Merge "Change path to daexim directory"
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
new file mode 100644
index 0000000..c860d4a
--- /dev/null
+++ b/docs/spelling_wordlist.txt
@@ -0,0 +1,451 @@
+AAF
+AAI
+adaptor
+Adaptor
+adaptors
+Adaptors
+Alcatel
+Ansible
+API
+APIs
+APPC
+ASCII
+Avro
+BPMN
+Camunda
+Cask
+Cassandra
+CCSDK
+CD
+CDAP
+Ceilometer
+CentOS
+CI
+CLI
+Cloudify
+Codec
+committer
+committers
+CommonMark
+Contrail
+CPU
+CRM
+CSCF
+CSIT
+cyber
+DBaaS
+DCAE
+DevOps
+DHCP
+Django
+DMaaP
+DNS
+DNSaaS
+DPDK
+Ebook
+elasticsearch
+Elasticsearch
+Enablement
+enum
+Enum
+env
+Env
+ENV
+ethernet
+Facebook
+failover
+fallback
+Fcaps
+Financials
+geocoder
+Gerrit
+Github
+graphSON
+guestOS
+gui
+Hadoop
+hardcoded
+hashtag
+healthcheck
+healthCheck
+Healthcheck
+HealthCheck
+healthchecks
+heatbridge
+heatclient
+HeatStack
+hostname
+hostName
+Hostname
+hostnames
+hostOS
+htm
+html
+http
+Http
+httpclient
+httpcomponents
+httpdomain
+httpHeader
+httpPort
+httpreturncode
+https
+httpStatusCode
+Huawei
+hyperlink
+Hyperlink
+hypervisor
+Hypervisor
+hypervisors
+Hypervisors
+IaaS
+indices
+Indices
+inline
+internet
+interoperable
+interoperate
+Interoperate
+interoperation
+interwork
+Interworking
+IoT
+ip
+Ip
+IP
+ipAddress
+iPAddress
+IPAddress
+ipam
+Ipam
+ipVersion
+Jacoco
+java
+javalib
+javascript
+Javascript
+jboss
+JBoss
+Jenkins
+Jira
+jpath
+json
+Json
+jsonObject
+jsonObjectInstance
+jsonObjects
+jsonschema
+jtosca
+junit
+Junit
+JUnit
+Junits
+JUnits
+keypair
+Keypair
+keypairs
+keyserver
+keyservers
+keyspace
+Keyspace
+keyspaceName
+keyspaces
+keystore
+keytool
+keyValue
+Kibana
+Kibibytes
+Kubernetes
+LF
+lifecycle
+Lifecycle
+lifecycles
+locator
+logback
+Logback
+logfiles
+Logfiles
+logoffs
+Logoffs
+logon
+Logstash
+macAddress
+MacAddress
+macOS
+Malware
+metadata
+Metadata
+microservice
+Microservice
+microservices
+Microservices
+middleware
+msb
+MSB
+multicast
+multicloud
+Multicloud
+MultiCloud
+multipart
+Mysql
+NaaS
+nameserver
+nameservers
+namespace
+Namespace
+namespaced
+namespaces
+Namespaces
+Netconf
+nfv
+NFV
+nfvi
+nfvo
+nfvparser
+Nokia
+NSD
+OAM
+Ocata
+ODL
+Onap
+ONAP
+onboard
+Onboard
+onboarded
+Onboarded
+onboarding
+Onboarding
+online
+OOF
+OOM
+OpenDaylight
+openo
+OpenO
+Opensource
+Openstack
+OpenStack
+OSS
+Pandoc
+partitionKey
+Partitionkey
+passphrase
+PCRF
+pdf
+PGaaS
+Phishing
+PKI
+placemark
+Placemark
+placemarks
+plantUML
+playbook
+Playbook
+playbooks
+Playbooks
+plugin
+Plugin
+plugins
+Plugins
+PNF
+PoC
+Postgre
+Postgres
+Postgresql
+preload
+Preload
+proactively
+programmatically
+proxyhost
+pserver
+pServer
+pservers
+QoS
+quickstart
+Quickstart
+Rackspace
+readme
+readthedocs
+Readthedocs
+Redhat
+Redis
+refactored
+Refactored
+registrator
+Registrator
+repo
+Repo
+repos
+Restconf
+reStructuredText
+reusability
+Reusability
+RMM
+roadmap
+roadmaps
+RPT
+rst
+RST
+RVMI
+schemas
+screensaver
+sdc
+Sdc
+SDC
+sdk
+SDK
+SDN
+sdnc
+Sdnc
+SDNC
+Selenium
+servlet
+Servlet
+Skynet
+SLI
+SMP
+SNMP
+SPI
+SQL
+stateful
+subclassed
+subclassing
+subdomain
+subflows
+suboperation
+suboperations
+Suboperations
+subtending
+syslog
+sysLog
+Syslog
+syslogs
+Syslogs
+tablename
+taxonomical
+TBD
+Telco
+telecom
+Telecom
+templated
+templating
+timeframe
+timeslots
+timestamp
+Timestamp
+transcoding
+UDP
+UI
+uncheck
+undeploy
+Undeploy
+undeployed
+undeploying
+Undeployment
+uninstall
+uninstallation
+uninstalled
+unitless
+Unregistration
+updatable
+uploadable
+url
+Url
+urls
+usecase
+Usecase
+userid
+username
+Username
+usernames
+validator
+Validator
+vcpu
+vcpus
+vdns
+versioned
+Versioned
+versioning
+Versioning
+vertices
+Vertices
+vf
+vF
+vfc
+vFC
+VFC
+vfcadaptor
+vfirewall
+vFirewall
+vfmodule
+vfModule
+VfModule
+vfModules
+vfstatus
+vfStatus
+virtualization
+Virtualization
+virtualize
+virtualized
+Virtualized
+virtualizes
+virtualizing
+vlan
+Vld
+vm
+Vm
+VM
+vms
+VMs
+VMware
+vnf
+vNF
+Vnf
+VNF
+vnfapi
+vnfc
+VNFFG
+vnfm
+Vnfm
+VNFM
+VNFMs
+vnfs
+vNFs
+vnfsdk
+VPN
+vrouter
+vserver
+vServer
+Vserver
+vservers
+Vservers
+vswitch
+VVP
+Vyatta
+webapp
+webapps
+Webpage
+webserver
+WebServer
+Websocket
+Websockets
+whitebox
+whiteboxes
+whitepaper
+wiki
+Wiki
+Wikis
+Wildfly
+Windriver
+Wireline
+workflow
+Workflow
+workflows
+www
+xml
+Xmx
+Yaml
+yamls
+zabbix
+Zachman
+Zookeeper
+ZTE
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12
deleted file mode 100644
index dbf4fca..0000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 9eec841..0000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties
deleted file mode 100644
index f512fb7..0000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml
deleted file mode 100644
index 0637cfb..0000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="info" />
-
-</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12
deleted file mode 100644
index dbf4fca..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 99129c1..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json
deleted file mode 100644
index acc9409..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json
+++ /dev/null
@@ -1,93 +0,0 @@
-[
- {
- "uri": "\/not\/allowed\/at\/all$",
- "permissions": [
- "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
- ]
- },
- {
- "uri": "\/one\/auth\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/multi\/auth\/required$",
- "permissions": [
- "test.auth.access.aMultipleAuth1",
- "test.auth.access.aMultipleAuth2",
- "test.auth.access.aMultipleAuth3"
- ]
- },
- {
- "uri": "\/one\/[^\/]+\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/services\/getAAFRequest$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/admin\/getAAFRequest$",
- "permissions": [
- "test.auth.access|admin|GET,PUT,POST"
- ]
- },
- {
- "uri": "\/service\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/services\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/$",
- "permissions": [
- "\\|services\\|GET",
- "test\\.auth\\.access\\|services\\|GET,PUT"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
- "permissions": [
- "test\\.auth\\.access\\|rest\\|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read",
- "test.auth.access|vservers|read"
- ]
- },
- {
- "uri": "\/backend$",
- "permissions": [
- "test\\.auth\\.access\\|services\\|GET,PUT",
- "\\|services\\|GET"
- ]
- },
- {
- "uri": "\/services\/babel-service\/.*",
- "permissions": [
- "org\\.access\\|\\*\\|\\*"
- ]
- }
-]
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties
deleted file mode 100644
index 188c55b..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties
+++ /dev/null
@@ -1,27 +0,0 @@
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-# Configure AAF
-aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties
deleted file mode 100644
index 1b58d42..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml
deleted file mode 100644
index 2cd95d4..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="info" />
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties
deleted file mode 100644
index 7055bf5..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 9516
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties
deleted file mode 100644
index 8d46e1f..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties
+++ /dev/null
@@ -1 +0,0 @@
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile
deleted file mode 100644
index 6cd12fc..0000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
-1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
-xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
-BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
-6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
-QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
-zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
-x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
-8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
-FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
-UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
-banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
-6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
-yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
-xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
-lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
-ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
-fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
-1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
-liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
-0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
-PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
-8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
-dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
--85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
-c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
-uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
index cdd2a4f..baee38c 100644
--- a/kubernetes/aai/components/aai-babel/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,46 +28,3 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index e75815e..9fe386a 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -37,19 +37,6 @@
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
-
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -127,79 +114,6 @@
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
volumes:
- name: localtime
hostPath:
@@ -226,32 +140,6 @@
emptyDir: {}
- name: aai-filebeat
emptyDir: {}
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
index 630ce83..b81ffa0 100644
--- a/kubernetes/aai/components/aai-babel/templates/secrets.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -43,48 +44,3 @@
data:
KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml
index fb72955..db54ce1 100644
--- a/kubernetes/aai/components/aai-babel/templates/service.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,27 +29,16 @@
spec:
type: {{ .Values.service.type }}
ports:
- {{ if .Values.global.installSidecarSecurity }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.global.rproxy.port }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ else }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ end }}
+ {{- if eq .Values.service.type "NodePort" }}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else }}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end }}
+
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index f0a5ec2..db1a2eb 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -1,6 +1,6 @@
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020, 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,8 +17,7 @@
#################################################################
# Global configuration defaults.
#################################################################
-global:
- installSidecarSecurity: false
+global: {}
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12
deleted file mode 100644
index d9fe86e..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore
deleted file mode 100644
index f6ebc75..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 9eec841..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties
deleted file mode 100644
index f512fb7..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml
deleted file mode 100644
index 9a08348..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="info" />
-
-</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12
deleted file mode 100644
index 071d407..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
deleted file mode 100644
index 023e2ea..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 6ad5f51..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json
deleted file mode 100644
index e23c03d..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json
+++ /dev/null
@@ -1,99 +0,0 @@
-[
- {
- "uri": "\/not\/allowed\/at\/all$",
- "permissions": [
- "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
- ]
- },
- {
- "uri": "\/one\/auth\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/multi\/auth\/required$",
- "permissions": [
- "test.auth.access.aMultipleAuth1",
- "test.auth.access.aMultipleAuth2",
- "test.auth.access.aMultipleAuth3"
- ]
- },
- {
- "uri": "\/one\/[^\/]+\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/services\/getAAFRequest$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/admin\/getAAFRequest$",
- "permissions": [
- "test.auth.access|admin|GET,PUT,POST"
- ]
- },
- {
- "uri": "\/service\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/services\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/$",
- "permissions": [
- "\\|services\\|GET",
- "test\\.auth\\.access\\|services\\|GET,PUT"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
- "permissions": [
- "test\\.auth\\.access\\|rest\\|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read",
- "test.auth.access|vservers|read"
- ]
- },
- {
- "uri": "\/backend$",
- "permissions": [
- "test\\.auth\\.access\\|services\\|GET,PUT",
- "\\|services\\|GET"
- ]
- },
- {
- "uri": "\/aai\/.*",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- },
- {
- "uri": "\/aai\/util\/echo",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- }
-]
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties
deleted file mode 100644
index fb3d1cc..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties
+++ /dev/null
@@ -1,41 +0,0 @@
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
-cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
-cadi_alias=aai@aai.onap.org
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties
deleted file mode 100644
index 1b58d42..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml
deleted file mode 100644
index 799fd86..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="info" />
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties
deleted file mode 100644
index 2c89d28..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 8447
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties
deleted file mode 100644
index 8d46e1f..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties
+++ /dev/null
@@ -1 +0,0 @@
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile
deleted file mode 100644
index 3416d4a..0000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
-jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
-4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
-moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
-GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
-74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
-iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
-p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
-3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
-hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
-RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
-xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
-8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
-ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
-5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
-GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
-_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
-zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
-S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
-LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
-hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
-nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
-bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
-JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
-Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
-J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
-mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
index 2927031..f173916 100644
--- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -49,113 +50,3 @@
{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-keys
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-aai-policy-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
-{{ end }}
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 765ccdf..6fbbf1c 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -72,13 +72,6 @@
{{- end }}
spec:
hostname: aai-resources
- {{- if .Values.global.initContainers.enabled }}
- {{- if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
- {{- end }}
initContainers:
- command:
{{- if .Values.global.jobs.migration.enabled }}
@@ -86,23 +79,24 @@
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-migration
- {{- else if .Values.global.jobs.createSchema.enabled }}
+ {{- else }}
+ {{- if .Values.global.jobs.createSchema.enabled }}
- /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-create-db-schema
- {{- else }}
+ {{- else }}
- /app/ready.py
args:
- --container-name
- {{- if .Values.global.cassandra.localCluster }}
+ {{- if .Values.global.cassandra.localCluster }}
- aai-cassandra
- {{- else }}
+ {{- else }}
- cassandra
- {{- end }}
+ {{- end }}
- --container-name
- aai-schema-service
- {{- end }}
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
@@ -112,14 +106,7 @@
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
{{- end }}
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -155,11 +142,6 @@
- mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-config
subPath: realm.properties
- {{- if .Values.global.installSidecarSecurity }}
- - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
- name: {{ include "common.fullname" . }}-aai-policy
- subPath: aai_policy.json
- {{- end }}
- mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.keyfile
@@ -233,84 +215,6 @@
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.sidecar.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
- subPath: org.onap.aai.p12
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.sidecar.keyStorePassword }}
- - name: TRUST_STORE_PASSWORD
- value: {{ .Values.sidecar.trustStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
- subPath: fproxy_truststore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{- end }}
volumes:
- name: aai-common-aai-auth-mount
secret:
@@ -342,35 +246,6 @@
- key: {{ . }}
path: {{ . }}
{{- end }}
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-aai-policy
- configMap:
- name: {{ include "common.fullname" . }}-aai-policy-configmap
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{- end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/clamp/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml
similarity index 69%
rename from kubernetes/clamp/templates/configmap.yaml
rename to kubernetes/aai/components/aai-resources/templates/secret.yaml
index 1a5b0ce..d241490 100644
--- a/kubernetes/clamp/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/secret.yaml
@@ -1,6 +1,5 @@
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,16 +15,17 @@
*/}}
apiVersion: v1
-kind: ConfigMap
+kind: Secret
metadata:
- name: {{ include "common.fullname" . }}
+ name: {{ include "common.fullname" . }}-aaf-keys
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+type: Opaque
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{ include "common.log.configMap" . }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
index 66dfd49..460e0d5 100644
--- a/kubernetes/aai/components/aai-resources/templates/service.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -27,7 +27,7 @@
spec:
type: {{ .Values.service.type }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
+ {{ if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
@@ -39,7 +39,7 @@
name: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 620b4d7..5210a24 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -24,9 +24,6 @@
#Override it to aai-cassandra if localCluster is enabled.
serviceName: cassandra
- rproxy:
- name: reverse-proxy
-
initContainers:
enabled: true
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties
deleted file mode 100644
index f512fb7..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml
deleted file mode 100644
index edac199..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="debug">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </logger>
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json
deleted file mode 100644
index 595d484..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
- {
- "uri": "\/services\/search-data-service\/.*",
- "method": "GET|PUT|POST|DELETE",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- }
-
-
-]
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties
deleted file mode 100644
index fb3d1cc..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties
+++ /dev/null
@@ -1,41 +0,0 @@
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
-cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
-cadi_alias=aai@aai.onap.org
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties
deleted file mode 100644
index 55a9b48..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml
deleted file mode 100644
index 289fe75..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="debug">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </logger>
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties
deleted file mode 100644
index 5fddcb2..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 9509
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt
deleted file mode 100644
index 79cf29e..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties
deleted file mode 100644
index 8d46e1f..0000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties
+++ /dev/null
@@ -1 +0,0 @@
-transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
index 28cf730..0d76239 100644
--- a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -39,47 +40,3 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
-{{ end }}
-
diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
index eb4aefe..eaa9087 100644
--- a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,14 +38,6 @@
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -126,85 +118,6 @@
name: {{ include "common.fullname" . }}-service-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-service-filebeat
-
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
- subPath: org.onap.aai.p12
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: TRUST_STORE_PASSWORD
- value: {{ .Values.config.trustStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
- subPath: fproxy_truststore
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
volumes:
- name: localtime
hostPath:
@@ -228,35 +141,6 @@
- name: {{ include "common.fullname" . }}-service-log-conf
configMap:
name: {{ include "common.fullname" . }}-service-log
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- secret:
- secretName: aai-rproxy-auth-certs
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: aai-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- secret:
- secretName: aai-fproxy-auth-certs
- {{ end }}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml
index eacae25..3135df6 100644
--- a/kubernetes/aai/components/aai-search-data/templates/secret.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -40,16 +41,3 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
-{{ end }}
-
diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml
index 940222c..e031410 100644
--- a/kubernetes/aai/components/aai-search-data/templates/service.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,28 +28,14 @@
spec:
type: {{ .Values.service.type }}
ports:
-{{ if .Values.global.installSidecarSecurity }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ else }}
-
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
-{{ end }}
+ {{- if eq .Values.service.type "NodePort" }}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else }}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml
index ae61dd7..4bd535a 100644
--- a/kubernetes/aai/components/aai-search-data/values.yaml
+++ b/kubernetes/aai/components/aai-search-data/values.yaml
@@ -55,7 +55,7 @@
service:
type: ClusterIP
portName: aai-search-data
- internalPort: 9509
+ internalPort: "9509"
ingress:
enabled: false
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 08a1fb8..516dcc4 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -1,6 +1,7 @@
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,30 +31,8 @@
restartPolicy: Always
- installSidecarSecurity: false
aafEnabled: true
-
- fproxy:
- name: forward-proxy
- activeSpringProfiles: noHostVerification,cadi
- image: onap/fproxy:2.1.13
- port: 10680
-
- rproxy:
- name: reverse-proxy
- activeSpringProfiles: noHostVerification,cadi
- image: onap/rproxy:2.1.13
- port: 10692
-
- tproxyConfig:
- name: init-tproxy-config
- image: onap/tproxy-config:2.1.13
-
- # AAF server details. Only needed if the AAF DNS does not resolve from the pod
- aaf:
- serverIp: 10.12.6.214
- serverHostname: aaf.osaaf.org
- serverPort: 30247
+ msbEnabled: true
cassandra:
#This will instantiate AAI cassandra cluster, default:shared cassandra.
diff --git a/kubernetes/clamp/.helmignore b/kubernetes/clamp/.helmignore
deleted file mode 100644
index 68ffb32..0000000
--- a/kubernetes/clamp/.helmignore
+++ /dev/null
@@ -1 +0,0 @@
-components/
diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile
deleted file mode 100644
index 89b2f46..0000000
--- a/kubernetes/clamp/Makefile
+++ /dev/null
@@ -1,56 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
-ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
-else
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
-endif
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */requirements.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
diff --git a/kubernetes/clamp/components/Makefile b/kubernetes/clamp/components/Makefile
deleted file mode 100644
index bf267b7..0000000
--- a/kubernetes/clamp/components/Makefile
+++ /dev/null
@@ -1,51 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */requirements.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
diff --git a/kubernetes/clamp/components/clamp-backend/Chart.yaml b/kubernetes/clamp/components/clamp-backend/Chart.yaml
deleted file mode 100644
index c9aa635..0000000
--- a/kubernetes/clamp/components/clamp-backend/Chart.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Clamp
-name: clamp-backend
-version: 7.0.0
diff --git a/kubernetes/clamp/components/clamp-dash-es/Chart.yaml b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml
deleted file mode 100644
index c2b8ccb..0000000
--- a/kubernetes/clamp/components/clamp-dash-es/Chart.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Clamp Dashboard Elasticsearch
-name: clamp-dash-es
-version: 7.0.0
diff --git a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
deleted file mode 100644
index 22b92c4..0000000
--- a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~7.x-0
- repository: '@local'
- - name: certInitializer
- version: ~7.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~7.x-0
- repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
deleted file mode 100644
index 9e04d5a..0000000
--- a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
+++ /dev/null
@@ -1,138 +0,0 @@
----
-# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ======================== Elasticsearch Configuration =========================
-#
-# NOTE: Elasticsearch comes with reasonable defaults for most settings.
-# Before you set out to tweak and tune the configuration, make sure you
-# understand what are you trying to accomplish and the consequences.
-#
-# The primary way of configuring a node is via this file. This template lists
-# the most important settings you may want to configure for a production cluster.
-#
-# Please consult the documentation for further information on configuration options:
-# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
-#
-# ---------------------------------- Cluster -----------------------------------
-#
-# Name of the Elasticsearch cluster.
-# A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster.
-# The default name is elasticsearch, but you should change it to an appropriate name which describes the
-# purpose of the cluster.
-#
-## Default Elasticsearch configuration from elasticsearch-docker.
-## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
-#
-
-cluster.name: "clamp-dashboard"
-node.name: "cldash-es-node1"
-# ---------------------------------- Network -----------------------------------
-#
-# Set the bind address to a specific IP (IPv4 or IPv6):
-# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
-# non-loopback address.
-network.host: 0.0.0.0
-#
-# Set a custom port for HTTP: If required, default is 9200-9300
-#
-#http.port: $http.port
-#
-# For more information, consult the network module documentation.
-# ----------------------------------- Paths ------------------------------------
-#
-# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
-# In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure
-# may change & can deal to data loss.
-path.data: /usr/share/elasticsearch/data
-#
-# Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs",
-# as on upgrading Elasticsearch, directory structure may change.
-path.logs: /usr/share/elasticsearch/logs
-#
-# ----------------------------------- Memory -----------------------------------
-#
-# It is vitally important to the health of your node that none of the JVM is ever swapped out to disk.
-# Lock the memory on startup.
-#
-bootstrap.memory_lock: false
-#
-# Make sure that the heap size is set to about half the memory available
-# on the system and that the owner of the process is allowed to use this
-# limit.
-#
-# Elasticsearch performs poorly when the system is swapping the memory.
-#
-# --------------------------------- Discovery ----------------------------------
-#
-# Pass an initial list of hosts to perform discovery when new node is started
-# To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster
-# that are likely to be live and contactable.
-# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
-# to connect to other nodes running on the same server.
-# # minimum_master_nodes need to be explicitly set when bound on a public IP
-# # set to 1 to allow single node clusters
-# # Details: https://github.com/elastic/elasticsearch/pull/17288
-discovery.zen.minimum_master_nodes: 1
-discovery.seed_hosts: []
-# # Breaking change in 7.0
-# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
-cluster.initial_master_nodes:
- - cldash-es-node1
-# - docker-test-node-1
-# ---------------------------------- Various -----------------------------------
-#
-# Require explicit names when deleting indices:
-#
-#action.destructive_requires_name: true
-# Set a custom port for HTTP: If required, default is 9200-9300
-# This is used for REST APIs
-http.port: {{.Values.service.externalPort}}
-# Port to bind for communication between nodes. Accepts a single value or a range.
-# If a range is specified, the node will bind to the first available port in the range.
-# Defaults to 9300-9400.
-# More info:
-transport.tcp.port: {{.Values.service.externalPort2}}
-
-######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
-# WARNING: revise all the lines below before you go into production
-{{- if .Values.global.aafEnabled }}
-opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
-opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
-opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
-opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
-opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
-opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
-{{- else }}
-opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
-opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
-opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.http.pemcert_filepath: esnode.pem
-opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
-opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
-{{- end }}
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
-
-opendistro_security.allow_unsafe_democertificates: true
-opendistro_security.allow_default_init_securityindex: true
-opendistro_security.authcz.admin_dn:
- - CN=kirk,OU=client,O=client,L=test, C=de
-
-opendistro_security.audit.type: internal_elasticsearch
-opendistro_security.enable_snapshot_restore_privilege: true
-opendistro_security.check_snapshot_restore_write_privileges: true
-opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
-cluster.routing.allocation.disk.threshold_enabled: false
-node.max_local_storage_nodes: 3
-######## End OpenDistro for Elasticsearch Security Demo Configuration ########
diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
deleted file mode 100644
index d7aa77c..0000000
--- a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
+++ /dev/null
@@ -1,138 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /bin/sh
- - -c
- - |
- sysctl -w vm.max_map_count=262144
- mkdir -p /usr/share/elasticsearch/logs
- mkdir -p /usr/share/elasticsearch/data
- chmod -R 777 /usr/share/elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- securityContext:
- privileged: true
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: init-sysctl
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/elasticsearch/logs/
- - name: {{ include "common.fullname" . }}-data
- mountPath: /usr/share/elasticsearch/data/
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }}
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }}
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }}
- /usr/local/bin/docker-entrypoint.sh
- {{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ include "common.servicename" . }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ include "common.servicename" . }}2
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- env:
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
- name: {{ include "common.fullname" . }}-config
- subPath: elasticsearch.yml
- - mountPath: /usr/share/elasticsearch/data/
- name: {{ include "common.fullname" . }}-data
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: elasticsearch.yml
- path: elasticsearch.yml
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-logs
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPathLogs }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml
deleted file mode 100644
index 3669621..0000000
--- a/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml
deleted file mode 100644
index 6ae4eea..0000000
--- a/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml
deleted file mode 100644
index 9c182ed..0000000
--- a/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.config.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.config.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-tcp
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.config.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.config.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/clamp/components/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml
deleted file mode 100644
index 1e2ae47..0000000
--- a/kubernetes/clamp/components/clamp-dash-es/values.yaml
+++ /dev/null
@@ -1,163 +0,0 @@
-# Copyright © 2020 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "org.onap.clamp.crt.key"
- clamp_pem: "org.onap.clamp.key.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
- nameOverride: clamp-es-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
- export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/clamp-dashboard-elasticsearch:5.0.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 30
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 180
- periodSeconds: 30
- timeoutSeconds: 5
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 4Gi
- mountPath: /dockerdata-nfs
- mountSubPath: clamp/dashboard-elasticsearch/data
- mountSubPathLogs: clamp
-
-security:
- ssl:
- enabled: true
-
-service:
- type: ClusterIP
- name: cdash-es
- portName: cdash-es-rest
- externalPort: 9200
- internalPort: 9200
- type2: ClusterIP
- portName2: cdash-es-tcp
- externalPort2: 9300
- internalPort2: 9300
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 2.5Gi
- large:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 2.5Gi
- unlimited: {}
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml
deleted file mode 100644
index f5c146a..0000000
--- a/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Clamp Dashboard Kibana
-name: clamp-dash-kibana
-version: 7.0.0
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
deleted file mode 100644
index 22b92c4..0000000
--- a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~7.x-0
- repository: '@local'
- - name: certInitializer
- version: ~7.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~7.x-0
- repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
deleted file mode 100644
index b7a8fbf..0000000
--- a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-{{/*
-# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.# Default Kibana configuration from kibana-docker.
-*/}}
-
-server.name: "Clamp CL Dashboard"
-server.host: "0"
-# Kibana is served by a back end server. This setting specifies the port to use.
-server.port: {{.Values.service.externalPort}}
-
-server.ssl.enabled: {{.Values.config.sslEnabled}}
-{{- if .Values.global.aafEnabled }}
-server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }}
-server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }}
-{{ else }}
-server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
-server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-{{- end }}
-# The URL of the Elasticsearch instance to use for all your queries.
-elasticsearch.hosts: ${elasticsearch_base_url}
-
-elasticsearch.ssl.verificationMode: none
-elasticsearch.username: {{.Values.config.elasticUSR}}
-elasticsearch.password: {{.Values.config.elasticPWD}}
-
-elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-
-opendistro_security.multitenancy.enabled: true
-opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
-opendistro_security.readonly_mode.roles: ["kibana_read_only"]
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml
deleted file mode 100644
index 48d8547..0000000
--- a/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-pem-keys
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
deleted file mode 100644
index 8cb95cd..0000000
--- a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
+++ /dev/null
@@ -1,107 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - clamp-dash-es
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ include "common.servicename" . }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- env:
- - name: elasticsearch_base_url
- value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/kibana/config/kibana.yml
- name: {{ include "common.fullname" . }}
- subPath: kibana.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: kibana.yml
- path: kibana.yml
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml
deleted file mode 100644
index f1b6cf5..0000000
--- a/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.config.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.config.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
deleted file mode 100644
index 9b5f1fc..0000000
--- a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
+++ /dev/null
@@ -1,152 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "org.onap.clamp.crt.key"
- clamp_pem: "org.onap.clamp.key.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
- nameOverride: clamp-kibana-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
- export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/clamp-dashboard-kibana:5.0.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-#the 'sslEnabled flag' here below is for the kibana UI connection (web browser connection to kibana)
-config:
- elasticsearchServiceName: cdash-es
- elasticsearchPort: 9200
- elasticUSR: kibanaserver
- elasticPWD: kibanaserver
- sslEnabled: true
- sslPemCertFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.crt.pem
- sslPemkeyFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.key.pem
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 360
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 360
- periodSeconds: 30
-
-#internal ssl security scheme for elasticsearch connection mainly
-security:
- ssl:
- enabled: true
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: cdash-kibana
- portName: cdash-kibana-http
- externalPort: 5601
- internalPort: 5601
- nodePort: 90
-ingress:
- enabled: false
- service:
- - baseaddr: "cdash-kibana"
- name: "cdash-kibana"
- port: 5601
- config:
- ssl: "redirect"
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 750Mi
- large:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 750Mi
- unlimited: {}
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml
deleted file mode 100644
index 686898e..0000000
--- a/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Clamp Dashboard Logstash
-name: clamp-dash-logstash
-version: 7.0.0
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
deleted file mode 100644
index 22b92c4..0000000
--- a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~7.x-0
- repository: '@local'
- - name: certInitializer
- version: ~7.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~7.x-0
- repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml
deleted file mode 100644
index 1e06e34..0000000
--- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-{{/*
-# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-http.host: "0.0.0.0"
-## Path where pipeline configurations reside
-path.config: /usr/share/logstash/pipeline
-
-## Type of queue : memeory based or file based
-#queue.type: persisted
-## Size of queue
-#queue.max_bytes: 1024mb
-## Setting true makes logstash check periodically for change in pipeline configurations
-config.reload.automatic: true
-
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
deleted file mode 100644
index b978e76..0000000
--- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
+++ /dev/null
@@ -1,277 +0,0 @@
-{{/*
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-input {
- http_poller {
- urls => {
- event_queue => {
- method => get
- url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
- headers => {
- Accept => "application/json"
- }
- topic => "${event_topic}"
- tags => [ "dmaap_source" ]
- }
- notification_queue => {
- method => get
- url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
- headers => {
- Accept => "application/json"
- }
- topic => "${notification_topic}"
- tags => [ "dmaap_source" ]
- }
- request_queue => {
- method => get
- url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000"
- headers => {
- Accept => "application/json"
- }
- topic => "${request_topic}"
- tags => [ "dmaap_source" ]
- }
- }
- socket_timeout => 30
- request_timeout => 30
- schedule => { "every" => "1m" }
- codec => "plain"
-{{- if .Values.global.aafEnabled }}
- cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
-{{- else }}
- cacert => "/certs.d/aafca.pem"
-{{- end }}
- }
-}
-
-
-filter {
- # avoid noise if no entry in the list
- if [message] == "[]" {
- drop { }
- }
-
- if [http_request_failure] or [@metadata][code] != 200 {
- mutate {
- add_tag => [ "error" ]
- }
- }
-
- if "dmaap_source" in [@metadata][request][tags] {
- #
- # Dmaap provides a json list, whose items are Strings containing the event
- # provided to Dmaap, which itself is an escaped json.
- #
- # We first need to parse the json as we have to use the plaintext as it cannot
- # work with list of events, then split that list into multiple string events,
- # that we then transform into json.
- #
- json {
- source => "[message]"
- target => "message"
- }
-
- split {
- field => "message"
- }
- json {
- source => "message"
- }
- mutate {
- remove_field => [ "message" ]
- }
- }
-
- #
- # Some timestamps are expressed as milliseconds, some are in microseconds
- #
- if [closedLoopAlarmStart] {
- ruby {
- code => "
- if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999
- event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000)
- else
- event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10))
- end
- "
- }
- date {
- match => [ "closedLoopAlarmStart", UNIX_MS ]
- target => "closedLoopAlarmStart"
- }
- }
-
- if [closedLoopAlarmEnd] {
- ruby {
- code => "
- if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999
- event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000)
- else
- event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10))
- end
- "
- }
- date {
- match => [ "closedLoopAlarmEnd", UNIX_MS ]
- target => "closedLoopAlarmEnd"
- }
-
- }
-
-
- #
- # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which
- # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss"
- #
- if [notificationTime] {
- mutate {
- gsub => [
- "notificationTime", " ", "T"
- ]
- }
- date {
- match => [ "notificationTime", ISO8601 ]
- target => "notificationTime"
- }
- }
-
-
- #
- # Renaming some fields for readability
- #
- if [AAI][generic-vnf.vnf-name] {
- mutate {
- add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" }
- }
- }
- if [AAI][generic-vnf.vnf-type] {
- mutate {
- add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" }
- }
- }
- if [AAI][vserver.vserver-name] {
- mutate {
- add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" }
- }
- }
- if [AAI][complex.city] {
- mutate {
- add_field => { "locationCity" => "%{[AAI][complex.city]}" }
- }
- }
- if [AAI][complex.state] {
- mutate {
- add_field => { "locationState" => "%{[AAI][complex.state]}" }
- }
- }
-
-
- #
- # Adding some flags to ease aggregation
- #
- if [closedLoopEventStatus] =~ /(?i)ABATED/ {
- mutate {
- add_field => { "flagAbated" => "1" }
- }
- }
- if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ {
- mutate {
- add_field => { "flagFinalFailure" => "1" }
- }
- }
-
-
- if "error" not in [@metadata][request][tags]{
- #
- # Creating data for a secondary index
- #
- clone {
- clones => [ "event-cl-aggs" ]
- add_tag => [ "event-cl-aggs" ]
- }
-
- if "event-cl-aggs" in [@metadata][request][tags]{
- #
- # we only need a few fields for aggregations; remove all fields from clone except :
- # vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure
- #
- prune {
- whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"]
- }
-
- }
- }
-}
-
-
-output {
- stdout {
- codec => rubydebug
- }
-
- if "error" in [tags] {
- elasticsearch {
- ilm_enabled => false
- codec => "json"
-{{- if .Values.global.aafEnabled }}
- cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
-{{- else }}
- cacert => "/clamp-cert/ca-certs.pem"
-{{- end }}
- ssl_certificate_verification => false
- hosts => ["${elasticsearch_base_url}"]
- user => ["${logstash_user}"]
- password => ["${logstash_pwd}"]
- index => "errors-%{+YYYY.MM.DD}"
- doc_as_upsert => true
- }
-
- } else if "event-cl-aggs" in [tags] {
- elasticsearch {
- ilm_enabled => false
- codec => "json"
- hosts => ["${elasticsearch_base_url}"]
-{{- if .Values.global.aafEnabled }}
- cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
-{{- else }}
- cacert => "/clamp-cert/ca-certs.pem"
-{{- end }}
- ssl_certificate_verification => false
- user => ["${logstash_user}"]
- password => ["${logstash_pwd}"]
- document_id => "%{requestID}"
- index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop
- doc_as_upsert => true
- action => "update"
- }
-
- } else {
- elasticsearch {
- ilm_enabled => false
- codec => "json"
- hosts => ["${elasticsearch_base_url}"]
-{{- if .Values.global.aafEnabled }}
- cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
-{{- else }}
- cacert => "/clamp-cert/ca-certs.pem"
-{{- end }}
- ssl_certificate_verification => false
- user => ["${logstash_user}"]
- password => ["${logstash_pwd}"]
- index => "events-%{+YYYY.MM.DD}" # creates daily indexes
- doc_as_upsert => true
- }
- }
-}
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml
deleted file mode 100644
index 3e98246..0000000
--- a/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
deleted file mode 100644
index f098338..0000000
--- a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
+++ /dev/null
@@ -1,130 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - clamp-dash-es
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: dmaap_consumer_group
- value: "{{ .Values.config.dmaapConsumerGroup }}"
- - name: dmaap_consumer_id
- value: "{{ .Values.config.dmaapConsumerId }}"
- - name: event_topic
- value: "{{ .Values.config.eventTopic }}"
- - name: notification_topic
- value: "{{ .Values.config.notificationTopic }}"
- - name: request_topic
- value: "{{ .Values.config.requestTopic }}"
- - name: dmaap_base_url
- value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
- - name: logstash_user
- value: "{{ .Values.config.logstash_user }}"
- - name: logstash_pwd
- value: "{{ .Values.config.logstash_pwd }}"
- - name: elasticsearch_base_url
- value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ include "common.servicename" . }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/logstash/config/logstash.yml
- name: {{ include "common.fullname" . }}
- subPath: logstash.yml
- - mountPath: /usr/share/logstash/pipeline/logstash.conf
- name: {{ include "common.fullname" . }}
- subPath: pipeline.conf
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logstash.yml
- path: logstash.yml
- - key: pipeline.conf
- path: pipeline.conf
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml
deleted file mode 100644
index f1b6cf5..0000000
--- a/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.config.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.config.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
deleted file mode 100644
index 9aab3af..0000000
--- a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
+++ /dev/null
@@ -1,152 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "org.onap.clamp.crt.key"
- clamp_pem: "org.onap.clamp.key.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
- nameOverride: clamp-logstash-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
- export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# application image
-image: onap/clamp-dashboard-logstash:5.0.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- elasticsearchServiceName: cdash-es
- elasticsearchPort: 9200
- dmaapHost: message-router
- dmaapSchemeSSL: https
- dmaapSchemeNoSSL: http
- dmaapPort: 3905
- dmaapConsumerGroup: "clampdashboard"
- dmaapConsumerId: "clampdashboard"
- eventTopic: "DCAE-CL-EVENT"
- notificationTopic: "POLICY-CL-MGT"
- requestTopic: "APPC-CL"
- logstash_user: "logstash"
- logstash_pwd: "logstash"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 900
- periodSeconds: 20
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 900
- periodSeconds: 20
- timeoutSeconds: 5
-
-security:
- ssl:
- enabled: true
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: ClusterIP
- name: cdash-ls
- portName: cdash-ls-healthcheck
- externalPort: 9600
- internalPort: 9600
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 1.3Gi
- requests:
- cpu: 10m
- memory: 750Mi
- large:
- limits:
- cpu: 1
- memory: 1.3Gi
- requests:
- cpu: 10m
- memory: 750Mi
- unlimited: {}
diff --git a/kubernetes/clamp/components/clamp-mariadb/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt
deleted file mode 100644
index 1103aff..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/NOTES.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/clamp/components/clamp-mariadb/requirements.yaml b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml
deleted file mode 100644
index d62ef09..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/requirements.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~7.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~7.x-0
- repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh
deleted file mode 100755
index 71f32e2..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh
+++ /dev/null
@@ -1,198 +0,0 @@
-#!/bin/bash
-set -eo pipefail
-shopt -s nullglob
-
-# if command starts with an option, prepend mysqld
-if [ "${1:0:1}" = '-' ]; then
- set -- mysqld "$@"
-fi
-
-# skip setup if they want an option that stops mysqld
-wantHelp=
-for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- wantHelp=1
- break
- ;;
- esac
-done
-
-prepare_password()
-{
- echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
-}
-
-# usage: file_env VAR [DEFAULT]
-# ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
- exit 1
- fi
- local val="$def"
- if [ "${!var:-}" ]; then
- val="${!var}"
- elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
- fi
- val=`prepare_password $val`
- export "$var"="$val"
- unset "$fileVar"
-}
-
-_check_config() {
- toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
- if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- cat >&2 <<-EOM
-
- ERROR: mysqld failed while attempting to check config
- command was: "${toRun[*]}"
-
- $errors
- EOM
- exit 1
- fi
-}
-
-# Fetch value from server config
-# We use mysqld --verbose --help instead of my_print_defaults because the
-# latter only show values present in config files, and not server defaults
-_get_config() {
- local conf="$1"; shift
- "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
- | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
- # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
-}
-
-# allow the container to be started with `--user`
-if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
- _check_config "$@"
- DATADIR="$(_get_config 'datadir' "$@")"
- mkdir -p "$DATADIR"
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- exec gosu mysql "$BASH_SOURCE" "$@"
-fi
-
-if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
- # still need to check config, container may have started with --user
- _check_config "$@"
- # Get config
- DATADIR="$(_get_config 'datadir' "$@")"
-
- if [ ! -d "$DATADIR/mysql" ]; then
- file_env 'MYSQL_ROOT_PASSWORD'
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- echo >&2 'error: database is uninitialized and password option is not specified '
- echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
- exit 1
- fi
-
- mkdir -p "$DATADIR"
-
- echo 'Initializing database'
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db --datadir="$DATADIR" --rpm "${@:2}"
- echo 'Database initialized'
-
- SOCKET="$(_get_config 'socket' "$@")"
- "$@" --skip-networking --socket="${SOCKET}" &
- pid="$!"
-
- mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
-
- for i in {30..0}; do
- if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
- break
- fi
- echo 'MySQL init process in progress...'
- sleep 1
- done
- if [ "$i" = 0 ]; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
-
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
- fi
-
- if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
-
- rootCreate=
- # default root to listen for connections from anywhere
- file_env 'MYSQL_ROOT_HOST' '%'
- if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
- EOSQL
- fi
-
- "${mysql[@]}" <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
-
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
- FLUSH PRIVILEGES ;
- EOSQL
-
- if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
- mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
- fi
-
- file_env 'MYSQL_DATABASE'
- if [ "$MYSQL_DATABASE" ]; then
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
- mysql+=( "$MYSQL_DATABASE" )
- fi
-
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
-
- if [ "$MYSQL_DATABASE" ]; then
- echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- fi
- fi
-
- echo
- for f in /docker-entrypoint-initdb.d/*; do
- case "$f" in
- *.sh) echo "$0: running $f"; . "$f" ;;
- *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
- *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
- *) echo "$0: ignoring $f" ;;
- esac
- echo
- done
-
- if ! kill -s TERM "$pid" || ! wait "$pid"; then
- echo >&2 'MySQL init process failed.'
- exit 1
- fi
-
- echo
- echo 'MySQL init process done. Ready for start up.'
- echo
- fi
-fi
-
-exec "$@"
diff --git a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf
deleted file mode 100644
index 8b5dc2a..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf
+++ /dev/null
@@ -1,209 +0,0 @@
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# Example MySQL config file for medium systems.
-#
-# This is for a system with memory 8G where MySQL plays
-# an important part, or systems up to 128M where MySQL is used together with
-# other programs (such as a web server)
-#
-# In this file, you can use all long options that a program supports.
-# If you want to know which options a program supports, run the program
-# with the "--help" option.
-*/}}
-
-# The following options will be passed to all MySQL clients
-##[client]
-##user = root
-##port = 3306
-##socket = //opt/app/mysql/mysql.sock
-
-# Here follows entries for some specific programs
-
-# The MySQL server
-[mysqld]
-##performance_schema
-
-slow_query_log =ON
-long_query_time =2
-slow_query_log_file =//var/lib/mysql/slow_query.log
-##basedir = //opt/app/mysql/product/mariadb-10.1.11-linux-x86_64
-##datadir = //opt/app/mysql/data
-##port = 3306
-##socket = //opt/app/mysql/mysql.sock
-skip-external-locking
-explicit_defaults_for_timestamp = true
-skip-symbolic-links
-local-infile = 0
-#ignore_db_dir=lost+found
-key_buffer_size = 16M
-max_allowed_packet = 4M
-table_open_cache = 100
-sort_buffer_size = 512K
-net_buffer_length = 8K
-read_buffer_size = 256K
-read_rnd_buffer_size = 512K
-myisam_sort_buffer_size = 8M
-max_connections = 500
-lower_case_table_names = 1
-thread_stack = 256K
-thread_cache_size = 25
-query_cache_size = 8M
-query_cache_type = 0
-query_prealloc_size = 512K
-query_cache_limit = 1M
-
-# Password validation
-##plugin-load-add=simple_password_check.so
-##simple_password_check_other_characters=0
-
-# Audit Log settings
-plugin-load-add=server_audit.so
-server_audit=FORCE_PLUS_PERMANENT
-server_audit_file_path=//var/lib/mysql/audit.log
-server_audit_file_rotate_size=50M
-server_audit_events=CONNECT,QUERY,TABLE
-server_audit_logging=on
-
-# Don't listen on a TCP/IP port at all. This can be a security enhancement,
-# if all processes that need to connect to mysqld run on the same host.
-# All interaction with mysqld must be made via Unix sockets or named pipes.
-# Note that using this option without enabling named pipes on Windows
-# (via the "enable-named-pipe" option) will render mysqld useless!
-#
-#skip-networking
-
-# Replication Master Server (default)
-# binary logging is required for replication
-##log-bin=//var/lib/mysql/mysql-bin
-
-# binary logging format - mixed recommended
-binlog_format=row
-
-# required unique id between 1 and 2^32 - 1
-# defaults to 1 if master-host is not set
-# but will not function as a master if omitted
-
-# Replication Slave (comment out master section to use this)
-#
-# To configure this host as a replication slave, you can choose between
-# two methods :
-#
-# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
-# the syntax is:
-#
-# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
-# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
-#
-# where you replace <host>, <user>, <password> by quoted strings and
-# <port> by the master's port number (3306 by default).
-#
-# Example:
-#
-# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
-# MASTER_USER='joe', MASTER_PASSWORD='secret';
-#
-# OR
-#
-# 2) Set the variables below. However, in case you choose this method, then
-# start replication for the first time (even unsuccessfully, for example
-# if you mistyped the password in master-password and the slave fails to
-# connect), the slave will create a master.info file, and any later
-# change in this file to the variables' values below will be ignored and
-# overridden by the content of the master.info file, unless you shutdown
-# the slave server, delete master.info and restart the slaver server.
-# For that reason, you may want to leave the lines below untouched
-# (commented) and instead use CHANGE MASTER TO (see above)
-#
-# required unique id between 2 and 2^32 - 1
-# (and different from the master)
-# defaults to 2 if master-host is set
-# but will not function as a slave if omitted
-#server-id = 2
-#
-# The replication master for this slave - required
-#master-host = <hostname>
-#
-# The username the slave will use for authentication when connecting
-# to the master - required
-#master-user = <username>
-#
-# The password the slave will authenticate with when connecting to
-# the master - required
-#master-password = <password>
-#
-# The port the master is listening on.
-# optional - defaults to 3306
-#master-port = <port>
-#
-# binary logging - not required for slaves, but recommended
-#log-bin=mysql-bin
-
-# Uncomment the following if you are using InnoDB tables
-##innodb_data_home_dir = //opt/app/mysql/data
-##innodb_data_file_path = ibdata1:20M:autoextend:max:32G
-##innodb_log_group_home_dir = //opt/app/mysql/iblogs
-# You can set .._buffer_pool_size up to 50 - 80 %
-# of RAM but beware of setting memory usage too high
-innodb_buffer_pool_size = 128M
-#innodb_additional_mem_pool_size = 2M
-# Set .._log_file_size to 25 % of buffer pool size
-innodb_log_file_size = 10M
-innodb_log_files_in_group = 3
-innodb_log_buffer_size = 8M
-#innodb_flush_log_at_trx_commit = 1
-innodb_lock_wait_timeout = 50
-innodb_autoextend_increment = 100
-expire_logs_days = 8
-open_files_limit = 2000
-transaction-isolation=READ-COMMITTED
-####### Galera parameters #######
-## Galera Provider configuration
-wsrep_provider=/usr/lib/galera/libgalera_smm.so
-wsrep_provider_options="gcache.size=128M; gcache.page_size=10M"
-## Galera Cluster configuration
-wsrep_cluster_name="MSO-automated-tests-cluster"
-wsrep_cluster_address="gcomm://"
-#wsrep_cluster_address="gcomm://mariadb1,mariadb2,mariadb3"
-##wsrep_cluster_address="gcomm://192.169.3.184,192.169.3.185,192.169.3.186"
-## Galera Synchronization configuration
-wsrep_sst_method=rsync
-#wsrep_sst_method=xtrabackup-v2
-#wsrep_sst_auth="sstuser:Mon#2o!6"
-## Galera Node configuration
-wsrep_node_name="mariadb1"
-##wsrep_node_address="192.169.3.184"
-wsrep_on=OFF
-## Status notification
-#wsrep_notify_cmd=/opt/app/mysql/bin/wsrep_notify
-#######
-
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-no-auto-rehash
-# Remove the next comment character if you are not familiar with SQL
-#safe-updates
-
-[myisamchk]
-key_buffer_size = 20971520
-
-##[mysqlhotcopy]
-##interactive-timeout
-##[mysqld_safe]
-##malloc-lib=//opt/app/mysql/local/lib/libjemalloc.so.1
-##log-error=//opt/app/mysql/log/mysqld.log
diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt
deleted file mode 100644
index 1103aff..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml
deleted file mode 100644
index b8a774a..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-#{{ if not .Values.disableClampClampMariadb }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: clamp-entrypoint-bulkload-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: clamp-mariadb-conf-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/conf.d/conf1/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/init/*").AsConfig . | indent 2 }}
-#{{ end }}
diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml
deleted file mode 100644
index 8ddf584..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml
+++ /dev/null
@@ -1,113 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- - name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }}
- - name: MYSQL_DATABASE
- value: {{ tpl .Values.db.databaseName .}}
- volumeMounts:
- - mountPath: /docker-entrypoint.sh
- subPath: docker-entrypoint.sh
- name: init-script
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /docker-entrypoint-initdb.d/
- name: docker-entrypoint-bulkload
- - mountPath: /etc/mysql/conf.d/conf1/
- name: clamp-mariadb-conf
- - mountPath: /var/lib/mysql
- name: clamp-mariadb-data
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- {{- if .Values.persistence.enabled }}
- - name: clamp-mariadb-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: docker-entrypoint-bulkload
- configMap:
- name: clamp-entrypoint-bulkload-configmap
- - name: clamp-mariadb-conf
- configMap:
- name: clamp-mariadb-conf-configmap
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: init-script
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml
deleted file mode 100644
index 4249879..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml
deleted file mode 100644
index 6856c80..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml
deleted file mode 100644
index 4cf8155..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/components/clamp-mariadb/values.yaml b/kubernetes/clamp/components/clamp-mariadb/values.yaml
deleted file mode 100644
index 60b2cfe..0000000
--- a/kubernetes/clamp/components/clamp-mariadb/values.yaml
+++ /dev/null
@@ -1,130 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
-
- persistence: {}
-# application image
-image: mariadb:10.5.4
-pullPolicy: Always
-flavor: small
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-root-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}'
- password: '{{ .Values.db.rootPass }}'
- - uid: db-secret
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
-
-# Application configuration
-# dummy value db user pasword to pass lint!!!
-db:
- user: dummy-clds
- password: dummy-sidnnd83K
- databaseName: dummy-cldsdb4
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 3
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 3
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: clamp/mariadb/data
-
-service:
- type: ClusterIP
- name: clampdb
- portName: clampdb
- internalPort: 3306
- externalPort: 3306
-
-
-ingress:
- enabled: false
-
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 200Mi
- large:
- limits:
- cpu: 1
- memory: 500Mi
- requests:
- cpu: 10m
- memory: 200Mi
- unlimited: {}
diff --git a/kubernetes/clamp/requirements.yaml b/kubernetes/clamp/requirements.yaml
deleted file mode 100644
index 2d27103..0000000
--- a/kubernetes/clamp/requirements.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: certInitializer
- version: ~7.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~7.x-0
- repository: '@local'
- - name: clamp-mariadb
- version: ~7.x-0
- repository: 'file://components/clamp-mariadb'
- - name: clamp-backend
- version: ~7.x-0
- repository: 'file://components/clamp-backend'
- - name: clamp-dash-es
- version: ~7.x-0
- repository: 'file://components/clamp-dash-es'
- - name: clamp-dash-logstash
- version: ~7.x-0
- repository: 'file://components/clamp-dash-logstash'
- - name: clamp-dash-kibana
- version: ~7.x-0
- repository: 'file://components/clamp-dash-kibana'
\ No newline at end of file
diff --git a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml
deleted file mode 100644
index 8717e6f..0000000
--- a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml
+++ /dev/null
@@ -1,55 +0,0 @@
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/clamp/templates/NOTES.txt b/kubernetes/clamp/templates/NOTES.txt
deleted file mode 100644
index e36d6a5..0000000
--- a/kubernetes/clamp/templates/NOTES.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit https://127.0.0.1:8443 to use your application"
- kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml
deleted file mode 100644
index 4cf8155..0000000
--- a/kubernetes/clamp/templates/secrets.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/clamp/templates/service.yaml b/kubernetes/clamp/templates/service.yaml
deleted file mode 100644
index 31f4380..0000000
--- a/kubernetes/clamp/templates/service.yaml
+++ /dev/null
@@ -1,69 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name2 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.config.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.config.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
diff --git a/kubernetes/clamp/Chart.yaml b/kubernetes/common/certManagerCertificate/Chart.yaml
similarity index 82%
rename from kubernetes/clamp/Chart.yaml
rename to kubernetes/common/certManagerCertificate/Chart.yaml
index e9f2197..305d252 100644
--- a/kubernetes/clamp/Chart.yaml
+++ b/kubernetes/common/certManagerCertificate/Chart.yaml
@@ -1,5 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,6 +13,6 @@
# limitations under the License.
apiVersion: v1
-description: ONAP Clamp
-name: clamp
+name: certManagerCertificate
+description: A Helm chart for Cert-Manager Certificate CRD template
version: 7.0.0
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/common/certManagerCertificate/requirements.yaml
similarity index 82%
rename from kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
rename to kubernetes/common/certManagerCertificate/requirements.yaml
index e5d7174..6bcaed0 100644
--- a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
+++ b/kubernetes/common/certManagerCertificate/requirements.yaml
@@ -1,4 +1,4 @@
-{{/* # Copyright © 2020 Samsung, Orange
+# Copyright © 2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,6 +11,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-{{ include "common.ingress" . }}
+dependencies:
+ - name: common
+ version: ~7.x-0
+ repository: 'file://../common'
diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
new file mode 100644
index 0000000..4e43f62
--- /dev/null
+++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
@@ -0,0 +1,219 @@
+{{/*#
+# Copyright © 2020-2021, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.*/}}
+
+{{/*
+# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
+#
+# To request a certificate following steps are to be done:
+# - create an object 'certificates' in the values.yaml
+# - create a file templates/certificates.yaml and invoke the function "certManagerCertificate.certificate".
+#
+# Here is an example of the certificate request for a component:
+#
+# Directory structure:
+# component
+# templates
+# certifictes.yaml
+# values.yaml
+#
+# To be added in the file certificates.yamll
+#
+# To be added in the file values.yaml
+# 1. Minimal version (certificates only in PEM format)
+# certificates:
+# - commonName: component.onap.org
+#
+# 2. Extended version (with defined own issuer and additional certificate format):
+# certificates:
+# - name: onap-component-certificate
+# secretName: onap-component-certificate
+# commonName: component.onap.org
+# dnsNames:
+# - component.onap.org
+# issuer:
+# group: certmanager.onap.org
+# kind: CMPv2Issuer
+# name: cmpv2-issuer-for-the-component
+# keystore:
+# outputType:
+# - p12
+# - jks
+# passwordSecretRef:
+# name: secret-name
+# key: secret-key
+#
+# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
+# Other mandatory fields for the certificate definition do not have to be defined directly,
+# in that case they will be taken from default values.
+#
+# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
+# and can be overriden during onap installation process.
+#
+*/}}
+
+{{- define "certManagerCertificate.certificate" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+
+{{- $certificates := $dot.Values.certificates -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global }}
+
+{{ range $i, $certificate := $certificates }}
+{{/*# General certifiacate attributes #*/}}
+{{- $name := include "common.fullname" $dot -}}
+{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}}
+{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
+{{- $renewBefore := default $subchartGlobal.certificate.default.renewBefore $certificate.renewBefore -}}
+{{- $duration := default $subchartGlobal.certificate.default.duration $certificate.duration -}}
+{{- $namespace := $dot.Release.Namespace -}}
+{{/*# SAN's #*/}}
+{{- $dnsNames := $certificate.dnsNames -}}
+{{- $ipAddresses := $certificate.ipAddresses -}}
+{{- $uris := $certificate.uris -}}
+{{- $emailAddresses := $certificate.emailAddresses -}}
+{{/*# Subject #*/}}
+{{- $subject := $subchartGlobal.certificate.default.subject -}}
+{{- if $certificate.subject -}}
+{{- $subject = $certificate.subject -}}
+{{- end -}}
+{{/*# Issuer #*/}}
+{{- $issuer := $subchartGlobal.certificate.default.issuer -}}
+{{- if $certificate.issuer -}}
+{{- $issuer = $certificate.issuer -}}
+{{- end -}}
+---
+{{- if $certificate.keystore }}
+ {{- $passwordSecretRef := $certificate.keystore.passwordSecretRef -}}
+ {{- $password := include "common.createPassword" (dict "dot" $dot "uid" $certName) | quote }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $passwordSecretRef.name }}
+ namespace: {{ $namespace }}
+type: Opaque
+stringData:
+ {{ $passwordSecretRef.key }}: {{ $password }}
+{{- end }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ $certName }}
+ namespace: {{ $namespace }}
+spec:
+ secretName: {{ $secretName }}
+ commonName: {{ $commonName }}
+ renewBefore: {{ $renewBefore }}
+ {{- if $duration }}
+ duration: {{ $duration }}
+ {{- end }}
+ subject:
+ organizations:
+ - {{ $subject.organization }}
+ countries:
+ - {{ $subject.country }}
+ localities:
+ - {{ $subject.locality }}
+ provinces:
+ - {{ $subject.province }}
+ organizationalUnits:
+ - {{ $subject.organizationalUnit }}
+ {{- if $dnsNames }}
+ dnsNames:
+ {{- range $dnsName := $dnsNames }}
+ - {{ $dnsName }}
+ {{- end }}
+ {{- end }}
+ {{- if $ipAddresses }}
+ ipAddresses:
+ {{- range $ipAddress := $ipAddresses }}
+ - {{ $ipAddress }}
+ {{- end }}
+ {{- end }}
+ {{- if $uris }}
+ uris:
+ {{- range $uri := $uris }}
+ - {{ $uri }}
+ {{- end }}
+ {{- end }}
+ {{- if $emailAddresses }}
+ emailAddresses:
+ {{- range $emailAddress := $emailAddresses }}
+ - {{ $emailAddress }}
+ {{- end }}
+ {{- end }}
+ issuerRef:
+ group: {{ $issuer.group }}
+ kind: {{ $issuer.kind }}
+ name: {{ $issuer.name }}
+ {{- if $certificate.keystore }}
+ keystores:
+ {{- range $outputType := $certificate.keystore.outputType }}
+ {{- if eq $outputType "p12" }}
+ {{- $outputType = "pkcs12" }}
+ {{- end }}
+ {{ $outputType }}:
+ create: true
+ passwordSecretRef:
+ name: {{ $certificate.keystore.passwordSecretRef.name }}
+ key: {{ $certificate.keystore.passwordSecretRef.key }}
+ {{- end }}
+ {{- end }}
+{{ end }}
+{{- end -}}
+
+{{- define "common.certManager.volumeMounts" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+ {{- range $i, $certificate := $dot.Values.certificates -}}
+ {{- $mountPath := $certificate.mountPath -}}
+- mountPath: {{ $mountPath }}
+ name: certmanager-certs-volume-{{ $i }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certManager.volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- $certificates := $dot.Values.certificates -}}
+ {{- range $i, $certificate := $certificates -}}
+ {{- $name := include "common.fullname" $dot -}}
+ {{- $certificatesSecretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+- name: certmanager-certs-volume-{{ $i }}
+ projected:
+ sources:
+ - secret:
+ name: {{ $certificatesSecretName }}
+ {{- if $certificate.keystore }}
+ items:
+ {{- range $outputType := $certificate.keystore.outputType }}
+ - key: keystore.{{ $outputType }}
+ path: keystore.{{ $outputType }}
+ - key: truststore.{{ $outputType }}
+ path: truststore.{{ $outputType }}
+ {{- end }}
+ - secret:
+ name: {{ $certificate.keystore.passwordSecretRef.name }}
+ items:
+ - key: {{ $certificate.keystore.passwordSecretRef.key }}
+ path: keystore.pass
+ - key: {{ $certificate.keystore.passwordSecretRef.key }}
+ path: truststore.pass
+ {{- end }}
+ {{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/certManagerCertificate/values.yaml b/kubernetes/common/certManagerCertificate/values.yaml
new file mode 100644
index 0000000..d60cdf6
--- /dev/null
+++ b/kubernetes/common/certManagerCertificate/values.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+global:
+# default values for certificates
+ certificate:
+ default:
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
diff --git a/kubernetes/common/common/templates/_certificate.tpl b/kubernetes/common/common/templates/_certificate.tpl
deleted file mode 100644
index d3313b2..0000000
--- a/kubernetes/common/common/templates/_certificate.tpl
+++ /dev/null
@@ -1,192 +0,0 @@
-{{/*#
-# Copyright © 2020, Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.*/}}
-
-{{/*
-# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
-#
-# To request a certificate following steps are to be done:
-# - create an object 'certificates' in the values.yaml
-# - create a file templates/certificates.yaml and invoke the function "commom.certificate".
-#
-# Here is an example of the certificate request for a component:
-#
-# Directory structure:
-# component
-# templates
-# certifictes.yaml
-# values.yaml
-#
-# To be added in the file certificates.yamll
-#
-# To be added in the file values.yaml
-# 1. Minimal version (certificates only in PEM format)
-# certificates:
-# - commonName: component.onap.org
-#
-# 2. Extended version (with defined own issuer and additional certificate format):
-# certificates:
-# - name: onap-component-certificate
-# secretName: onap-component-certificate
-# commonName: component.onap.org
-# dnsNames:
-# - component.onap.org
-# issuer:
-# group: certmanager.onap.org
-# kind: CMPv2Issuer
-# name: cmpv2-issuer-for-the-component
-# p12Keystore:
-# create: true
-# passwordSecretRef:
-# name: secret-name
-# key: secret-key
-# jksKeystore:
-# create: true
-# passwordSecretRef:
-# name: secret-name
-# key: secret-key
-#
-# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
-# Other mandatory fields for the certificate definition do not have to be defined directly,
-# in that case they will be taken from default values.
-#
-# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
-# and can be overriden during onap installation process.
-#
-*/}}
-
-{{- define "common.certificate" -}}
-{{- $dot := default . .dot -}}
-{{- $certificates := $dot.Values.certificates -}}
-
-{{ range $i, $certificate := $certificates }}
-{{/*# General certifiacate attributes #*/}}
-{{- $name := include "common.fullname" $dot -}}
-{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}}
-{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
-{{- $commonName := default $dot.Values.global.certificate.default.commonName $certificate.commonName -}}
-{{- $renewBefore := default $dot.Values.global.certificate.default.renewBefore $certificate.renewBefore -}}
-{{- $duration := $certificate.duration -}}
-{{- $namespace := default $dot.Release.Namespace $dot.Values.global.certificate.default.namespace -}}
-{{- if $certificate.namespace -}}
-{{- $namespace = default $namespace $certificate.namespace -}}
-{{- end -}}
-{{/*# SAN's #*/}}
-{{- $dnsNames := default $dot.Values.global.certificate.default.dnsNames $certificate.dnsNames -}}
-{{- $ipAddresses := default $dot.Values.global.certificate.default.ipAddresses $certificate.ipAddresses -}}
-{{- $uris := default $dot.Values.global.certificate.default.uris $certificate.uris -}}
-{{- $emailAddresses := default $dot.Values.global.certificate.default.emailAddresses $certificate.emailAddresses -}}
-{{/*# Subject #*/}}
-{{- $subject := $dot.Values.global.certificate.default.subject -}}
-{{- if $certificate.subject -}}
-{{- $subject = mergeOverwrite $subject $certificate.subject -}}
-{{- end -}}
-{{/*# Issuer #*/}}
-{{- $issuer := $dot.Values.global.certificate.default.issuer -}}
-{{- if $certificate.issuer -}}
-{{- $issuer = mergeOverwrite $issuer $certificate.issuer -}}
-{{- end -}}
-{{/*# Keystores #*/}}
-{{- $createJksKeystore := $dot.Values.global.certificate.default.jksKeystore.create -}}
-{{- $jksKeystorePasswordSecretName := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.name -}}
-{{- $jksKeystorePasswordSecreKey := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.key -}}
-{{- $createP12Keystore := $dot.Values.global.certificate.default.p12Keystore.create -}}
-{{- $p12KeystorePasswordSecretName := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.name -}}
-{{- $p12KeystorePasswordSecreKey := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.key -}}
-{{- if $certificate.jksKeystore -}}
-{{- $createJksKeystore = default $createJksKeystore $certificate.jksKeystore.create -}}
-{{- if $certificate.jksKeystore.passwordSecretRef -}}
-{{- $jksKeystorePasswordSecretName = default $jksKeystorePasswordSecretName $certificate.jksKeystore.passwordSecretRef.name -}}
-{{- $jksKeystorePasswordSecreKey = default $jksKeystorePasswordSecreKey $certificate.jksKeystore.passwordSecretRef.key -}}
-{{- end -}}
-{{- end -}}
-{{- if $certificate.p12Keystore -}}
-{{- $createP12Keystore = default $createP12Keystore $certificate.p12Keystore.create -}}
-{{- if $certificate.p12Keystore.passwordSecretRef -}}
-{{- $p12KeystorePasswordSecretName = default $p12KeystorePasswordSecretName $certificate.p12Keystore.passwordSecretRef.name -}}
-{{- $p12KeystorePasswordSecreKey = default $p12KeystorePasswordSecreKey $certificate.p12Keystore.passwordSecretRef.key -}}
-{{- end -}}
-{{- end -}}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: {{ $certName }}
- namespace: {{ $namespace }}
-spec:
- secretName: {{ $secretName }}
- commonName: {{ $commonName }}
- renewBefore: {{ $renewBefore }}
- {{- if $duration }}
- duration: {{ $duration }}
- {{- end }}
- subject:
- organizations:
- - {{ $subject.organization }}
- countries:
- - {{ $subject.country }}
- localities:
- - {{ $subject.locality }}
- provinces:
- - {{ $subject.province }}
- organizationalUnits:
- - {{ $subject.organizationalUnit }}
- {{- if $dnsNames }}
- dnsNames:
- {{- range $dnsName := $dnsNames }}
- - {{ $dnsName }}
- {{- end }}
- {{- end }}
- {{- if $ipAddresses }}
- ipAddresses:
- {{- range $ipAddress := $ipAddresses }}
- - {{ $ipAddress }}
- {{- end }}
- {{- end }}
- {{- if $uris }}
- uris:
- {{- range $uri := $uris }}
- - {{ $uri }}
- {{- end }}
- {{- end }}
- {{- if $emailAddresses }}
- emailAddresses:
- {{- range $emailAddress := $emailAddresses }}
- - {{ $emailAddress }}
- {{- end }}
- {{- end }}
- issuerRef:
- group: {{ $issuer.group }}
- kind: {{ $issuer.kind }}
- name: {{ $issuer.name }}
- {{- if or $createJksKeystore $createP12Keystore }}
- keystores:
- {{- if $createJksKeystore }}
- jks:
- create: {{ $createJksKeystore }}
- passwordSecretRef:
- name: {{ $jksKeystorePasswordSecretName }}
- key: {{ $jksKeystorePasswordSecreKey }}
- {{- end }}
- {{- if $createP12Keystore }}
- pkcs12:
- create: {{ $createP12Keystore }}
- passwordSecretRef:
- name: {{ $p12KeystorePasswordSecretName }}
- key: {{ $p12KeystorePasswordSecreKey }}
- {{- end }}
- {{- end }}
-{{ end }}
-
-{{- end -}}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index f71db5e..6412bf8 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -24,7 +24,7 @@
nodePortPrefix: 302
nodePortPrefixExt: 304
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
secrets:
- uid: pg-root-pass
@@ -115,7 +115,7 @@
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.5
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0
datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.0
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index 891c0e1..711c1d5 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -24,7 +24,7 @@
nodePortPrefix: 302
persistence: {}
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
repositoryCred:
user: docker
password: docker
@@ -50,7 +50,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:4.1.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:4.2.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
index a32214f..7b9431c 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
@@ -21,7 +21,7 @@
global:
nodePortPrefix: 302
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
secrets:
- uid: 'cm-pass'
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
index 95bbe1e..8f6432d 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
@@ -21,8 +21,7 @@
global:
nodePortPrefix: 302
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
-
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
secrets:
- uid: 'cm-pass'
type: password
diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml
index d4007ad..232f8b4 100644
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml
@@ -20,7 +20,7 @@
global:
nodePortPrefix: 302
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index 03b5c83..2482748 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -69,7 +69,7 @@
# Should have a proper readiness endpoint or script
# application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.1
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.2
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml
index 335629d..3e96bdf 100755
--- a/kubernetes/onap/requirements.yaml
+++ b/kubernetes/onap/requirements.yaml
@@ -39,10 +39,6 @@
version: ~7.x-0
repository: '@local'
condition: cds.enabled
- - name: clamp
- version: ~7.x-0
- repository: '@local'
- condition: clamp.enabled
- name: cli
version: ~7.x-0
repository: '@local'
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 389b16a..0920222 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -179,7 +179,8 @@
# default values for certificates
certificate:
default:
- renewBefore: 8h
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
subject:
organization: "Linux-Foundation"
country: "US"
@@ -190,16 +191,6 @@
group: certmanager.onap.org
kind: CMPv2Issuer
name: cmpv2-issuer-onap
- p12Keystore:
- create: false
- passwordSecretRef:
- name: ""
- key: ""
- jksKeystore:
- create: false
- passwordSecretRef:
- name: ""
- key: ""
# Enabling CMPv2
cmpv2Enabled: true
diff --git a/kubernetes/clamp/components/clamp-mariadb/Chart.yaml b/kubernetes/policy/components/policy-clamp-be/Chart.yaml
similarity index 91%
rename from kubernetes/clamp/components/clamp-mariadb/Chart.yaml
rename to kubernetes/policy/components/policy-clamp-be/Chart.yaml
index c0de185..fd48cc2 100644
--- a/kubernetes/clamp/components/clamp-mariadb/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/Chart.yaml
@@ -14,6 +14,6 @@
# limitations under the License.
apiVersion: v1
-description: MariaDB Service
-name: clamp-mariadb
+description: ONAP Policy Clamp Backend
+name: policy-clamp-be
version: 7.0.0
diff --git a/kubernetes/clamp/components/clamp-backend/requirements.yaml b/kubernetes/policy/components/policy-clamp-be/requirements.yaml
similarity index 100%
rename from kubernetes/clamp/components/clamp-backend/requirements.yaml
rename to kubernetes/policy/components/policy-clamp-be/requirements.yaml
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties
similarity index 91%
rename from kubernetes/clamp/components/clamp-backend/resources/config/application.properties
rename to kubernetes/policy/components/policy-clamp-be/resources/config/application.properties
index 8dd0fc7..17185cc 100644
--- a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
+++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties
@@ -44,11 +44,11 @@
#clds datasource connection details
spring.datasource.username=${MYSQL_USER}
spring.datasource.password=${MYSQL_PASSWORD}
-spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
+spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyclamp?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
#The log folder that will be used in logback.xml file
-clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json
+clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config.json
#
# Configuration Settings for Policy Engine Components
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh
old mode 100644
new mode 100755
similarity index 66%
copy from kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
copy to kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh
index e5d7174..329479f
--- a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh
@@ -1,4 +1,7 @@
-{{/* # Copyright © 2020 Samsung, Orange
+#!/bin/sh
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2018, 2020-2021 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,4 +16,4 @@
# limitations under the License.
*/}}
-{{ include "common.ingress" . }}
+mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" policyclamp < /dbcmd-config/policy-clamp-create-tables.sql
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml
similarity index 100%
rename from kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml
rename to kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml
diff --git a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql
similarity index 100%
rename from kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
rename to kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json
similarity index 100%
rename from kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json
rename to kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json
diff --git a/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt
similarity index 100%
rename from kubernetes/clamp/components/clamp-backend/templates/NOTES.txt
rename to kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt
diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml
similarity index 95%
rename from kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml
rename to kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml
index fe0349e..aeadc37 100644
--- a/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml
@@ -27,3 +27,5 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
diff --git a/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
similarity index 90%
rename from kubernetes/clamp/components/clamp-backend/templates/deployment.yaml
rename to kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
index 9153f9d..1120f9b 100644
--- a/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml
@@ -40,8 +40,8 @@
- command:
- /app/ready.py
args:
- - --container-name
- - clamp-mariadb
+ - --job-name
+ - {{ include "common.release" . }}-policy-clamp-galera-config
env:
- name: NAMESPACE
valueFrom:
@@ -61,14 +61,14 @@
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
- workingDir: "/opt/clamp/"
+ workingDir: "/opt/policy/clamp/"
args:
- -c
- |
{{- if .Values.global.aafEnabled }}
export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
{{- end }}
- java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./app.jar
+ java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -88,19 +88,17 @@
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
- - mountPath: /opt/clamp/sdc-controllers-config.json
+ - mountPath: /opt/policy/clamp/sdc-controllers-config.json
name: {{ include "common.fullname" . }}-config
subPath: sdc-controllers-config.json
- - mountPath: /opt/clamp/application.properties
+ - mountPath: /opt/policy/clamp/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
env:
- name: MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }}
- name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- - name: MYSQL_DATABASE
- value: {{ tpl .Values.db.databaseName .}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }}
{{- if ne "unlimited" (include "common.flavor" .) }}
- name: JAVA_RAM_CONFIGURATION
value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75
@@ -115,7 +113,7 @@
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-config
configMap:
- name: {{ include "common.fullname" . }}
+ name: {{ include "common.fullname" . }}-configmap
items:
- key: sdc-controllers-config.json
path: sdc-controllers-config.json
diff --git a/kubernetes/policy/components/policy-clamp-be/templates/job.yaml b/kubernetes/policy/components/policy-clamp-be/templates/job.yaml
new file mode 100755
index 0000000..c5c968a
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-be/templates/job.yaml
@@ -0,0 +1,84 @@
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada
+# Modifications Copyright © 2020-2021 AT&T Intellectual Property
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.release" . }}-policy-clamp-galera-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-policy-clamp-job
+ release: {{ include "common.release" . }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-policy-clamp-job
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+#This container checks that all galera instances are up before initializing it.
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.release" . }}-policy-clamp-galera-config
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.db.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/create-db-tables.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: create-db-tables.sh
+ - mountPath: /dbcmd-config/policy-clamp-create-tables.sql
+ name: {{ include "common.fullname" . }}-config
+ subPath: policy-clamp-create-tables.sql
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/create-db-tables.sh
+ env:
+ - name: MYSQL_HOST
+ value: "{{ .Values.db.service.name }}"
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 10 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 10 }}
+ - name: MYSQL_PORT
+ value: "{{ .Values.db.service.internalPort }}"
+ resources:
+{{ include "common.resources" . }}
+ restartPolicy: Never
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ - key: create-db-tables.sh
+ path: create-db-tables.sh
+ - key: policy-clamp-create-tables.sql
+ path: policy-clamp-create-tables.sql
diff --git a/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml
similarity index 100%
rename from kubernetes/clamp/components/clamp-backend/templates/secrets.yaml
rename to kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml
diff --git a/kubernetes/clamp/components/clamp-backend/templates/service.yaml b/kubernetes/policy/components/policy-clamp-be/templates/service.yaml
similarity index 100%
rename from kubernetes/clamp/components/clamp-backend/templates/service.yaml
rename to kubernetes/policy/components/policy-clamp-be/templates/service.yaml
diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml
similarity index 92%
rename from kubernetes/clamp/components/clamp-backend/values.yaml
rename to kubernetes/policy/components/policy-clamp-be/values.yaml
index efd08ba..1446ac4 100644
--- a/kubernetes/clamp/components/clamp-backend/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/values.yaml
@@ -53,9 +53,9 @@
chmod a+rx *;
secrets:
- - uid: db-secret
+ - uid: db-creds
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
@@ -63,7 +63,7 @@
flavor: small
# application image
-image: onap/clamp-backend:5.1.5
+image: onap/policy-clamp-backend:6.0.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -80,9 +80,12 @@
#####dummy values for db user and password to pass lint!!!#######
db:
- user: dummyclds
- password: dummysidnnd83K
- databaseName: dummycldsdb4
+ user: policy_user
+ password: policy_user
+ image: mariadb:10.5.8
+ service:
+ name: policy-mariadb
+ internalPort: 3306
config:
log:
@@ -114,10 +117,10 @@
service:
type: ClusterIP
- name: clamp-backend
- portName: clamp-backend
+ name: policy-clamp-be
+ portName: policy-clamp-be
internalPort: 8443
- externalPort: 443
+ externalPort: 8443
ingress:
enabled: false
diff --git a/kubernetes/clamp/components/clamp-mariadb/Chart.yaml b/kubernetes/policy/components/policy-clamp-fe/Chart.yaml
similarity index 91%
copy from kubernetes/clamp/components/clamp-mariadb/Chart.yaml
copy to kubernetes/policy/components/policy-clamp-fe/Chart.yaml
index c0de185..331ba86 100644
--- a/kubernetes/clamp/components/clamp-mariadb/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/Chart.yaml
@@ -14,6 +14,6 @@
# limitations under the License.
apiVersion: v1
-description: MariaDB Service
-name: clamp-mariadb
+description: ONAP Policy Clamp Frontend
+name: policy-clamp-fe
version: 7.0.0
diff --git a/kubernetes/clamp/components/clamp-backend/requirements.yaml b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml
similarity index 100%
copy from kubernetes/clamp/components/clamp-backend/requirements.yaml
copy to kubernetes/policy/components/policy-clamp-fe/requirements.yaml
diff --git a/kubernetes/clamp/resources/config/default.conf b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf
similarity index 93%
rename from kubernetes/clamp/resources/config/default.conf
rename to kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf
index 3e6fde9..4cab734 100644
--- a/kubernetes/clamp/resources/config/default.conf
+++ b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf
@@ -12,7 +12,7 @@
ssl_verify_client optional_no_ca;
location /restservices/clds/ {
- proxy_pass https://clamp-backend:443;
+ proxy_pass https://policy-clamp-be:8443;
proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
}
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml
similarity index 100%
copy from kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml
copy to kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml
diff --git a/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt
similarity index 100%
copy from kubernetes/clamp/components/clamp-backend/templates/NOTES.txt
copy to kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt
diff --git a/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml
similarity index 100%
rename from kubernetes/clamp/components/clamp-backend/templates/configmap.yaml
rename to kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml
diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
similarity index 98%
rename from kubernetes/clamp/templates/deployment.yaml
rename to kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
index 51b864b..97c7919 100644
--- a/kubernetes/clamp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml
@@ -41,7 +41,7 @@
- /app/ready.py
args:
- --container-name
- - clamp-backend
+ - policy-clamp-be
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/clamp/templates/ingress.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml
similarity index 100%
rename from kubernetes/clamp/templates/ingress.yaml
rename to kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml
diff --git a/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml
similarity index 100%
copy from kubernetes/clamp/components/clamp-backend/templates/secrets.yaml
copy to kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml
diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml
similarity index 94%
rename from kubernetes/clamp/components/clamp-mariadb/templates/service.yaml
rename to kubernetes/policy/components/policy-clamp-fe/templates/service.yaml
index 20a5065..b4549ba 100644
--- a/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml
@@ -18,7 +18,7 @@
apiVersion: v1
kind: Service
metadata:
- name: {{ include "common.servicename" . }}
+ name: {{ .Values.service.name }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
@@ -31,11 +31,13 @@
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- {{- end}}
name: {{ .Values.service.portName }}
+ {{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+---
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml
similarity index 83%
rename from kubernetes/clamp/values.yaml
rename to kubernetes/policy/components/policy-clamp-fe/values.yaml
index b2b37d3..91a096d 100644
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml
@@ -56,40 +56,13 @@
openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
chmod a+rx *;
-secrets:
- - uid: db-root-pass
- name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass'
- type: password
- password: '{{ .Values.db.rootPass }}'
- - uid: db-secret
- name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass'
- type: basicAuth
- login: '{{ .Values.db.user }}'
- password: '{{ .Values.db.password }}'
-
-db:
- user: clds
-# password: sidnnd83K
- databaseName: &dbName cldsdb4
-# rootPass: emrys user: testos
-
-clamp-backend:
- db:
- userCredsExternalSecret: *dbUserPass
- databaseName: *dbName
-clamp-mariadb:
- db:
- rootCredsExternalSecret: *dbRootPass
- userCredsExternalSecret: *dbUserPass
- databaseName: *dbName
-
subChartsOnly:
enabled: true
flavor: small
# application image
-image: onap/clamp-frontend:5.1.5
+image: onap/policy-clamp-frontend:6.0.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -131,20 +104,14 @@
service:
type: NodePort
- name: clamp-external
- portName: clamp-external
+ name: policy-clamp-fe
+ portName: policy-clamp-fe
internalPort: 2443
nodePort: 58
# as of 20180904 port 58 is reserved for clamp from log/logdemonode
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
- type2: ClusterIP
- name2: clamp
- portName2: clamp-internal
- internalPort2: 2443
- externalPort2: 8443
-
ingress:
enabled: false
service:
diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml
index b2f2b74..22e3dfa 100755
--- a/kubernetes/policy/requirements.yaml
+++ b/kubernetes/policy/requirements.yaml
@@ -48,6 +48,14 @@
version: ~7.x-0
repository: 'file://components/policy-distribution'
condition: policy-distribution.enabled
+ - name: policy-clamp-be
+ version: ~7.x-0
+ repository: 'file://components/policy-clamp-be'
+ condition: policy-clamp-be.enabled
+ - name: policy-clamp-fe
+ version: ~7.x-0
+ repository: 'file://components/policy-clamp-fe'
+ condition: policy-clamp-fe.enabled
- name: repositoryGenerator
version: ~7.x-0
repository: '@local'
diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh
index 0d7ce07..90c9879 100755
--- a/kubernetes/policy/resources/config/db.sh
+++ b/kubernetes/policy/resources/config/db.sh
@@ -18,7 +18,7 @@
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory
+for db in support onap_sdk log migration operationshistory10 pooling policyadmin policyclamp operationshistory
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index d098954..678772c 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -66,6 +66,11 @@
policy-distribution:
enabled: true
db: *dbSecretsHook
+policy-clamp-be:
+ enabled: true
+ db: *dbSecretsHook
+policy-clamp-fe:
+ enabled: true
policy-nexus:
enabled: false
diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
index 84a78ab..39cd029 100644
--- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
-# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright (c) 2020 Nokia, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -108,6 +108,12 @@
value: rack1
- name: CASSANDRA_ENABLE_RPC
value: "true"
+ {{- if eq "small" .Values.flavor }}
+ - name: MAX_HEAP_SIZE
+ value: {{ .Values.resources.small.heap.max }}
+ - name: HEAP_NEWSIZE
+ value: {{ .Values.resources.small.heap.new }}
+ {{- end }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml
index ec76d08..c185155 100644
--- a/kubernetes/portal/components/portal-cassandra/values.yaml
+++ b/kubernetes/portal/components/portal-cassandra/values.yaml
@@ -1,6 +1,6 @@
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
-# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright (c) 2020 Nokia, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -112,12 +112,20 @@
# Segregation for Different environment (Small and Large)
resources:
small:
+ # Heap size is tightly correlated to RAM limits.
+ # If limit > 8G, Cassandra should define itself the best value.
+ # If not, you must set up it in a coherent way with limits set
+ # Refer to https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/operations/opsTuneJVM.html#Determiningtheheapsize
+ # for more informations.
+ heap:
+ max: 3G
+ new: 100M
limits:
cpu: 500m
memory: 3.75Gi
requests:
cpu: 160m
- memory: 2.8Gi
+ memory: 3.1Gi
large:
limits:
cpu: 4
diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
index ef12c9a..50117bd 100644
--- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
@@ -20,7 +20,7 @@
GLOBAL_INJECTED_APPC_CDT_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "appc-cdt") }}'
GLOBAL_INJECTED_ARTIFACTS_VERSION = '{{.Values.demoArtifactsVersion}}'
GLOBAL_INJECTED_ARTIFACTS_REPO_URL = "{{ .Values.demoArtifactsRepoUrl }}"
-GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "clamp") }}'
+GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-clamp-fe") }}'
GLOBAL_INJECTED_CLI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "cli") }}'
GLOBAL_INJECTED_CLOUD_ENV = 'openstack'
GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}"
@@ -152,7 +152,7 @@
GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD]
# clamp info - everything is from the private oam network (also called onap private network)
GLOBAL_CLAMP_SERVER_PROTOCOL = "https"
-GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "clamp" "port" 8443) }}'
+GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-clamp-fe" "port" 2443) }}'
# nbi info - everything is from the private oam network (also called onap private network)
GLOBAL_NBI_SERVER_PROTOCOL = "https"
GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" 8443) }}'
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index f58ecb1..27b68df 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -24,6 +24,9 @@
- name: cmpv2Certificate
version: ~7.x-0
repository: '@local'
+ - name: certManagerCertificate
+ version: ~7.x-0
+ repository: '@local'
- name: logConfiguration
version: ~7.x-0
repository: '@local'
diff --git a/kubernetes/sdnc/templates/certificates.yaml b/kubernetes/sdnc/templates/certificates.yaml
index dda1617..c4eca61 100644
--- a/kubernetes/sdnc/templates/certificates.yaml
+++ b/kubernetes/sdnc/templates/certificates.yaml
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2020 Nokia
+# Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,6 +14,6 @@
# limitations under the License.
*/}}
-{{ if .Values.global.CMPv2CertManagerIntegration }}
-{{ include "common.certificate" . }}
+{{ if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "certManagerCertificate.certificate" . }}
{{ end }}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 2a36c0b..7441dac 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -202,6 +202,9 @@
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
+{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "common.certManager.volumeMounts" . | indent 10 }}
+{{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -319,6 +322,9 @@
{{ else }}
{{ include "common.certInitializer.volumes" . | nindent 8 }}
{{ include "common.certServiceClient.volumes" . | nindent 8 }}
+{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "common.certManager.volumes" . | nindent 8 }}
+{{- end }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 868a083..5a4d204 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -117,10 +117,6 @@
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- password: secret
- passwordPolicy: required
#################################################################
# Certificates
#################################################################
@@ -129,16 +125,16 @@
commonName: sdnc.simpledemo.onap.org
dnsNames:
- sdnc.simpledemo.onap.org
- p12Keystore:
- create: true
+ keystore:
+ outputType:
+ - jks
passwordSecretRef:
- name: keystore-password
+ name: sdnc-cmpv2-keystore-password
key: password
- jksKeystore:
- create: true
- passwordSecretRef:
- name: keystore-password
- key: password
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
#################################################################
# Application configuration defaults.
#################################################################
diff --git a/tox.ini b/tox.ini
index 1de0620..7c7060f 100644
--- a/tox.ini
+++ b/tox.ini
@@ -23,6 +23,18 @@
deps = -rdocs/requirements-docs.txt
commands = sphinx-build -W -b linkcheck -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/linkcheck
+[testenv:spelling]
+#basepython = python3
+whitelist_externals = wget
+deps =
+ -rdocs/requirements-docs.txt
+ sphinxcontrib-spelling
+ PyEnchant
+changedir={toxinidir}/docs
+commands =
+ wget -nv https://git.onap.org/doc/plain/docs/spelling_wordlist.txt -O spelling_wordlist.txt
+ sphinx-build -b spelling -d {envtmpdir}/doctrees . _build/spelling
+
[testenv:gitlint]
basepython = python3
deps =