProvExtPort2: 443 - dmaapDrProvExtPort: 80 - - #AAF global config overrides - aafEnabled: true - - #Strimzi config - kafkaStrimziAdminUser: strimzi-kafka-admin - + persistence: {} #Component overrides message-router: enabled: true - config: - jaasConfExternalSecret: '{{ .Values.global.kafkaStrimziAdminUser }}' dmaap-bc: enabled: true + usePostgres: true + postgres: + enabled: true dmaap-dr-node: enabled: true dmaap-dr-prov: enabled: true -dmaap-strimzi: - enabled: true #Pods Service Account serviceAccount: diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 6a246a623c..fb60be2586 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -109,7 +109,7 @@ spec: value: {{ .Values.so_authorization }} {{- end }} - name: DMAAP_HOST - value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://message-router.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}3905{{ else }}3904{{ end }}" + value: "http://message-router.{{ include "common.namespace" . }}:3904" - name: LOGGING_LEVEL_ORG_ONAP_NBI value: {{ .Values.config.loglevel }} - name: MSB_ENABLED diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 7614a8c5b1..9136b6ed91 100755 --- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -28,14 +28,14 @@ "topicSources" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], - "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, + "useHttps" : "false", "fetchTimeout": 15000, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], - "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, + "useHttps" : "false", "topicCommInfrastructure" : "dmaap" }] } diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml index 51d4b47a15..d26ad6c70d 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -59,13 +59,13 @@ participant: - ${topicServer:message-router} topicCommInfrastructure: dmaap fetchTimeout: 15000 - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + useHttps: "false" topicSinks: - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + useHttps: "false" # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below # clampAutomationCompositionTopics: # topicSources: diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index bbe905b282..a3b82e70fb 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -62,14 +62,14 @@ participant: - ${topicServer:message-router} topicCommInfrastructure: dmaap fetchTimeout: 15000 - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + useHttps: "false" topicSinks: - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + useHttps: "false" # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below # clampAutomationCompositionTopics: diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index f24e0ff8c6..3ea4ac21b3 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -78,14 +78,14 @@ participant: - ${topicServer:message-router} topicCommInfrastructure: dmaap fetchTimeout: 15000 - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + useHttps: "false" topicSinks: - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + useHttps: "false" # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below # clampAutomationCompositionTopics: diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 3d192f4b6a..4a2bcf3684 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -85,7 +85,7 @@ runtime: servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + useHttps: "false" fetchTimeout: 15000 topicSinks: - @@ -93,7 +93,7 @@ runtime: servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + useHttps: "false" # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below # topicParameterGroup: diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index 22168e8753..a0b8bc7c4a 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -98,7 +98,7 @@ DCAE_CONSUMER_GROUP=dcae.policy.shared # Open DMaaP DMAAP_SERVERS=message-router -DMAAP_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} +DMAAP_HTTPS="false" # AAI diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index b68e8d6a71..fdcbf92745 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -76,7 +76,7 @@ pap: - topic: POLICY-PDP-PAP servers: - message-router - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + useHttps: false fetchTimeout: 15000 topicCommInfrastructure: dmaap - topic: POLICY-HEARTBEAT @@ -84,19 +84,19 @@ pap: consumerGroup: policy-pap servers: - message-router - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + useHttps: false fetchTimeout: 15000 topicCommInfrastructure: dmaap topicSinks: - topic: POLICY-PDP-PAP servers: - message-router - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + useHttps: false topicCommInfrastructure: dmaap - topic: POLICY-NOTIFICATION servers: - message-router - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + useHttps: false topicCommInfrastructure: dmaap # If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks # servers: @@ -124,8 +124,8 @@ pap: basePath: healthcheck - clientName: dmaap hostname: message-router - port: {{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }} - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + port: 3904 + useHttps: false basePath: topics management: diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index 0f1744a9e4..d049626106 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json @@ -45,14 +45,14 @@ "topicSources" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], - "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, + "useHttps" : "false", "fetchTimeout" : 15000, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], - "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, + "useHttps" : "false", "topicCommInfrastructure" : "dmaap" }] } diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index 5accf3800f..c57685a37e 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -25,8 +25,6 @@ GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}" GLOBAL_INJECTED_DCAE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-healthcheck") }}' GLOBAL_INJECTED_DCAE_MS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ms-healthcheck") }}' GLOBAL_INJECTED_DCAE_VES_HOST = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ves-collector") }}' -GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}' -GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}' GLOBAL_INJECTED_DNS_IP_ADDR = 'N/A' GLOBAL_INJECTED_DOCKER_VERSION = '1.2-STAGING-latest' GLOBAL_INJECTED_EXTERNAL_DNS = 'N/A' @@ -44,8 +42,6 @@ GLOBAL_INJECTED_POMBA_KIBANA_IP_ADDR = '{{include "robot.ingress.svchost" (dict GLOBAL_INJECTED_POMBA_ELASTIC_SEARCH_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-es") }}' GLOBAL_INJECTED_POMBA_CONTEX_TAGGREGATOR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-contextaggregator") }}' GLOBAL_INJECTED_KEYSTONE = '{{ .Values.openStackKeyStoneUrl }}' -GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}' -GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}' GLOBAL_INJECTED_MUSIC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "music") }}' GLOBAL_INJECTED_NBI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "nbi") }}' GLOBAL_INJECTED_NETWORK = '{{ .Values.openStackPrivateNetId }}' @@ -164,22 +160,32 @@ GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD] # dcae hv-ves info GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}' GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}' -# data router info - everything is from the private oam network (also called onap private network) -GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' -GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 443) }}' -GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' -GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}' -# dmaap message router info + +#DMAAP +# message router info - everything is from the private oam network (also called onap private network) +GLOBAL_MR_SERVER_PROTOCOL = "http" +GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}' +GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}' GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}' GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}' -# dmaap kafka info -GLOBAL_DMAAP_KAFKA_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router-kafka") }}' -GLOBAL_DMAAP_KAFKA_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router-kafka" "port" 9092) }}' -GLOBAL_DMAAP_KAFKA_JAAS_USERNAME = '{{ .Values.kafkaJaasUsername }}' -GLOBAL_DMAAP_KAFKA_JAAS_PASSWORD = '{{ .Values.kafkaJaasPassword }}' +# bus controller info +GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}' +GLOBAL_BC_SERVER_PROTOCOL = 'http' +GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" 8080) }}' +GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}' +GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}' +# data router info - everything is from the private oam network (also called onap private network) +GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http' +GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 8080) }}' +GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}' +GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http' +GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" 8080) }}' +GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}' + # strimzi kafka GLOBAL_KAFKA_BOOTSTRAP_SERVICE = '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092' -GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaJaasUsername }}' +GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaUsername }}' + # DROOL server port and credentials GLOBAL_DROOLS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-drools-pdp" "port" 9696) }}' GLOBAL_DROOLS_USERNAME = '{{ .Values.droolsUsername }}' @@ -207,14 +213,7 @@ GLOBAL_POMBA_CONTEXTAGGREGATOR_PORT = '{{include "robot.ingress.port" (dict "roo # microservice bus info - everything is from the private oam network (also called onap private network) GLOBAL_MSB_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "msb-iag" "port" ( ternary 443 80 (eq "true" (include "common.needTLS" . )))) }}' -# message router info - everything is from the private oam network (also called onap private network) -GLOBAL_MR_SERVER_PROTOCOL = "http" -GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}' -# bus controller info -GLOBAL_BC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' -GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}' -GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}' -GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}' + # dcae inventory and deployment handler info GLOBAL_INVENTORY_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "inventory") }}' GLOBAL_INVENTORY_SERVER_PROTOCOL = "https" diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index 87b117dc35..599234e25d 100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -57,13 +57,20 @@ config: dcae_ves_colector_https: enabled: false https: true + message_router: + enabled: false + https: false + dmaap_bc: + enabled: true + https: false + hostname: dmaapbc dmaap_dr_prov: enabled: true - https: true + https: false hostname: dmaapdrprov dmaap_dr_node: enabled: true - https: true + https: false hostname: dmaapdrnode log_es: enabled: false @@ -91,13 +98,6 @@ config: enabled: false pomba_contextaggregator: enabled: false - message_router: - enabled: false - https: true - dmaap_bc: - enabled: true - https: true - hostname: dmaapbc music: enabled: false https: true @@ -186,8 +186,6 @@ config: hostname: blueprintsprocessorhttp dcae_hv_ves_collector: enabled: false - message_router_kafka: - enabled: false inventory: enabled: false https: true @@ -350,16 +348,13 @@ vidUsername: "demo" vidPassword: "Kp8bJ4SXszM0WX" vidHealthUsername: "Default" vidHealthPassword: "AppPassword!1" + # DMAAP BC bcUsername: "dmaap-bc@dmaap-bc.onap.org" bcPassword: "demo123456!" -# DMAAP KAFKA JAAS -kafkaJaasUsername: "admin" -kafkaJaasPassword: "admin_secret" - -# STRIMZI KAFKA JAAS -strimziKafkaJaasUsername: "strimzi-kafka-admin" +# STRIMZI KAFKA +strimziKafkaUsername: "strimzi-kafka-admin" #OOF oofUsername: "oof@oof.onap.org" -- cgit 1.2.3-korg