Merge "[MODELING] Update modeling/etsicatalog image"
diff --git a/docs/environments_onap_demo.yaml b/docs/environments_onap_demo.yaml
index cbb8f01..9862cea 100644
--- a/docs/environments_onap_demo.yaml
+++ b/docs/environments_onap_demo.yaml
@@ -44,6 +44,8 @@
enabled: false
consul: # Consul Health Check Monitoring
enabled: false
+cps:
+ enabled: false
dcaegen2:
enabled: false
esr:
diff --git a/docs/helm-search.txt b/docs/helm-search.txt
index 4ec41fd..774ea34 100644
--- a/docs/helm-search.txt
+++ b/docs/helm-search.txt
@@ -10,6 +10,7 @@
local/common 7.0.0 Common templates for inclusion in other charts
local/consul 7.0.0 ONAP Consul Agent
local/contrib 7.0.0 ONAP optional tools
+local/cps 7.0.0 ONAP Configuration Persistene Service (CPS)
local/dcaegen2 7.0.0 ONAP DCAE Gen2
local/dgbuilder 7.0.0 D.G. Builder application
local/dmaap 7.0.0 ONAP DMaaP components
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 533826e..63c668f 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -118,7 +118,7 @@
# application image
-image: onap/aai-graphadmin:1.7.1
+image: onap/aai-graphadmin:1.8.0
pullPolicy: Always
restartPolicy: Always
flavor: small
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index ade5935..37af7a7 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -154,7 +154,7 @@
truststoreAllPassword: changeit
# application image
-image: onap/aai-resources:1.7.2
+image: onap/aai-resources:1.8.2
pullPolicy: Always
restartPolicy: Always
flavor: small
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 5fe5b13..50bd6c3 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -74,7 +74,7 @@
- aai_keystore
# application image
-image: onap/aai-schema-service:1.8.5
+image: onap/aai-schema-service:1.8.6
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
index 42641a2..498f1b8 100644
--- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
@@ -21,6 +21,9 @@
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~7.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~7.x-0
repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
similarity index 72%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
index 094c815..b6c5f68 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
@@ -15,14 +15,14 @@
*/}}
oxm.schemaNodeDir=/opt/app/sparky/onap/oxm
-#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
+#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
oxm.schemaServiceTranslatorList=config
# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
-oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12
-oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore
-oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
-oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD}
+oxm.schemaServiceTruststorePassword=${KEYSTORE_PASSWORD}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
similarity index 70%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
index 59c0349..2143bf8 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
@@ -19,4 +19,7 @@
resources.authType=SSL_BASIC
resources.basicAuthUserName=aai@aai.onap.org
resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+resources.trust-store-password=${TRUSTSTORE_PASSWORD}
+resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+resources.client-cert-password=${KEYSTORE_PASSWORD}
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
similarity index 66%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
index 26565bb..073e9d3 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
@@ -15,8 +15,8 @@
*/}}
server.port=8000
-server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12
-server.ssl.key-store-password=OBF:1cqc1l4h1qhu1j751p3j1kmy1ncw1o6g1hf418571g7i1d9r1dan1ga8185f1hfy1o461ncu1kjo1p671j7x1qjg1l8t1cne
+server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks
-server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+server.ssl.trust-store-password=${KEYSTORE_PASSWORD}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
similarity index 76%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
index 1ae00d9..a9e5908 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
@@ -27,11 +27,11 @@
spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,portal,aai-proxy
portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
-portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
-searchservice.client-cert=client-cert-onap.p12
-searchservice.client-cert-password=1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-searchservice.truststore=tomcat_keystore
+searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+searchservice.client-cert-password=${KEYSTORE_PASSWORD}
+searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+searchservice.truststore-password=${TRUSTSTORE_PASSWORD}
schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml
new file mode 100644
index 0000000..cd5338f
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml
@@ -0,0 +1,187 @@
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+ <!--{{/*
+ # Copyright © 2018 AT&T
+ # Copyright © 2021 Orange
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}-->
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+
+ <property name="logDir" value="/var/log/onap" />
+
+ <!-- <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy"
+ | "SDNC" | "AC" -->
+ <property name="componentName" value="AAI-UI"></property>
+
+ <!-- default eelf log file names -->
+ <property name="generalLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|AAIUI|%mdc{PartnerName}|%logger|%.-5level|%msg%n" />
+ <property name="auditMetricPattern" value="%m%n" />
+
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+
+
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+
+ <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELF" />
+ </appender>
+
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine related
+ logging events. The audit logger and appender are specializations of the
+ EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics" />
+ </appender>
+
+ <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>false</includeCallerData>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="com.blog.spring.jms" level="WARN" />
+
+ <!-- Sparky loggers -->
+ <logger name="org.onap" level="INFO">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" />
+ <logger name="org.apache.commons.httpclient" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.coyote" level="WARN" />
+ <logger name="org.apache.jasper" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="WARN" />
+ <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <root>
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
+ <!-- <appender-ref ref="asyncEELFDebug" /> -->
+ </root>
+
+</configuration>
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/roles.config
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config
similarity index 100%
rename from kubernetes/aai/components/aai-sparky-be/resources/config/users.config
rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
deleted file mode 100644
index aa4ae74..0000000
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12
deleted file mode 100644
index b2449c6..0000000
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
index 2592e5c..7a0fb82 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
@@ -46,4 +46,4 @@
ext_req_read_timeout=20000
#Add AAF namespace if the app is centralized
-auth_namespace={{.Values.config.aafNamespace}}
+auth_namespace={{ .Values.certInitializer.fqi_namespace }}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
index 1f154b6..baefd98 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
@@ -6,14 +6,18 @@
# AAF Environment Designation
#if you are running aaf service from a docker image you have to use aaf service IP and port number
-aaf_id={{.Values.config.aafUsername}}
+aaf_id={{ .Values.certInitializer.fqi }}
#Encrypt the password using AAF Jar
-aaf_password={{.Values.config.aafPassword}}
+aaf_password={{ .Values.certInitializer.aafDeployPass }}
# Sample CADI Properties, from CADI 1.4.2
#hostname=org.onap.aai.orr
csp_domain=PROD
# Add Absolute path to Keyfile
-cadi_keyfile={{.Values.config.cadiKeyFile}}
+cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile
+cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+cadi_keystore_password=${KEYSTORE_PASSWORD}
+
+cadi_alias={{ .Values.certInitializer.fqi }}
# This is required to accept Certificate Authentication from Certman certificates.
# can be TEST, IST or PROD
@@ -23,9 +27,9 @@
cadi_loglevel=DEBUG
# Add Absolute path to truststore2018.jks
-cadi_truststore={{.Values.config.cadiTrustStore}}
+cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
-cadi_truststore_password={{.Values.config.cadiTrustStorePassword}}
+cadi_truststore_password=${TRUSTSTORE_PASSWORD}
# how to turn on SSL Logging
#javax.net.debug=ssl
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
index 162e96b..fee07d8 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
@@ -14,25 +14,6 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-prop
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
@@ -45,7 +26,7 @@
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 6e74526..51d577b 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -38,7 +38,29 @@
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
+ | xargs -0)
+ echo "*** write them in portal part"
+ cd /config-input
+ for PFILE in `ls -1 .`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config-input
+ name: portal-config-input
+ - mountPath: /config
+ name: portal-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /app/ready.py
args:
@@ -57,68 +79,56 @@
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- volumeMounts:
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
+ | xargs -0)
+ echo "*** actual launch of AAI Sparky BE"
+ /opt/app/sparky/bin/start.sh
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
- name: {{ include "common.fullname" . }}-auth-config
- subPath: client-cert-onap.p12
-
- mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
- name: {{ include "common.fullname" . }}-auth-config
+ name: auth-config
subPath: csp-cookie-filter.properties
-
- - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12
- name: {{ include "common.fullname" . }}-auth-config
- subPath: org.onap.aai.p12
-
- - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks
- name: aai-common-aai-auth-mount
- subPath: truststoreONAPall.jks
-
- mountPath: /opt/app/sparky/config/portal/
- name: {{ include "common.fullname" . }}-portal-config
-
+ name: portal-config
- mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
- name: {{ include "common.fullname" . }}-portal-config-props
-
+ name: portal-config-props
- mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
-
+ name: logs
- mountPath: /opt/app/sparky/config/application.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application.properties
-
- mountPath: /opt/app/sparky/config/application-resources.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application-resources.properties
-
- mountPath: /opt/app/sparky/config/application-ssl.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application-ssl.properties
-
- mountPath: /opt/app/sparky/config/application-oxm-default.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application-oxm-default.properties
-
- mountPath: /opt/app/sparky/config/application-oxm-override.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application-oxm-override.properties
-
- mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application-oxm-schema-prod.properties
-
- mountPath: /opt/app/sparky/config/roles.config
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: roles.config
-
- mountPath: /opt/app/sparky/config/users.config
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: users.config
-
+ - mountPath: /opt/app/sparky/config/logging/logback.xml
+ name: config
+ subPath: logback.xml
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -155,45 +165,35 @@
subPath: filebeat.yml
name: filebeat-conf
- mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /usr/share/filebeat/data
name: aai-sparky-filebeat
resources:
{{ include "common.resources" . }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
-
- - name: {{ include "common.fullname" . }}-properties
- configMap:
- name: {{ include "common.fullname" . }}-prop
-
- - name: {{ include "common.fullname" . }}-config
+ - name: config
configMap:
name: {{ include "common.fullname" . }}
-
- - name: {{ include "common.fullname" . }}-portal-config
+ - name: portal-config
+ emptyDir:
+ medium: Memory
+ - name: portal-config-input
configMap:
name: {{ include "common.fullname" . }}-portal
-
- - name: {{ include "common.fullname" . }}-portal-config-props
+ - name: portal-config-props
configMap:
name: {{ include "common.fullname" . }}-portal-props
-
- - name: {{ include "common.fullname" . }}-auth-config
+ - name: auth-config
secret:
secretName: {{ include "common.fullname" . }}
-
- - name: aai-common-aai-auth-mount
- secret:
- secretName: aai-common-aai-auth
-
- name: filebeat-conf
configMap:
name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
- name: aai-sparky-filebeat
emptyDir: {}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index ed21030..147feb1 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -27,6 +27,45 @@
searchData:
serviceName: aai-search-data
+
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-sparky-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: "aai"
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: "org.onap.aai"
+ fqi: "aai@aai.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** changing passwords into shell safe ones"
+ export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
+ -storepass "${cadi_keystore_password_jks}" \
+ -keystore {{ .Values.fqi_namespace }}.jks
+ keytool -storepasswd -new "${TRUSTORE_PASSWD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** set key password as same password as keystore password"
+ keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
+ -keystore {{ .Values.fqi_namespace }}.jks \
+ -keypass "${cadi_keystore_password_jks}" \
+ -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
+
# application image
image: onap/sparky-be:2.0.2
pullPolicy: Always
@@ -44,13 +83,7 @@
portalPassword: OBF:1t2v1vfv1unz1vgz1t3b
portalCookieName: UserId
portalAppRoles: ui_view
- aafUsername: aai@aai.onap.org
- aafNamespace: org.onap.aai
- aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz
- cadiKeyFile: /opt/app/sparky/config/portal/keyFile
- cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks
cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
- cadiTrustStorePassword: changeit
cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
# ONAP Cookie Processing - During initial development, the following flag, if true, will
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 69222db..1e3a962 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -140,7 +140,7 @@
truststoreAllPassword: changeit
# application image
-image: onap/aai-traversal:1.7.2
+image: onap/aai-traversal:1.8.0
pullPolicy: Always
restartPolicy: Always
flavor: small
diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index de25485..b38a7f1 100644
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -36,13 +36,13 @@
{{- $global := . }}
{{- range $index, $port := $ports }}
{{- if (include "common.needTLS" $global) }}
-- containerPort: {{ $port.port }}
+- containerPort: {{ default $port.port $port.internal_port }}
{{- else }}
-- containerPort: {{ default $port.port $port.plain_port }}
+- containerPort: {{ default (default $port.port $port.internal_port) (default $port.plain_port $port.internal_plain_port) }}
{{- end }}
name: {{ $port.name }}
{{- if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain)) }}
-- containerPort: {{ $port.plain_port }}
+- containerPort: {{ default $port.plain_port $port.internal_plain_port }}
name: {{ $port.name }}-plain
{{- end }}
{{- end }}
@@ -67,4 +67,3 @@
privileged: false
allowPrivilegeEscalation: false
{{- end }}
-
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index f815847..07bb5c4 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -41,6 +41,9 @@
# Application configuration defaults.
#################################################################
+# bitnami image doesn't support well single quote in password
+passwordStrengthOverride: basic
+
pullPolicy: Always
# application configuration
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 95de6ec..71201a1 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -67,6 +67,9 @@
- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness
image: {{ include "repositoryGenerator.image.readiness" $subchartDot }}
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ securityContext:
+ runAsUser: {{ $subchartDot.Values.user }}
+ runAsGroup: {{ $subchartDot.Values.group }}
command:
- /app/ready.py
args:
diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml
index b15b1c2..128c505 100644
--- a/kubernetes/common/readinessCheck/values.yaml
+++ b/kubernetes/common/readinessCheck/values.yaml
@@ -15,6 +15,9 @@
global:
pullPolicy: Always
+user: 100
+group: 65533
+
limits:
cpu: 100m
memory: 100Mi
diff --git a/kubernetes/cps/.helmignore b/kubernetes/cps/.helmignore
new file mode 100644
index 0000000..80b47d2
--- /dev/null
+++ b/kubernetes/cps/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/cps/Chart.yaml
similarity index 65%
copy from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
copy to kubernetes/cps/Chart.yaml
index 59c0349..c723bae 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/cps/Chart.yaml
@@ -1,5 +1,4 @@
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright (C) 2021 Pantheon.tech
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,11 +11,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-resources.hostname=aai
-resources.port=8443
-resources.authType=SSL_BASIC
-resources.basicAuthUserName=aai@aai.onap.org
-resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+apiVersion: v1
+description: Configuration Persistance Service (CPS)
+name: cps
+version: 7.0.0
diff --git a/kubernetes/cps/README.md b/kubernetes/cps/README.md
new file mode 100644
index 0000000..4b578c4
--- /dev/null
+++ b/kubernetes/cps/README.md
@@ -0,0 +1,22 @@
+# ============LICENSE_START==========================================
+# ===================================================================
+# Copyright (C) 2021 Pantheon.tech
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#============LICENSE_END============================================
+
+# Helm Chart for CPS Applications
+
+ONAP Configuration Persistence Service (CPS) includes the following Kubernetes services:
+
+1) Cps and xNF - Configuration Persistence Service together with Nf Configuration Persistence Service
\ No newline at end of file
diff --git a/kubernetes/cps/requirements.yaml b/kubernetes/cps/requirements.yaml
new file mode 100644
index 0000000..ce06a4d
--- /dev/null
+++ b/kubernetes/cps/requirements.yaml
@@ -0,0 +1,30 @@
+# Copyright (C) 2021 Pantheon.tech, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~7.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~7.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~7.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~7.x-0
+ repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/cps/resources/config/application.yml b/kubernetes/cps/resources/config/application.yml
new file mode 100644
index 0000000..983a754
--- /dev/null
+++ b/kubernetes/cps/resources/config/application.yml
@@ -0,0 +1,68 @@
+{{/*
+ # Copyright (C) 2021 Pantheon.tech
+ # Modifications Copyright (C) 2020 Bell Canada. All rights reserved.
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+---
+server:
+ port: 8080
+
+rest:
+ api:
+ cps-base-path: /cps/api
+ xnf-base-path: /cps-nf-proxy/api
+
+spring:
+ main:
+ banner-mode: "off"
+ jpa:
+ ddl-auto: create
+ open-in-view: false
+ properties:
+ hibernate:
+ enable_lazy_load_no_trans: true
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+
+ datasource:
+ url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driverClassName: org.postgresql.Driver
+ initialization-mode: always
+
+ cache:
+ type: caffeine
+ cache-names: yangSchema
+ caffeine:
+ spec: maximumSize=10000,expireAfterAccess=10m
+# Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: info,health,loggers
+ endpoint:
+ health:
+ show-details: always
+ # kubernetes probes: liveness and readiness
+ probes:
+ enabled: true
+ loggers:
+ enabled: true
+
+logging:
+ level:
+ org:
+ springframework: {{ .Values.logging.level }}
diff --git a/kubernetes/cps/resources/config/logback.xml b/kubernetes/cps/resources/config/logback.xml
new file mode 100644
index 0000000..56ffc88
--- /dev/null
+++ b/kubernetes/cps/resources/config/logback.xml
@@ -0,0 +1,34 @@
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2020 Bell Canada. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n</pattern>
+ </encoder>
+ </appender>
+ <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncSysOut" />
+ </root>
+
+</configuration>
+
diff --git a/kubernetes/cps/templates/NOTES.txt b/kubernetes/cps/templates/NOTES.txt
new file mode 100644
index 0000000..09d22df
--- /dev/null
+++ b/kubernetes/cps/templates/NOTES.txt
@@ -0,0 +1,35 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ export SERVICE_PORT=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.spec.ports[0].port}')
+ echo http://$SERVICE_IP:$SERVICE_PORT
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ export POD_PORT=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].spec.containers[0].ports[0].containerPort}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:$POD_PORT
+{{- end }}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/cps/templates/configmap.yaml
similarity index 66%
copy from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
copy to kubernetes/cps/templates/configmap.yaml
index 59c0349..eeb057c 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/cps/templates/configmap.yaml
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright (C) 2021 Pantheon.tech
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,9 +14,7 @@
# limitations under the License.
*/}}
-resources.hostname=aai
-resources.port=8443
-resources.authType=SSL_BASIC
-resources.basicAuthUserName=aai@aai.onap.org
-resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
diff --git a/kubernetes/cps/templates/deployment.yaml b/kubernetes/cps/templates/deployment.yaml
new file mode 100644
index 0000000..e15ae71
--- /dev/null
+++ b/kubernetes/cps/templates/deployment.yaml
@@ -0,0 +1,96 @@
+{{/*
+# Copyright (C) 2021 Pantheon.tech, Orange
+# Modifications Copyright (C) 2020 Bell Canada. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-update-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /app/resources/application.yml
+ subPath: application.yml
+ name: init-data
+ - mountPath: /app/resources/logback.xml
+ subPath: logback.xml
+ name: init-data
+ - mountPath: /tmp
+ name: init-temp
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
+ - name: init-temp
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/cps/templates/ingress.yaml
similarity index 66%
copy from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
copy to kubernetes/cps/templates/ingress.yaml
index 59c0349..16f9440 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/cps/templates/ingress.yaml
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright (C) 2021 Pantheon.tech
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,9 +14,4 @@
# limitations under the License.
*/}}
-resources.hostname=aai
-resources.port=8443
-resources.authType=SSL_BASIC
-resources.basicAuthUserName=aai@aai.onap.org
-resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+{{ include "common.ingress" . }}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/cps/templates/secrets.yaml
similarity index 66%
copy from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
copy to kubernetes/cps/templates/secrets.yaml
index 59c0349..f25044d 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
+++ b/kubernetes/cps/templates/secrets.yaml
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright (C) 2021 Pantheon.tech
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,9 +14,4 @@
# limitations under the License.
*/}}
-resources.hostname=aai
-resources.port=8443
-resources.authType=SSL_BASIC
-resources.basicAuthUserName=aai@aai.onap.org
-resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/cps/templates/service.yaml b/kubernetes/cps/templates/service.yaml
new file mode 100644
index 0000000..bfcaabc
--- /dev/null
+++ b/kubernetes/cps/templates/service.yaml
@@ -0,0 +1,17 @@
+{{/*
+ # Copyright (C) 2021 Pantheon.tech, Orange
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
new file mode 100644
index 0000000..ee797a5
--- /dev/null
+++ b/kubernetes/cps/values.yaml
@@ -0,0 +1,143 @@
+# Copyright (C) 2021 Pantheon.tech, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Secrets.
+#################################################################
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+# bitnami image doesn't support well single quote in password
+passwordStrengthOverride: basic
+global:
+ ingress:
+ virtualhost:
+ baseurl: "simpledemo.onap.org"
+
+image: onap/cps-and-nf-proxy:0.0.1
+containerPort: &svc_port 8080
+
+service:
+ type: ClusterIP
+ name: cps
+ ports:
+ - name: &port http
+ port: *svc_port
+
+pullPolicy: Always
+# flag to enable debugging - application support required
+debugEnabled: false
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# default number of instances
+replicaCount: 1
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ path: /manage/health
+ port: *port
+
+readiness:
+ initialDelaySeconds: 15
+ periodSeconds: 15
+ path: /manage/health
+ port: *port
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "cps"
+ path: "/"
+ name: "cps"
+ port: *svc_port
+
+serviceAccount:
+ nameOverride: cps
+ roles:
+ - read
+
+securityContext:
+ user_id: 100
+ group_id: 655533
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+logging:
+ level: INFO
+ path: /tmp
+#################################################################
+# Postgres overriding defaults in the postgres
+#################################################################
+postgres:
+ nameOverride: &postgresName cps-postgres
+ service:
+ name: *postgresName
+ name2: cps-pg-primary
+ name3: cps-pg-replica
+ container:
+ name:
+ primary: cps-pg-primary
+ replica: cps-pg-replica
+ persistence:
+ mountSubPath: cps/data
+ mountInitPath: cps
+ config:
+ pgUserName: cps
+ pgDatabase: cpsdb
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+
+readinessCheck:
+ wait_for:
+ - cps-postgres
\ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 6412bf8..458ec10 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -104,7 +104,7 @@
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.0
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.2
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml
index 3e96bdf..4f46962 100755
--- a/kubernetes/onap/requirements.yaml
+++ b/kubernetes/onap/requirements.yaml
@@ -54,6 +54,10 @@
version: ~7.x-0
repository: '@local'
condition: global.addTestingComponents
+ - name: cps
+ version: ~7.x-0
+ repository: '@local'
+ condition: cps.enabled
- name: dcaegen2
version: ~7.x-0
repository: '@local'
diff --git a/kubernetes/onap/resources/environments/core-onap.yaml b/kubernetes/onap/resources/environments/core-onap.yaml
index 027bc7b..9932691 100644
--- a/kubernetes/onap/resources/environments/core-onap.yaml
+++ b/kubernetes/onap/resources/environments/core-onap.yaml
@@ -67,6 +67,8 @@
enabled: false
contrib:
enabled: false
+cps:
+ enabled: false
dcaegen2:
enabled: false
dmaap:
diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml
index dd22d8f..8471349 100644
--- a/kubernetes/onap/resources/environments/dev.yaml
+++ b/kubernetes/onap/resources/environments/dev.yaml
@@ -71,6 +71,8 @@
enabled: false
contrib:
enabled: false
+cps:
+ enabled: false
dcaegen2:
enabled: false
dmaap:
diff --git a/kubernetes/onap/resources/environments/disable-allcharts.yaml b/kubernetes/onap/resources/environments/disable-allcharts.yaml
index 27588fa..c7dcdfc 100644
--- a/kubernetes/onap/resources/environments/disable-allcharts.yaml
+++ b/kubernetes/onap/resources/environments/disable-allcharts.yaml
@@ -41,6 +41,8 @@
enabled: false
contrib:
enabled: false
+cps:
+ enabled: false
dcaegen2:
enabled: false
dmaap:
diff --git a/kubernetes/onap/resources/environments/minimal-onap.yaml b/kubernetes/onap/resources/environments/minimal-onap.yaml
index 336e937..0186a9c 100644
--- a/kubernetes/onap/resources/environments/minimal-onap.yaml
+++ b/kubernetes/onap/resources/environments/minimal-onap.yaml
@@ -62,6 +62,8 @@
enabled: false
contrib:
enabled: false
+cps:
+ enabled: false
dcaegen2:
enabled: false
dmaap:
diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
index be05299..2481623 100644
--- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
+++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
@@ -94,6 +94,8 @@
enabled: false
contrib:
enabled: false
+cps:
+ enabled: false
dcaegen2:
enabled: false
dmaap:
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
index 997bca9..63a8a74 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
@@ -36,6 +36,8 @@
enabled: true
contrib:
enabled: true
+cps:
+ enabled: true
dcaegen2:
enabled: true
dmaap:
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index 13b90ac..c8551cb 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -44,6 +44,8 @@
enabled: *testing
consul:
enabled: true
+cps:
+ enabled: true
dcaegen2:
enabled: true
dcaemod:
diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml
index 7966431..bd8ed9d 100644
--- a/kubernetes/onap/resources/overrides/sm-onap.yaml
+++ b/kubernetes/onap/resources/overrides/sm-onap.yaml
@@ -66,10 +66,10 @@
enabled: false
contrib:
enabled: false
+cps:
+ enabled: false
dcaegen2:
enabled: false
-dmaap:
- enabled: true
esr:
enabled: false
log:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 0920222..d5d3e10 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -301,6 +301,8 @@
# addTestingComponents
contrib:
enabled: *testing
+cps:
+ enabled: false
dcaegen2:
enabled: false
dcaemod: