Merge "[COMMON] Fix declare bashisms"
diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
index ea799e2..0beaf4a 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
@@ -1,6 +1,6 @@
{{/*
#
-# Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation.
+# Copyright (c) 2017-2022 AT&T, IBM, Bell Canada, Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -109,19 +109,70 @@
blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json
# Self Service Request Kafka Message Consumer
-blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=false
-blueprintsprocessor.messageconsumer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers=message-router-kafka:9092
-blueprintsprocessor.messageconsumer.self-service-api.groupId=cds-consumer-group
-blueprintsprocessor.messageconsumer.self-service-api.topic=cds-consumer
-blueprintsprocessor.messageconsumer.self-service-api.clientId=cds-client
-blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
+blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled }}
+blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .Values.kafkaRequestConsumer.groupId }}
+blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic }}
+blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId }}
+blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS}
+{{ end }}
# Self Service Response Kafka Message Producer
-blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
+blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS}
+{{ end }}
-# Kafka Audit Service Configurations
-blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
+# AUDIT KAFKA FEATURE CONFIGURATION
+# Audit feature dumps CDS request to a topic as well as a truncated response message to another topic.
+## Audit request
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS}
+{{ end }}
+
+## Audit response
+blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS}
+{{ end }}
# Executor Options
blueprintsprocessor.resourceResolution.enabled=true
@@ -132,10 +183,10 @@
## Enable py-executor
blueprintsprocessor.streamingRemoteExecution.enabled=true
-# Used in Health Check
-blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client
-blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
+## Used in Health Check
+#blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
+#blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client
+#blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
#Encrypted username and password for health check service
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml
new file mode 100644
index 0000000..555f4d4
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml
@@ -0,0 +1,68 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if eq .Values.useStrimziKafka true }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaRequestConsumer.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaRequestProducer.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaAuditRequest.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaAuditResponse.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+{{ end }}
\ No newline at end of file
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml
new file mode 100644
index 0000000..65ee1d2
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml
@@ -0,0 +1,49 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if eq .Values.useStrimziKafka true }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.kafkaRequestConsumer.groupId }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaRequestConsumer.topic }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaRequestProducer.topic }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaAuditRequest.topic }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaAuditResponse.topic }}
+ operation: All
+{{ end }}
\ No newline at end of file
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index d92f09a..d68e900 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -78,10 +79,6 @@
args:
- --container-name
- cds-db
- {{- if .Values.dmaapEnabled }}
- - --container-name
- - message-router
- {{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -121,6 +118,10 @@
fieldPath: metadata.name
- name: CLUSTER_CONFIG_FILE
value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+ {{ if .Values.useStrimziKafka }}
+ - name: JAAS_PASS
+ value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }}
+ {{ end }}
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- containerPort: {{ .Values.service.grpc.internalPort }}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index a5180c5..af9482b 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -1,5 +1,6 @@
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -57,6 +58,13 @@
externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
password: '{{ .Values.config.sdncDB.dbRootPass }}'
passwordPolicy: required
+ - uid: cds-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: password
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#################################################################
# AAF part
@@ -111,6 +119,7 @@
# dbCredsExternalSecret: <some secret name>
# dbRootPassword: password
# dbRootPassExternalSecret
+ someConfig: blah
# default number of instances
replicaCount: 1
@@ -119,10 +128,40 @@
affinity: {}
-# flag for kafka-listener dependency. Set to true if you are using message-router otherwise set to false if you are using
-# custom kafka cluster.
-dmaapEnabled: true
+# If useStrimziKafka is true, the following also applies:
+# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below.
+# The connection type must be kafka-scram-plain-text-auth
+# The bootstrapServers will target the strimzi kafka cluster by default
+useStrimziKafka: false
+cdsKafkaUser: cds-kafka-user
+kafkaRequestConsumer:
+ enabled: false
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ groupId: cds-consumer
+ topic: cds.blueprint-processor.self-service-api.request
+ clientId: request-receiver-client-id
+ pollMillSec: 1000
+kafkaRequestProducer:
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: request-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.response
+ enableIdempotence: false
+kafkaAuditRequest:
+ enabled: false
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: audit-request-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.audit.request
+ enableIdempotence: false
+kafkaAuditResponse:
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: audit-response-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.audit.response
+ enableIdempotence: false
# probe configuration parameters
startup:
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index edac066..58e6b65 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -1,6 +1,7 @@
# Copyright © 2020 Samsung Electronics
# Copyright © 2019 Orange, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,6 +23,7 @@
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
+ cdsKafkaUser: cds-kafka-user
#################################################################
# Secrets metaconfig
@@ -212,6 +214,7 @@
dbPort: 3306
dbName: *mysqlDbName
dbCredsExternalSecret: *dbUserSecretName
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafkaUser }}'
cds-command-executor:
enabled: true
diff --git a/kubernetes/contrib/components/awx/templates/service.yaml b/kubernetes/contrib/components/awx/templates/service.yaml
index 10f031d..85ec8c8 100755
--- a/kubernetes/contrib/components/awx/templates/service.yaml
+++ b/kubernetes/contrib/components/awx/templates/service.yaml
@@ -49,7 +49,6 @@
ports:
- port: {{ .Values.service.web.externalPort }}
targetPort: {{ .Values.service.web.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.web.nodePort }}
name: {{ .Values.service.web.portName }}
selector:
app: {{ include "common.fullname" . }}
diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml
index 0a247c5..44c5741 100755
--- a/kubernetes/contrib/components/awx/values.yaml
+++ b/kubernetes/contrib/components/awx/values.yaml
@@ -92,11 +92,10 @@
internalPort: 15672
externalPort: 15672
web:
- type: NodePort
+ type: ClusterIP
portName: web
internalPort: 8052
externalPort: 8052
- nodePort: 78
rabbitmq:
type: ClusterIP
http:
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index e9958f1..e295a37 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -1,7 +1,7 @@
{{/*
# Copyright (C) 2021 Pantheon.tech
# Modifications Copyright (C) 2020 Bell Canada.
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
# Modifications Copyright (C) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,17 +28,21 @@
password: ${DB_PASSWORD}
driverClassName: org.postgresql.Driver
initialization-mode: always
-
liquibase:
change-log: classpath:changelog/changelog-master.yaml
labels: {{ .Values.config.liquibaseLabels }}
+ kafka:
+ producer:
+ client-id: cps-core
+
security:
- # comma-separated uri patterns which do not require authorization
- permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
- auth:
- username: ${CPS_USERNAME}
- password: ${CPS_PASSWORD}
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+ auth:
+ username: ${CPS_USERNAME}
+ password: ${CPS_PASSWORD}
+
logging:
level:
org:
@@ -49,12 +53,18 @@
username: ${DMI_USERNAME}
password: ${DMI_PASSWORD}
-{{- if .Values.config.eventPublisher }}
+{{- if .Values.config.useStrimziKafka }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN}
+{{ else }}
{{ toYaml .Values.config.eventPublisher | nindent 2 }}
{{- end }}
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
+
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml
index e6ee161..54e2cc6 100644
--- a/kubernetes/cps/components/cps-core/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright (C) 2021 Pantheon.tech, Orange
# Modifications Copyright (C) 2021 Bell Canada.
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -57,7 +57,10 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
- name: DMI_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
-
+ {{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+ {{- end }}
volumeMounts:
- mountPath: /config-input
name: init-data-input
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index d65924e..2afc1fd 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -1,5 +1,6 @@
# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
# Modifications Copyright (C) 2022 Bell Canada
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -42,6 +43,13 @@
login: '{{ .Values.config.dmiPluginUserName }}'
password: '{{ .Values.config.dmiPluginUserPassword }}'
passwordPolicy: generate
+ - uid: cps-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#################################################################
# Global configuration defaults.
@@ -170,17 +178,23 @@
#appUserPassword:
dmiPluginUserName: dmiuser
# Any new property can be added in the env by setting in overrides in the format mentioned below
-# All the added properties must be in "key: value" format insead of yaml.
+# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
- eventPublisher:
- spring.kafka.bootstrap-servers: message-router-kafka:9092
- spring.kafka.security.protocol: SASL_PLAINTEXT
- spring.kafka.properties.sasl.mechanism: PLAIN
- spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
- spring.kafka.producer.client-id: cps-core
+# kafka config
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+
+# eventPublisher:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: SASL_PLAINTEXT
+# spring.kafka.properties.sasl.mechanism: PLAIN
+# spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
additional:
notification.data-updated.enabled: true
diff --git a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
index 32ae51b..6e80843 100644
--- a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,19 +25,31 @@
username: ${DB_USERNAME}
password: ${DB_PASSWORD}
+ kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+
+app:
+ listener:
+ data-updated:
+ topic: {{ .Values.config.app.listener.dataUpdatedTopic }}
+
+{{- if .Values.config.useStrimziKafka }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{- end }}
+
+{{- if .Values.config.additional }}
+{{ toYaml .Values.config.additional | nindent 2 }}
+{{- end }}
+
security:
auth:
username: ${APP_USERNAME}
password: ${APP_PASSWORD}
-# Event consumption properties (kafka)
-{{- if .Values.config.eventConsumption }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
-
-# Additional properties
-{{- if .Values.config.additional }}
-{{ toYaml .Values.config.additional | nindent 2 }}
-{{- end }}
-
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
diff --git a/kubernetes/cps/components/cps-temporal/templates/deployment.yaml b/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
index 806e65a..71ff371 100644
--- a/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -53,6 +54,10 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: APP_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ {{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+ {{- end }}
volumeMounts:
- mountPath: /config-input
name: init-data-input
diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml
index 68bc2a7..a92791e 100644
--- a/kubernetes/cps/components/cps-temporal/values.yaml
+++ b/kubernetes/cps/components/cps-temporal/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -39,6 +40,13 @@
login: '{{ .Values.config.appUserName }}'
password: '{{ .Values.config.appUserPassword }}'
passwordPolicy: generate
+ - uid: cps-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
image: onap/cps-temporal:1.1.0
containerPort: &svc_port 8080
@@ -139,13 +147,23 @@
profile: helm
#appUserPassword:
- # Event consumption (kafka) properties
- # All Kafka properties must be in "key: value" format instead of yaml.
- eventConsumption:
- spring.kafka.bootstrap-servers: message-router-kafka:9092
- spring.kafka.security.protocol: PLAINTEXT
- spring.kafka.consumer.group-id: cps-temporal-group
- app.listener.data-updated.topic: cps.data-updated-events
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: cps-temporal-group
+ app:
+ listener:
+ dataUpdatedTopic: cps.data-updated-events
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: cps-temporal-group
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
diff --git a/kubernetes/cps/templates/cps-kafka-topic.yaml b/kubernetes/cps/templates/cps-kafka-topic.yaml
new file mode 100644
index 0000000..1a23ddf
--- /dev/null
+++ b/kubernetes/cps/templates/cps-kafka-topic.yaml
@@ -0,0 +1,28 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.config.useStrimziKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.dataUpdatedTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: {{ .Values.config.dataUpdatedTopic.partitions }}
+ config:
+ retention.ms: {{ .Values.config.dataUpdatedTopic.retentionMs }}
+ segment.bytes: {{ .Values.config.dataUpdatedTopic.segmentBytes }}
+{{- end }}
\ No newline at end of file
diff --git a/kubernetes/cps/templates/cps-kafka-user.yaml b/kubernetes/cps/templates/cps-kafka-user.yaml
new file mode 100644
index 0000000..b3136d7
--- /dev/null
+++ b/kubernetes/cps/templates/cps-kafka-user.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.config.useStrimziKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.dataUpdatedTopic.consumer.groupId }}
+ operation: Read
+ - resource:
+ type: topic
+ name: {{ .Values.config.dataUpdatedTopic.name }}
+ operation: Read
+ - resource:
+ type: topic
+ name: {{ .Values.config.dataUpdatedTopic.name }}
+ operation: Write
+{{- end }}
\ No newline at end of file
diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
index 754b016..700ad38 100755
--- a/kubernetes/cps/values.yaml
+++ b/kubernetes/cps/values.yaml
@@ -1,4 +1,5 @@
# Copyright (C) 2021 Bell Canada
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -40,9 +41,20 @@
virtualhost:
baseurl: "simpledemo.onap.org"
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ cpsKafkaUser: cps-kafka-user
+
config:
coreUserName: cpsuser
dmiPluginUserName: dmiuser
+ useStrimziKafka: true
+ dataUpdatedTopic:
+ name: cps.data-updated-events
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: cps-temporal-group
# Enable all CPS components by default
cps-core:
@@ -50,9 +62,12 @@
config:
appUserExternalSecret: *core-creds-secret
dmiPluginUserExternalSecret: *dmi-plugin-creds-secret
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}'
cps-temporal:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}'
ncmp-dmi-plugin:
enabled: true
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index 869472e..ef272ee 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -2,6 +2,7 @@
# ============================================================================
# Copyright (C) 2021-2022 Wipro Limited.
# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (C) 2022 Huawei Canada Limited.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -57,7 +58,7 @@
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.7
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.1.1
# Log directory where logging sidecar should look for log files
# if path is set to null sidecar won't be deployed in spite of
@@ -144,6 +145,17 @@
sliceanalysisms.rannfnssiDetailsTemplateId: get-rannfnssiid-details
sliceanalysisms.desUrl: http://dl-des:1681/datalake/v1/exposure/pm_data
sliceanalysisms.pmDataDurationInWeeks: 4
+ sliceanalysisms.vesNotifPollingInterval: 15
+ sliceanalysisms.vesNotifChangeIdentifier: PM_BW_UPDATE
+ sliceanalysisms.vesNotifChangeType: BandwidthChanged
+ sliceanalysisms.aaiNotif.targetAction: UPDATE
+ sliceanalysisms.aaiNotif.targetSource: UUI
+ sliceanalysisms.aaiNotif.targetEntity: service-instance
+ sliceanalysisms.ccvpnEvalInterval: 15
+ sliceanalysisms.ccvpnEvalThreshold: 0.8
+ sliceanalysisms.ccvpnEvalPrecision: 100.0
+ sliceanalysisms.ccvpnEvalPeriodicCheckOn: true
+ sliceanalysisms.ccvpnEvalOnDemandCheckOn: true
streams_publishes:
CL_topic:
type: message-router
@@ -162,6 +174,19 @@
type: message-router
dmaap_info:
topic_url: http://message-router:3904/events/DCAE_CL_RSP
+ ves_ccvpn_notification_topic:
+ type: message-router
+ dmaap_info:
+ topic_url: http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT
+ aai_subscriber:
+ type: message-router
+ servers : ["message-router:3904"]
+ consumer_group: dcae_ccvpn_cl
+ consumer_instance: dcae_ccvpn_cl_aaievent
+ fetch_timeout: 15000
+ fetch_limit: 100
+ dmaap_info:
+ topic_url: http://message-router:3904/events/AAI-EVENT
applicationEnv:
STANDALONE: 'false'
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
index 7475a4d..9e62ccf 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
@@ -31,7 +31,7 @@
logging:
# The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
- level: ALL
+ level: INFO
# Logger-specific levels.
loggers:
@@ -41,7 +41,7 @@
appenders:
- type: console
- threshold: ALL
+ threshold: INFO
timeZone: UTC
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
- type: file
@@ -51,7 +51,7 @@
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-error-%d{yyyy-MM-dd}.log.gz
archivedFileCount: 7
- type: file
- threshold: DEBUG
+ threshold: INFO
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
currentLogFilename: /var/log/ONAP/holmes/engine-d-debug.log
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-debug-%d{yyyy-MM-dd}.log.gz
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
index c8ec225..5781dab 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
@@ -28,7 +28,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/engine-management:10.0.2
+image: onap/holmes/engine-management:10.0.3
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
index 43a83d0..89269de 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
@@ -24,7 +24,7 @@
logging:
# The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
- level: ALL
+ level: INFO
# Logger-specific levels.
loggers:
@@ -34,7 +34,7 @@
appenders:
- type: console
- threshold: ALL
+ threshold: INFO
timeZone: UTC
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
- type: file
@@ -45,7 +45,7 @@
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-error-%d{yyyy-MM-dd}.log.gz
archivedFileCount: 7
- type: file
- threshold: DEBUG
+ threshold: INFO
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-debug.log
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-debug-%d{yyyy-MM-dd}.log.gz
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
index 9407619..fbe873b 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
@@ -28,7 +28,7 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/rule-management:10.0.2
+image: onap/holmes/rule-management:10.0.3
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index 72c5ddc..228302f 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -16,7 +16,7 @@
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index 0157c56..a8c5dd2 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index 5623cde..0aaf428 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index fa8bdd9..fd88273 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index e7ceddd..36c1945 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
index 7d724a5..22a20fe 100755
--- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
@@ -753,3 +753,47 @@
#password =
get_ta_list_url = "/api/v1/execute/ran-coverage-area/get_ta_list"
+
+[dcae]
+
+#
+# From conductor
+#
+#
+# Data Store table prefix. (string value)
+#table_prefix = dcae
+
+# Base URL for DCAE, up to and not including the version, and without a
+# trailing slash. (string value)
+server_url = https://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
+
+# Timeout for DCAE Rest Call (string value)
+#dcae_rest_timeout = 30
+
+# Number of retry for DCAE Rest Call (string value)
+#dcae_retries = 3
+
+# The version of A&AI in v# format. (string value)
+server_url_version = v1
+
+# SSL/TLS certificate file in pem format. This certificate must be registered
+# with the SDC endpoint. (string value)
+#certificate_file = certificate.pem
+certificate_file =
+
+# Private Certificate Key file in pem format. (string value)
+#certificate_key_file = certificate_key.pem
+certificate_key_file =
+
+# Certificate Authority Bundle file in pem format. Must contain the appropriate
+# trust chain for the Certificate file. (string value)
+#certificate_authority_bundle_file = certificate_authority_bundle.pem
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
+# Username for DCAE. (string value)
+#username =
+
+# Password for DCAE. (string value)
+#password =
+
+get_slice_config_url = "/api/v1/slices-config"
\ No newline at end of file
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index bc129be..8a146a9 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -19,7 +19,7 @@
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
persistence:
enabled: true
@@ -71,6 +71,9 @@
cps:
service: cps-tbdmt
port: 8080
+ dcae:
+ service: dcae-slice-analysis-ms
+ port: 8080
etcd:
serviceName: &etcd-service oof-has-etcd
port: 2379
diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf
deleted file mode 100644
index 98417cd..0000000
--- a/kubernetes/policy/components/policy-gui/resources/config/default.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-server {
-
- listen 2443 default ssl;
- ssl_protocols TLSv1.2;
- {{ if .Values.global.aafEnabled }}
- ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
- ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
- {{ else }}
- ssl_certificate /etc/ssl/clamp.pem;
- ssl_certificate_key /etc/ssl/clamp.key;
- {{ end }}
-
- ssl_verify_client optional_no_ca;
- absolute_redirect off;
-
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- try_files $uri $uri/ =404;
- }
-
- location /clamp/restservices/clds/ {
- proxy_pass https://policy-clamp-be:8443/restservices/clds/;
- proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
- }
-
- location = /50x.html {
- root /var/lib/nginx/html;
- }
- error_page 500 502 503 504 /50x.html;
- error_log /var/log/nginx/error.log warn;
-}
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
index b67fa27..a155715 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -62,6 +62,20 @@
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+{{- else }}
+ command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ - name: CLAMP_URL
+ value: https://policy-clamp-be:8443
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -81,9 +95,6 @@
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
- - mountPath: /etc/nginx/conf.d/default.conf
- name: {{ include "common.fullname" . }}-config
- subPath: default.conf
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -99,9 +110,6 @@
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- items:
- - key: default.conf
- path: default.conf
- name: logs
emptyDir: {}
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 6ee7715..aa2b9d3 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,36 +26,46 @@
aafEnabled: true
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+#################################################################
# AAF part
#################################################################
certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "clamp.key"
- clamp_pem: "clamp.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
nameOverride: policy-gui-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
+ cadi_longitude: "0.0"
credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
aaf_add_config: >
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
subChartsOnly:
enabled: true
@@ -63,7 +73,7 @@
flavor: small
# application image
-image: onap/policy-gui:2.2.0
+image: onap/policy-gui:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -71,7 +81,7 @@
# log configuration
log:
- path: /var/log/nginx/
+ path: /var/log/onap/policy/gui
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index d76e002..63d266b 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -1,7 +1,6 @@
#!/bin/bash
set -eo pipefail
-shopt -s nullglob
# logging functions
mysql_log() {
diff --git a/kubernetes/sdc/components/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml
index f899d58..968a09c 100644
--- a/kubernetes/sdc/components/sdc-fe/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml
@@ -42,9 +42,6 @@
- port: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
targetPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.service.type "NodePort" -}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{ end }}
{{ if (include "common.needTLS" .) }}
- port: {{ .Values.service.internalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index a2502a9..6267da9 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -112,7 +112,6 @@
type: NodePort
name: sdc-fe
portName: http
- nodePort: "06"
internalPort: 8181
externalPort: 8181
nodePort2: "07"
diff --git a/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml
new file mode 100644
index 0000000..2653c67
--- /dev/null
+++ b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ .Values.kafkaStrimziAdminUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.saslMechanism }}
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: group
+ name: onap-group
+ operation: Read
\ No newline at end of file
diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml
index a94879b..5f1e730 100644
--- a/kubernetes/strimzi/templates/strimzi-kafka.yaml
+++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml
@@ -57,16 +57,18 @@
authorization:
type: simple
superUsers:
- - {{ include "common.release" . }}-{{ .Values.kafkaStrimziAdminUser }}
+ - {{ .Values.kafkaStrimziAdminUser }}
template:
pod:
securityContext:
runAsUser: 0
fsGroup: 0
config:
+ default.replication.factor: {{ .Values.replicaCount }}
+ min.insync.replicas: {{ .Values.replicaCount }}
offsets.topic.replication.factor: {{ .Values.replicaCount }}
transaction.state.log.replication.factor: {{ .Values.replicaCount }}
- transaction.state.log.min.isr: 2
+ transaction.state.log.min.isr: {{ .Values.replicaCount }}
log.message.format.version: "3.0"
inter.broker.protocol.version: "3.0"
storage: