From 9d4d923694a16dfe53adf262091eba61e4a3cb56 Mon Sep 17 00:00:00 2001 From: mpriyank Date: Thu, 13 Apr 2023 16:27:25 +0100 Subject: [CPS] Update cps-and-ncmp and dmi-plugin image - updating cps-and-ncmp docker image to 3.2.6 - updating ncmp-dmi-plugin docker image to 1.3.0 and adding JAAS config - temporarily removing the faulty link Issue-ID: CPS-1589 Change-Id: Ia57af84137b02a090191cb29c66bd6cdf85f7aeb Signed-off-by: mpriyank --- kubernetes/cps/components/cps-core/values.yaml | 2 +- .../resources/config/application-helm.yml | 5 ++++- .../ncmp-dmi-plugin/templates/deployment.yaml | 10 ++++++++++ .../ncmp-dmi-plugin/templates/kafkauser.yaml | 16 ++++++++++++++++ kubernetes/cps/components/ncmp-dmi-plugin/values.yaml | 19 ++++++++++++++++++- 5 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml (limited to 'kubernetes') diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index 7bdb79d8f9..e5c062ccf0 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -68,7 +68,7 @@ global: container: name: postgres -image: onap/cps-and-ncmp:3.2.1 +image: onap/cps-and-ncmp:3.2.6 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml index 1c15a2dbce..7d764bf589 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml @@ -49,9 +49,12 @@ logging: onap: cps: {{ .Values.logging.cps }} +{{- with (first .Values.kafkaUser.acls) }} +spring.kafka.consumer.group-id: {{ .name }} +{{- end }} spring.kafka.bootstrap-servers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 spring.kafka.security.protocol: SASL_PLAINTEXT -spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 +spring.kafka.properties.sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG} {{- if .Values.config.additional }} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml index 3d154dba64..4ff2851b0c 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml @@ -60,6 +60,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "login") | indent 12 }} - name: CPS_CORE_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "password") | indent 12 }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config volumeMounts: - mountPath: /config-input name: init-data-input @@ -90,6 +95,11 @@ spec: env: - name: SPRING_PROFILES_ACTIVE value: {{ .Values.config.spring.profile }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml new file mode 100644 index 0000000000..708e99dfe0 --- /dev/null +++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.kafkauser" . }} \ No newline at end of file diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml index 44f11f5b9c..59a64905d1 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml @@ -47,7 +47,7 @@ global: virtualhost: baseurl: "simpledemo.onap.org" -image: onap/ncmp-dmi-plugin:1.2.2 +image: onap/ncmp-dmi-plugin:1.3.0 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 @@ -177,3 +177,20 @@ updateStrategy: type: RollingUpdate maxUnavailable: 0 maxSurge: 1 + +# Strimzi KafkaUser config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: ncmp-dmi-plugin-group + type: group + operations: [Read] + - name: ncmp-dmi-cm-avc-subscription-ncmp-dmi-plugin + type: topic + operations: [Read] + - name: dmi-ncmp-cm-avc-subscription + type: topic + operations: [Write] + - name: ncmp-async-m2m + type: topic + operations: [Write] -- cgit 1.2.3-korg