Merge "[SDC] Update SDC images to 1.12.2"
diff --git a/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml b/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml
index 3ef9519..f5f53f9 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml
@@ -1,6 +1,6 @@
# Copyright (c) 2019 IBM, Bell Canada
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -29,6 +29,6 @@
- name: serviceAccount
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/ONAP_RootCA.cer b/kubernetes/cds/components/cds-blueprints-processor/resources/config/ONAP_RootCA.cer
deleted file mode 100755
index e9a50d7..0000000
--- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/ONAP_RootCA.cer
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
index 2818fd9..7351b1f 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
@@ -1,6 +1,6 @@
{{/*
#
-# Copyright (c) 2017-2022 AT&T, IBM, Bell Canada, Nordix Foundation.
+# Copyright (c) 2017-2023 AT&T, IBM, Bell Canada, Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -101,11 +101,7 @@
# AAI Data REST Client settings
blueprintsprocessor.restclient.aai-data.type=basic-auth
-{{ if ( include "common.needTLS" .) }}
-blueprintsprocessor.restclient.aai-data.url=https://{{ .Values.global.aaiData.ServiceName }}:8443
-{{- else -}}
blueprintsprocessor.restclient.aai-data.url=http://{{ .Values.global.aaiData.ServiceName }}:{{ .Values.global.aaiData.ExternalPlainPort }}
-{{- end }}
blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org
blueprintsprocessor.restclient.aai-data.password=demo123456!
blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id
@@ -121,70 +117,44 @@
blueprintsprocessor.restclient.cps-data.additionalHeaders.Content-Type=application/json
# Self Service Request Kafka Message Consumer
-blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled }}
-blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=true
+blueprintsprocessor.messageconsumer.self-service-api.type=kafka-scram-plain-text-auth
blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers }}
+{{- with (first .Values.kafkaUser.acls) }}
+blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .name }}
{{- end }}
-blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .Values.kafkaRequestConsumer.groupId }}
-blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic }}
-blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId }}
-blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageconsumer.self-service-api.topic=cds.blueprint-processor.self-service-api.request
+blueprintsprocessor.messageconsumer.self-service-api.clientId=request-receiver-client-id
+blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
+blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${SASL_JAAS_PASS}
# Self Service Response Kafka Message Producer
-blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.type=kafka-scram-plain-text-auth
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers }}
-{{- end }}
-blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }}
-blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageproducer.self-service-api.clientId=request-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.topic=cds.blueprint-processor.self-service-api.response
+blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageproducer.self-service-api.scramPassword=${SASL_JAAS_PASS}
# AUDIT KAFKA FEATURE CONFIGURATION
# Audit feature dumps CDS request to a topic as well as a truncated response message to another topic.
## Audit request
-blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=true
+blueprintsprocessor.messageproducer.self-service-api.audit.request.type=kafka-scram-plain-text-auth
blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
-{{- end }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId=audit-request-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.audit.request.topic=cds.blueprint-processor.self-service-api.audit.request
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${SASL_JAAS_PASS}
## Audit response
-blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.type=kafka-scram-plain-text-auth
blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
-{{- end }}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId=audit-response-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.audit.response.topic=cds.blueprint-processor.self-service-api.audit.response
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${SASL_JAAS_PASS}
# Executor Options
blueprintsprocessor.resourceResolution.enabled=true
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml
deleted file mode 100644
index 555f4d4..0000000
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml
+++ /dev/null
@@ -1,68 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{ if eq .Values.useStrimziKafka true }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.kafkaRequestConsumer.topic }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: 10
- replicas: 2
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.kafkaRequestProducer.topic }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: 10
- replicas: 2
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.kafkaAuditRequest.topic }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: 10
- replicas: 2
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.kafkaAuditResponse.topic }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: 10
- replicas: 2
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml
deleted file mode 100644
index 65ee1d2..0000000
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{ if eq .Values.useStrimziKafka true }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: scram-sha-512
- authorization:
- type: simple
- acls:
- - resource:
- type: group
- name: {{ .Values.kafkaRequestConsumer.groupId }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.kafkaRequestConsumer.topic }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.kafkaRequestProducer.topic }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.kafkaAuditRequest.topic }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.kafkaAuditResponse.topic }}
- operation: All
-{{ end }}
\ No newline at end of file
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index 520516d..a6e3a52 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
-# Modification Copyright © 2022 Nordix Foundation
+# Modification Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,38 +18,26 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
strategy:
type: RollingUpdate
rollingUpdate:
- # This allow a new pod to be ready before terminating the old one
+ # This allows a new pod to be ready before terminating the old one
# causing no downtime when replicas is set to 1
maxUnavailable: 0
-
# maxSurge to 1 is very important for the hazelcast integration
# we only want one pod at a time to restart not multiple
# and break the hazelcast cluster. We should not use % maxSurge value
# ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/
maxSurge: 1
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
- command:
- sh
args:
@@ -75,21 +63,6 @@
name: {{ include "common.name" . }}-update-config
- command:
- - /app/ready.py
- args:
- - --container-name
- - cds-db
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - name: fix-permission
- command:
- chown
- -R
- 1000:1000
@@ -99,6 +72,8 @@
volumeMounts:
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
+ name: fix-permission
+
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -110,8 +85,6 @@
value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
- name: CLUSTER_ID
value: {{ .Values.cluster.clusterName }}
- - name: AAF_CREDSPATH
- value: {{ .Values.certInitializer.credsPath }}
- name: CLUSTER_NODE_ID
valueFrom:
fieldRef:
@@ -122,10 +95,11 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 12 }}
- name: CPS_PASS_PLAIN
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 12 }}
- {{ if .Values.useStrimziKafka }}
- - name: JAAS_PASS
- value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }}
- {{ end }}
+ - name: SASL_JAAS_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: password
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- containerPort: {{ .Values.service.grpc.internalPort }}
@@ -133,7 +107,7 @@
startupProbe:
httpGet:
path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.startup.port }}
httpHeaders:
- name: Authorization
value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
@@ -146,7 +120,7 @@
livenessProbe:
httpGet:
path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.liveness.port }}
httpHeaders:
- name: Authorization
value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
@@ -157,14 +131,14 @@
readinessProbe:
httpGet:
path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.readiness.port }}
httpHeaders:
- name: Authorization
value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -180,11 +154,6 @@
- mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml
name: {{ include "common.fullname" . }}-config
subPath: hazelcast.yaml
-
- - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer
- name: {{ include "common.fullname" . }}-config
- subPath: ONAP_RootCA.cer
-
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
resources: {{ include "common.resources" . | nindent 12 }}
@@ -197,7 +166,7 @@
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
@@ -213,8 +182,6 @@
path: logback.xml
- key: hazelcast.yaml
path: hazelcast.yaml
- - key: ONAP_RootCA.cer
- path: ONAP_RootCA.cer
- name: {{ include "common.fullname" . }}-blueprints
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-cds-blueprints
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/kafkatopic.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/kafkatopic.yaml
new file mode 100644
index 0000000..d1d21a6
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/kafkatopic.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkatopic" . }}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/kafkauser.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/kafkauser.yaml
new file mode 100644
index 0000000..6fc37c3
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml
index 153740c..84ccfc5 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright (c) 2019 IBM, Bell Canada
+# Modification Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,13 +31,10 @@
ports:
- port: {{ .Values.service.http.externalPort }}
targetPort: {{ .Values.service.http.internalPort }}
- {{- if eq .Values.service.http.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.http.nodePort }}
- {{- end}}
- name: {{ .Values.service.http.portName | default "http" }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+ name: {{ .Values.service.http.portName | default "http" }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
---
apiVersion: v1
kind: Service
@@ -56,8 +54,8 @@
targetPort: {{ .Values.service.grpc.internalPort }}
name: {{ .Values.service.grpc.portName | default "grpc" }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
---
apiVersion: v1
kind: Service
@@ -75,10 +73,7 @@
ports:
- port: {{ .Values.service.cluster.externalPort }}
targetPort: {{ .Values.service.cluster.internalPort }}
- {{- if eq .Values.service.cluster.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }}
- {{- end}}
name: {{ .Values.service.cluster.portName | default "cluster" }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index cd12c5c..d713d10 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -1,6 +1,6 @@
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
-# Modification Copyright © 2022 Nordix Foundation
+# Modification Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,20 +18,13 @@
# Global configuration defaults.
#################################################################
global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefixExt: 304
-
# image pull policy
pullPolicy: Always
-
persistence:
mountPath: /dockerdata-nfs
-
# This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
-
# This concerns CDS/AAI communication through HTTP when TLS is not being needed
# Port value should match the one in aai/values.yml : service.externalPlainPort
aaiData:
@@ -39,9 +32,6 @@
ServiceName: aai # domain
# http://aai:80 or https://aai:443
- #AAF is enabled by default
- #aafEnabled: true
-
#enable importCustomCerts to add custom CA to blueprint processor pod
#importCustomCertsEnabled: true
@@ -65,13 +55,6 @@
externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
password: '{{ .Values.config.sdncDB.dbRootPass }}'
passwordPolicy: required
- - uid: cds-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: password
- value: '{{ .Values.config.someConfig }}'
- policy: generate
- uid: cps-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.cps.cpsUserExternalSecret) . }}'
@@ -80,31 +63,6 @@
passwordPolicy: required
#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: cds-blueprints-processor-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: sdnc-cds
- fqi: sdnc-cds@sdnc-cds.onap.org
- public_fqdn: sdnc-cds.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.sdnc-cds
- #enable below if we need custom CA to be added to blueprint processor pod
- #importCustomCertsEnabled: true
- #truststoreMountpath: /opt/onap/cds
- #truststoreOutputFileName: truststoreONAPall.jks
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh;
- /opt/app/aaf_config/bin/agent.sh local showpass
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
-
-#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -132,7 +90,6 @@
# dbCredsExternalSecret: <some secret name>
# dbRootPassword: password
# dbRootPassExternalSecret
- someConfig: blah
cps:
cpsUsername: ''
cpsPassword: ''
@@ -145,46 +102,52 @@
affinity: {}
-# If useStrimziKafka is true, the following also applies:
-# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below.
-# The connection type must be kafka-scram-plain-text-auth
-# The bootstrapServers will target the strimzi kafka cluster by default
-useStrimziKafka: false
-cdsKafkaUser: cds-kafka-user
+# Strimzi KafkaUser config
+kafkaUser:
+ acls:
+ - name: cds-bp-processor
+ type: group
+ operations: [Read]
+ - name: cds.blueprint-processor
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
+# Strimzi KafkaTopic config
+kafkaTopic:
+ - name: cds.blueprint-processor.self-service-api.request
+ - name: cds.blueprint-processor.self-service-api.response
+ - name: cds.blueprint-processor.self-service-api.audit.request
+ - name: cds.blueprint-processor.self-service-api.audit.response
-kafkaRequestConsumer:
- enabled: false
- type: kafka-scram-plain-text-auth
- bootstrapServers: host:port
- groupId: cds-consumer
- topic: cds.blueprint-processor.self-service-api.request
- clientId: request-receiver-client-id
- pollMillSec: 1000
-kafkaRequestProducer:
- type: kafka-scram-plain-text-auth
- bootstrapServers: host:port
- clientId: request-producer-client-id
- topic: cds.blueprint-processor.self-service-api.response
- enableIdempotence: false
-kafkaAuditRequest:
- enabled: false
- type: kafka-scram-plain-text-auth
- bootstrapServers: host:port
- clientId: audit-request-producer-client-id
- topic: cds.blueprint-processor.self-service-api.audit.request
- enableIdempotence: false
-kafkaAuditResponse:
- type: kafka-scram-plain-text-auth
- bootstrapServers: host:port
- clientId: audit-response-producer-client-id
- topic: cds.blueprint-processor.self-service-api.audit.response
- enableIdempotence: false
+
+containerHttpPort: &svc_http_port 8080
+containerGrpcPort: &svc_grpc_port 9111
+containerTcpPort: &svc_tcp_port 5701
+
+service:
+ http:
+ type: ClusterIP
+ portName: http
+ internalPort: *svc_http_port
+ externalPort: *svc_http_port
+ grpc:
+ type: ClusterIP
+ portName: grpc
+ internalPort: *svc_grpc_port
+ externalPort: *svc_grpc_port
+ cluster:
+ type: ClusterIP
+ portName: tcp-cluster
+ internalPort: *svc_tcp_port
+ externalPort: *svc_tcp_port
+ port: *svc_http_port
# probe configuration parameters
startup:
initialDelaySeconds: 10
failureThreshold: 30
periodSeconds: 10
+ port: *svc_http_port
liveness:
initialDelaySeconds: 1
@@ -193,28 +156,13 @@
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: false
+ port: *svc_http_port
readiness:
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 20
-
-service:
- http:
- type: ClusterIP
- portName: http
- internalPort: 8080
- externalPort: 8080
- grpc:
- type: ClusterIP
- portName: grpc
- internalPort: 9111
- externalPort: 9111
- cluster:
- type: ClusterIP
- portName: tcp-cluster
- internalPort: 5701
- externalPort: 5701
+ port: *svc_http_port
persistence:
volumeReclaimPolicy: Retain
@@ -227,9 +175,7 @@
cluster:
# Cannot have cluster enabled if the replicaCount is not at least 3
enabled: false
-
clusterName: cds-cluster
-
# Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be
# between 3 and 7 only.
groupSize: 3
@@ -271,6 +217,10 @@
memory: 4Gi
unlimited: {}
+readinessCheck:
+ wait_for:
+ - cds-db
+
#Pods Service Account
serviceAccount:
nameOverride: cds-blueprints-processor
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index 58e6b65..27d5e84 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -1,7 +1,7 @@
# Copyright © 2020 Samsung Electronics
# Copyright © 2019 Orange, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
-# Modification Copyright © 2022 Nordix Foundation
+# Modification Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,7 +23,6 @@
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- cdsKafkaUser: cds-kafka-user
#################################################################
# Secrets metaconfig
@@ -42,7 +41,6 @@
# application images
pullPolicy: Always
-
subChartsOnly:
enabled: true
@@ -214,7 +212,6 @@
dbPort: 3306
dbName: *mysqlDbName
dbCredsExternalSecret: *dbUserSecretName
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafkaUser }}'
cds-command-executor:
enabled: true
@@ -228,11 +225,9 @@
cds-ui:
enabled: true
-
#Resource Limit flavor -By Default using small
flavor: small
-#segregation for different envionment (Small and Large)
-
+#segregation for different environment (Small and Large)
resources:
small:
limits:
diff --git a/kubernetes/common/mariadb-galera/templates/pdb.yaml b/kubernetes/common/mariadb-galera/templates/pdb.yaml
index 4697934..1d9d414 100644
--- a/kubernetes/common/mariadb-galera/templates/pdb.yaml
+++ b/kubernetes/common/mariadb-galera/templates/pdb.yaml
@@ -15,7 +15,7 @@
*/}}
{{- if .Values.podDisruptionBudget.create }}
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
kind: PodDisruptionBudget
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
diff --git a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
index 4a08322..54b2b0e 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
+++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
@@ -44,8 +44,10 @@
"CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT",
"HELM"
],
- "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}",
- "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}",
+ {{- with (first .Values.kafkaUser.acls) }}
+ "consumerGroup": "{{ .name }}",
+ "consumerId": "{{ .name }}-k8s",
+ {{- end }}
"environmentName": "AUTO",
"keystorePath": "null",
"keystorePassword": "null",
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
index 571360d..ed6b64c 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
@@ -86,12 +86,11 @@
- mountPath: /data
name: artifact-data
env:
- - name: SECURITY_PROTOCOL
- value: {{ .Values.config.kafka.securityProtocol }}
- - name: SASL_MECHANISM
- value: {{ .Values.config.kafka.saslMechanism }}
- name: SASL_JAAS_CONFIG
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "multicloud-k8s-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml
new file mode 100644
index 0000000..324a068
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2022-23 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml
deleted file mode 100644
index 7600fac..0000000
--- a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: {{ .Values.config.kafka.saslMechanism | lower }}
- authorization:
- type: {{ .Values.config.kafka.authType }}
- acls:
- - resource:
- type: group
- name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
- operation: All
- - resource:
- type: topic
- patternType: prefix
- name: {{ .Values.config.kafka.sdcTopic.pattern }}
- operation: All
diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
index cae151a..aea6915 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
@@ -19,19 +19,6 @@
nodePortPrefixExt: 304
persistence: {}
artifactImage: onap/multicloud/framework-artifactbroker:1.9.0
- multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: multicloud-k8s-sdc-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
#################################################################
# Application configuration defaults.
@@ -40,16 +27,16 @@
image: onap/multicloud/k8s:0.10.1
pullPolicy: Always
-config:
- someConfig: blah
- kafka:
- securityProtocol: SASL_PLAINTEXT
- saslMechanism: SCRAM-SHA-512
- authType: simple
- sdcTopic:
- pattern: SDC-DIST
- consumerGroup: multicloud
- clientId: multicloud-k8s
+# Strimzi KafkaUser config
+kafkaUser:
+ acls:
+ - name: multicloud
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml
index 21e6a61..ee9efc9 100644
--- a/kubernetes/multicloud/values.yaml
+++ b/kubernetes/multicloud/values.yaml
@@ -23,7 +23,6 @@
enabled: false
persistence: {}
centralizedLoggingEnabled: true
- multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user
#################################################################
# Application configuration defaults.
@@ -40,8 +39,6 @@
logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
multicloud-k8s:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}'
multicloud-pike:
enabled: true
logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
diff --git a/kubernetes/so/Chart.yaml b/kubernetes/so/Chart.yaml
index 3d5c0c4..3f1f871 100755
--- a/kubernetes/so/Chart.yaml
+++ b/kubernetes/so/Chart.yaml
@@ -1,6 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -53,6 +53,10 @@
version: ~12.x-0
repository: "file://components/so-cnf-adapter"
condition: so-cnf-adapter.enabled
+ - name: so-cnfm-lcm
+ version: ~12.x-0
+ repository: 'file://components/so-cnfm-lcm'
+ condition: so-cnfm-lcm.enabled
- name: so-etsi-nfvo-ns-lcm
version: ~12.x-0
repository: 'file://components/so-etsi-nfvo-ns-lcm'
diff --git a/kubernetes/so/components/so-cnfm-lcm/Chart.yaml b/kubernetes/so/components/so-cnfm-lcm/Chart.yaml
new file mode 100644
index 0000000..ad0a799
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/Chart.yaml
@@ -0,0 +1,35 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: so-cnfm-lcm
+description: ONAP SO CNFM LCM
+version: 12.0.0
+
+dependencies:
+ - name: common
+ version: ~12.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~12.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~12.x-0
+ repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml
new file mode 100644
index 0000000..411b75f
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml
@@ -0,0 +1,53 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+aai:
+ auth: {{ .Values.aai.auth }}
+ version: v24
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
+spring:
+ datasource:
+ hikari:
+ camunda:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: bpmn-pool
+ registerMbeans: true
+ cnfm:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/cnfm
+ username: ${DB_ADMIN_USERNAME}
+ password: ${DB_ADMIN_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: cnfm-pool
+ registerMbeans: true
+server:
+ port: {{ .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+mso:
+ key: {{ .Values.mso.key }}
+sdc:
+ username: {{ .Values.sdc.username }}
+ password: {{ .Values.sdc.password }}
+ key: {{ .Values.sdc.key }}
+ endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080
+camunda:
+ bpm:
+ history-level: full
+ job-execution:
+ max-pool-size: 30
+ core-pool-size: 3
+ deployment-aware: true
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml
new file mode 100644
index 0000000..2d8cb1e
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml
@@ -0,0 +1,43 @@
+{{/*
+ # Copyright © 2023 Nordix Foundation
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml
new file mode 100644
index 0000000..42d5fcf
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml
@@ -0,0 +1,74 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ command: [ "./start-app.sh" ]
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ index .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml
new file mode 100644
index 0000000..30c7b6e
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml
new file mode 100644
index 0000000..e361015
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/service.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/service.yaml
new file mode 100644
index 0000000..72b8e4b
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/service.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
diff --git a/kubernetes/so/components/so-cnfm-lcm/values.yaml b/kubernetes/so/components/so-cnfm-lcm/values.yaml
new file mode 100644
index 0000000..9cb7483
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/values.yaml
@@ -0,0 +1,133 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/so-cnfm-as-lcm:1.12.0
+pullPolicy: Always
+
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+sdc:
+ username: mso
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ key: 566B754875657232314F5548556D3665
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 9888
+logPath: ./logs/so-cnfm-lcm/
+app: so-cnfm-lcm
+service:
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+
+livenessProbe:
+ port: *containerPort
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'so-cnfm-lcm-api'
+ name: 'so-cnfms-lcm'
+ port: *containerPort
+ config:
+ ssl: 'redirect'
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-cnfm-lcm
+ roles:
+ - read
+
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index ce7ee71..014cbad 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -1,6 +1,7 @@
# Copyright © 2018 AT&T USA
# Copyright © 2020 Huawei
# Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -639,6 +640,11 @@
mso:
msoKeySecret: *mso-key
+so-cnfm-lcm:
+ enabled: true
+ db:
+ <<: *dbSecrets
+
so-etsi-nfvo-ns-lcm:
enabled: true
db: