Merge "update appc image"
diff --git a/kubernetes/common/etcd/.helmignore b/kubernetes/common/etcd/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/kubernetes/common/etcd/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/common/etcd/Chart.yaml b/kubernetes/common/etcd/Chart.yaml
new file mode 100644
index 0000000..31a8ad5
--- /dev/null
+++ b/kubernetes/common/etcd/Chart.yaml
@@ -0,0 +1,23 @@
+# Copyright © 2019 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: etcd
+home: https://github.com/coreos/etcd
+version: 4.0.0
+appVersion: 2.2.5
+description: Distributed reliable key-value store for the most critical data of a
+ distributed system.
+-icon: https://raw.githubusercontent.com/coreos/etcd/master/logos/etcd-horizontal-color.png
+sources:
+- https://github.com/coreos/etcd
diff --git a/kubernetes/common/etcd/requirements.yaml b/kubernetes/common/etcd/requirements.yaml
new file mode 100644
index 0000000..0ddbcbe
--- /dev/null
+++ b/kubernetes/common/etcd/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+dependencies:
+ - name: common
+ version: ~4.x-0
+ repository: '@local'
diff --git a/kubernetes/common/etcd/templates/pv.yaml b/kubernetes/common/etcd/templates/pv.yaml
new file mode 100644
index 0000000..eeaa645
--- /dev/null
+++ b/kubernetes/common/etcd/templates/pv.yaml
@@ -0,0 +1,40 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ if .Values.persistence.enabled }}
+{{- $root := . -}}
+{{ range $i, $e := until (int $root.Values.replicaCount) }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }}
+ namespace: {{ $root.Release.Namespace }}
+ labels:
+ type: {{ $root.Values.persistence.storageType }}
+ app: {{ $root.Values.service.name }}
+ chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
+ release: {{ $root.Release.Name }}
+ heritage: {{ $root.Release.Service }}
+spec:
+ capacity:
+ storage: {{ $root.Values.persistence.size }}
+ accessModes:
+ - {{ $root.Values.persistence.accessMode }}
+ hostPath:
+ path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }}
+ persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{ end }}
+
diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml
new file mode 100644
index 0000000..692faa9
--- /dev/null
+++ b/kubernetes/common/etcd/templates/service.yaml
@@ -0,0 +1,37 @@
+# Copyright 2019 Intel Corporation Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+metadata:
+ name: {{ include "common.servicename" . }}
+ labels:
+ heritage: "{{ .Release.Service }}"
+ release: "{{ .Release.Name }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: {{ include "common.name" . }}
+spec:
+ ports:
+ - name: {{ .Values.service.peerPortName }}
+ port: {{ .Values.service.peerInternalPort }}
+ - name: {{ .Values.service.clientPortName }}
+ port: {{ .Values.service.clientInternalPort }}
+ clusterIP: None
+ selector:
+ app: {{ include "common.name" . }}
+ release: "{{ .Release.Name }}"
+
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
new file mode 100644
index 0000000..ccc6b69
--- /dev/null
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -0,0 +1,244 @@
+# Copyright © 2019 Intel Corporation Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1beta1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.servicename" . }}
+ labels:
+ heritage: "{{ .Release.Service }}"
+ release: "{{ .Release.Name }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: {{ template "common.name" . }}
+spec:
+ serviceName: {{ include "common.servicename" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ heritage: "{{ .Release.Service }}"
+ release: "{{ .Release.Name }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: {{ include "common.name" . }}
+ spec:
+{{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+{{- end }}
+{{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.tolerations }}
+ tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+ containers:
+ - name: {{ include "common.servicename" . }}
+ image: "{{ .Values.repository }}/{{ .Values.image }}"
+ imagePullPolicy: "{{ .Values.pullPolicy }}"
+ ports:
+ - containerPort: {{ .Values.service.peerInternalPort }}
+ name: {{ .Values.service.peerPortName }}
+ - containerPort: {{ .Values.service.clientInternalPort }}
+ name: {{ .Values.service.clientPortName }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ exec:
+ command: ["/bin/sh", "-c", "etcdctl cluster-health | grep -w healthy" ]
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ readinessProbe:
+ exec:
+ command: ["/bin/sh", "-c", "etcdctl cluster-health | grep -w healthy" ]
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ env:
+ - name: INITIAL_CLUSTER_SIZE
+ value: {{ .Values.replicaCount | quote }}
+ - name: SET_NAME
+ value: {{ include "common.servicename" . }}
+{{- if .Values.extraEnv }}
+{{ toYaml .Values.extraEnv | indent 8 }}
+{{- end }}
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - "/bin/sh"
+ - "-ec"
+ - |
+ EPS=""
+ for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do
+ EPS="${EPS}${EPS:+,}http://${SET_NAME}-${i}.${SET_NAME}:2379"
+ done
+
+ HOSTNAME=$(hostname)
+
+ member_hash() {
+ etcdctl member list | grep http://${HOSTNAME}.${SET_NAME}:2380 | cut -d':' -f1 | cut -d'[' -f1
+ }
+
+ SET_ID=${HOSTNAME##*[^0-9]}
+
+ if [ "${SET_ID}" -ge ${INITIAL_CLUSTER_SIZE} ]; then
+ echo "Removing ${HOSTNAME} from etcd cluster"
+ ETCDCTL_ENDPOINT=${EPS} etcdctl member remove $(member_hash)
+ if [ $? -eq 0 ]; then
+ # Remove everything otherwise the cluster will no longer scale-up
+ rm -rf /var/run/etcd/*
+ fi
+ fi
+ command:
+ - "/bin/sh"
+ - "-ec"
+ - |
+ HOSTNAME=$(hostname)
+
+ # store member id into PVC for later member replacement
+ collect_member() {
+ while ! etcdctl member list &>/dev/null; do sleep 1; done
+ etcdctl member list | grep http://${HOSTNAME}.${SET_NAME}:2380 | cut -d':' -f1 | cut -d'[' -f1 > /var/run/etcd/member_id
+ exit 0
+ }
+
+ eps() {
+ EPS=""
+ for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do
+ EPS="${EPS}${EPS:+,}http://${SET_NAME}-${i}.${SET_NAME}:2379"
+ done
+ echo ${EPS}
+ }
+
+ member_hash() {
+ etcdctl member list | grep http://${HOSTNAME}.${SET_NAME}:2380 | cut -d':' -f1 | cut -d'[' -f1
+ }
+
+ # we should wait for other pods to be up before trying to join
+ # otherwise we got "no such host" errors when trying to resolve other members
+ for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do
+ while true; do
+ echo "Waiting for ${SET_NAME}-${i}.${SET_NAME} to come up"
+ ping -W 1 -c 1 ${SET_NAME}-${i}.${SET_NAME} > /dev/null && break
+ sleep 1s
+ done
+ done
+
+ # re-joining after failure?
+ if [ -e /var/run/etcd/default.etcd ]; then
+ echo "Re-joining etcd member"
+ member_id=$(cat /var/run/etcd/member_id)
+
+ # re-join member
+ ETCDCTL_ENDPOINT=$(eps) etcdctl member update ${member_id} http://${HOSTNAME}.${SET_NAME}:2380 | true
+ exec etcd --name ${HOSTNAME} \
+ --listen-peer-urls http://0.0.0.0:2380 \
+ --listen-client-urls http://0.0.0.0:2379\
+ --advertise-client-urls http://${HOSTNAME}.${SET_NAME}:2379 \
+ --data-dir /var/run/etcd/default.etcd
+ fi
+
+ # etcd-SET_ID
+ SET_ID=${HOSTNAME##*[^0-9]}
+
+ # adding a new member to existing cluster (assuming all initial pods are available)
+ if [ "${SET_ID}" -ge ${INITIAL_CLUSTER_SIZE} ]; then
+ export ETCDCTL_ENDPOINT=$(eps)
+
+ # member already added?
+ MEMBER_HASH=$(member_hash)
+ if [ -n "${MEMBER_HASH}" ]; then
+ # the member hash exists but for some reason etcd failed
+ # as the datadir has not be created, we can remove the member
+ # and retrieve new hash
+ etcdctl member remove ${MEMBER_HASH}
+ fi
+
+ echo "Adding new member"
+ etcdctl member add ${HOSTNAME} http://${HOSTNAME}.${SET_NAME}:2380 | grep "^ETCD_" > /var/run/etcd/new_member_envs
+
+ if [ $? -ne 0 ]; then
+ echo "Exiting"
+ rm -f /var/run/etcd/new_member_envs
+ exit 1
+ fi
+
+ cat /var/run/etcd/new_member_envs
+ source /var/run/etcd/new_member_envs
+
+ collect_member &
+
+ exec etcd --name ${HOSTNAME} \
+ --listen-peer-urls http://0.0.0.0:2380 \
+ --listen-client-urls http://0.0.0.0:2379 \
+ --advertise-client-urls http://${HOSTNAME}.${SET_NAME}:2379 \
+ --data-dir /var/run/etcd/default.etcd \
+ --initial-advertise-peer-urls http://${HOSTNAME}.${SET_NAME}:2380 \
+ --initial-cluster ${ETCD_INITIAL_CLUSTER} \
+ --initial-cluster-state ${ETCD_INITIAL_CLUSTER_STATE}
+ fi
+
+ PEERS=""
+ for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do
+ PEERS="${PEERS}${PEERS:+,}${SET_NAME}-${i}=http://${SET_NAME}-${i}.${SET_NAME}:2380"
+ done
+
+ collect_member &
+
+ # join member
+ exec etcd --name ${HOSTNAME} \
+ --initial-advertise-peer-urls http://${HOSTNAME}.${SET_NAME}:2380 \
+ --listen-peer-urls http://0.0.0.0:2380 \
+ --listen-client-urls http://0.0.0.0:2379 \
+ --advertise-client-urls http://${HOSTNAME}.${SET_NAME}:2379 \
+ --initial-cluster-token etcd-cluster-1 \
+ --initial-cluster ${PEERS} \
+ --initial-cluster-state new \
+ --data-dir /var/run/etcd/default.etcd
+ volumeMounts:
+ - name: {{ include "common.servicename" . }}-datadir
+ mountPath: /var/run/etcd
+ {{- if .Values.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ include "common.servicename" . }}-data
+ spec:
+ accessModes:
+ - "{{ .Values.persistence.accessMode }}"
+ resources:
+ requests:
+ # upstream recommended max is 700M
+ storage: "{{ .Values.persistence.storage }}"
+ {{- if .Values.persistence.storageClass }}
+ {{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+ {{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+ {{- end }}
+ {{- end }}
+ {{- else }}
+ volumes:
+ - name: {{ include "common.servicename" . }}-datadir
+ {{- if .Values.memoryMode }}
+ emptyDir:
+ medium: Memory
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- end }}
+
diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml
new file mode 100644
index 0000000..a999b0c
--- /dev/null
+++ b/kubernetes/common/etcd/values.yaml
@@ -0,0 +1,86 @@
+# Copyright © 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+#repository: etcd
+repository: "k8s.gcr.io"
+image: "etcd-amd64:2.2.5"
+pullPolicy: Always
+
+# default number of instances in the StatefulSet
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 90
+ periodSeconds: 10
+ timeoutSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 90
+ periodSeconds: 10
+
+persistence:
+ enabled: false
+ ## etcd data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ storageClass: "-"
+ accessMode: "ReadWriteOnce"
+ storage: "1Gi"
+ mountPath: /dockerdata-nfs
+ mountSubPath: k8s-etcd
+
+## This is only available when persistentVolume is false:
+## If persistentVolume is not enabled, one can choose to use memory mode for ETCD by setting memoryMode to "true".
+## The system will create a volume with "medium: Memory"
+memoryMode: false
+
+service:
+ name: k8s-etcd
+ peerInternalPort: 2380
+ peerPortName: etcd-server
+ clientInternalPort : 2379
+ clientPortName: etcd-client
+
+## Node labels and tolerations for pod assignment
+## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
+nodeSelector: {}
+tolerations: []
+affinity: {}
+extraEnv: []
+resources: {}
+
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/aaf/org.onap.dmaap-bc.props b/kubernetes/dmaap/components/dmaap-bc/resources/aaf/org.onap.dmaap-bc.props
new file mode 100644
index 0000000..3c29073
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/aaf/org.onap.dmaap-bc.props
@@ -0,0 +1,15 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# by root
+# on 2019-03-22T17:37:33.690+0000
+# @copyright 2016, AT&T
+############################################################
+aaf_env=DEV
+aaf_id=dmaap-bc@dmaap-bc.onap.org
+aaf_locate_url={{ .Values.aafLocateUrl }}
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
+cadi_etc_dir=/opt/app/osaaf/local
+cadi_latitude=38.000
+cadi_longitude=-72.000
+cadi_prop_files=/opt/app/osaaf/local/org.onap.dmaap-bc.location.props:/opt/app/osaaf/local/org.onap.dmaap-bc.cred.props
+cm_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
index 1066c94..8ca07a3 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
@@ -51,3 +51,16 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/dcaeLocations/*.json").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/aaf/*").AsConfig . | indent 2 }}
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
index fb31454..fffd4db 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
@@ -97,6 +97,9 @@
# since there may be more than one file in each mountPath
- name: {{ include "common.name" . }}-config
mountPath: /opt/app/config/conf/
+ - name: {{ include "common.name" . }}-aaf-config
+ mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props
+ subPath: org.onap.dmaap-bc.props
resources:
{{ include "common.resources" . | indent 12 }}
@@ -115,5 +118,8 @@
- name: {{ include "common.name" . }}-config
configMap:
name: {{ include "common.fullname" . }}-config
+ - name: {{ include "common.name" . }}-aaf-config
+ configMap:
+ name: {{ include "common.fullname" . }}-aaf-config
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml
index 6b97414..171ac45 100644
--- a/kubernetes/dmaap/components/dmaap-bc/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml
@@ -35,11 +35,13 @@
# application configuration
dmaapMessageRouterService: message-router
+
# change the following value to point to Windriver instance maintained
# by AAF team.
# e.g.
#aafURL: https://aaf-onap-test.osaaf.org:8095/proxy/
aafURL: https://aaf-service:8100/
+aafLocateUrl: https://aaf-locate:8095
topicMgrUser: dmaap-bc@dmaap-bc.onap.org
topicMgrPwd: demo123456!
adminUser: aaf_admin@people.osaaf.org
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
index b720701..c935ce4 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
@@ -30,11 +30,11 @@
{{if eq .Values.config.dmaapDrNode.servicetype "NodePort" -}}
- port: {{.Values.config.dmaapDrNode.externalPort}}
targetPort: {{.Values.config.dmaapDrNode.internalPort}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{.Values.config.dmaapDrNode.nodePort}}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort}}
name: {{.Values.config.dmaapDrNode.name}}
- port: {{.Values.config.dmaapDrNode.externalPort2}}
targetPort: {{.Values.config.dmaapDrNode.internalPort2}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{.Values.config.dmaapDrNode.nodePort2}}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort2}}
name: {{.Values.config.dmaapDrNode.name}}2
{{- else -}}
- port: {{.Values.config.dmaapDrNode.externalPort}}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 3b1532f..154018a 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -16,6 +16,7 @@
# Global configuration defaults.
#################################################################
global:
+ nodePortPrefixExt: 304
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
@@ -96,7 +97,7 @@
config:
# dr node server configuration
dmaapDrNode:
- servicetype: ClusterIP
+ servicetype: NodePort
name: dmaap-dr-node
externalPort: 8080
externalPort2: 8443
@@ -104,6 +105,8 @@
internalPort2: 8443
portName: dr-node-port
portName2: dr-node-port2
+ nodePort: 93
+ nodePort2: 94
# dr provisioning server configuration
dmaapDrProv:
diff --git a/kubernetes/multicloud/Makefile b/kubernetes/multicloud/Makefile
new file mode 100644
index 0000000..fde2990
--- /dev/null
+++ b/kubernetes/multicloud/Makefile
@@ -0,0 +1,18 @@
+# Copyright 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+make-multicloud: make-multicloud-k8s
+
+make-multicloud-k8s:
+ cd charts && helm dep up multicloud-k8s && helm lint multicloud-k8s
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/Chart.yaml b/kubernetes/multicloud/charts/multicloud-k8s/Chart.yaml
new file mode 100644
index 0000000..5a73ee3
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-k8s/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Multicloud Kubernetes Plugin
+name: multicloud-k8s
+version: 4.0.0
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/requirements.yaml b/kubernetes/multicloud/charts/multicloud-k8s/requirements.yaml
new file mode 100644
index 0000000..566af50
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-k8s/requirements.yaml
@@ -0,0 +1,25 @@
+# Copyright 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~4.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: mongo
+ version: ~4.x-0
+ repository: '@local'
+
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/k8sconfig.json b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/k8sconfig.json
new file mode 100644
index 0000000..e451421
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/k8sconfig.json
@@ -0,0 +1,10 @@
+{
+ "ca-file": "/opt/multicloud/k8splugin/certs/root_ca.cer",
+ "server-cert": "/opt/multicloud/k8splugin/certs/multicloud-k8s.pub",
+ "server-key": "/opt/multicloud/k8splugin/certs/multicloud-k8s.pr",
+ "password": "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==",
+
+ "database-type": "mongo",
+ "database-address": "multicloud-k8s-mongo",
+ "plugin-dir": "/opt/multicloud/k8splugin/plugins"
+}
\ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-k8s/templates/configmap.yaml
new file mode 100644
index 0000000..c9d55fe
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-k8s/templates/configmap.yaml
@@ -0,0 +1,28 @@
+{{/*
+# Copyright 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-k8s/templates/deployment.yaml
new file mode 100644
index 0000000..846a751
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-k8s/templates/deployment.yaml
@@ -0,0 +1,80 @@
+{{/*
+# Copyright 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ containers:
+ - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}
+ command: ["/opt/multicloud/k8splugin/k8plugin"]
+ workingDir: /opt/multicloud/k8splugin
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/multicloud/k8splugin/k8sconfig.json
+ name: {{ include "common.name" .}}
+ subPath: k8sconfig.json
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name : {{ include "common.name" . }}
+ configMap:
+ name: {{ include "common.fullname" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-k8s/templates/service.yaml
new file mode 100644
index 0000000..eaf9f4d
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-k8s/templates/service.yaml
@@ -0,0 +1,52 @@
+{{/*
+# Copyright 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "multicloud-k8s",
+ "version": "v1",
+ "url": "/",
+ "protocol": "REST",
+ "port": "{{ .Values.service.externalPort }}",
+ "visualRange": "1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.PortName }}
+ {{if eq .Values.service.type "NodePort" -}}
+ port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ protocol: TCP
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/values.yaml b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml
new file mode 100644
index 0000000..15aade5
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-k8s/values.yaml
@@ -0,0 +1,108 @@
+# Copyright 2019 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ persistence: {}
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/multicloud/k8s:0.1.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration is via config files
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+
+service:
+ type: ClusterIP
+ name: multicloud-k8s
+ portName: multicloud-k8s
+ internalPort: 9015
+ externalPort: 9015
+ nodePort: 98
+
+#Mongo chart overrides for k8splugin
+mongo:
+ nameOverride: multicloud-k8s-mongo
+ service:
+ name: multicloud-k8s-mongo
+ internalPort: 27017
+ nfsprovisionerPrefix: multicloud-k8s
+ sdnctlPrefix: multicloud-k8s
+ persistence:
+ mountSubPath: multicloud-k8s/mongo/data
+ enabled: true
+ disableNfsProvisioner: true
+
+
+# No persistence right now as we rely on Mongo to handle that
+persistence:
+ enabled: false
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 1Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: multicloud-k8s/data
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+flavor: large
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {}
diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/common_config.yaml
new file mode 100644
index 0000000..03972a7
--- /dev/null
+++ b/kubernetes/oof/resources/config/common_config.yaml
@@ -0,0 +1,82 @@
+osdf_system:
+ libpath: /opt/app/osdf/libs
+ osdf_ports:
+ internal: 8699 # inside the Docker container, the app listens to this port
+ external: 8698 # clients use this port on DockerHost
+ osdf_ip_default: 0.0.0.0
+# # Important Note: At deployment time, we need to ensure the port mapping is done
+ ssl_context: ['/opt/app/ssl_cert/org.onap.oof.crt', '/opt/app/ssl_cert/org.onap.oof.key']
+
+osdf_temp: # special configuration required for "workarounds" or testing
+ local_policies:
+ global_disabled: True
+ local_placement_policies_enabled: True
+ placement_policy_dir_vcpe: "./test/policy-local-files/"
+ placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components)
+ - Affinity_vCPE_1.json
+ #- Capacity_vGMuxInfra.json
+ #- Capacity_vG_1.json
+ - Distance_vG_1.json
+ - Distance_vGMuxInfra_1.json
+ - hpa_policy_vG_1.json
+ - hpa_policy_vGMuxInfra_1.json
+ - Placement_Optimization_1.json
+ - QueryPolicy_vCPE.json
+ - vnfPolicy_vG.json
+ - vnfPolicy_vGMuxInfra.json
+ placement_policy_dir_vfw: "./test/policy-local-files/"
+ placement_policy_files_vfw: # workaroud for policy platform glitches (or "work-arounds" for other components)
+ #- Capacity_vFW_1.json
+ - Distance_vFW_1.json
+ - hpa_policy_vFW_1.json
+ - Placement_Optimization_1.json
+ - QueryPolicy_vFW.json
+ - vnfPolicy_vFW.json
+ placement_policy_dir_vfw_td: "./test/policy-local-files/"
+ placement_policy_files_vfw_td:
+ - vnfPolicy_vFW_TD.json
+ - vnfPolicy_vPGN_TD.json
+ - affinity_vFW_TD.json
+ - QueryPolicy_vFW_TD.json
+service_info:
+ vCPE:
+ vcpeHostName: requestParameters.vcpeHostName
+ e2eVpnKey: requestParameters.e2eVpnKey
+ vFW:
+ vcpeHostName: requestParameters.vcpeHostName
+ e2eVpnKey: requestParameters.e2eVpnKey
+
+references:
+ service_name:
+ source: request
+ value: serviceInfo.serviceName
+ subscriber_role:
+ source: SubscriberPolicy
+ value: content.properties.subscriberRole
+
+policy_info:
+ prioritization_attributes:
+ policy_type:
+ - content.policyType
+ resources:
+ - content.resources
+ - content.objectiveParameter.parameterAttributes.resources
+ service_name:
+ - content.serviceName
+
+ placement:
+ policy_fetch: by_scope
+ policy_scope:
+ default_scope: OSDF_CASABLANCA
+ vcpe_scope: OSDF_CASABLANCA
+ vfw_scope: OSDF_DUBLIN
+ secondary_scopes:
+ -
+ - get_param: service_name
+ - US
+ # -
+ # - get_param: service_name
+ # - get_param: subscriber_role
+ default: # if no explicit service related information is needed
+ policy_fetch: by_name
+ policy_scope: none
diff --git a/kubernetes/oof/resources/config/org.onap.oof.crt b/kubernetes/oof/resources/config/org.onap.oof.crt
new file mode 100644
index 0000000..224d393
--- /dev/null
+++ b/kubernetes/oof/resources/config/org.onap.oof.crt
@@ -0,0 +1,86 @@
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIIfDQFJU4qiGIwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
+bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUwOTAzMzYxN1oXDTIwMDUwOTAzMzYxN1ow
+fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI
+hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T
+QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAIVFAR2i+qXd4hYeiXiTgoTyHeZQt0ndSq1aJ/tsiPEz
+cH3/egq2nYGzC9zccDip8Vyd8uP54hw6OD8ulgssuxrRUppR0TcNp7TPzNIYbnOI
+hjxU4XHCUQbhH4lt8+KVZDGCeWuDOTKXMZ2ZDj/WUcHXJA+2XDpUY6Gdg4K8+Mgu
+CIOzqTkLl0Nz1a0FopZkSjf8nF0R1hf7XtbQorywLz7RL++nEh1a+vDkmVcSmLyW
+fhI2uteuRFg3v9Y+Ebkp37QZ4oTpAjSyUKbvKuE0dhRvoTSRmjIxKFxiGrQBrMyJ
+S3eQJR6USuRhxk2fZx9jTTPiVS5QotoTOO0C2xw9sBsCAwEAAaOCAUgwggFEMAkG
+A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w
+LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH
+MB0GA1UdDgQWBBSaLxp34n5RCgXcMF4JKn+Z+HqMRTCBjwYDVR0RBIGHMIGEghtv
+b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku
+c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m
+LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi5vbmFwMA0GCSqGSIb3DQEBCwUA
+A4IBAQBarLs2rX/Av0CevlVcvGi73CsvBCtS18jz4Bj/cxuIDZzEHXtOoUmJ8FrI
+9sG2cyZlqCBcND67VJfXsd34amhORnAwzzOjZGWgqvNfP9ayT/Ai1IAeBC0q33vu
+h7v7wgV/cbZ+uNeU6ubN47JaW0pw6q7IBIhbTtnmBC+JmM0MLXt/zdU+/mbHEq7N
+X+1AHDfM7VTzGrDTLt9DEX2tpBlj7l46Xp6UXWlbXUk2cHVzhNrhdgGDPHVs1MRT
+ts3PvNAKyo1zHBRRS0asLVSes0Fge1O6x4RD5vbvFQxhawZsrvS2RRrLiCJNoMP3
+BiU0GD9vLvQy2SB+xBER57WuBsas
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
+-----END CERTIFICATE-----
+
+
diff --git a/kubernetes/oof/resources/config/org.onap.oof.key b/kubernetes/oof/resources/config/org.onap.oof.key
new file mode 100644
index 0000000..a261fda
--- /dev/null
+++ b/kubernetes/oof/resources/config/org.onap.oof.key
@@ -0,0 +1,29 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCFRQEdovql3eIW
+Hol4k4KE8h3mULdJ3UqtWif7bIjxM3B9/3oKtp2Bswvc3HA4qfFcnfLj+eIcOjg/
+LpYLLLsa0VKaUdE3Dae0z8zSGG5ziIY8VOFxwlEG4R+JbfPilWQxgnlrgzkylzGd
+mQ4/1lHB1yQPtlw6VGOhnYOCvPjILgiDs6k5C5dDc9WtBaKWZEo3/JxdEdYX+17W
+0KK8sC8+0S/vpxIdWvrw5JlXEpi8ln4SNrrXrkRYN7/WPhG5Kd+0GeKE6QI0slCm
+7yrhNHYUb6E0kZoyMShcYhq0AazMiUt3kCUelErkYcZNn2cfY00z4lUuUKLaEzjt
+AtscPbAbAgMBAAECggEAUSSNpFzaXel2Qd9/9kFiQ84jNFtK7hdl45y0IVqZGrsm
+MCFATouX5SN+ApDZZzbZ9XlaLUK1UFiGbLnRs6Ydmht/PuS4DNwsk2O+ouErRv8G
+NG++AIS+zwB9MjEXQIuTQK3fff2c8tep5voM+gNlLi/vDf4Ls5w0OW/tZcnndAHp
+qpepSMd29gIwi9nViCD11k32UdQ7oAb7pB+RXleol1181945reuuvzIqfGamvfhl
+TXdGO3GT7bSiy0q2iFGiAeEBfCNqYs3ptJrDrUSiPD7CZOybUFxGfI8lnrW/yvya
+FrwIZuOkLdnCDssXsFzWz08NJ8sr2/HZZBgl9nbFoQKBgQDHVwq244eyUtNalRvZ
+HPiRewSwp4A1pYBzk5DmcYLgKrXUlukYy7pKr8VoH899iWVPzWKqNkHavV2KvcSr
+4dyNnEytAKiBqcb4piAzajgWG+m27WvITDF2zJhzx+91E1tngtyjKNzAHWG57A/W
+S3H4Cm2eidXe6lKURL0RJ4QLcQKBgQCrJlnyPCf3qfcHkXW/EYlzmJMDSasgLEBl
+/dthVZ8QRshooyzJTCckN2PXO+mbuarwmnjtb8ZS/PzPSZ7cAKfZOHgzWOPM5I45
+n0axJmrSZ+dUz270q8R1sVfqd0/jH4LjwuCQMKZmN+UpTijA2hKVWUCxcML7KtXT
+QP3TQSy2SwKBgDlPgxsVy3uvaGiQmhMPyz84WR7Y6XmC/a087dnzJKeCYAig4p9o
+Y0T5yA2pp6P2DpSk/grl0oUrEGvFJ3grVZe5KipLGCc/Qp9WU8e0cC+bEtSu6eAK
+V+ZJ6ELRZr0INa1K6FhYdS8ew2wKvHrl8fxYMy/zfPO79sX+BUWbUNFhAoGAK5FQ
+tkw/9FjM7J1HtwLU1ZtSWTTongEFx7DOpsFwA2mxXImlPfznvd1nygOTXTPvYt4/
+yFl6x+dkx7O6/9Ae6jnox1Fqc97+oYZ9LV1VNgiDJ+DCIwCSu08QzTvgFzYPUMFr
+/uiTg1PZPyGJWEZrEp+syz6kM+HcmrFhq+RcaG8CgYEAtgHnJWL3v9r1jTP1YLRm
+C7tXJ5a/xs3+KuM6vmSpAwkDvV50RK07ypGZqWsG2ewjUqxpAOeoiMn0dRRGP324
+yNCXUWjTVFbzdtzOQuOZVnEeje3K8xHUS3kv9zm1TgMbCRJgvc1THXhderiBShOK
+ATP2Y7+WNByxs+TXGI//cFQ=
+-----END PRIVATE KEY-----
+
diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml
index fea3d90..4dd3097 100755
--- a/kubernetes/oof/resources/config/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/osdf_config.yaml
@@ -60,7 +60,7 @@
osdfCMSchedulerPassword: {{ .Values.config.osdfCMSchedulerPassword }}
is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
-aaf_cache_expiry_hrs: {{ .Values.config.aaf_cache_expiry_hrs }}
+aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
aaf_url: {{ .Values.config.aaf_url }}
aaf_user_roles:
{{- range .Values.config.aaf_user_roles }}
diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml
index d4558b7..3c5306e 100644
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/kubernetes/oof/templates/deployment.yaml
@@ -95,6 +95,15 @@
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
name: {{ include "common.fullname" . }}-config
subPath: aaf_root_ca.cer
+ - mountPath: /opt/app/ssl_cert/org.onap.oof.crt
+ name: {{ include "common.fullname" . }}-config
+ subPath: org.onap.oof.crt
+ - mountPath: /opt/app/ssl_cert/org.onap.oof.key
+ name: {{ include "common.fullname" . }}-config
+ subPath: org.onap.oof.key
+ - mountPath: /opt/osdf/config/common_config.yaml
+ name: {{ include "common.fullname" . }}-config
+ subPath: common_config.yaml
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -118,5 +127,11 @@
path: osdf_config.yaml
- key: aaf_root_ca.cer
path: aaf_root_ca.cer
+ - key: common_config.yaml
+ path: common_config.yaml
+ - key: org.onap.oof.crt
+ path: org.onap.oof.crt
+ - key: org.onap.oof.key
+ path: org.onap.oof.key
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index 06c190c..5099091 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -49,7 +49,7 @@
soUsername: "" # SO username for call back.
soPassword: "" # SO password for call back.
# Url and credentials for Conductor.
- conductorUrl: http://oof-has-api:8091/v1/plans/
+ conductorUrl: https://oof-has-api:8091/v1/plans/
conductorUsername: admin1
conductorPassword: plan.15
conductorPingWaitTime: 60
@@ -87,10 +87,11 @@
osdfCMSchedulerPassword: testpwd1
#AAF Authentication
is_aaf_enabled: False
- aaf_cache_expiry_hrs: 3
+ aaf_cache_expiry_mins: 5
aaf_url: https://aaf-service:8100
aaf_user_roles:
- - '/api/oof/v1/placement:org.onap.osdf.access|*|read ALL'
+ - '/placement:org.onap.oof.access|*|read ALL'
+ - '/pci:org.onap.oof.access|*|read ALL'
# Secret Management Service from AAF
aaf_sms_url: https://aaf-sms
aaf_sms_port: 10443
diff --git a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py
index 453af83..0370bbc 100644
--- a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py
@@ -120,11 +120,14 @@
GLOBAL_MUSIC_SERVER_PROTOCOL = "http"
GLOBAL_MUSIC_SERVER_PORT = "8080"
# oof global info - everything is from the private oam network (also called onap private network)
-GLOBAL_OOF_SERVER_PROTOCOL = "http"
+GLOBAL_OOF_SERVER_PROTOCOL = "https"
# oof-homing info - everything is from the private oam network (also called onap private network)
GLOBAL_OOF_HOMING_SERVER_PORT = "8091"
# oof-sniro info - everything is from the private oam network (also called onap private network)
GLOBAL_OOF_SNIRO_SERVER_PORT = "8698"
+#oof user
+GLOBAL_OOF_OSDF_USERNAME="{{ .Values.oofUsername }}"
+GLOBAL_OOF_OSDF_PASSWORD="{{ .Values.oofPassword }}"
# oof cmso global info - everything is from the private oam network (also called onap private network)
GLOBAL_OOF_CMSO_PROTOCOL = "https"
GLOBAL_OOF_CMSO_SERVER_PORT = "8080"
diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
index 6a73d5b..4c65c5b 100755
--- a/kubernetes/robot/values.yaml
+++ b/kubernetes/robot/values.yaml
@@ -151,6 +151,12 @@
kafkaJaasUsername: "admin"
kafkaJaasPassword: "admin_secret"
+#OOF
+oofUsername: "oof@oof.onap.org"
+oofPassword: "demo123456!"
+cmsoUsername: "oof@oof.onap.org"
+cmsoPassword: "demo123456!"
+
# default number of instances
replicaCount: 1