Merge "[PLATFORM] Add Keycloak ONAP REALM import"
diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
index a49543c..90a2061 100644
--- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
+++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
@@ -60,9 +60,17 @@
# enable all component's Ingress interfaces
enable_all: false
# default Ingress base URL
- # can be overwritten in component by setting ingress.baseurlOverride
+ # All http requests via ingress will be redirected
virtualhost:
+ # Default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
baseurl: "simpledemo.onap.org"
+ # prefix for baseaddr
+ # can be overwritten in component by setting ingress.preaddrOverride
+ preaddr: ""
+ # postfix for baseaddr
+ # can be overwritten in component by setting ingress.postaddrOverride
+ postaddr: ""
# All http requests via ingress will be redirected on Ingress controller
# only valid for Istio Gateway (ServiceMesh enabled)
config:
@@ -101,6 +109,10 @@
- enable_all: true → enables Ingress configuration in each component
- virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components,
resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride
+- virtualhost.preaddr: "pre-" → sets globally a prefix for the Application name for all Interfaces set by the components,
+ resulting in e.g. "pre-aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.preaddrOverride
+- virtualhost.postaddr: "-post" → sets globally a postfix for the Application name for all Interfaces set by the components,
+ resulting in e.g. "aai-api-post.simpledemo.onap.org", can be overwritten in the component via: ingress.postaddrOverride
- config.ssl: redirect → sets in the Ingress globally the redirection of all Interfaces from http (port 80) to https (port 443)
- config.tls.secret: "..." → (optional) overrides the default selfsigned SSL certificate with a certificate stored in the specified secret
- namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate
diff --git a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
index 5f81a36..b424c65 100644
--- a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
+++ b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
@@ -128,7 +128,7 @@
<recommended-istio-version> with the version defined in
the :ref:`versions_table` table::
- > helm upgrade -i istio-ingressgateway istio/gateway -n istio-ingress
+ > helm upgrade -i istio-ingress istio/gateway -n istio-ingress
--version <recommended-istio-version> --wait
Kiali Installation
diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
index 11d7501..8b3f19f 100644
--- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl
+++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
@@ -104,6 +104,10 @@
image: {{ include "repositoryGenerator.image.dbcClient" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
env:
+ - name: PROTO
+ value: "http"
+ - name: PORT
+ value: "8080"
- name: RESP_CACHE
value: /opt/app/config/cache
- name: REQUESTID
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index d8a9447..7065338 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -23,45 +23,87 @@
{{- define "ingress.config.host" -}}
{{- $dot := default . .dot -}}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}}
+{{- $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}}
+{{- $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}}
+{{- $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}}
{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
{{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
-{{ printf "%s.%s" $baseaddr $burl }}
+{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }}
{{- end -}}
{{/*
- Helper function to add the tls route
+ Istio Helper function to add the tls route
*/}}
-{{- define "ingress.config.tls" -}}
+{{- define "istio.config.tls_simple" -}}
{{- $dot := default . .dot -}}
-{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+ tls:
{{- if $dot.Values.global.ingress.config }}
-{{- if $dot.Values.global.ingress.config.ssl }}
-{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+{{- if $dot.Values.global.ingress.config.tls }}
+ credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+ mode: SIMPLE
+{{- end -}}
+
+{{/*
+ Istio Helper function to add the tls route
+*/}}
+{{- define "istio.config.tls" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- if $service.exposedPort }}
+{{- if $service.exposedProtocol }}
+{{- if eq $service.exposedProtocol "TLS" }}
+ {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.ssl }}
+{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
tls:
httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
- tls:
-{{- if $dot.Values.global.ingress.config }}
-{{- if $dot.Values.global.ingress.config.tls }}
- credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
-{{- else }}
- credentialName: "ingress-tls-secret"
-{{- end }}
-{{- else }}
- credentialName: "ingress-tls-secret"
-{{- end }}
- mode: SIMPLE
+ {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
hosts:
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
+ Istio Helper function to add the external port of the service
+*/}}
+{{- define "istio.config.port" -}}
+{{- $dot := default . .dot -}}
+{{- if .exposedPort }}
+ number: {{ .exposedPort }}
+{{- if .exposedProtocol }}
+ name: {{ .baseaddr }}
+ protocol: {{ .exposedProtocol }}
+{{- else }}
+ name: http
+ protocol: HTTP
+{{- end -}}
+{{- else }}
+ number: 80
+ name: http
+ protocol: HTTP
+{{- end -}}
+{{- end -}}
+
+{{/*
Helper function to add the route to the service
*/}}
{{- define "ingress.config.port" -}}
@@ -88,7 +130,7 @@
{{- end -}}
{{/*
- Helper function to add the route to the service
+ Istio Helper function to add the route to the service
*/}}
{{- define "istio.config.route" -}}
{{- $dot := default . .dot -}}
@@ -196,15 +238,13 @@
name: {{ $baseaddr }}-gateway
spec:
selector:
- istio: ingressgateway # use Istio default gateway implementation
+ istio: ingress # use Istio default gateway implementation
servers:
- port:
- number: 80
- name: http
- protocol: HTTP
+ {{- include "istio.config.port" . }}
hosts:
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }}
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index bfa5637..dcf85fe 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -89,7 +89,7 @@
polBasicAuthPassword: zb!XztG34
polUrl:
https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
- http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
+ http: http://policy-xacml-pdp:6969/policy/pdpx/v1/decision
polEnv: TEST
polReqId: xx
disableHostVerification: true
@@ -98,7 +98,7 @@
aaiAuth: QUFJOkFBSQ==
aaiUri:
https: https://aai:8443/aai/v14/
- http: http://aai:8080/aai/v14/
+ http: http://aai:80/aai/v14/
# default number of instances
replicaCount: 1
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index aa6159c..5d886aa 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -40,7 +40,7 @@
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
readinessImage: onap/oom/readiness:3.0.1
dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
- dbcClientImage: onap/dmaap/dbc-client:2.0.10
+ dbcClientImage: onap/dmaap/dbc-client:2.0.11
quitQuitImage: onap/oom/readiness:4.1.0
# Default credentials
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index cbe02a1..d990e4d 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
@@ -69,7 +69,7 @@
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# CMPv2 certificate
# It is used only when:
@@ -97,7 +97,6 @@
readinessCheck:
wait_for:
containers:
- - aaf-cm
- dmaap-bc
- dmaap-provisioning-job
- message-router
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
index 0198a7d..83acd54 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
@@ -1,6 +1,6 @@
# ================================ LICENSE_START =============================
# ============================================================================
-# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021-2023 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2022 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -57,7 +57,7 @@
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.heartbeat:2.5.0
+image: onap/org.onap.dcaegen2.services.heartbeat:2.6.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
index 59fda72..502a6a8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
@@ -27,9 +27,6 @@
- name: common
version: ~12.x-0
repository: '@local'
- - name: readinessCheck
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index da3f473..f788ab0 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -59,7 +59,7 @@
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
secrets:
- uid: hv-ves-kafka-secret
@@ -94,11 +94,6 @@
key: password
create: true
-# dependencies
-readinessCheck:
- wait_for:
- - aaf-cm
-
# probe configuration
readiness:
type: exec
@@ -136,7 +131,7 @@
server.idleTimeoutSec: 300
server.listenPort: 6061
cbs.requestIntervalSec: 5
- security.sslDisable: false
+ security.sslDisable: true
security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks
security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass
security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index a2479b6..5cdd5db 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -135,11 +135,11 @@
aaf_identity: ""
aaf_password: ""
pm-mapper-filter: "{ \"filters\":[] }"
- key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
- key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
+ #key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
+ #key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
- dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
+ dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete
streams_publishes:
dmaap_publisher:
type: message_router
@@ -160,6 +160,11 @@
location: san-francisco
delivery_url: http://dcae-pm-mapper:8081/delivery
+applicationEnv:
+ #CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ #Temporary Dummy CBS Port Value until internal SDK library is updated
+ CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
+
# DataRouter Feed Configuration
drFeedConfig:
- feedName: bulk_pm_feed
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
index d9fd33f..dcbedf4 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
@@ -132,12 +132,14 @@
collector.rcc.inputQueue.maxPending: '8096'
tomcat.maxthreads: '200'
collector.rcc.service.port: '8080'
- collector.rcc.service.secure.port: '8687'
- collector.rcc.keystore.file.location: /opt/app/dcae-certificate/cert.jks
- collector.rcc.keystore.passwordfile: /opt/app/dcae-certificate/jks.pass
- collector.rcc.keystore.alias: dynamically generated
- collector.rcc.truststore.file.location: /opt/app/dcae-certificate/trust.jks
- collector.rcc.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass
+ # Disabling of secure port not working (DCAEGEN2-3336)
+ collector.rcc.service.secure.port: '0'
+ #collector.rcc.service.secure.port: '8687'
+ #collector.rcc.keystore.file.location: /opt/app/dcae-certificate/cert.jks
+ #collector.rcc.keystore.passwordfile: /opt/app/dcae-certificate/jks.pass
+ #collector.rcc.keystore.alias: dynamically generated
+ #collector.rcc.truststore.file.location: /opt/app/dcae-certificate/trust.jks
+ #collector.rcc.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass
#collector.keystore.file.location: /opt/app/dcae-certificate/external/cert.jks
#collector.keystore.passwordfile: /opt/app/dcae-certificate/external/jks.pass
collector.header.authflag: '0'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index e0b2b12..9e9750a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -59,7 +59,7 @@
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: true
+tlsServer: false
# CMPv2 certificate
# It is used only when:
@@ -86,7 +86,6 @@
# dependencies
readinessCheck:
wait_for:
- - aaf-cm
- message-router
# probe configuration
@@ -141,7 +140,7 @@
collector.service.port: "8080"
collector.service.secure.port: "8443"
event.transform.flag: "0"
- auth.method: "certBasicAuth"
+ auth.method: "noAuth"
header.authlist: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
services_calls: []
streams_publishes:
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
index 4f1f184..d2f73e6 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
@@ -51,7 +51,7 @@
port: *svc_port
externalServices:
- sdc_be_https: "sdc-be:8443"
+ sdc_be_https: "sdc-be:8080"
schemaMap:
filename: "schema-map.json"
@@ -103,7 +103,7 @@
eventDomainPath: /event/structure/commonEventHeader/structure/domain/value
eventSchemaReferencePath: /event/structure/stndDefinedFields/structure/schemaReference/value
distribution:
- sdcAddress: ${SDC_ADDRESS:sdc-be.onap:30204}
+ sdcAddress: ${SDC_ADDRESS:sdc-be.onap:8080}
user: dcae
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
pollingInterval: 20
diff --git a/kubernetes/dmaap/components/dmaap-bc/Chart.yaml b/kubernetes/dmaap/components/dmaap-bc/Chart.yaml
index 66f93cd..a15c2cf 100644
--- a/kubernetes/dmaap/components/dmaap-bc/Chart.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/Chart.yaml
@@ -1,7 +1,7 @@
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs,Bell Canada
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,16 +24,16 @@
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: postgres
version: ~12.x-0
repository: '@local'
- condition: PG.enabled
+ condition: postgres.enabled
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-bc/README.md b/kubernetes/dmaap/components/dmaap-bc/README.md
deleted file mode 100644
index a611547..0000000
--- a/kubernetes/dmaap/components/dmaap-bc/README.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Helm Chart for ONAP DMaaP Applications
-
-ONAP includes the following Kubernetes services available in ONAP Beijing Release (more expected in future):
-
-1) message-router - a message bus for applications
-2) dmaap-prov - an API to provision DMaaP resources
-
-# Service Dependencies
-
-message-router depends on AAF
-dmaap-prov depends on AAF and Postgresql.
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
index 2b2ea41..00c1fe8 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env
@@ -16,4 +16,3 @@
# Environment settings for starting a container
DMAAPBC_WAIT_TO_EXIT=Y
-DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
index d464428..e13098b 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties
@@ -13,55 +13,50 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
-
#####################################################
#
# Hooks for specific environment configurations
#
#####################################################
# Indicator for whether to use AAF for authentication
-UseAAF: {{ .Values.global.aafEnabled }}
+UseAAF: false
-# Stub out southbound calls for Unit Test cases to run. e.g. not timeout
-# Comment out in other environments to get default (No)
-#UnitTest: Yes
+#####################################################
+#
+# HTTP Server Configuration
+#
+#####################################################
+# Allow http access to dbcapi
+HttpAllowed: true
+
+# listen to http port within this container (server)
+IntHttpPort: 8080
+
+# listen to https port within this container (server)
+# set to 0 if no certificates are available.
+IntHttpsPort: 0
#####################################################
#
# Settings for Southbound API: Datarouter
#
#####################################################
-
# URI to retrieve dynamic DR configuration
ProvisioningURI: /internal/prov
# indicator for handling feed delete:
# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments.
-Feed.deleteHandling: SimulateDelete
-
-###########################################################
-# The following properties default to match ONAP DR instance.
-# However, there are some non-ONAP DR instances that require other values.
-# Sets the X-DR-ON-BEHALF-OF HTTP Header value
-#DR.onBehalfHeader:
-# Value for the Content-Type Header in DR Feed API
-#DR.feedContentType:
-# Value for the Content-Type Header in DR Subscription API
-#DR.subContentType:
-#
-# END OF properties helpful for non-ONAP DR instance.
-############################################################
+Feed.deleteHandling: DeleteOnDR
#####################################################
#
# Settings for Soutbound API: Postgresql
#
#####################################################
-# flag indicates if we are using postgresql
-UsePGSQL: {{ .Values.PG.enabled }}
+# flag indicates if we are using postgresql or an in memory db
+UsePGSQL: {{ .Values.usePostgres }}
# postgres host name
# Need to connect to PG primary service, designated by service.name2
@@ -69,14 +64,12 @@
# postgres schema name
#DB.schema: {{ .Values.postgres.config.pgDatabase }}
-
# postgres user name
DB.user: ${PG_USER}
# postgres user password
DB.cred: ${PG_PASSWORD}
-
#####################################################
#
# Settings for Soutbound API: Message Router
@@ -88,8 +81,7 @@
MR.multisite: false
# FQDN of primary message router.
-# In ONAP Casablanca, there is only 1 message router service, so use that.
-# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
+# In ONAP, there is only 1 message router service, so use that.
MR.CentralCname: {{ .Values.dmaapMessageRouterService }}
# Indicator for whether we want hostname verification on SSL connection to MR
@@ -101,117 +93,19 @@
# 2 = delete from persistent store (DB) and authorization store (AAF)
MR.ClientDeleteLevel: 1
-# namespace of MR Topic Factory
-MR.TopicFactoryNS: org.onap.dmaap.mr.topicFactory
-
-# AAF Role assigned to Topic Manager Identity
-MR.TopicMgrRole: org.onap.dmaap-bc-topic-mgr.client
-
-# MR topic ProjectID (used in certain topic name generation formats)
-MR.projectID: mr
-
# Use Basic Authentication when provisioning topics
-MR.authentication: basicAuth
+MR.authentication: none
-# MR topic name style (default is FQTN_LEGACY_FORMAT)
-#MR.topicStyle: FQTN_LEGACY_FORMAT
+ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll
#
# end of MR Related Properties
################################################################################
-
-#####################################################
-#
-# Settings for Southbound API: CADI
-#
-#####################################################
-# path to cadi.properties
-cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
-
-#####################################################
-#
-# Settings for Southbound API: AAF proxy
-#
-#####################################################
-# URL of the AAF server
-aaf.URL: {{ .Values.aafURL }}
-
-# TopicMgr Identity
-aaf.TopicMgrUser: {{ .Values.topicMgrUser }}
-
-# Password for TopicMgr identity
-aaf.TopicMgrPassword: {{ .Values.topicMgrPwd }}
-
-# Buscontroller Admin Identity
-aaf.AdminUser: {{ .Values.adminUser }}
-
-# Admin Password
-aaf.AdminPassword: {{ .Values.adminPwd }}
-
-# Identity that is owner of any created namespaces for topics
-aaf.NsOwnerIdentity: {{ .Values.adminUser }}
-
-
-# this overrides the Class used for Decryption.
-# This allows for a plugin encryption/decryption method if needed.
-# Call this Class for decryption at runtime.
-#AafDecryption.Class: com.company.proprietaryDecryptor
-
-# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
-# Not used in ONAP, but possibly used with Decryption override class.
-#CredentialCodeKeyfile: etc/LocalKey
-
-#
-# endof AAF Properties
-####################################################
-
-
-#####################################################
-#
-# Settings for authorization of DBCAPI
-#
-#####################################################
-# Namespace for URI values for the API used to create AAF permissions
-# e.g. if ApiNamespace is X.Y.dmaapbc.api then for URI /mr_clients we create AAF perm X.Y.dmaapbc.api.mr_clients
-ApiNamespace: org.onap.dmaap-bc.api
-
-# If API authorization is required, then implement a class to enforce it.
-# This overrides the Class used for API permission check.
-ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll
-
-#####################################################
-#
-# Settings for Southbound API: MirrorMaker provisioning
-#
-#####################################################
-# AAF Role of client publishing MM prov cmds
-MM.ProvRole: org.onap.dmaap-bc-mm-prov.prov
-
-# AAF identity when publishing MM prov cmds
-MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org
-
-# pwd for Identity used to publish MM prov cmds
-MM.ProvUserPwd: demo123456!
-
-# AAF Role of MirrorMaker agent subscribed to prov cmds.
-MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent
-
#####################################################
#
# Certificate Management
#
#####################################################
-
-# Indicates how we are expecting certificates to be provided:
-# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
-# legacy (default) - artifacts will be installed manually or some other way and details will be in this file
-CertificateManagement: cadi
-
-# When CertificateManagement is cadi, then this is where all the cadi properties will be.
-# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
-cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
-
-###########################################################################################
# When CertificateManagement is legacy, we need to provide more details about cert handling:
#CertificateManagement: legacy
# the type of keystore for https (for legacy CertificateManagment only)
@@ -235,43 +129,4 @@
#TrustStorePassword: changeit
#
# END OF legacy CertificateManagement properties
-###########################################################################################
-
-
-#####################################################
-#
-# HTTP Server Configuration
-#
-#####################################################
-
-# Allow http access to dbcapi
-HttpAllowed: true
-
-# listen to http port within this container (server)
-IntHttpPort: 8080
-
-# listen to https port within this container (server)
-# set to 0 if no certificates are available.
-IntHttpsPort: 8443
-
-
-
-inHttpsPort: 0
-
-#####################################################
-#
-# Deprecated
-#
-#####################################################
-# csit: stubs out some southbound APIs for csit (deprecated)
-#csit: No
-# name of this DMaaP instance (deprecated)
-#DmaapName: demo
-# external port number for https taking port mapping into account (deprecated)
-#ExtHttpsPort: 443
-# path to the file used to trigger an orderly shutdown (deprecated)
-#QuiesceFile: etc/SHUTDOWN
-# FQDN of DR Prov Server (deprecated)
-#DR.provhost: dcae-drps.domain.not.set
-# root of topic namespace (decrecated)
-#topicNsRoot: org.onap.dcae.dmaap
+##########################################################################################
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json b/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json
index ca1e740..6e8e15e 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/dcaeLocations/san-francisco.json
@@ -1,5 +1,4 @@
{
-
"dcaeLayer": "kubernetes-central",
"dcaeLocationName": "san-francisco"
}
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json b/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json
index 23b111c..b2295af 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/dmaap/onap.json
@@ -1,10 +1,6 @@
{
-{{ if eq .Values.fixedTopicNamespace true }}
- "dmaapName": "mr",
-{{- else -}}
"dmaapName": "{{ include "common.namespace" . }}",
-{{- end}}
- "drProvUrl": "https://dmaap-dr-prov",
+ "drProvUrl": "http://{{ .Values.dmaapDataRouterProvService }}:8080",
"version": "1",
"topicNsRoot": "org.onap.dmaap",
"bridgeAdminTopic": "DCAE_MM_AGENT"
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json b/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json
new file mode 100644
index 0000000..d446f7f
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/feeds/test_feed.json
@@ -0,0 +1,7 @@
+{
+ "feedName": "dmaapbc-test-feed",
+ "feedVersion": "1.0",
+ "feedDescription": "test provisioning feed",
+ "asprClassification": "unclassified",
+ "owner": "dmaapbc"
+}
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml b/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml
new file mode 100644
index 0000000..a827b09
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/log/logback.xml
@@ -0,0 +1,346 @@
+
+<!--
+ ============LICENSE_START==========================================
+ org.onap.dmaap
+ ===================================================================
+ Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+ ===================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END============================================
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+-->
+
+<configuration scan="false" scanPeriod="3 seconds">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+ <property name="logDir" value="logs" />
+ <!-- specify the component name -->
+ <property name="componentName" value="ONAP"/>
+
+ <!-- log file names -->
+ <property name="generalLogName" value="application" />
+ <property name="securityLogName" value="security" />
+ <property name="performanceLogName" value="performance" />
+ <property name="serverLogName" value="server" />
+ <property name="policyLogName" value="policy" />
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="defaultPattern" value="%date{ISO8601,UTC}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}|%msg%n" />
+
+ <property name="auditLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" />
+ <property name="metricsLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n" />
+ <property name="errorLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n" />
+ <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}|%thread|%msg%n" />
+
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+
+
+ <appender name="EELF"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELF" />
+ </appender>
+
+ <!-- EELF Security Appender. This appender is used to record security events
+ to the security log file. Security events are separate from other loggers
+ in EELF so that security log records can be captured and managed in a secure
+ way separate from the other logs. This appender is set to never discard any
+ events. -->
+ <appender name="EELFSecurity"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${securityLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="EELFSecurity" />
+ </appender>
+
+ <!-- EELF Performance Appender. This appender is used to record performance
+ records. -->
+ <appender name="EELFPerformance"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${performanceLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFPerformance" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFPerformance" />
+ </appender>
+
+ <!-- EELF Server Appender. This appender is used to record Server related
+ logging events. The Server logger and appender are specializations of the
+ EELF application root logger and appender. This can be used to segregate Server
+ events from other components, or it can be eliminated to record these events
+ as part of the application root log. -->
+ <appender name="EELFServer"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${serverLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFServer" />
+ </appender>
+
+
+ <!-- EELF Policy Appender. This appender is used to record Policy engine
+ related logging events. The Policy logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <appender name="EELFPolicy"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${policyLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFPolicy" />
+ </appender>
+
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${auditLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+<appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${metricsLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFError"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${errorLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFError"/>
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>50MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${debugLoggerPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ </logger>
+ <logger name="com.att.eelf.security" level="info" additivity="false">
+ <appender-ref ref="asyncEELFSecurity" />
+ </logger>
+ <logger name="com.att.eelf.perf" level="info" additivity="false">
+ <appender-ref ref="asyncEELFPerformance" />
+ </logger>
+ <logger name="com.att.eelf.server" level="info" additivity="false">
+ <appender-ref ref="asyncEELFServer" />
+ </logger>
+ <logger name="com.att.eelf.policy" level="info" additivity="false">
+ <appender-ref ref="asyncEELFPolicy" />
+ </logger>
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+
+ <logger name="com.att.eelf.error" level="error" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+
+ <logger name="com.att.eelf.debug" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+
+ <root level="ERROR">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json b/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json
index 9e732d2..05c8983 100644
--- a/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/mr_clusters/san-francisco.json
@@ -1,6 +1,6 @@
{
"dcaeLocationName": "san-francisco",
- "fqdn": "message-router",
+ "fqdn": "{{ .Values.dmaapMessageRouterService }}",
"topicProtocol": "http",
"topicPort": "3904"
}
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json
deleted file mode 100644
index 34197b9..0000000
--- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_READY.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
- "topicName": "PNF_READY",
- "topicDescription": "This topic will be used to publish the PNF_READY events generated by the PNF REgistration Handler service in the DCAE platform.",
- "owner": "PNFRegistrationHandler",
- "tnxEnabled": false,
- "clients": [
- {
- "dcaeLocationName": "san-francisco",
- "clientRole": "org.onap.dmaap.mr.PNF_READY.pub",
- "action": [
- "pub",
- "view"
- ]
-
- }
- ]
-}
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json
deleted file mode 100644
index e732579..0000000
--- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/PNF_REGISTRATION.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
- "topicName": "PNF_REGISTRATION",
- "topicDescription": "the VES collector will be publishing pnfRegistration events in this topic",
- "owner": "VEScollector",
- "tnxEnabled": false,
- "clients": [
- {
- "dcaeLocationName": "san-francisco",
- "clientRole": "org.onap.dmaap.mr.PNF_REGISTRATION.sub",
- "action": [
- "sub",
- "view"
- ]
-
- }
- ]
-}
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json
deleted file mode 100644
index fb2c54e..0000000
--- a/kubernetes/dmaap/components/dmaap-bc/resources/topics/mirrormakeragent.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
- "topicName": "mirrormakeragent",
- "topicDescription": "the topic used to provision the MM agent whitelist",
- "replicationCase": "REPLICATION_NONE",
- "owner": "dmaap",
- "tnxEnabled": false,
- "partitionCount": "1",
- "clients": [
- {
- "dcaeLocationName": "san-francisco",
- "clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org",
- "action": [
- "pub",
- "sub",
- "view"
- ]
- },
- {
- "dcaeLocationName": "san-francisco",
- "clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org",
- "action": [
- "pub",
- "sub",
- "view"
- ]
- },
- {
- "dcaeLocationName": "san-francisco",
- "clientIdentity": "demo@people.osaaf.org",
- "action": [
- "pub",
- "sub",
- "view"
- ]
- }
- ]
-}
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json b/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json
new file mode 100644
index 0000000..6570ea5
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-bc/resources/topics/test_topic.json
@@ -0,0 +1,13 @@
+{
+ "topicName": "dmaapbc-test-topic",
+ "topicDescription": "test provisioning topic",
+ "owner": "dmaapbc",
+ "clients": [{
+ "dcaeLocationName": "san-francisco",
+ "clientRole": "org.onap.dmaap.mr.test.pub",
+ "action": [
+ "pub",
+ "view"
+ ]}
+ ]
+}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt
deleted file mode 100644
index 050853c..0000000
--- a/kubernetes/dmaap/components/dmaap-bc/templates/NOTES.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}-prov)
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
index b7c52df..0dd75f3 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml
@@ -18,13 +18,16 @@
apiVersion: v1
kind: ConfigMap
metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/log/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
name: {{ include "common.fullname" . }}-config
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
---
@@ -33,11 +36,6 @@
metadata:
name: {{ include "common.fullname" . }}-dbc-dmaap
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/dmaap/*.json").AsConfig . | indent 2 }}
---
@@ -46,11 +44,6 @@
metadata:
name: {{ include "common.fullname" . }}-dbc-dcaelocations
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/dcaeLocations/*.json").AsConfig . | indent 2 }}
---
@@ -59,11 +52,6 @@
metadata:
name: {{ include "common.fullname" . }}-dr-nodes
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }}
---
@@ -72,11 +60,6 @@
metadata:
name: {{ include "common.fullname" . }}-feeds
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }}
---
@@ -85,11 +68,6 @@
metadata:
name: {{ include "common.fullname" . }}-mr-clusters
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/mr_clusters/*.json").AsConfig . | indent 2 }}
---
@@ -98,10 +76,5 @@
metadata:
name: {{ include "common.fullname" . }}-topics
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
index a0c3154..e7887cc 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
@@ -24,68 +24,44 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
-{{- if .Values.PG.enabled }}
- initContainers:
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ {{- if .Values.usePostgres }}
- command:
- sh
args:
- -c
- "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: PG_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
- - name: PG_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
volumeMounts:
- - mountPath: /config-input
- name: {{ include "common.name" . }}-config-input
- - mountPath: /config
- name: {{ include "common.name" . }}-config
+ - mountPath: /config-input
+ name: {{ include "common.name" . }}-config-input
+ - mountPath: /config
+ name: {{ include "common.name" . }}-config
+ name: {{ include "common.name" . }}-update-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | nindent 6 }}
-{{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-permission-fixer
- securityContext:
- runAsUser: 0
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- command: ["chown","-Rf","1000:1001", "/opt/app/"]
-# See AAF-425 for explanation of why this is needed.
-# This artifact is provisioned in AAF for both pks12 and jks format and apparently
-# the cadi library is not using the jks password on the jks keystore.
-# So, this attempts to "fix" the credential property file until this is fixed properly.
- - name: {{ include "common.name" . }}-cred-fixer
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- command: ["/bin/sh"]
- args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
-{{- end }}
- - name: {{ include "common.name" . }}-postgres-readiness
- securityContext:
- runAsUser: 100
- runAsGroup: 65533
- command:
+ - command:
- /app/ready.py
args:
- --container-name
- {{ .Values.postgres.nameOverride }}
- - --container-name
- - message-router
- - --container-name
- - dmaap-dr-node
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 65533
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ name: {{ include "common.name" . }}-postgres-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- end }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -96,7 +72,6 @@
httpGet:
port: {{ .Values.liveness.port }}
path: /webapi/topics
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
@@ -104,18 +79,19 @@
httpGet:
port: {{ .Values.readiness.port }}
path: /webapi/topics
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
-# NOTE: on the following several configMaps, careful to include / at end
-# since there may be more than one file in each mountPath
- name: {{ include "common.name" . }}-config
mountPath: /opt/app/config/conf/
- resources: {{ include "common.resources" . | nindent 12 }}
+ - mountPath: /opt/app/dmaapbc/etc/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ resources:
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
@@ -123,15 +99,24 @@
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ {{- if .Values.usePostgres }}
- name: {{ include "common.name" . }}-config-input
configMap:
name: {{ include "common.fullname" . }}-config
- name: {{ include "common.name" . }}-config
emptyDir:
medium: Memory
+ {{- else }}
+ - name: {{ include "common.name" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-config
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml
index ab6f573..0f6c8f9 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml
@@ -1,3 +1,22 @@
+{{/*
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2022 Nordix Foundation
+ # ============================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # ============LICENSE_END=====================================================
+*/}}
apiVersion: batch/v1
kind: Job
metadata:
@@ -18,7 +37,7 @@
- /app/ready.py
args:
- --container-name
- - dmaap-bc
+ - {{ include "common.name" . }}
env:
- name: NAMESPACE
valueFrom:
@@ -27,17 +46,15 @@
fieldPath: metadata.namespace
containers:
- name: dmaap-provisioning-job
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.clientImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbcClientImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DELAY
value: "0"
- {{- if or (include "common.onServiceMesh" .) .Values.global.allow_http }}
- name: PROTO
value: "http"
- name: PORT
value: "8080"
- {{ end }}
- name: REQUESTID
value: "{{.Chart.Name}}-dmaap-provisioning"
volumeMounts:
@@ -59,7 +76,8 @@
mountPath: /opt/app/config/mr_clusters/
- name: {{ include "common.fullname" . }}-topics
mountPath: /opt/app/config/topics/
- resources: {{ include "common.resources" . | nindent 10 }}
+ resources:
+{{ include "common.resources" . }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml
index 8f87c68..a90bf83 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/ingress.yaml
@@ -1 +1,18 @@
+{{/*
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml
index 7074e4d..b7a31c0 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml
@@ -1,4 +1,3 @@
-
# Modifications Copyright © 2019 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml
index 911fee8..1e23424 100644
--- a/kubernetes/dmaap/components/dmaap-bc/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml
@@ -17,8 +17,11 @@
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
+ persistence: {}
+#################################################################
+# Secrets metaconfig
+#################################################################
secrets:
- uid: pg-root-pass
name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass'
@@ -37,89 +40,64 @@
#################################################################
# Application configuration defaults.
#################################################################
+# application images
+image: onap/dmaap/dmaap-bc:2.0.11
pullPolicy: Always
-# application images
-image: onap/dmaap/dmaap-bc:2.0.10
-
+#DMaaP Bus Controller client image for provisioning at deploy time
+dbcClientImage: onap/dmaap/dbc-client:2.0.11
# application configuration
-dmaapMessageRouterService: message-router
-
-# change the following value to point to Windriver instance maintained
-# by AAF team.
-# e.g.
-#aafURL: https://aaf-onap-test.osaaf.org:8095/proxy/
-aafURL: https://aaf-service:8100/
-aafLocateUrl: https://aaf-locate:8095
-topicMgrUser: dmaap-bc@dmaap-bc.onap.org
-topicMgrPwd: demo123456!
-adminUser: aaf_admin@people.osaaf.org
-adminPwd: demo123456!
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-bc-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-bc
- fqi: dmaap-bc@dmaap-bc.onap.org
- publicFqdn: dmaap-bc.onap.org
- cadiLatitude: 0.0
- cadiLongitude: 0.0
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
-
-persistence:
- aafCredsPath: /opt/app/osaaf/local/
-
-# for Casablanca default deployment, leave this true to
-# get a topic namespace that matches MR. When set to false,
-# it will compose the topic namespace using the kubernetes namespace value
-fixedTopicNamespace: true
-
-# for quicker deployments in dev, ability to disable using postgres
-PG:
- enabled: true
+dmaapMessageRouterService: &mr_name message-router
+dmaapDataRouterProvService: &dr_prov_name dmaap-dr-prov
+dmaapDataRouterNodeService: &dr_node_name dmaap-dr-node
nodeSelector: {}
affinity: {}
+containerPort: &svc_port 8080
+
+service:
+ type: ClusterIP
+ name: &svc_name dmaap-bc
+ ports:
+ - name: &port http
+ port: *svc_port
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dmaap-bc-api"
+ name: *svc_name
+ port: *svc_port
+ config:
+ ssl: "redirect"
+
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- port: api
+ port: *svc_port
enabled: true
readiness:
initialDelaySeconds: 10
periodSeconds: 10
- port: api
+ port: *svc_port
+usePostgres: &use_pg true
-service:
- type: NodePort
- name: dmaap-bc
- ports:
- - name: api
- port: 8443
- plain_port: 8080
- port_protocol: http
- nodePort: 42
-
-
-# application configuration override for postgres
postgres:
- nameOverride: dbc-pg
+# For Dev deployments, use in memory DB
+# postgres
+# enabled: false
+ enabled: true
+ nameOverride: &pg_name dbc-postgres
service:
- name: dbc-postgres
+ name: *pg_name
name2: dbc-pg-primary
name3: dbc-pg-replica
container:
@@ -135,23 +113,9 @@
mountSubPath: dbc/data
mountInitPath: dbc
-ingress:
- enabled: false
- service:
- - baseaddr: "dmaap-bc-api"
- name: "dmaap-bc"
- port: 8443
- plain_port: 8080
- config:
- ssl: "redirect"
-
# Resource Limit flavor -By Default using small
flavor: small
-securityContext:
- user_id: 1000
- group_id: 101
-
# Segregation for Different environment (Small and Large)
resources:
small:
@@ -170,13 +134,21 @@
memory: 2Gi
unlimited: {}
+securityContext:
+ user_id: 1000
+ group_id: 101
+
#Pods Service Account
serviceAccount:
- nameOverride: dmaap-bc
+ nameOverride: *svc_name
roles:
- read
+readinessCheck:
+ wait_for:
+ - *mr_name
+ - *dr_node_name
+
wait_for_job_container:
containers:
- - 'dmaap-provisioning-job'
-
+ - 'dmaap-provisioning-job'
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml b/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml
index c0a3039..57f664a 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml
@@ -29,6 +29,6 @@
- name: serviceAccount
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
deleted file mode 100644
index 6292be2..0000000
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-# dmaap-dr-node filebeat.yml
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
- #If enable will do load balancing among available Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
index 8b8c16c..7d77383 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
@@ -211,7 +211,7 @@
</logger>
- <root level="{{.Values.config.dmaapDrNode.logLevel}}">
+ <root level="{{.Values.logLevel}}">
<appender-ref ref="asyncAudit" />
<appender-ref ref="asyncMetrics" />
<appender-ref ref="asyncDebug" />
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
index 20030a7..21d7c20 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
@@ -28,23 +28,23 @@
#
#ProvisioningURL: ${DRTR_PROV_INTURL}
*/}}
-ProvisioningURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/prov
+ProvisioningURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/prov
#
# URL to upload PUB/DEL/EXP logs
#
#LogUploadURL: ${DRTR_LOG_URL}
-LogUploadURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/logs
+LogUploadURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/logs
#
# The port number for http as seen within the server
#
#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080}
-IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
+IntHttpPort={{ .Values.containerPort }}
#
# The port number for https as seen within the server
#
-IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }}
+IntHttpsPort={{ .Values.containerPort }}
#
# The external port number for https taking port mapping into account
#
@@ -90,6 +90,9 @@
# DR_NODE DEFAULT ENABLED TLS PROTOCOLS
NodeHttpsProtocols = TLSv1.1|TLSv1.2
#
+# AAF CADI enabled flag
+CadiEnabled = false
+#
# AAF type to generate permission string
AAFType = org.onap.dmaap-dr.feed
#
@@ -99,8 +102,8 @@
# AAF action to generate permission string - default should be publish
AAFAction = publish
#
-# AAF CADI enabled flag
-CadiEnabled = false
-#
# AAF Props file path
-AAFPropsFilePath = {{ .Values.certInitializer.credsPath }}/org.onap.dmaap-dr.props
+AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+#
+# https security required for publish request
+TlsEnabled = false
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt
deleted file mode 100644
index 62aeffb..0000000
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
-{{- end }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml
index 597da17..ce64cab 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml
@@ -17,15 +17,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}-node-props
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/node.properties").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
@@ -34,18 +29,3 @@
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-drnodes
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }}
----
-{{ include "common.log.configMap" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml
index 8f87c68..f288af9 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml
@@ -1 +1,21 @@
+{{/*
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2022 Nordix Foundation, Orange.
+ # ============================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # ============LICENSE_END=====================================================
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 69f6fc1..f4167af 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -24,35 +24,18 @@
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
- - name: {{ include "common.name" . }}-readiness
- securityContext:
- runAsUser: 100
- runAsGroup: 65533
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - dmaap-dr-prov
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
- name: {{ include "common.name" . }}-permission-fixer
securityContext:
runAsUser: 0
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: {{ .Values.persistence.spool.path }}
- name: {{ include "common.fullname" . }}-spool
- - mountPath: {{ .Values.persistence.event.path }}
- name: {{ include "common.fullname" . }}-event-logs
command: ["chown","-Rf","1000:1001", "/opt/app/"]
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-spool
+ mountPath: {{ .Values.persistence.spool.path }}
+ - name: {{ include "common.fullname" . }}-event-logs
+ mountPath: {{ .Values.persistence.event.path }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -70,50 +53,44 @@
port: {{.Values.readiness.port}}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: {{ .Values.persistence.spool.path }}
- name: {{ include "common.fullname" . }}-spool
- - mountPath: {{ .Values.persistence.event.path }}
- name: {{ include "common.fullname" . }}-event-logs
- - mountPath: /etc/localtime
- name: localtime
- readOnly: false
- - mountPath: /opt/app/datartr/etc/node.properties
- name: {{ include "common.fullname" . }}-config
- subPath: node.properties
- - mountPath: /opt/app/datartr/etc/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: {{ .Values.global.loggingDirectory }}
- name: logs
- resources: {{ include "common.resources" . | nindent 12 }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.spool.path }}
+ name: {{ include "common.fullname" . }}-spool
+ - mountPath: {{ .Values.persistence.event.path }}
+ name: {{ include "common.fullname" . }}-event-logs
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: false
+ - mountPath: /opt/app/datartr/etc/node.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: node.properties
+ - mountPath: /opt/app/datartr/etc/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ resources:
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
- # Filebeat sidecar container
- {{ include "common.log.sidecar" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: {{ include "common.fullname" . }}-config
configMap:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}-node-props
items:
- key: node.properties
path: node.properties
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{ include "common.log.volumes" . | nindent 8 }}
- - name: logs
- emptyDir: {}
{{- if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-event-logs
emptyDir: {}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 6da3cda..d2f5945 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -16,42 +16,16 @@
# Global configuration defaults.
#################################################################
global:
- loggingDirectory: /var/log/onap/datarouter
persistence: {}
- aafEnabled: true
- centralizedLoggingEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-dr-node-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-dr-node
- fqi: dmaap-dr-node@dmaap-dr.onap.org
- public_fqdn: dmaap-dr.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
+ dmaapDrProvName: dmaap-dr-prov
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.11
+image: onap/dmaap/datarouter-node:2.1.12
pullPolicy: Always
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration - see parent values chart
-
# default number of instances
replicaCount: 1
@@ -59,6 +33,29 @@
affinity: {}
+# application configuration - see parent values chart
+# dr uses the EELF Logging framework https://github.com/att/EELF
+# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+logLevel: "DEBUG"
+
+containerPort: &svc_port 8080
+
+service:
+ type: ClusterIP
+ name: dmaap-dr-node
+ ports:
+ - name: http
+ port: *svc_port
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dmaap-dr-node-api"
+ name: "dmaap-dr-node"
+ port: *svc_port
+ config:
+ ssl: "redirect"
+
# probe configuration parameters
liveness:
initialDelaySeconds: 30
@@ -66,14 +63,14 @@
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
- port: api
+ port: *svc_port
readiness:
initialDelaySeconds: 30
periodSeconds: 10
- port: api
+ port: *svc_port
-## Persist data to a persitent volume
+## Persist data to a persistent volume
persistence:
enabled: true
mountPath: /dockerdata-nfs
@@ -97,28 +94,9 @@
labels:
app.kubernetes.io/component: event-logs
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets: {}
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dmaap-dr-node-api"
- name: "dmaap-dr-node"
- port: 8443
- plain_port: 8080
- config:
- ssl: "redirect"
-
# Resource Limit flavor -By Default using small
flavor: small
-securityContext:
- user_id: 1000
- group_id: 1000
-
# Segregation for Different environment (Small and Large)
resources:
small:
@@ -137,33 +115,16 @@
memory: 2Gi
unlimited: {}
-service:
- type: NodePort
- name: dmaap-dr-node
- useNodePortExt: true
- both_tls_and_plain: true
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
- ports:
- - name: api
- port: 8443
- plain_port: 8080
- port_protocol: http
- nodePort: 94
-
-config:
- # dr node server configuration
- dmaapDrNode:
- # dr uses the EELF Logging framework https://github.com/att/EELF
- # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
- logLevel: "INFO"
-
#Pods Service Account
serviceAccount:
nameOverride: dmaap-dr-node
roles:
- read
-#Log configuration
-log:
- path: /var/log/onap
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for:
+ - dmaap-dr-prov
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml
index 15c6e8b..67c4556 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml
@@ -29,10 +29,10 @@
- name: mariadb-init
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: repositoryGenerator
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
- name: serviceAccount
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml
deleted file mode 100644
index c8a173c..0000000
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/log/filebeat/filebeat.yml
+++ /dev/null
@@ -1,63 +0,0 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-# dmaap-dr-prov filebeat.yml
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- - /opt/app/datartr/logs/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
- #If enable will do load balancing among available Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
index 73446ee..9a3c383 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
@@ -369,15 +369,17 @@
<appender-ref ref="asyncEELFDebug" />
</logger>
+ <logger name="com.att.eelf.server" level="info" additivity="false">
+ <appender-ref ref="asyncEELFServer" />
+ </logger>
+
<!-- logger name="com.att.eelf.security" level="info" additivity="false">
<appender-ref ref="asyncEELFSecurity" />
</logger>
<logger name="com.att.eelf.perf" level="info" additivity="false">
<appender-ref ref="asyncEELFPerformance" />
</logger>
- <logger name="com.att.eelf.server" level="info" additivity="false">
- <appender-ref ref="asyncEELFServer" />
- </logger>
+
<logger name="com.att.eelf.policy" level="info" additivity="false">
<appender-ref ref="asyncEELFPolicy" />
</logger>
@@ -394,15 +396,11 @@
<appender-ref ref="asyncEELFDebug" />
</logger-->
-
-
-
- <root level="{{.Values.config.dmaapDrProv.logLevel}}">
+ <root level="{{.Values.logLevel}}">
<appender-ref ref="asyncEELF" />
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
<appender-ref ref="asyncEELFDebug" />
<appender-ref ref="STDOUT" />
</root>
-
</configuration>
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index 18ab419..a56de3c 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -25,35 +25,20 @@
#Jetty Server properties
-org.onap.dmaap.datarouter.provserver.http.port = {{.Values.config.dmaapDrProv.internalPort}}
-org.onap.dmaap.datarouter.provserver.https.port = {{.Values.config.dmaapDrProv.internalPort2}}
+org.onap.dmaap.datarouter.provserver.http.port = {{ .Values.containerPort }}
org.onap.dmaap.datarouter.provserver.https.relaxation = true
-org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+org.onap.dmaap.datarouter.provserver.tlsenabled = false
+org.onap.dmaap.datarouter.nodeserver.http.port = 8080
org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs
org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool
org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc
org.onap.dmaap.datarouter.provserver.logretention = 30
-#DMAAP-597 (Tech Dept) REST request source IP auth
-# relaxation to accommodate OOM kubernetes deploy
-org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
-
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}}
org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
-# PROV - DEFAULT ENABLED TLS PROTOCOLS
-org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
-
-# AAF config
-org.onap.dmaap.datarouter.provserver.cadi.enabled = false
-
-org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed
-org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub
-org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
-org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
-org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-prov/templates/NOTES.txt
deleted file mode 100644
index 8d29cf9..0000000
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.config.dmaapDrProv.servicetype }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.config.dmaapDrProv.servicetype }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{.Values.config.dmaapDrProv.externalPort}}
-{{- else if contains "ClusterIP" .Values.config.dmaapDrProv.servicetype }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrProv.internalPort}}
-{{- end }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
index 9031cce..1cd5244 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
@@ -36,42 +36,3 @@
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
---
{{ include "common.log.configMap" . }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-feeds
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-drpubs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_pubs/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-drsubs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_subs/*.json").AsConfig . | indent 2 }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index 325ca9f..f44dd7b 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -15,93 +15,48 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
- hostname: {{ .Values.global.dmaapDrProvName }}
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- securityContext:
- runAsUser: 100
- runAsGroup: 65533
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- if .Values.global.aafEnabled }}
-
- {{ include "common.certInitializer.initContainer" . | nindent 8 }}
-
- - name: {{ include "common.name" . }}-permission-fixer
- securityContext:
- runAsUser: 0
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- command: ["chown","-Rf","1000:1001", "/opt/app/"]
-
- {{ end }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.config.dmaapDrProv.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.config.dmaapDrProv.internalPort }}
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: /internal/prov
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
- tcpSocket:
- port: {{ .Values.config.dmaapDrProv.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: /internal/prov
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
env:
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }}
- name: DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: false
- - mountPath: /opt/app/datartr/etc/provserver.properties
- name: {{ include "common.fullname" . }}-config
- subPath: provserver.properties
- - mountPath: /opt/app/datartr/etc/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: {{ .Values.global.loggingDirectory }}
- name: logs
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: false
+ - mountPath: /opt/app/datartr/etc/provserver.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: provserver.properties
+ - mountPath: /opt/app/datartr/etc/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
resources:
{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
@@ -112,10 +67,8 @@
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- # Filebeat sidecar container
- {{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
@@ -128,8 +81,5 @@
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{ include "common.log.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml
index 8f87c68..f288af9 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml
@@ -1 +1,21 @@
+{{/*
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2022 Nordix Foundation, Orange.
+ # ============================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # ============LICENSE_END=====================================================
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
index 1a0143f..306b0f1 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
@@ -14,51 +14,4 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ .Values.global.dmaapDrProvName }}",
- "version": "v1",
- "url": "/",
- "protocol": "REST",
- "port": "{{ .Values.global.dmaapDrProvExtPort2 }}",
- "visualRange":"1"
- }
- ]'
-
-spec:
- type: {{ .Values.config.dmaapDrProv.servicetype }}
- ports:
- {{- if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{ .Values.global.dmaapDrProvExtPort }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort }}
- name: {{ .Values.config.dmaapDrProv.portName }}
- {{- end}}
- - port: {{ .Values.global.dmaapDrProvExtPort2 }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort2 }}
- name: {{ .Values.config.dmaapDrProv.portName }}2
- {{- else -}}
- - port: {{ .Values.global.dmaapDrProvExtPort }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort }}
- name: {{ .Values.config.dmaapDrProv.portName }}
- - port: {{ .Values.global.dmaapDrProvExtPort2 }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }}
- name: {{ .Values.config.dmaapDrProv.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 59b0765..6af498d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -16,10 +16,6 @@
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- loggingDirectory: /opt/app/datartr/logs
- persistence: {}
- centralizedLoggingEnabled: true
mariadbGalera: &mariadbGalera
#This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster
localCluster: false
@@ -42,14 +38,9 @@
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.11
+image: onap/dmaap/datarouter-prov:2.1.12
pullPolicy: Always
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration - see parent values chart
-
# default number of instances
replicaCount: 1
@@ -57,48 +48,46 @@
affinity: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
+containerPort: &svc_port 8080
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- mountPath: /dockerdata-nfs
+service:
+ type: ClusterIP
+ name: dmaap-dr-prov
+ ports:
+ - name: &port http
+ port: *svc_port
ingress:
enabled: false
service:
- baseaddr: "dmaap-dr-prov-api"
name: "dmaap-dr-prov"
- port: 8443
- plain_port: 8080
+ port: *svc_port
config:
ssl: "redirect"
-config:
- # dr provisioning server configuration
- dmaapDrProv:
- servicetype: NodePort
- internalPort: 8080
- internalPort2: 8443
- portName: dr-prov-port
- portName2: dr-prov-port2
- nodePort: 59
- nodePort2: 69
- # dr uses the EELF Logging framework https://github.com/att/EELF
- # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
- logLevel: "INFO"
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job'
+
+# dr uses the EELF Logging framework https://github.com/att/EELF
+# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+logLevel: "DEBUG"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: *svc_port
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ port: *svc_port
# mariadb-galera configuration
mariadb-galera:
@@ -124,30 +113,9 @@
mysqlDatabase: *mysqlDbName
nameOverride: dmaap-dr-mariadb-init
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-dr-prov-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
-# aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-dr-prov
- fqi: dmaap-dr-prov@dmaap-dr.onap.org
- publicFqdn: dmaap-dr.onap.org
- cadiLatitude: 0.0
- cadiLongitude: 0.0
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
-
-
# Resource Limit flavor -By Default using small
flavor: small
-securityContext:
- user_id: 1000
- group_id: 1000
-
# Segregation for Different environment (Small and Large)
resources:
small:
@@ -166,12 +134,13 @@
memory: 2Gi
unlimited: {}
+#Pods Security Context
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
#Pods Service Account
serviceAccount:
nameOverride: dmaap-dr-prov
roles:
- read
-
-#Log configuration
-log:
- path: /var/log/onap
diff --git a/kubernetes/dmaap/components/message-router/Chart.yaml b/kubernetes/dmaap/components/message-router/Chart.yaml
index ba7beaf..c221dff 100644
--- a/kubernetes/dmaap/components/message-router/Chart.yaml
+++ b/kubernetes/dmaap/components/message-router/Chart.yaml
@@ -27,9 +27,6 @@
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
index a9b0a01..2dea84d 100755
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
+++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
@@ -30,7 +30,7 @@
## if you want to change request.required.acks it can take this one value
#kafka.request.required.acks=-1
kafka.metadata.broker.list={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }}
+config.zk.servers=127.0.0.1:{{ .Values.zkTunnelService.internalPort }}
consumer.timeout.ms=100
zookeeper.connection.timeout.ms=6000
zookeeper.session.timeout.ms=20000
@@ -124,26 +124,10 @@
#100mb
maxcontentlength=10000
-
##############################################################################
-#AAF Properties
-msgRtr.namespace.aaf=org.onap.dmaap.mr.topic
-msgRtr.topicfactory.aaf=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
-enforced.topic.name.AAF=org.onap.dmaap.mr
+##AAF Properties
forceAAF=false
useCustomAcls=false
-transidUEBtopicreqd=false
-defaultNSforUEB=org.onap.dmaap.mr
-##############################################################################
-#Mirror Maker Agent
-
-msgRtr.mirrormakeradmin.aaf=org.onap.dmaap.mr.mirrormaker|*|admin
-msgRtr.mirrormakeruser.aaf=org.onap.dmaap.mr.mirrormaker|*|user
-msgRtr.mirrormakeruser.aaf.create=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
-msgRtr.mirrormaker.timeout=15000
-msgRtr.mirrormaker.topic=org.onap.dmaap.mr.mirrormakeragent
-msgRtr.mirrormaker.consumergroup=mmagentserver
-msgRtr.mirrormaker.consumerid=1
kafka.max.poll.interval.ms=300000
kafka.heartbeat.interval.ms=60000
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml
deleted file mode 100644
index 3ee9fc5..0000000
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi
-lowercaseOutputName: true
-lowercaseOutputLabelNames: true
-ssl: false
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/sys-props.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/sys-props.properties
deleted file mode 100644
index cd88565..0000000
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/sys-props.properties
+++ /dev/null
@@ -1,165 +0,0 @@
-###############################################################################
-# ============LICENSE_START=======================================================
-# org.onap.dmaap
-# ================================================================================
-# Copyright (c) 2017-201 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2021 Orange Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-#
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
-#
-###############################################################################
-#This file is used for defining AJSC system properties for different configuration schemes and is necessary for the AJSC to run properly.
-#The sys-props.properties file is used for running locally. The template.sys-props.properties file will be used when deployed
-#to a SOA/CSI Cloud node. For more information,
-
-#AJSC System Properties. The following properties are required for ALL AJSC services. If you are adding System Properties for your
-#particular service, please add them AFTER all AJSC related System Properties.
-
-#For Cadi Authorization, use value="authentication-scheme-1
-CadiAuthN=authentication-scheme-1
-
-#For Basic Authorization, use value="authentication-scheme-1
-authN=authentication-scheme-2
-
-#Persistence used for AJSC meta-data storage. For most environments, "file" should be used.
-ajscPersistence=file
-
-# If using hawtio for local development, these properties will allow for faster server startup and usage for local development
-hawtio.authenticationEnabled=false
-hawtio.config.pullOnStartup=false
-
-#Removes the extraneous restlet console output
-org.restlet.engine.loggerFacadeClass=org.restlet.ext.slf4j.Slf4jLoggerFacade
-
-#server.host property to be enabled for local DME2 related testing
-#server.host=<Your network IP address>
-
-#Enable/disable SSL (values=true/false). This property also determines which protocol to use (https if true, http otherwise), to register services into GRM through DME2.
-enableSSL=false
-
-#Enable/disable csi logging (values=true/false). This can be disabled during local development
-csiEnable=false
-
-#Enable/disable CAET This can be disabled during local development
-isCAETEnable=true
-
-#Enable/disable EJB Container
-ENABLE_EJB=false
-
-#Enable/disable OSGI
-isOSGIEnable=false
-
-#Configure JMS Queue (WMQ/TIBCO)
-JMS_BROKER=WMQ
-
-#Generate/Skip api docs
-isApiDoc=false
-
-
-#WMQ connectivity
-JMS_WMQ_PROVIDER_URL=aftdsc://AFTUAT/34.07/-84.28
-JMS_WMQ_CONNECTION_FACTORY_NAME=aftdsc://AFTUAT/?service=CSILOG,version=1.0,bindingType=fusionBus,envContext=Q,Q30A=YES
-JMS_WMQ_INITIAL_CONNECTION_FACTORY_NAME=com.att.aft.jms.FusionCtxFactory
-JMS_WMQ_AUDIT_DESTINATION_NAME=queue:///CSILOGQL.M2E.DASHBOARD01.NOT.Q30A
-JMS_WMQ_PERF_DESTINATION_NAME=queue:///CSILOGQL.M2E.PERFORMANCE01.NOT.Q30A
-
-#CSI related variables for CSM framework
-csm.hostname=d1a-m2e-q112m2e1.edc.cingular.net
-
-#Enable/disable endpoint level logging (values=true/false). This can be disabled during local development
-endpointLogging=false
-
-#Enable/disable trail logging and trail logging summary
-enableTrailLogging=false
-enableTrailLoggingSummary=false
-
-#SOA_CLOUD_ENV is used to register your service with dme2 and can be turned off for local development (values=true/false).
-SOA_CLOUD_ENV=false
-
-#CONTINUE_ON_LISTENER_EXCEPTION will exit the application if there is a DME2 exception at the time of registration.
-CONTINUE_ON_LISTENER_EXCEPTION=false
-
-#Jetty Container ThreadCount Configuration Variables
-AJSC_JETTY_ThreadCount_MIN=1
-AJSC_JETTY_ThreadCount_MAX=200
-AJSC_JETTY_IDLETIME_MAX=3000
-
-#Camel Context level default threadPool Profile configuration
-CAMEL_POOL_SIZE=10
-CAMEL_MAX_POOL_SIZE=20
-CAMEL_KEEP_ALIVE_TIME=60
-CAMEL_MAX_QUEUE_SIZE=1000
-
-#File Monitor configurations
-ssf_filemonitor_polling_interval=5
-ssf_filemonitor_threadpool_size=10
-
-#GRM/DME2 System Properties
-AFT_DME2_CONN_IDLE_TIMEOUTMS=5000
-AJSC_ENV=SOACLOUD
-
-SOACLOUD_NAMESPACE=org.onap.dmaap.dev
-SOACLOUD_ENV_CONTEXT=TEST
-SOACLOUD_PROTOCOL=http
-SOACLOUD_ROUTE_OFFER=DEFAULT
-
-AFT_LATITUDE=23.4
-AFT_LONGITUDE=33.6
-AFT_ENVIRONMENT=AFTUAT
-
-#Restlet Component Default Properties
-RESTLET_COMPONENT_CONTROLLER_DAEMON=true
-RESTLET_COMPONENT_CONTROLLER_SLEEP_TIME_MS=100
-RESTLET_COMPONENT_INBOUND_BUFFER_SIZE=8192
-RESTLET_COMPONENT_MIN_THREADS=1
-RESTLET_COMPONENT_MAX_THREADS=10
-RESTLET_COMPONENT_LOW_THREADS=8
-RESTLET_COMPONENT_MAX_QUEUED=0
-RESTLET_COMPONENT_MAX_CONNECTIONS_PER_HOST=-1
-RESTLET_COMPONENT_MAX_TOTAL_CONNECTIONS=-1
-RESTLET_COMPONENT_OUTBOUND_BUFFER_SIZE=8192
-RESTLET_COMPONENT_PERSISTING_CONNECTIONS=true
-RESTLET_COMPONENT_PIPELINING_CONNECTIONS=false
-RESTLET_COMPONENT_THREAD_MAX_IDLE_TIME_MS=60000
-RESTLET_COMPONENT_USE_FORWARDED_HEADER=false
-RESTLET_COMPONENT_REUSE_ADDRESS=true
-
-#Externalized jar and properties file location. In CSI environments, there are a few libs that have been externalized to aid
-#in CSTEM maintenance of the versions of these libs. The most important to the AJSC is the DME2 lib. Not only is this lib necessary
-#for proper registration of your AJSC service on a node, but it is also necessary for running locally as well. Another framework
-#used in CSI envs is the CSM framework. These 2 framework libs are shown as "provided" dependencies within the pom.xml. These
-#dependencies will be copied into the target/commonLibs folder with the normal "mvn clean package" goal of the AJSC. They will
-#then be added to the classpath via AJSC_EXTERNAL_LIB_FOLDERS system property. Any files (mainly property files) that need
-#to be on the classpath should be added to the AJSC_EXTERNAL_PROPERTIES_FOLDERS system property. The default scenario when
-#testing your AJSC service locally will utilize the target/commonLibs directory for DME2 and CSM related artifacts and 2
-#default csm properties files will be used for local testing with anything CSM knorelated.
-#NOTE: we are using maven-replacer-plugin to replace "(doubleUnderscore)basedir(doubleUnderscore)" with ${basedir} within the
-#target directory for running locally. Multiple folder locations can be separated by the pipe ("|") character.
-#Please, NOTE: for running locally, we are setting this system property in the antBuild/build.xml "runLocal" target and in the
-#"runAjsc" profile within the pom.xml. This is to most effectively use maven variables (${basedir}, most specifically. Therefore,
-#when running locally, the following 2 properties should be set within the profile(s) themselves.
-#Example: target/commonLibs|target/otherLibs
-#AJSC_EXTERNAL_LIB_FOLDERS=__basedir__/target/commonLibs
-#AJSC_EXTERNAL_PROPERTIES_FOLDERS=__basedir__/ajsc-shared-config/etc
-#End of AJSC System Properties
-
-#Service System Properties. Please, place any Service related System Properties below.
-
-#msgrtr content length and error message
-#100mb
-maxcontentlength=10000
-msg_size_exceeds=Message size exceeds the default size.
-forceAAF=false
-cadi_prop_files={{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.properties
\ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml b/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml
deleted file mode 100644
index 49196e4..0000000
--- a/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml
+++ /dev/null
@@ -1,138 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- {{/*
- ============LICENSE_START=======================================================
- org.onap.dmaap
- ================================================================================
- Copyright © 2017-2021 AT&T Intellectual Property. All rights reserved.
- Copyright © 2021 Orange Intellectual Property. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
- ECOMP is a trademark and service mark of AT&T Intellectual Property.
-*/}}
--->
-
-<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
-<Configure id="ajsc-server" class="org.eclipse.jetty.server.Server">
- <!-- DO NOT REMOVE!!!! This is setting up the AJSC Context -->
- <New id="ajscContext" class="org.eclipse.jetty.webapp.WebAppContext">
- <Set name="contextPath"><SystemProperty name="AJSC_CONTEXT_PATH" /></Set>
- <Set name="extractWAR">true</Set>
- <Set name="tempDirectory"><SystemProperty name="AJSC_TEMP_DIR" /></Set>
- <Set name="war"><SystemProperty name="AJSC_WAR_PATH" /></Set>
- <Set name="descriptor"><SystemProperty name="AJSC_HOME" />/etc/runner-web.xml</Set>
- <Set name="overrideDescriptor"><SystemProperty name="AJSC_HOME" />/etc/ajsc-override-web.xml</Set>
- <Set name="throwUnavailableOnStartupException">true</Set>
- <Set name="extraClasspath"><SystemProperty name="AJSC_HOME" />/extJars/json-20131018.jar</Set>
- <Set name="servletHandler">
- <New class="org.eclipse.jetty.servlet.ServletHandler">
- <Set name="startWithUnavailable">false</Set>
- </New>
- </Set>
- </New>
-
- <Set name="handler">
- <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
- <Set name="Handlers">
- <Array type="org.eclipse.jetty.webapp.WebAppContext">
- <Item>
- <Ref refid="ajscContext" />
- </Item>
- </Array>
- </Set>
- </New>
- </Set>
-
- <Call name="addBean">
- <Arg>
- <New id="DeploymentManager" class="org.eclipse.jetty.deploy.DeploymentManager">
- <Set name="contexts">
- <Ref refid="Contexts" />
- </Set>
- <Call id="extAppHotDeployProvider" name="addAppProvider">
- <Arg>
- <New class="org.eclipse.jetty.deploy.providers.WebAppProvider">
- <Set name="monitoredDirName"><SystemProperty name="AJSC_HOME" />/extApps</Set>
- <Set name="scanInterval">10</Set>
- <Set name="extractWars">true</Set>
- </New>
- </Arg>
- </Call>
- </New>
- </Arg>
- </Call>
-
- <Call name="addConnector">
- <Arg>
- <New class="org.eclipse.jetty.server.ServerConnector">
- <Arg name="server">
- <Ref refid="ajsc-server" />
- </Arg>
- <Set name="port"><SystemProperty name="AJSC_HTTP_PORT" default="8080" /></Set>
- </New>
- </Arg>
- </Call>
-
-
- <!-- SSL Keystore configuration -->
-
- <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
- <Set name="KeyStorePath">{{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.jks</Set>
- <Set name="KeyStorePassword">${KEYSTORE_PASSWORD}</Set>
- <Set name="KeyManagerPassword">${KEYSTORE_PASSWORD}</Set>
- <Set name="WantClientAuth">true</Set>
- </New>
- <Call id="sslConnector" name="addConnector">
- <Arg>
- <New class="org.eclipse.jetty.server.ServerConnector">
- <Arg name="server">
- <Ref refid="ajsc-server" />
- </Arg>
- <Arg name="factories">
- <Array type="org.eclipse.jetty.server.ConnectionFactory">
- <Item>
- <New class="org.eclipse.jetty.server.SslConnectionFactory">
- <Arg name="next">http/1.1</Arg>
- <Arg name="sslContextFactory">
- <Ref refid="sslContextFactory" />
- </Arg>
- </New>
- </Item>
- <Item>
- <New class="org.eclipse.jetty.server.HttpConnectionFactory">
- <Arg name="config">
- <New class="org.eclipse.jetty.server.HttpConfiguration">
- <Call name="addCustomizer">
- <Arg>
- <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
- </Arg>
- </Call>
- </New>
- </Arg>
- </New>
- </Item>
- </Array>
- </Arg>
- <Set name="port"><SystemProperty name="AJSC_HTTPS_PORT" default="0" /></Set>
- <Set name="idleTimeout">30000</Set>
- </New>
- </Arg>
- </Call>
-
-
- <Get name="ThreadPool">
- <Set name="minThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MIN" /></Set>
- <Set name="maxThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MAX" /></Set>
- <Set name="idleTimeout"><SystemProperty name="AJSC_JETTY_IDLETIME_MAX" /></Set>
- <Set name="detailedDump">false</Set>
- </Get>
-
-</Configure>
diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties
deleted file mode 100644
index 596a316..0000000
--- a/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties
+++ /dev/null
@@ -1,19 +0,0 @@
-aaf_locate_url=https://aaf-locate.onap:8095
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-aaf_env=DEV
-aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-
-cadi_truststore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-cadi_truststore_password=${TRUSTSTORE_PASSWORD}
-
-cadi_keyfile={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.keyfile
-
-cadi_alias={{ .Values.certInitializer.fqi }}
-cadi_keystore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.p12
-cadi_keystore_password=${KEYSTORE_PASSWORD_P12}
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
-cadi_loglevel=INFO
-cadi_protocols=TLSv1.1,TLSv1.2
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml b/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml
deleted file mode 100644
index 116c524..0000000
--- a/kubernetes/dmaap/components/message-router/resources/config/etc/runner-web.xml
+++ /dev/null
@@ -1,108 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--{{/*
- ============LICENSE_START=======================================================
- org.onap.dmaap
- ================================================================================
- Copyright c 2017 AT&T Intellectual Property. All rights reserved.
- Copyright c 2021 Orange Intellectual Property. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
-
- ECOMP is a trademark and service mark of AT&T Intellectual Property.*/}}
--->
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="false" version="3.0">
-
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring-servlet.xml,
- classpath:applicationContext.xml
-</param-value>
- </context-param>
-
- <context-param>
- <param-name>spring.profiles.default</param-name>
- <param-value>nooauth</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
-
- <servlet>
- <servlet-name>ManagementServlet</servlet-name>
- <servlet-class>ajsc.ManagementServlet</servlet-class>
- </servlet>
-
- <filter>
- <filter-name>WriteableRequestFilter</filter-name>
- <filter-class>com.att.ajsc.csi.writeablerequestfilter.WriteableRequestFilter</filter-class>
- </filter>
-
- <filter>
- <filter-name>InterceptorFilter</filter-name>
- <filter-class>ajsc.filters.InterceptorFilter</filter-class>
- <init-param>
- <param-name>preProcessor_interceptor_config_file</param-name>
- <param-value>/etc/PreProcessorInterceptors.properties</param-value>
- </init-param>
- <init-param>
- <param-name>postProcessor_interceptor_config_file</param-name>
- <param-value>/etc/PostProcessorInterceptors.properties</param-value>
- </init-param>
-
- </filter>
-
- <!-- Content length filter for Msgrtr -->
- <filter>
- <display-name>DMaaPAuthFilter</display-name>
- <filter-name>DMaaPAuthFilter</filter-name>
- <filter-class>org.onap.dmaap.util.DMaaPAuthFilter</filter-class>
- <init-param>
- <param-name>cadi_prop_files</param-name>
- <param-value>{{.Values.certInitializer.appMountPath}}/local/cadi.properties</param-value>
- </init-param>
- </filter>
-
- <!-- End Content length filter for Msgrtr -->
- <servlet>
- <servlet-name>RestletServlet</servlet-name>
- <servlet-class>ajsc.restlet.RestletSpringServlet</servlet-class>
- <init-param>
- <param-name>org.restlet.component</param-name>
- <param-value>restletComponent</param-value>
- </init-param>
- </servlet>
-
- <servlet>
- <servlet-name>CamelServlet</servlet-name>
- <servlet-class>ajsc.servlet.AjscCamelServlet</servlet-class>
- </servlet>
-
-
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
-
- <servlet>
- <servlet-name>spring</servlet-name>
- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>spring</servlet-name>
- <url-pattern>/</url-pattern>
- </servlet-mapping>
-
-</web-app>
diff --git a/kubernetes/dmaap/components/message-router/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/templates/NOTES.txt
deleted file mode 100644
index a44d0f7..0000000
--- a/kubernetes/dmaap/components/message-router/templates/NOTES.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml
index c999b79..3f786ad 100644
--- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml
@@ -40,45 +40,4 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-etc
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-sys-props
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/dmaap/sys-props.properties").AsConfig . | indent 2 }}
----
-{{- if .Values.prometheus.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }}
----
-{{ end }}
+
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml b/kubernetes/dmaap/components/message-router/templates/ingress.yaml
similarity index 77%
rename from kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
rename to kubernetes/dmaap/components/message-router/templates/ingress.yaml
index 9a3f011..a90bf83 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/ingress.yaml
@@ -1,5 +1,6 @@
{{/*
-# Copyright © 2020 Orange
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,4 +15,4 @@
# limitations under the License.
*/}}
-{{ include "common.secretFast" . }}
+{{ include "common.ingress" . }}
diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml
deleted file mode 100644
index 50dda8a..0000000
--- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021-2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }}
-type: Opaque
----
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
index 904c160..bb42561 100644
--- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
@@ -22,103 +22,14 @@
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
+ replicas: 1
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-update-config
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0);
- cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config
- name: jetty
- - mountPath: /config-input
- name: etc
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
containers:
- {{- if .Values.prometheus.jmx.enabled }}
- - name: prometheus-jmx-exporter
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - java
- - -XX:+UnlockExperimentalVMOptions
- - -XX:+UseCGroupMemoryLimitForHeap
- - -XX:MaxRAMFraction=1
- - -XshowSettings:vm
- - -jar
- - jmx_prometheus_httpserver.jar
- - {{ .Values.prometheus.jmx.port | quote }}
- - /etc/jmx-kafka/jmx-mrservice-prometheus.yml
- ports:
- - containerPort: {{ .Values.prometheus.jmx.port }}
- resources:
- volumeMounts:
- - name: jmx-config
- mountPath: /etc/jmx-kafka
- {{- end }}
- - name: srimzi-zk-entrance
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zookeeper.entrance.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /opt/stunnel/stunnel_run.sh
- ports:
- - containerPort: {{ .Values.global.zkTunnelService.internalPort }}
- name: zoo
- protocol: TCP
- env:
- - name: LOG_LEVEL
- value: debug
- - name: STRIMZI_ZOOKEEPER_CONNECT
- value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.global.zkTunnelService.internalPort }}'
- livenessProbe:
- exec:
- command:
- - /opt/stunnel/stunnel_healthcheck.sh
- - '{{ .Values.global.zkTunnelService.internalPort }}'
- failureThreshold: 3
- initialDelaySeconds: 15
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- exec:
- command:
- - /opt/stunnel/stunnel_healthcheck.sh
- - '{{ .Values.global.zkTunnelService.internalPort }}'
- failureThreshold: 3
- initialDelaySeconds: 15
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- volumeMounts:
- - mountPath: /etc/cluster-operator-certs/
- name: cluster-operator-certs
- - mountPath: /etc/cluster-ca-certs/
- name: cluster-ca-certs
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- cp /jetty-config/ajsc-jetty.xml /appl/dmaapMR1/etc/
- cp /jetty-config/cadi.properties {{ .Values.certInitializer.appMountPath }}/local/cadi.properties
- /bin/sh /appl/startup.sh
- {{- end }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
@@ -148,58 +59,78 @@
failureThreshold: {{ .Values.startup.failureThreshold }}
env:
- name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }}
+ valueFrom:
+ secretKeyRef:
+ name: strimzi-kafka-admin
+ key: sasl.jaas.config
- name: SASLMECH
value: scram-sha-512
- name: enableCadi
- value: "{{ .Values.global.aafEnabled }}"
+ value: "true"
- name: useZkTopicStore
value: "false"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
- subPath: MsgRtrApi.properties
- name: appprops
- - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
- subPath: logback.xml
- name: logback
- {{- if .Values.global.aafEnabled }}
- - mountPath: /appl/dmaapMR1/etc/runner-web.xml
- subPath: runner-web.xml
- name: etc
- - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/sys-props.properties
- subPath: sys-props.properties
- name: sys-props
- - mountPath: /jetty-config
- name: jetty
- {{- end }}
- resources: {{ include "common.resources" . | nindent 12 }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
+ subPath: MsgRtrApi.properties
+ name: appprops
+ - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
+ subPath: logback.xml
+ name: logback
+ resources:
+{{ include "common.resources" . }}
+ - name: {{ .Values.zkTunnelService.name }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zkTunnelService.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /opt/stunnel/stunnel_run.sh
+ ports:
+ - containerPort: {{ .Values.zkTunnelService.internalPort }}
+ name: {{ .Values.zkTunnelService.portName }}
+ protocol: {{ .Values.zkTunnelService.protocol }}
+ env:
+ - name: LOG_LEVEL
+ value: {{ .Values.zkTunnelService.logLevel }}
+ - name: STRIMZI_ZOOKEEPER_CONNECT
+ value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.zkTunnelService.internalPort }}'
+ livenessProbe:
+ exec:
+ command:
+ - /opt/stunnel/stunnel_healthcheck.sh
+ - '{{ .Values.zkTunnelService.internalPort }}'
+ failureThreshold: 3
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - /opt/stunnel/stunnel_healthcheck.sh
+ - '{{ .Values.zkTunnelService.internalPort }}'
+ failureThreshold: 3
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ volumeMounts:
+ - mountPath: /etc/cluster-operator-certs/
+ name: cluster-operator-certs
+ - mountPath: /etc/cluster-ca-certs/
+ name: cluster-ca-certs
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: appprops
configMap:
name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap
- - name: etc
- configMap:
- name: {{ include "common.fullname" . }}-etc
- name: logback
configMap:
name: {{ include "common.fullname" . }}-logback-xml-configmap
- {{- if .Values.prometheus.jmx.enabled }}
- - name: jmx-config
- configMap:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- {{- end }}
- - name: sys-props
- configMap:
- name: {{ include "common.fullname" . }}-sys-props
- - name: jetty
- emptyDir: {}
- name: cluster-operator-certs
secret:
defaultMode: 288
@@ -226,7 +157,7 @@
matchLabels:
app.kubernetes.io/name: {{ include "common.name" . }}
ports:
- - port: {{ .Values.global.zkTunnelService.internalPort }}
- protocol: TCP
+ - port: {{ .Values.zkTunnelService.internalPort }}
+ protocol: {{ .Values.zkTunnelService.protocol }}
policyTypes:
- Ingress
diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml
index 80460ba..c68a91c 100644
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/kubernetes/dmaap/components/message-router/values.yaml
@@ -18,52 +18,7 @@
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- zkTunnelService:
- type: ClusterIP
- name: zk-tunnel-svc
- portName: tcp-zk-tunnel
- internalPort: 2181
-
-zookeeper:
- entrance:
- image: scholzj/zoo-entrance:latest
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-mr-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-mr
- fqi: dmaapmr@mr.dmaap.onap.org
- public_fqdn: mr.dmaap.onap.org
- cadi_longitude: "-122.26147"
- cadi_latitude: "37.78187"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- appMountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops
- fqi_namespace: org.onap.dmaap.mr
- aaf_add_config: |
- cd {{ .Values.credsPath }}
- echo "*** change jks password into shell safe one"
- export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
- -storepass "${cadi_keystore_password_jks}" \
- -keystore {{ .Values.fqi_namespace }}.jks
- echo "*** set key password as same password as jks keystore password"
- keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_jks}" \
- -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
- echo "*** store the passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
- echo "KEYSTORE_PASSWORD_P12=${cadi_keystore_password_p12}" >> mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> mycreds.prop
- echo "*** give ownership of files to the user"
- chown -R 1000 .
+ persistence: {}
#################################################################
# Application configuration defaults.
@@ -72,29 +27,39 @@
image: onap/dmaap/dmaap-mr:1.4.3
pullPolicy: Always
-secrets:
- - uid: mr-kafka-admin-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- someConfig: blah
-
-# default number of instances
-replicaCount: 1
+#Strimzi zookeeper_tunnel config
+zkTunnelService:
+ type: ClusterIP
+ name: zk-tunnel-svc
+ portName: tcp-zk-tunnel
+ protocol: TCP
+ internalPort: 2181
+ logLevel: debug
+ image: scholzj/zoo-entrance:latest
nodeSelector: {}
affinity: {}
+containerPort: &svc_port 3904
+
+service:
+ type: ClusterIP
+ name: message-router
+ ports:
+ - name: api
+ port: *svc_port
+ port_protocol: http
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dmaap-mr-api"
+ name: "message-router"
+ port: *svc_port
+ config:
+ ssl: "redirect"
+
# probe configuration parameters
liveness:
initialDelaySeconds: 10
@@ -104,7 +69,7 @@
failureThreshold: 3
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- port: api
+ port: *svc_port
enabled: true
readiness:
@@ -113,7 +78,7 @@
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
- port: api
+ port: *svc_port
startup:
initialDelaySeconds: 10
@@ -121,43 +86,7 @@
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 70
- port: api
-
-service:
- type: NodePort
- name: message-router
- both_tls_and_plain: true
- msb:
- - port: 3904
- url: "/"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
- ports:
- - name: api
- port: 3905
- plain_port: 3904
- port_protocol: http
- nodePort: 26
-
-prometheus:
- jmx:
- enabled: false
- image: solsson/kafka-prometheus-jmx-exporter@sha256
- imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
- port: 5556
- targetPort: 5555
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dmaap-mr-api"
- name: "message-router"
- port: 3905
- plain_port: 3904
- config:
- ssl: "redirect"
-
+ port: *svc_port
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml
deleted file mode 100644
index 8540903..0000000
--- a/kubernetes/dmaap/resources/config/log/filebeat/filebeat.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- - /opt/app/datartr/logs/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
- #If enable will do load balancing among available Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index 1cb537b..4536f2b 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -18,41 +18,19 @@
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- clientImage: onap/dmaap/dbc-client:2.0.10
-
-#Global DMaaP app config
- allow_http: false
-
- #Logstash config
- logstashServiceName: log-ls
- logstashPort: 5044
-
- #dmaap-dr-prov server configuration
- dmaapDrProvName: dmaap-dr-prov
- dmaapDrProvExtPort2: 443
- dmaapDrProvExtPort: 80
-
- #AAF global config overrides
- aafEnabled: true
-
- #Strimzi config
- kafkaStrimziAdminUser: strimzi-kafka-admin
-
+ persistence: {}
#Component overrides
message-router:
enabled: true
- config:
- jaasConfExternalSecret: '{{ .Values.global.kafkaStrimziAdminUser }}'
dmaap-bc:
enabled: true
+ usePostgres: true
+ postgres:
+ enabled: true
dmaap-dr-node:
enabled: true
dmaap-dr-prov:
enabled: true
-dmaap-strimzi:
- enabled: true
#Pods Service Account
serviceAccount:
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml
index 6a246a6..fb60be2 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -109,7 +109,7 @@
value: {{ .Values.so_authorization }}
{{- end }}
- name: DMAAP_HOST
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://message-router.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}3905{{ else }}3904{{ end }}"
+ value: "http://message-router.{{ include "common.namespace" . }}:3904"
- name: LOGGING_LEVEL_ORG_ONAP_NBI
value: {{ .Values.config.loglevel }}
- name: MSB_ENABLED
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
index 6888604..00e7b2a 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
@@ -22,6 +22,16 @@
# enable all component's Ingress interfaces
enable_all: true
# All http requests via ingress will be redirected
+ virtualhost:
+ # Default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
+ baseurl: "simpledemo.onap.org"
+ # prefix for baseaddr
+ # can be overwritten in component by setting ingress.preaddrOverride
+ preaddr: ""
+ # postfix for baseaddr
+ # can be overwritten in component by setting ingress.postaddrOverride
+ postaddr: ""
config:
ssl: "redirect"
# you can set an own Secret containing a certificate
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 15097ed..fe14c03 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -150,11 +150,23 @@
enabled: false
# enable all component's Ingress interfaces
enable_all: false
- # default Ingress base URL
- # can be overwritten in component vy setting ingress.baseurlOverride
+
+ # default Ingress base URL and preAddr- and postAddr settings
+ # Ingress URLs result:
+ # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
virtualhost:
+ # Default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
baseurl: "simpledemo.onap.org"
- # All http requests via ingress will be redirected on Ingress controller
+ # prefix for baseaddr
+ # can be overwritten in component by setting ingress.preaddrOverride
+ preaddr: ""
+ # postfix for baseaddr
+ # can be overwritten in component by setting ingress.postaddrOverride
+ postaddr: ""
+
+ # All http (port 80) requests via ingress will be redirected
+ # to port 443 on Ingress controller
# only valid for Istio Gateway (ServiceMesh enabled)
config:
ssl: "redirect"
diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml
index d349676..5ee95c0 100644
--- a/kubernetes/oof/resources/config/conf/common_config.yaml
+++ b/kubernetes/oof/resources/config/conf/common_config.yaml
@@ -113,6 +113,17 @@
resources:
- nst
+ nsst_selection:
+ policy_fetch: by_scope
+ policy_scope:
+ -
+ scope:
+ - OSDF_GUILIN
+ services:
+ - nsst
+ resources:
+ - nsst
+
subnet_selection:
policy_fetch: by_scope
policy_scope:
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 7614a8c..9136b6e 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -28,14 +28,14 @@
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps" : "false",
"fetchTimeout": 15000,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps" : "false",
"topicCommInfrastructure" : "dmaap"
}]
}
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
index 51d4b47..d26ad6c 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
@@ -59,13 +59,13 @@
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
topicSinks:
- topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
# topicSources:
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
index bbe905b..a3b82e7 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
@@ -62,14 +62,14 @@
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
topicSinks:
-
topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
index f24e0ff..3ea4ac2 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
@@ -78,14 +78,14 @@
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
fetchTimeout: 15000
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
topicSinks:
-
topic: POLICY-ACRUNTIME-PARTICIPANT
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# clampAutomationCompositionTopics:
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
index 3d192f4..4a2bcf3 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
@@ -85,7 +85,7 @@
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
fetchTimeout: 15000
topicSinks:
-
@@ -93,7 +93,7 @@
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
# topicParameterGroup:
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index 22168e8..a0b8bc7 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -98,7 +98,7 @@
# Open DMaaP
DMAAP_SERVERS=message-router
-DMAAP_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+DMAAP_HTTPS="false"
# AAI
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index b68e8d6..fdcbf92 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -76,7 +76,7 @@
- topic: POLICY-PDP-PAP
servers:
- message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
fetchTimeout: 15000
topicCommInfrastructure: dmaap
- topic: POLICY-HEARTBEAT
@@ -84,19 +84,19 @@
consumerGroup: policy-pap
servers:
- message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
fetchTimeout: 15000
topicCommInfrastructure: dmaap
topicSinks:
- topic: POLICY-PDP-PAP
servers:
- message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
topicCommInfrastructure: dmaap
- topic: POLICY-NOTIFICATION
servers:
- message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
topicCommInfrastructure: dmaap
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
@@ -124,8 +124,8 @@
basePath: healthcheck
- clientName: dmaap
hostname: message-router
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ port: 3904
+ useHttps: false
basePath: topics
management:
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
index 0f1744a..d049626 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
@@ -45,14 +45,14 @@
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps" : "false",
"fetchTimeout" : 15000,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps" : "false",
"topicCommInfrastructure" : "dmaap"
}]
}
diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh
index 866d422..36574bc 100755
--- a/kubernetes/policy/resources/config/db.sh
+++ b/kubernetes/policy/resources/config/db.sh
@@ -17,12 +17,12 @@
# limitations under the License.
*/}}
-mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
+mysqlcmd() { mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
for db in migration pooling policyadmin policyclamp operationshistory clampacm
do
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+ mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
done
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 0df2656..eb5968a 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -50,7 +50,7 @@
fieldPath: metadata.namespace
containers:
- name: {{ include "common.name" . }}-galera-config
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }}
+ image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /dbcmd-config/db.sh
@@ -76,7 +76,7 @@
{{ include "common.resources" . }}
{{- if (include "common.onServiceMesh" .) }}
- name: policy-service-mesh-wait-for-job-container
- image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
- /bin/sh
@@ -125,7 +125,7 @@
initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
containers:
- name: {{ include "common.name" . }}-pg-config
- image: {{ .Values.repository }}/{{ .Values.postgresImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /docker-entrypoint-initdb.d/db-pg.sh
@@ -153,7 +153,7 @@
{{ include "common.resources" . }}
{{- if (include "common.onServiceMesh" .) }}
- name: policy-service-mesh-wait-for-job-container
- image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
- /bin/sh
@@ -246,7 +246,7 @@
{{ include "common.resources" . }}
{{- if (include "common.onServiceMesh" .) }}
- name: policy-service-mesh-wait-for-job-container
- image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
- /bin/sh
@@ -341,7 +341,7 @@
{{ include "common.resources" . }}
{{- if (include "common.onServiceMesh" .) }}
- name: policy-service-mesh-wait-for-job-container
- image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
- /bin/sh
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index c9e236a..1ee31c2 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -168,12 +168,6 @@
# DB configuration defaults.
#################################################################
-repository: nexus3.onap.org:10001
-pullPolicy: Always
-
-mariadb:
- image: mariadb:10.5.8
-
dbmigrator:
image: onap/policy-db-migrator:2.5.1
schema: policyadmin
diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
index 5accf38..c57685a 100644
--- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
@@ -25,8 +25,6 @@
GLOBAL_INJECTED_DCAE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-healthcheck") }}'
GLOBAL_INJECTED_DCAE_MS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ms-healthcheck") }}'
GLOBAL_INJECTED_DCAE_VES_HOST = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ves-collector") }}'
-GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}'
-GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}'
GLOBAL_INJECTED_DNS_IP_ADDR = 'N/A'
GLOBAL_INJECTED_DOCKER_VERSION = '1.2-STAGING-latest'
GLOBAL_INJECTED_EXTERNAL_DNS = 'N/A'
@@ -44,8 +42,6 @@
GLOBAL_INJECTED_POMBA_ELASTIC_SEARCH_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-es") }}'
GLOBAL_INJECTED_POMBA_CONTEX_TAGGREGATOR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-contextaggregator") }}'
GLOBAL_INJECTED_KEYSTONE = '{{ .Values.openStackKeyStoneUrl }}'
-GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
-GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}'
GLOBAL_INJECTED_MUSIC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "music") }}'
GLOBAL_INJECTED_NBI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "nbi") }}'
GLOBAL_INJECTED_NETWORK = '{{ .Values.openStackPrivateNetId }}'
@@ -164,22 +160,32 @@
# dcae hv-ves info
GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}'
GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}'
-# data router info - everything is from the private oam network (also called onap private network)
-GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 443) }}'
-GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
-# dmaap message router info
+
+#DMAAP
+# message router info - everything is from the private oam network (also called onap private network)
+GLOBAL_MR_SERVER_PROTOCOL = "http"
+GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
+GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
-# dmaap kafka info
-GLOBAL_DMAAP_KAFKA_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router-kafka") }}'
-GLOBAL_DMAAP_KAFKA_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router-kafka" "port" 9092) }}'
-GLOBAL_DMAAP_KAFKA_JAAS_USERNAME = '{{ .Values.kafkaJaasUsername }}'
-GLOBAL_DMAAP_KAFKA_JAAS_PASSWORD = '{{ .Values.kafkaJaasPassword }}'
+# bus controller info
+GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}'
+GLOBAL_BC_SERVER_PROTOCOL = 'http'
+GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" 8080) }}'
+GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}'
+GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}'
+# data router info - everything is from the private oam network (also called onap private network)
+GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http'
+GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 8080) }}'
+GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}'
+GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http'
+GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" 8080) }}'
+GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}'
+
# strimzi kafka
GLOBAL_KAFKA_BOOTSTRAP_SERVICE = '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
-GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaJaasUsername }}'
+GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaUsername }}'
+
# DROOL server port and credentials
GLOBAL_DROOLS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-drools-pdp" "port" 9696) }}'
GLOBAL_DROOLS_USERNAME = '{{ .Values.droolsUsername }}'
@@ -207,14 +213,7 @@
# microservice bus info - everything is from the private oam network (also called onap private network)
GLOBAL_MSB_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "msb-iag" "port" ( ternary 443 80 (eq "true" (include "common.needTLS" . )))) }}'
-# message router info - everything is from the private oam network (also called onap private network)
-GLOBAL_MR_SERVER_PROTOCOL = "http"
-GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
-# bus controller info
-GLOBAL_BC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
-GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}'
-GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}'
+
# dcae inventory and deployment handler info
GLOBAL_INVENTORY_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "inventory") }}'
GLOBAL_INVENTORY_SERVER_PROTOCOL = "https"
diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
index 87b117d..599234e 100644
--- a/kubernetes/robot/values.yaml
+++ b/kubernetes/robot/values.yaml
@@ -57,13 +57,20 @@
dcae_ves_colector_https:
enabled: false
https: true
+ message_router:
+ enabled: false
+ https: false
+ dmaap_bc:
+ enabled: true
+ https: false
+ hostname: dmaapbc
dmaap_dr_prov:
enabled: true
- https: true
+ https: false
hostname: dmaapdrprov
dmaap_dr_node:
enabled: true
- https: true
+ https: false
hostname: dmaapdrnode
log_es:
enabled: false
@@ -91,13 +98,6 @@
enabled: false
pomba_contextaggregator:
enabled: false
- message_router:
- enabled: false
- https: true
- dmaap_bc:
- enabled: true
- https: true
- hostname: dmaapbc
music:
enabled: false
https: true
@@ -186,8 +186,6 @@
hostname: blueprintsprocessorhttp
dcae_hv_ves_collector:
enabled: false
- message_router_kafka:
- enabled: false
inventory:
enabled: false
https: true
@@ -350,16 +348,13 @@
vidPassword: "Kp8bJ4SXszM0WX"
vidHealthUsername: "Default"
vidHealthPassword: "AppPassword!1"
+
# DMAAP BC
bcUsername: "dmaap-bc@dmaap-bc.onap.org"
bcPassword: "demo123456!"
-# DMAAP KAFKA JAAS
-kafkaJaasUsername: "admin"
-kafkaJaasPassword: "admin_secret"
-
-# STRIMZI KAFKA JAAS
-strimziKafkaJaasUsername: "strimzi-kafka-admin"
+# STRIMZI KAFKA
+strimziKafkaUsername: "strimzi-kafka-admin"
#OOF
oofUsername: "oof@oof.onap.org"
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-cnfm-db.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-cnfm-db.sh
new file mode 100644
index 0000000..cb343bc
--- /dev/null
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-cnfm-db.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+echo "Creating cnfm database . . ." 1>/tmp/mariadb-cnfmdb.log 2>&1
+
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+CNFM_DB_PASSWORD=`prepare_password $CNFM_DB_PASSWORD`
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ cnfm /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${CNFM_DB_USER}';
+CREATE USER '${CNFM_DB_USER}';
+GRANT ALL on cnfm.* to '${CNFM_DB_USER}' identified by '${CNFM_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created cnfm database . . ." 1>>/tmp/mariadb-cnfmdb.log 2>&1
\ No newline at end of file
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
index 33c4b32..bf8ae78 100755
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
@@ -4,6 +4,7 @@
# ============LICENSE_START==========================================
# ===================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2022/23 Nordix Foundation
# ===================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -40,6 +41,7 @@
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON cnfm.* TO '${DB_USER}'@'%';
FLUSH PRIVILEGES;
EOF
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
index 069556f..74b869c 100755
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
@@ -4,6 +4,7 @@
# ============LICENSE_START==========================================
# ===================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2022/23 Nordix Foundation
# ===================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -40,6 +41,7 @@
GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON cnfm.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
diff --git a/kubernetes/so/components/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml
index d9c6009..60c40b6 100644
--- a/kubernetes/so/components/so-mariadb/templates/job.yaml
+++ b/kubernetes/so/components/so-mariadb/templates/job.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright (C) 2022/23 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -56,7 +57,7 @@
- |
{{- if include "common.onServiceMesh" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql
+ mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo cnfm > /var/data/mariadb/backup-`date +%s`.sql
volumeMounts:
- mountPath: /etc/localtime
name: localtime
@@ -149,6 +150,10 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }}
- name: NFVO_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }}
+ - name: CNFM_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnfm-db-creds" "key" "login") | indent 10 }}
+ - name: CNFM_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnfm-db-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml
index 13dd086..bf546a2 100755
--- a/kubernetes/so/components/so-mariadb/values.yaml
+++ b/kubernetes/so/components/so-mariadb/values.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright (C) 2022-23 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -89,6 +90,11 @@
externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}'
login: '{{ .Values.db.nfvo.userName }}'
password: '{{ .Values.db.nfvo.password }}'
+ - uid: cnfm-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.cnfm.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.cnfm.userName }}'
+ password: '{{ .Values.db.cnfm.password }}'
#################################################################
# Application configuration defaults.
@@ -127,6 +133,9 @@
nfvo:
userName: nfvouser
# dbCredsExternalSecret: some secret
+ cnfm:
+ userName: cnfmuser
+ # dbCredsExternalSecret: some secret
# application configuration
config: