The RIC deployment scripts are designed to deploy RIC components using helm charts. A deployment recipe yaml file that
contains parameter key:value pairs can be provided as a parameter for any deployment script in this repository. The
-deployment recipe is acting as the helm override value.yaml file. If no deployment recipe is provided, defaul parameters
+deployment recipe is acting as the helm override values.yaml file. If no deployment recipe is provided, default parameters
are used. The default parameters are set up to deploy a RIC instance using Linux Foundation repositories in a
self-contained environment.
### Directory Structure
.
├── bin
+├── ci
├── etc
├── LICENSES.txt License information
├── README.md This file
├── RECIPE_EXAMPLE Directory that contains deploy recipe examples
-├── ric-aux Deployment scripts, charts and configuration files for RIC auxiliry functions
+├── ric-aux Deployment scripts, charts and configuration files for RIC auxilary functions
+├── ric-common Deployment scripts, charts and configuration files for RIC common template
├── ric-infra Deployment scripts, charts and configuration files for infrastructure support
├── ric-platform Deployment scripts, charts and configuration files for RIC platform components
└── ric-xapps xApp related scripts, charts and configuration files
### Directory Naming Convention
-The root directories are orgainzed according to the deployment plans. Each directory contains subdirectories for
-different deployable components. The prefix of these subdirectories represents the deployment order. The smaller the
+The root directories are organized according to the deployment plans. Each directory contains subdirectories for
+different deployable components. The prefixes of these subdirectories represent the deployment order. The smaller the
prefix number the eariler the corresponding component will be deployed. Consider the following example,
├── ric-aux
│ ├── 80-Auxiliary-Functions
│ ├── 00-Kubernetes
│ ├── 10-Nexus
│ ├── 20-Monitoring
+│ ├── 30-Kong
│ ├── 40-Credential
+│ ├── 45-Tiller
│ └── README.md
├── ric-platform
│ ├── 50-RIC-Platform
│ ├── 55-Ext-Services
│ └── README.md
+├── ric-aux
+│ ├── 80-Auxiliary-Functions
+│ ├── 85-Ext-Services
+│ └── README.md
└── ric-xapps
├── 90-xApps
└── README.md
-when deploys the ric-platform, the credential is deployed before RIC-Platform.
-In each of the component directory, ./etc contains the configuration file, ./bin contains the binary and script files,
-./helm contains the helm charts, and ./docker contains docker related files for building the docker images. Please refer
-to the README.md files in individual directory for more details.
+when deploying the ric-platform, the credential is deployed before RIC-Platform.
+
+In each of the component directories, ./bin contains the binary and script files and ./helm contains the helm charts,
+
+Some components contain an ./etc directory with configuration files and some contain a ./docker directory with docker related files for building the docker images.
+
+Please refer to the README.md files in individual directory for more details.
+
+Within ric-infra, ric-platform and ric-aux, each of the components above can be deployed and undeployed separately.
+There are also scripts for deploying the ric-infra, ric-platform or ric-aux in its entirety.
+
+The ./bin directory contains these scripts
+
+The following sections discuss one-script deployment for each
+
+### To deploy RIC Infrastructure
+
+Edit ./RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE
+You can choose whether to enable Kubernetes deployment, Helm Chart museum and ELFKP stack
+You can specify the Helm release prefix and namespaces used
+You must specify username and password for Docker repo
+Then run the following to deploy:
+```sh
+$ . ./deploy-ric-infra -f ../RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE
+```
+Run the following to undeploy:
+```sh
+$ . ./undeploy-ric-infra
+```
+
+### To deploy RIC Platform
+
+Edit ./RECIPE_EXAMPLE/RIC_PLATFORM_RECIPE_EXAMPLE
+You can specify the Helm release prefix and namespaces used
+Set the values of extsvcaux/ricip and extsvcaux/auxip to be the external IP addresses of VM hosting RIC cluster and VM hosting AUX cluster, respectively.
+These values should be set in both the override file and the local values.yaml file
+```sh
+$ . ./deploy-ric-platform -f ../RECIPE_EXAMPLE/RIC_PLATFORM_RECIPE_EXAMPLE
+```
+Run the following to undeploy:
+```sh
+$ . ./undeploy-ric-platform
+```
-### To deploy RIC
-TBD will update when we have the root installer.
+### To deploy RIC Auxiliary functions
-### Configure the RIC deployment
-TBD will update when we have the root installer.
+Edit ./RECIPE_EXAMPLE/RIC_PLATFORM_RECIPE_EXAMPLE
+You can specify the Helm release prefix and namespaces used
+Set the values of extsvcaux/ricip and extsvcaux/auxip to be the external IP addresses of VM hosting RIC cluster and VM hosting AUX cluster, respectively.
+These values should be set in both the override file and the local values.yaml file
+```sh
+$ . ./deploy-ric-aux -f ../RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE
+```
+Run the following to undeploy:
+```sh
+$ . ./undeploy-ric-aux
+```
+++ /dev/null
-
-global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
- nodePortPrefixExt: 304
-
- # ONAP Repository
- # Uncomment the following to enable the use of a single docker
- # repository but ONLY if your repository mirrors all ONAP
- # docker images. This includes all images from dockerhub and
- # any other repository that hosts images for ONAP components.
- #repository: nexus3.onap.org:10001
- repositoryCred:
- user: docker
- password: docker
-
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
- # logging agent - temporary repo until images migrated to nexus3
- loggingRepository: docker.elastic.co
-
- # image pull policy
- pullPolicy: Always
-
- # default mount path root directory referenced
- # by persistent volumes and log files
- persistence:
- mountPath: /dockerdata-nfs
- enableDefaultStorageclass: false
- parameters: {}
- storageclassProvisioner: kubernetes.io/no-provisioner
- volumeReclaimPolicy: Retain
-
- # override default resource limit flavor for all charts
- flavor: unlimited
-
- # flag to enable debugging - application support required
- debugEnabled: false
aux: ricaux
# Docker registry from which RIC platform components pull the images
repository: nexus3.o-ran-sc.org:10004
+ onapRepository: nexus3.onap.org:10001
+ ubuntuInitRepository: registry.hub.docker.com
+ busyBoxRepository: docker.io
# Name of the K8S docker credential that is onboarded by 20-credential
repositoryCred: docker-reg-cred
ingressurl:
ric: ric-entry
aux: aux-entry
+ dashboard: dashboard.ric.org
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+ # Change this to define portal port used for webpage forwarding
+ portalFEPort: "8443"
+
+ # ONAP Repository
+ # Uncomment the following to enable the use of a single docker
+ # repository but ONLY if your repository mirrors all ONAP
+ # docker images. This includes all images from dockerhub and
+ # any other repository that hosts images for ONAP components.
+ repository: nexus3.onap.org:10001
+ repositoryCred:
+ user: docker
+ password: docker
+
+ # readiness check - temporary repo until images migrated to nexus3
+ readinessRepository: oomk8s
+ # logging agent - temporary repo until images migrated to nexus3
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+ # image pull policy
+ pullPolicy: Always
+
+
+ portalHostName: "portal.ric.org"
+ cookieDomain: "ric.org"
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+ persistence:
+ mountPath: /dockerdata-nfs
+ enableDefaultStorageclass: false
+ parameters: {}
+ storageclassProvisioner: kubernetes.io/no-provisioner
+ volumeReclaimPolicy: Retain
+
+ # override default resource limit flavor for all charts
+ flavor: unlimited
+
+ # flag to enable debugging - application support required
+ debugEnabled: false
+
+ aaf:
+ image: onap/aaf/aaf_core:2.1.15
+ config:
+ image: onap/aaf/aaf_config:2.1.15
+ cass:
+ image: onap/aaf/aaf_cass:2.1.15
+
- tillers:
- ricxapp:
- name: ricxapp
- nameSpace: ricxapp
- deployNameSpace: ricinfra
- image:
- tillerTLSSecrets:
- repository: nexus3.o-ran-sc.org:10004
- name: it-dep-secret
- tag: 0.0.2
- tiller:
- repository: gcr.io
- name: kubernetes-helm/tiller
- tag: v2.12.3
- secret:
- create: true
- tillerSecretName: secret-tiller-ricxapp
- helmSecretName: secret-helm-client-ricxapp
- tls:
- authenticate: true
- verify: true
- serviceAccount:
- name: tiller
- role:
- - apiGroups: [""]
- resources: ["pods", "configmaps", "services"]
- verbs: ["get", "list", "create", "delete"]
- - apiGroups: ["extensions", "apps"]
- resources: ["deployments"]
- verbs: ["get", "list", "create", "delete"]
- port: 44134
#-------------------------------------------------------------------------
# Auxiliary Functions
#-------------------------------------------------------------------------
+aaf-sms:
+ image: onap/aaf/sms:4.0.1
+ aaf-sms-quorumclient:
+ image: onap/aaf/smsquorumclient:4.0.0
+ aaf-sms-vault:
+ image:
+ consul: library/consul:1.0.6
+ vault: library/vault:0.10.0
+
+aaf-sshsm:
+ aaf-sshsm-abrmd:
+ image: onap/aaf/abrmd:4.0.0
+ aaf-sshsm-distcenter:
+ image: onap/aaf/distcenter:4.0.0
+ aaf-sshsm-testca:
+ image: onap/aaf/testcaservice:4.0.0
+
+portal-cassandra:
+ image: onap/music/cassandra_music:3.0.0
+portal-mariadb:
+ config:
+ ricdashboardHostName: "dashboard.ric.org"
+ ricdashboardPort: "32443"
+ ricdashboardProtocol: "https"
+ image: onap/portal-db:2.5.0
+portal-app:
+ image: onap/portal-app:2.5.0
+
+persistence:
+ enabled: true
+
dashboard:
# Override the name using the following option
# nameOverride:
image:
name: ric-dashboard
- tag: 1.2.0
- properties:
- # application.properties
- portalapi:
- username: username
- password: password
- metrics:
+ tag: 1.2.4
+ caasingress:
+ aux:
+ url:
+ prefix: "https://<CAAS_INGRESS_IP>:16443"
+ plt:
url:
- ac: http://ric-aux-kibana-server:5601/goto/fedcba9876543210?embed=true
- mc: http://ric-aux-kibana-server:5601/goto/b35690798f2a32d065f5107aecd84308?embed=true
- # key.properties
- cipher.enc.key: AGLDdG4D04BKm2IxIWEr8o==
- # portal.properties
- # external URL for user browser
- ecomp_redirect_url: https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
- # internal URL for backend
- ecomp_rest_url: http://portal-app.onap:8989/ONAPPORTAL/auxapi
+ prefix: "https://<CAAS_INGRESS_IP>:16443"
+ cipher:
+ enc:
+ key: AGLDdG4D04BKm2IxIWEr8o==
+ portalapi:
+ # application.properties
+ security: true
+ username: Default
+ password: password
+ ecomp_redirect_url: https://portal.ric.org:8443/ONAPPORTAL/login.htm
+ ecomp_rest_url: http://portal-app:8989/ONAPPORTAL/auxapi
ueb_app_key: uebkey
+ metrics:
+ url:
+ ac: http://mcdashboard.ric.org:5601/goto/1234567890abcdef?embed=true
+ mc: http://mcdashboard.ric.org:5601/goto/b35690798f2a32d065f5107aecd84308?embed=true
datapath: /opt/data/dashboard-data
+
+
+ves:
+ onapRepository: "nexus3.onap.org:10001"
+
+ image:
+ name: org.onap.dcaegen2.collectors.ves.vescollector
+ tag: 1.4.5
+
+mrsub:
+ image:
+ name: mrsubp
+ tag: 0.0.1
+ pullPolicy: IfNotPresent
+ logStashHost: "r1-mc-stack-logstash.ricaux"
+ logStashPort: 5044
+ messageRouterHost: "ricaux-message-router.ricaux"
+ messageRouterPort: 3904
+
+
+# image settings for dmaap
+onapRepository: nexus3.onap.org:10001
+image: onap/dmaap/dmaap-mr:1.1.13
+ubuntuInitRepository: docker.io
+ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+busyBoxRepository: docker.io
+busyBoxImage: busybox:1.30
+
+# image settings for dmaap subchart kafka
+message-router-kafka:
+ ubuntuInitRepository: docker.io
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ busyBoxRepository: docker.io
+ busyBoxImage: busybox:1.30
+ onapRepository: nexus3.onap.org:10001
+ image: onap/dmaap/kafka111:1.0.0
+# image settings for dmaap subchart zookeeper
+message-router-zookeeper:
+ ubuntuInitRepository: docker.io
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ busyBoxRepository: docker.io
+ busyBoxImage: busybox:1.30
+ onapRepository: nexus3.onap.org:10001
+ image: onap/dmaap/zookeeper:5.0.0
+
+# MC Dashboard components
+elasticsearch:
+ enabled: true
+
+kibana:
+ enabled: true
+
+logstash:
+ enabled: true
+# end of MC Dashboard components
+
+
extsvcaux:
ricip:
# The ip address of the ric cluster ingress controller
ingressurl:
ric: ric-entry
aux: aux-entry
-
+ dashboard: dashboard-entry
tillers:
ricxapp:
storagesize: 2Gi
datapath: /opt/data/chartmuseum-data
+
+esreader:
+ dataVolSize: 100Mi
+ storageClassName: local-storage
+ #storageClassName: ric-storage-class
+
+ pizpub:
+ enabled: false
+ nsPrefix: ric
+ imageVersion: 0.0.4911
+ imageName: pizpub
+ publishURL: https://feeds-drtr.web.att.com/publish/3641
+ user: m14983@ric.att.com
+ password: pizPub01!
+ feedId: 3641
+ dataRootDir: /data
+ scanDirectory: outgoing
+ processedDirectory: sent
+
+
elfkp:
enable: false
+kong:
+ proxy:
+ http:
+ containerPort: 32080
+ tls:
+ containerPort: 32443
+ image:
+ repository: kong
+ tag: 1.3
+ ingressController:
+ image:
+ repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller
+ tag: 0.6.0
ingressurl:
ric: ric-entry
aux: aux-entry
+ dashboard: dashboard-entry
tillers:
ricxapp:
# repositoryOverride:
image:
name: ric-plt-a1
- tag: 0.10.1
+ tag: 0.10.3
rmr_timeout_config:
rcv_retry_interval_ms: 500
rcv_retry_times: 20
name: it-dep-init
tag: 0.0.1
name: ric-plt-appmgr
- tag: 0.1.5
+ tag: 0.1.9
# repositoryOverride:
image:
name: ric-plt-e2mgr
- tag: 1.0.0
+ tag: 2.0.7
env:
RIC_ID: "bbbccc-abcd0e/20"
- privilegedmode: true
+ privilegedmode: false
# E2 Termination
# repositoryOverride:
image:
name: ric-plt-e2
- tag: 1.0.0
+ tag: 2.0.7
env:
print: "1"
- privilegedmode: true
- hostnetworkmode: true
+ privilegedmode: false
+ hostnetworkmode: false
+
+ dataVolSize: 100Mi
+ storageClassName: local-storage
+ #storageClassName: ric-storage-class
+
+ pizpub:
+ enabled: true
+ nsPrefix: ric
+ imageVersion: 0.0.4911
+ imageName: pizpub
+ publishURL: https://feeds-drtr.web.att.com/publish/3641
+ user: m14983@ric.att.com
+ password: pizPub01!
+ feedId: 3641
+ dataRootDir: /data
+ scanDirectory: outgoing
+ processedDirectory: sent
+
# Routing Manager
rtmgr:
# repositoryOverride:
image:
name: ric-plt-rtmgr
- tag: 0.3.2
+ tag: 0.3.3
loglevel: DEBUG
# Subscription Manager
# repositoryOverride:
image:
name: ric-plt-submgr
- tag: 0.5.0
+ tag: 0.10.0
# VESPA Manager
vespamgr:
# repositoryOverride:
image:
name: ric-plt-vespamgr
- tag: 0.0.1
+ tag: 0.0.5
prometheusurl: "http://rec-prometheus-server.default"
+# RAN Resource Monitor
+rsm:
+ image:
+ name: ric-plt-rsm
+ tag: 2.0.6
+
+# Jaeger Adapter
+jaegeradapter:
+ repositoryOverride: docker.io
+ image:
+ name: jaegertracing/all-in-one
+ tag: 1.12
+ pullPolicy: IfNotPresent
+
# the service for redirecting to AUX cluster
extsvcplt:
CHARTMUSEUM_BLOCK=$(cat $OVERRIDEYAML | awk '/^chartmuseum:/{getline; while ($0 ~ /^ +.*|^ *$/) {print $0; if (getline == 0) {break}}}')
ELFKP_BLOCK=$(cat $OVERRIDEYAML | awk '/^elfkp:/{getline; while ($0 ~ /^ +.*|^ *$/) {print $0; if (getline == 0) {break}}}')
K8S_BLOCK=$(cat $OVERRIDEYAML | awk '/^k8s:/{getline; while ($0 ~ /^ +.*|^ *$/) {print $0; if (getline == 0) {break}}}')
+ESREADER_BLOCK=$(cat $OVERRIDEYAML | awk '/^esreader:/{getline; while ($0 ~ /^ +.*|^ *$/) {print $0; if (getline == 0) {break}}}')
USE_LOCAL_HELM_REPO=$(echo "$CHARTMUSEUM_BLOCK" | grep "enable" | awk '{print $2}')
DEPLOY_K8S=$(echo "$K8S_BLOCK" | grep "enable" | awk '{print $2}')
DEPLOY_K8S_MONITORING=$(echo "$ELFKP_BLOCK" | grep "enable" | awk '{print $2}')
+DEPLOY_ESREADER=$(echo "$ESREADER_BLOCK" | grep "enable" | awk 'NR==1 {print $2}')
for component in $ROOT_DIR/../ric-infra/*/; do
. $component/bin/install -f $OVERRIDEYAML
fi
;;
+ 25-ESReader)
+ if [ "$DEPLOY_ESREADER" == "true" ];then
+ . $component/bin/install -f $OVERRIDEYAML
+ fi
+ ;;
30-Kong)
. $component/bin/install -f $OVERRIDEYAML
sleep 5
while IFS= read -r image
do
+ if [[ $image == "#"* ]]; then
+ # supporting comment lines
+ continue
+ fi
+
IMAGENAME=$(echo $image | awk '{ n=split($0, a, "/"); print a[n] }')
echo "Pulling image $image"
NAMESPACE_BLOCK=$(cat $OVERRIDEYAML | awk '/^ namespace:/{getline; while ($0 ~ /^ .*|^ *$/) {print $0; if (getline == 0) {break}}}')
NAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *aux:/{print $2}')
RELEASE_PREFIX=$(echo "$GLOBAL_BLOCK" | awk '/^ *releasePrefix:/{print $2}')
-COMPONENTS=${LIST_OF_COMPONENTS:-"dashboard ves message-router mrsub"}
+COMPONENTS=${LIST_OF_COMPONENTS:-"dashboard ves message-router mrsub mc-stack portal aaf"}
-
-NODENAME=$(kubectl get node | awk '{print $1}')
+NODENAME=$(kubectl get node | awk 'NR>1{print $1}')
LABELFOUND=false
for f in $NODENAME; do
LABEL=$(kubectl describe node $f | grep local-storage)
for component in $COMPONENTS; do
case "$component" in
- dashboard | ves | message-router | mrsub)
+ dashboard | ves | message-router | mrsub | mc-stack | portal)
mkdir -p $DIR/../helm/$component/charts/
cp /tmp/ric-common-$COMMON_CHART_VERSION.tgz $DIR/../helm/$component/charts/
helm install -f $OVERRIDEYAML --namespace "${NAMESPACE}" --name "${RELEASE_PREFIX}-$component" $DIR/../helm/$component
;;
+ aaf)
+ mkdir -p $DIR/../helm/$component/charts/
+ cp /tmp/ric-common-$COMMON_CHART_VERSION.tgz $DIR/../helm/$component/charts/
+ helm install -f $OVERRIDEYAML --namespace "onap" --name "${RELEASE_PREFIX}-$component" $DIR/../helm/$component
+ ;;
*)
helm install --namespace "${NAMESPACE}" --name "${RELEASE_PREFIX}-$component" $DIR/../helm/$component
esac
-done
\ No newline at end of file
+done
+++ /dev/null
-#!/bin/bash
-################################################################################
-# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-
-
-OVERRIDEYAML=$1
-
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
-
-
-source $DIR/../etc/aux.conf
-
-if [ -z "$RICAUX_RELEASE_NAME" ];then
- RELEASE_NAME=$helm_release_name
-else
- RELEASE_NAME=$RICAUX_RELEASE_NAME
-fi
-
-# Namespace configuration
-if [ -z "$RICPLT_NAMESPACE" ];then
- PLT_NAMESPACE=$plt_namespace
-else
- PLT_NAMESPACE=$RICPLT_NAMESPACE
-fi
-if [ -z "$RICXAPP_NAMESPACE" ];then
- XAPP_NAMESPACE=$xapp_namespace
-else
- XAPP_NAMESPACE=$RICXAPP_NAMESPACE
-fi
-if [ -z "$RICAUX_NAMESPACE" ];then
- AUX_NAMESPACE=$aux_namespace
-else
- AUX_NAMESPACE=$RICAUX_NAMESPACE
-fi
-if [ -z "$RICINFRA_NAMESPACE" ];then
- INFRA_NAMESPACE=$infra_namespace
-else
- INFRA_NAMESPACE=$RICINFRA_NAMESPACE
-fi
-
-if [ -z "$RIC_COMMON_OVERRIDE" ];then
- COMMON_OVERRIDE="--set global.namespace.platform=$PLT_NAMESPACE --set global.namespace.xapp=$XAPP_NAMESPACE --set global.namespace.aux=$AUX_NAMESPACE --set global.namespace.infra=$INFRA_NAMESPACE"
-else
- COMMON_OVERRIDE=$RIC_COMMON_OVERRIDE
-fi
-
-
-
-NODENAME=$(kubectl get node | awk '{print $1}')
-LABELFOUND=false
-for f in $NODENAME; do
- LABEL=$(kubectl describe node $f | grep local-storage)
- if [ ! -z "$LABEL" ]; then
- LABELFOUND=true
- fi
-done
-
-if [ ! -z $OVERRIDEYAML ]; then
- FOUND_STORAGECLASS=$(grep storageclass $OVERRIDEYAML)
-fi
-
-
-
-if ! $LABELFOUND && [ -z "$FOUND_STORAGECLASS" ]; then
- echo "***********************************************************************************************"
- echo "* ERROR!!!!!!!!!!!!! *"
- echo "***********************************************************************************************"
- echo "* Nodes label \"local-storage=enable\" is not found in any of the cluster node. *"
- echo "* Please pick a node and label it using the following command. *"
- echo "* kubectl label --overwrite nodes <YOUR_NODE_NAME> local-storage=enable *"
- echo "***********************************************************************************************"
-
- exit 1
-fi
-
-
-
-
-if [ -z "$FOUND_STORAGECLASS" ] && $LABELFOUND; then
-
- DATAPATH=$(cat $DIR/../helm/dashboard/values.yaml | grep datapath | awk '{ print $2}' )
-
-
- if [ ! -z $OVERRIDEYAML ]; then
- DATAPATHOVERRIDE=$(cat $OVERRIDEYAML | grep datapath | awk '{ print $2}' )
- fi
-
- if [ ! -z "$DATAPATHOVERRIDE" ]; then
- DATAPATH=$DATAPATHOVERRIDE
- fi
-
-
- echo "***********************************************************************************************"
- echo "* WARNING!!!!!!!!!!!!! *"
- echo "***********************************************************************************************"
- echo "* Chartmuseume will use local storage. Please make sure that directory *"
- echo "* $DATAPATH *"
- echo "* exists on the selected cluster node, and contains the proper files. *"
- echo "***********************************************************************************************"
-
-
-fi
-
-
-
-
-
-
-
-RICAUX_COMPONENTS="onap portal aaf"
-
-echo "Deploying RIC AUX components [$RICAUX_COMPONENTS]"
-echo "Helm Release Name: $RELEASE_NAME"
-
-
-COMMON_CHART_VERSION=$(cat $DIR/../../../ric-common/Common-Template/helm/ric-common/Chart.yaml | grep version | awk '{print $2}')
-
-
-helm package -d /tmp $DIR/../../../ric-common/Common-Template/helm/ric-common/
-
-
-for component in $RICAUX_COMPONENTS; do
- echo "Preparing chart for comonent $component"
-
- mkdir -p $DIR/../helm/$component/charts/
- cp /tmp/ric-common-$COMMON_CHART_VERSION.tgz $DIR/../helm/$component/charts/
- if [ -z $OVERRIDEYAML ]; then
- helm install --namespace $AUX_NAMESPACE --name "${RELEASE_NAME}-$component" $COMMON_OVERRIDE $DIR/../helm/$component
- else
- helm install -f $OVERRIDEYAML --namespace $AUX_NAMESPACE --name "${RELEASE_NAME}-$component" $COMMON_OVERRIDE $DIR/../helm/$component
- fi
-done
################################################################################
-COMPONENTS="dashboard message-router ves mrsub"
+COMPONENTS="dashboard message-router ves mrsub mc-stack portal aaf"
echo "Undeploying RIC aux components [$COMPONENTS]"
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.global.aaf.cass.replicas }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
labels:
namespace: {{ include "common.namespace" . }}
spec:
replicas: {{ .Values.global.aaf.cm.replicas }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
labels:
namespace: {{ include "common.namespace" . }}
spec:
replicas: {{ .Values.global.aaf.fs.replicas }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
labels:
namespace: {{ include "common.namespace" . }}
spec:
replicas: {{ .Values.global.aaf.gui.replicas }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
labels:
namespace: {{ include "common.namespace" . }}
spec:
replicas: {{ .Values.global.aaf.hello.replicas }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
labels:
namespace: {{ include "common.namespace" . }}
spec:
replicas: {{ .Values.global.aaf.locate.replicas }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
labels:
namespace: {{ include "common.namespace" . }}
spec:
replicas: {{ .Values.global.aaf.oauth.replicas }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
labels:
namespace: {{ include "common.namespace" . }}
spec:
replicas: {{ .Values.global.aaf.service.replicas }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: aaf-storage
+ operator: In
+ values:
+ - enable
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
{{- end -}}
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
serviceName:
template:
metadata:
size: 10Mi
mountPath: /dockerdata-nfs
mountSubPath: sms/quorum/data
+ storageClass: "manual"
ingress:
enabled: false
persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: aaf-storage
+ operator: In
+ values:
+ - enable
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
{{- end -}}
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
serviceName:
template:
metadata:
hostPath:
path: /etc/localtime
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: sms/consul/data
+ storageClass: "manual"
service:
type: ClusterIP
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "aaf-sms-vault"
- - --container-name
- - "aaf-sms-vault-backend"
+ command: ["/bin/sh", "-c"]
+ args: ["sed -i s/client.AppsV1beta1Api/client.AppsV1Api/g /root/ready.py && /root/ready.py --container-name aaf-sms-vault --container-name aaf-sms-vault-backend"]
env:
- name: NAMESPACE
valueFrom:
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "aaf-sms"
- - --container-name
- - "aaf-sms-quorumclient"
+ command: ["/bin/sh", "-c"]
+ args: ["sed -i s/client.AppsV1beta1Api/client.AppsV1Api/g /root/ready.py && sed -i s/client.ExtensionsV1beta1Api/client.AppsV1Api/g /root/ready.py && /root/ready.py --container-name aaf-sms --container-name aaf-sms-quorumclient"]
env:
- name: NAMESPACE
valueFrom:
persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
\ No newline at end of file
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: aaf-storage
+ operator: In
+ values:
+ - enable
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+
+{{- end -}}
{{ toYaml .Values.persistence.annotations | indent 4 }}
{{- end }}
spec:
- selector:
- matchLabels:
- name: {{ include "common.fullname" . }}
accessModes:
- {{ .Values.persistence.accessMode }}
resources:
volumeReclaimPolicy: Retain
accessMode: ReadWriteOnce
size: 1Gi
+ storageClass: "manual"
mountPath: /dockerdata-nfs
mountSubPath: sms/auth
{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
serviceName:
template:
metadata:
persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: aaf-storage
+ operator: In
+ values:
+ - enable
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
size: 10Mi
mountPath: /dockerdata-nfs
mountSubPath: sshsm/distcenter/data
+ storageClass: "manual"
ingress:
enabled: false
persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.dataMountSubPath }}
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: aaf-storage
+ operator: In
+ values:
+ - enable
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
---
kind: PersistentVolume
apiVersion: v1
persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.dbusMountSubPath }}
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: aaf-storage
+ operator: In
+ values:
+ - enable
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
{{- end -}}
mountPath: /dockerdata-nfs
dataMountSubPath: sshsm/data
dbusMountSubPath: sshsm/dbus
-
+ storageClass: "manual"
# Configure resource requests and limits
resources:
small:
persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.persistence.config.mountPath }}
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: aaf-storage
+ operator: In
+ values:
+ - enable
{{- if .Values.persistence.config.storageClass }}
{{- if (eq "-" .Values.persistence.config.storageClass) }}
storageClassName: ""
persistentVolumeReclaimPolicy: {{ .Values.persistence.status.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.persistence.status.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.status.mountSubPath }}
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: aaf-storage
+ operator: In
+ values:
+ - enable
{{- if .Values.persistence.status.storageClass }}
{{- if (eq "-" .Values.persistence.status.storageClass) }}
storageClassName: ""
appVersion: "1.0"
description: Helm Chart for RIC Dashboard
name: dashboard
-version: 1.2.0
+version: 1.2.2
icon: https://gerrit.o-ran-sc.org/r/gitweb?p=portal/ric-dashboard.git;a=blob;f=webapp-frontend/src/assets/at_t.png;h=3cced1d5ce4668fbf3b33064aaaa6920bc8130b6;hb=HEAD
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################i
+
+{{/*
+Generate certificates for the docker registry
+*/}}
+
+{{- define "dashboard.gen-cert" -}}
+{{- $altNames := list ( include "common.ingressurl.dashboard" . ) -}}
+{{- $ca := genCA "docker-registry-ca" 365 -}}
+{{- $cert := genSignedCert ( include "common.ingressurl.dashboard" . ) nil $altNames 365 $ca -}}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end -}}
+
{{- printf "http://%s/appmgr" $ingress -}}
{{- end -}}
{{- end -}}
+
anrxapp.url.suffix = {{ .Values.dashboard.anrxapp.url.suffix }}
appmgr.url.prefix = {{ include "dashboard.prefix.appmgr" . }}
appmgr.url.suffix = {{ .Values.dashboard.appmgr.url.suffix }}
+ caasingress.insecure = {{ .Values.dashboard.caasingress.insecure }}
+ caasingress.aux.url.prefix = {{ .Values.dashboard.caasingress.aux.url.prefix }}
+ caasingress.aux.url.suffix = {{ .Values.dashboard.caasingress.aux.url.suffix }}
+ caasingress.plt.url.prefix = {{ .Values.dashboard.caasingress.plt.url.prefix }}
+ caasingress.plt.url.suffix = {{ .Values.dashboard.caasingress.plt.url.suffix }}
e2mgr.url.prefix = {{ include "dashboard.prefix.e2mgr" . }}
e2mgr.url.suffix = {{ .Values.dashboard.e2mgr.url.suffix }}
+ portalapi.security = {{ .Values.dashboard.portalapi.security }}
portalapi.appname = {{ .Values.dashboard.portalapi.appname }}
portalapi.username = {{ .Values.dashboard.portalapi.username }}
portalapi.password = {{ .Values.dashboard.portalapi.password }}
ecomp_redirect_url = {{ .Values.dashboard.portalapi.ecomp_redirect_url }}
ecomp_rest_url = {{ .Values.dashboard.portalapi.ecomp_rest_url }}
ueb_app_key = {{ .Values.dashboard.portalapi.ueb_app_key }}
+
+ # Temp solution before Portal 2.6
+ users.json: |
+ [{"orgId":null,"managerId":null,"firstName":"First","middleInitial":null,"lastName":"Last","phone":null,"email":null,"hrid":null,"orgUserId":null,"orgCode":null,"orgManagerUserId":null,"jobTitle":null,"loginId":"demo","active":true,"roles":[{"id":1,"name":"System_Administrator","roleFunctions":null}]}]
hostname: {{ include "common.name.dashboard" . }}
imagePullSecrets:
- name: {{ include "common.repositoryCred" . }}
+ {{- with .Values.dashboard.nodeselector }}
+ nodeSelector: {{ toYaml . | trim | nindent 8 -}}
+ {{- end }}
containers:
- name: {{ include "common.containername.dashboard" . }}
image: {{ include "common.repository" . }}/{{ .Values.dashboard.image.name }}:{{ .Values.dashboard.image.tag }}
mountPath: /maven/portal.properties
subPath: portal.properties
readOnly: true
- - name: dashboard-users
- mountPath: /dashboard-data
+# Temp solution until portal 2.6
+ - name: appconfig
+ mountPath: /dashboard-data/users.json
+ subPath: users.json
+# - name: dashboard-users
+# mountPath: /dashboard-data
livenessProbe:
httpGet:
path: /api/admin/health
# See the License for the specific language governing permissions and #
# limitations under the License. #
################################################################################
-apiVersion: v1
-kind: ConfigMap
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
metadata:
- name: {{ include "ricxapp.configmapname" . }}-appenv
-data:
- {{- if .Values.ricxapp.appenv }}
- {{- toYaml .Values.ricxapp.appenv | nindent 2 }}
- {{- end }}
- DBAAS_SERVICE_HOST: "{{ .Values.ricplt.dbaasService }}"
- DBAAS_SERVICE_PORT: "6379"
- DBAAS_PORT_6379_TCP_ADDR: "{{ .Values.ricplt.dbaasService }}"
- DBAAS_PORT_6379_TCP_PORT: "6379"
- RMR_RTG_SVC: "{{ .Values.ricxapp.service.rmr.route.port }}"
+ name: {{ include "common.ingressname.dashboard" . }}
+spec:
+ tls:
+ - hosts:
+ - {{ include "common.ingressurl.dashboard" . }}
+ secretName: secret-{{ include "common.name.dashboard" . }}
+ rules:
+ - host: {{ include "common.ingressurl.dashboard" . }}
+ http:
+ paths:
+ - backend:
+ serviceName: {{ include "common.servicename.dashboard.http" . }}
+ servicePort: http
+ path: "/"
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/tls
+metadata:
+ name: secret-{{ include "common.name.dashboard" . }}
+ annotations:
+ "helm.sh/hook": "pre-install"
+ "helm.sh/hook-delete-policy": "before-hook-creation"
+data:
+{{- if .Values.dashboard.tlscert }}
+{{ toYaml .Values.dashboard.tlscert | indent 2 -}}
+{{- else }}
+{{ ( include "dashboard.gen-cert" . ) | indent 2 }}
+{{- end }}
+
+
dashboard:
image:
name: ric-dashboard
- tag: 1.2.0
+ tag: 1.2.2
replicaCount: 1
# Service ports are now defined in
userfile: /dashboard-data/users.json
# on the server
datapath: /opt/data/dashboard-data
-
- # The URL prefixes use K8S/Kong service names
+
+ # Many URL prefixes use K8S/Kong service names
a1med:
url:
# The default a1mediator prefix is http://ricplt-entry/a1mediator
# You can override the value using the following option
# prefix:
suffix: /ric/v1
+ caasingress:
+ # Ignore SSL problems to CaaS-Ingress by enabling this
+ insecure: true
+ aux:
+ url:
+ # The default AUX CaaS-Ingress prefix is TBD
+ # You can override the value using the following option
+ # prefix:
+ suffix: /api
+ plt:
+ url:
+ # The default PLT CaaS-Ingress prefix is TBD
+ # You can override the value using the following option
+ # prefix:
+ suffix: /api
e2mgr:
url:
# The default e2mgr prefix is http://ricplt-entry/e2mgr
enc:
key:
portalapi:
+ security: false
appname: RIC-Dashboard
- username:
- password:
+ username: Default
+ password: password
ecomp_redirect_url: https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
- ecomp_rest_url: http://portal-app.onap:8989/ONAPPORTAL/auxapi
+ ecomp_rest_url: http://portal-app:8989/ONAPPORTAL/auxapi
ueb_app_key: uebkey
metrics:
url:
.project
.idea/
*.tmproj
-.vscode/
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
################################################################################
+
apiVersion: v1
-appVersion: "1.0"
-description: Standard xApp Helm Chart
-name: xapp-std
+appVersion: "1"
+description: A Helm chart for MC Dashboard
+name: mc-stack
version: 0.0.1
--- /dev/null
+tests/
+.pytest_cache/
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+apiVersion: v1
+appVersion: 7.3.0
+description: Official Elastic helm chart for Elasticsearch
+home: https://github.com/elastic/helm-charts
+icon: https://helm.elastic.co/icons/elasticsearch.png
+maintainers:
+- email: helm-charts@elastic.co
+ name: Elastic
+name: elasticsearch
+sources:
+- https://github.com/elastic/elasticsearch
+version: 7.3.0
\ No newline at end of file
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# limitations under the License. #
################################################################################
-default_helm_repo=https://$(hostname):32080/helm
-
-default_docker_registry=docker-entry
-
-
+include ../helpers/common.mk
--- /dev/null
+# Elasticsearch Helm Chart
+
+This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
+
+This helm chart is a lightweight way to configure and run our official [Elasticsearch docker image](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html)
+
+## Requirements
+
+* [Helm](https://helm.sh/) >= 2.8.0
+* Kubernetes >= 1.8
+* Minimum cluster requirements include the following to run this chart with default settings. All of these settings are configurable.
+ * Three Kubernetes nodes to respect the default "hard" affinity settings
+ * 1GB of RAM for the JVM heap
+
+## Usage notes and getting started
+
+* This repo includes a number of [example](./examples) configurations which can be used as a reference. They are also used in the automated testing of this chart
+* Automated testing of this chart is currently only run against GKE (Google Kubernetes Engine). If you are using a different Kubernetes provider you will likely need to adjust the `storageClassName` in the `volumeClaimTemplate`
+* The default storage class for GKE is `standard` which by default will give you `pd-ssd` type persistent volumes. This is network attached storage and will not perform as well as local storage. If you are using Kubernetes version 1.10 or greater you can use [Local PersistentVolumes](https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/local-ssd) for increased performance
+* The chart deploys a statefulset and by default will do an automated rolling update of your cluster. It does this by waiting for the cluster health to become green after each instance is updated. If you prefer to update manually you can set [`updateStrategy: OnDelete`](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#on-delete)
+* It is important to verify that the JVM heap size in `esJavaOpts` and to set the CPU/Memory `resources` to something suitable for your cluster
+* To simplify chart and maintenance each set of node groups is deployed as a separate helm release. Take a look at the [multi](./examples/multi) example to get an idea for how this works. Without doing this it isn't possible to resize persistent volumes in a statefulset. By setting it up this way it makes it possible to add more nodes with a new storage size then drain the old ones. It also solves the problem of allowing the user to determine which node groups to update first when doing upgrades or changes.
+* We have designed this chart to be very un-opinionated about how to configure Elasticsearch. It exposes ways to set environment variables and mount secrets inside of the container. Doing this makes it much easier for this chart to support multiple versions with minimal changes.
+
+## Migration from helm/charts stable
+
+If you currently have a cluster deployed with the [helm/charts stable](https://github.com/helm/charts/tree/master/stable/elasticsearch) chart you can follow the [migration guide](/elasticsearch/examples/migration/README.md)
+
+## Installing
+
+* Add the elastic helm charts repo
+ ```
+ helm repo add elastic https://helm.elastic.co
+ ```
+* Install it
+ ```
+ helm install --name elasticsearch elastic/elasticsearch
+ ```
+
+## Compatibility
+
+This chart is tested with the latest supported versions. The currently tested versions are:
+
+| 6.x | 7.x |
+| ----- | ----- |
+| 6.8.1 | 7.3.0 |
+
+Examples of installing older major versions can be found in the [examples](./examples) directory.
+
+While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.3.0` of Elasticsearch it would look like this:
+
+```
+helm install --name elasticsearch elastic/elasticsearch --set imageTag=7.3.0
+```
+
+## Configuration
+
+| Parameter | Description | Default |
+| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
+| `clusterName` | This will be used as the Elasticsearch [cluster.name](https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster.name.html) and should be unique per cluster in the namespace | `elasticsearch` |
+| `nodeGroup` | This is the name that will be used for each group of nodes in the cluster. The name will be `clusterName-nodeGroup-X` | `master` |
+| `masterService` | Optional. The service name used to connect to the masters. You only need to set this if your master `nodeGroup` is set to something other than `master`. See [Clustering and Node Discovery](#clustering-and-node-discovery) for more information. | `` |
+| `roles` | A hash map with the [specific roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) for the node group | `master: true`<br>`data: true`<br>`ingest: true` |
+| `replicas` | Kubernetes replica count for the statefulset (i.e. how many pods) | `3` |
+| `minimumMasterNodes` | The value for [discovery.zen.minimum_master_nodes](https://www.elastic.co/guide/en/elasticsearch/reference/6.7/discovery-settings.html#minimum_master_nodes). Should be set to `(master_eligible_nodes / 2) + 1`. Ignored in Elasticsearch versions >= 7. | `2` |
+| `esMajorVersion` | Used to set major version specific configuration. If you are using a custom image and not running the default Elasticsearch version you will need to set this to the version you are running (e.g. `esMajorVersion: 6`) | `""` |
+| `esConfig` | Allows you to add any config files in `/usr/share/elasticsearch/config/` such as `elasticsearch.yml` and `log4j2.properties`. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |
+| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` |
+| `extraVolumes` | Additional volumes to be passed to the `tpl` function | |
+| `extraVolumeMounts` | Additional volumeMounts to be passed to the `tpl` function | |
+| `extraInitContainers` | Additional init containers to be passed to the `tpl` function | |
+| `secretMounts` | Allows you easily mount a secret as a file inside the statefulset. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` |
+| `image` | The Elasticsearch docker image | `docker.elastic.co/elasticsearch/elasticsearch` |
+| `imageTag` | The Elasticsearch docker image tag | `7.3.0` |
+| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` |
+| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Elasticsearch pods | `{}` |
+| `labels` | Configurable [label](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) applied to all Elasticsearch pods | `{}` |
+| `esJavaOpts` | [Java options](https://www.elastic.co/guide/en/elasticsearch/reference/current/jvm-options.html) for Elasticsearch. This is where you should configure the [jvm heap size](https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html) | `-Xmx1g -Xms1g` |
+| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the statefulset | `requests.cpu: 100m`<br>`requests.memory: 2Gi`<br>`limits.cpu: 1000m`<br>`limits.memory: 2Gi` |
+| `initResources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the initContainer in the statefulset | {} |
+| `sidecarResources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the sidecar containers in the statefulset | {} |
+| `networkHost` | Value for the [network.host Elasticsearch setting](https://www.elastic.co/guide/en/elasticsearch/reference/current/network.host.html) | `0.0.0.0` |
+| `volumeClaimTemplate` | Configuration for the [volumeClaimTemplate for statefulsets](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-storage). You will want to adjust the storage (default `30Gi`) and the `storageClassName` if you are using a different storage class | `accessModes: [ "ReadWriteOnce" ]`<br>`resources.requests.storage: 30Gi` |
+| `persistence.annotations` | Additional persistence annotations for the `volumeClaimTemplate` | `{}` |
+| `persistence.enabled` | Enables a persistent volume for Elasticsearch data. Can be disabled for nodes that only have [roles](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) which don't require persistent data. | `true` |
+| `priorityClassName` | The [name of the PriorityClass](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). No default is supplied as the PriorityClass must be created first. | `` |
+| `antiAffinityTopologyKey` | The [anti-affinity topology key](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). By default this will prevent multiple Elasticsearch nodes from running on the same Kubernetes node | `kubernetes.io/hostname` |
+| `antiAffinity` | Setting this to hard enforces the [anti-affinity rules](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). If it is set to soft it will be done "best effort". Other values will be ignored. | `hard` |
+| `nodeAffinity` | Value for the [node affinity settings](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature) | `{}` |
+| `podManagementPolicy` | By default Kubernetes [deploys statefulsets serially](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies). This deploys them in parallel so that they can discover eachother | `Parallel` |
+| `protocol` | The protocol that will be used for the readinessProbe. Change this to `https` if you have `xpack.security.http.ssl.enabled` set | `http` |
+| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. If you change this you will also need to set [http.port](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#_settings) in `extraEnvs` | `9200` |
+| `transportPort` | The transport port that Kubernetes will use for the service. If you change this you will also need to set [transport port configuration](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html#_transport_settings) in `extraEnvs` | `9300` |
+| `service.type` | Type of elasticsearch service. [Service Types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | `ClusterIP` |
+| `service.nodePort` | Custom [nodePort](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport) port that can be set if you are using `service.type: nodePort`. | `` |
+| `service.annotations` | Annotations that Kubernetes will use for the service. This will configure load balancer if `service.type` is `LoadBalancer` [Annotations](https://kubernetes.io/docs/concepts/services-networking/service/#ssl-support-on-aws) | `{}` |
+| `updateStrategy` | The [updateStrategy](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) for the statefulset. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` |
+| `maxUnavailable` | The [maxUnavailable](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget) value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` |
+| `fsGroup (DEPRECATED)` | The Group ID (GID) for [securityContext.fsGroup](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) so that the Elasticsearch user can read from the persistent volume | `` |
+| `podSecurityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000` |
+| `securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the container | `capabilities.drop:[ALL]`<br>`runAsNonRoot: true`<br>`runAsUser: 1000` |
+| `terminationGracePeriod` | The [terminationGracePeriod](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) in seconds used when trying to stop the pod | `120` |
+| `sysctlInitContainer.enabled` | Allows you to disable the sysctlInitContainer if you are setting vm.max_map_count with another method | `true` |
+| `sysctlVmMaxMapCount` | Sets the [sysctl vm.max_map_count](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html#vm-max-map-count) needed for Elasticsearch | `262144` |
+| `readinessProbe` | Configuration fields for the [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) | `failureThreshold: 3`<br>`initialDelaySeconds: 10`<br>`periodSeconds: 10`<br>`successThreshold: 3`<br>`timeoutSeconds: 5` |
+| `clusterHealthCheckParams` | The [Elasticsearch cluster health status params](https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params) that will be used by readinessProbe command | `wait_for_status=green&timeout=1s` |
+| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` |
+| `nodeSelector` | Configurable [nodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) so that you can target specific nodes for your Elasticsearch cluster | `{}` |
+| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
+| `ingress` | Configurable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose the Elasticsearch service. See [`values.yaml`](./values.yaml) for an example | `enabled: false` |
+| `schedulerName` | Name of the [alternate scheduler](https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/#specify-schedulers-for-pods) | `nil` |
+| `masterTerminationFix` | A workaround needed for Elasticsearch < 7.2 to prevent master status being lost during restarts [#63](https://github.com/elastic/helm-charts/issues/63) | `false` |
+| `lifecycle` | Allows you to add lifecycle configuration. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |
+
+## Try it out
+
+In [examples/](./examples) you will find some example configurations. These examples are used for the automated testing of this helm chart
+
+### Default
+
+To deploy a cluster with all default values and run the integration tests
+
+```
+cd examples/default
+make
+```
+
+### Multi
+
+A cluster with dedicated node types
+
+```
+cd examples/multi
+make
+```
+
+### Security
+
+A cluster with node to node security and https enabled. This example uses autogenerated certificates and password, for a production deployment you want to generate SSL certificates following the [official docs](https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html#node-certificates).
+
+* Generate the certificates and install Elasticsearch
+ ```
+ cd examples/security
+ make
+
+ # Run a curl command to interact with the cluster
+ kubectl exec -ti security-master-0 -- sh -c 'curl -u $ELASTIC_USERNAME:$ELASTIC_PASSWORD -k https://localhost:9200/_cluster/health?pretty'
+ ```
+
+### FAQ
+
+#### How to install plugins?
+
+The [recommended](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_c_customized_image) way to install plugins into our docker images is to create a custom docker image.
+
+The Dockerfile would look something like:
+
+```
+ARG elasticsearch_version
+FROM docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_version}
+
+RUN bin/elasticsearch-plugin install --batch repository-gcs
+```
+
+And then updating the `image` in values to point to your custom image.
+
+There are a couple reasons we recommend this.
+
+1. Tying the availability of Elasticsearch to the download service to install plugins is not a great idea or something that we recommend. Especially in Kubernetes where it is normal and expected for a container to be moved to another host at random times.
+2. Mutating the state of a running docker image (by installing plugins) goes against best practices of containers and immutable infrastructure.
+
+#### How to use the keystore?
+
+1. Create a Kubernetes secret containing the [keystore](https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-settings.html)
+ ```
+ $ kubectl create secret generic elasticsearch-keystore --from-file=./elasticsearch.keystore
+ ```
+2. Mount it into the container via `secretMounts`
+ ```
+ secretMounts:
+ - name: elasticsearch-keystore
+ secretName: elasticsearch-keystore
+ path: /usr/share/elasticsearch/config/elasticsearch.keystore
+ subPath: elasticsearch.keystore
+ ```
+
+#### How to enable snapshotting?
+
+1. Install your [snapshot plugin](https://www.elastic.co/guide/en/elasticsearch/plugins/current/repository.html) into a custom docker image following the [how to install plugins guide](/elasticsearch/README.md#how-to-install-plugins)
+2. Add any required secrets or credentials into an Elasticsearch keystore following the [how to use the keystore guide](/elasticsearch/README.md#how-to-use-the-keystore)
+3. Configure the [snapshot repository](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html) as you normally would.
+4. To automate snapshots you can use a tool like [curator](https://www.elastic.co/guide/en/elasticsearch/client/curator/current/snapshot.html). In the future there are plans to have Elasticsearch manage automated snapshots with [Snapshot Lifecycle Management](https://github.com/elastic/elasticsearch/issues/38461).
+
+### Local development environments
+
+This chart is designed to run on production scale Kubernetes clusters with multiple nodes, lots of memory and persistent storage. For that reason it can be a bit tricky to run them against local Kubernetes environments such as minikube. Below are some examples of how to get this working locally.
+
+#### Minikube
+
+This chart also works successfully on [minikube](https://kubernetes.io/docs/setup/minikube/) in addition to typical hosted Kubernetes environments.
+An example `values.yaml` file for minikube is provided under `examples/`.
+
+In order to properly support the required persistent volume claims for the Elasticsearch `StatefulSet`, the `default-storageclass` and `storage-provisioner` minikube addons must be enabled.
+
+```
+minikube addons enable default-storageclass
+minikube addons enable storage-provisioner
+cd examples/minikube
+make
+```
+
+Note that if `helm` or `kubectl` timeouts occur, you may consider creating a minikube VM with more CPU cores or memory allocated.
+
+#### Docker for Mac - Kubernetes
+
+It is also possible to run this chart with the built in Kubernetes cluster that comes with [docker-for-mac](https://docs.docker.com/docker-for-mac/kubernetes/).
+
+```
+cd examples/docker-for-mac
+make
+```
+
+## Clustering and Node Discovery
+
+This chart facilitates Elasticsearch node discovery and services by creating two `Service` definitions in Kubernetes, one with the name `$clusterName-$nodeGroup` and another named `$clusterName-$nodeGroup-headless`.
+Only `Ready` pods are a part of the `$clusterName-$nodeGroup` service, while all pods (`Ready` or not) are a part of `$clusterName-$nodeGroup-headless`.
+
+If your group of master nodes has the default `nodeGroup: master` then you can just add new groups of nodes with a different `nodeGroup` and they will automatically discover the correct master. If your master nodes have a different `nodeGroup` name then you will need to set `masterService` to `$clusterName-$masterNodeGroup`.
+
+The chart value for `masterService` is used to populate `discovery.zen.ping.unicast.hosts`, which Elasticsearch nodes will use to contact master nodes and form a cluster.
+Therefore, to add a group of nodes to an existing cluster, setting `masterService` to the desired `Service` name of the related cluster is sufficient.
+
+For an example of deploying both a group master nodes and data nodes using multiple releases of this chart, see the accompanying values files in `examples/multi`.
+
+## Testing
+
+This chart uses [pytest](https://docs.pytest.org/en/latest/) to test the templating logic. The dependencies for testing can be installed from the [`requirements.txt`](../requirements.txt) in the parent directory.
+
+```
+pip install -r ../requirements.txt
+make pytest
+```
+
+You can also use `helm template` to look at the YAML being generated
+
+```
+make template
+```
+
+It is possible to run all of the tests and linting inside of a docker container
+
+```
+make test
+```
+
+## Integration Testing
+
+Integration tests are run using [goss](https://github.com/aelsabbahy/goss/blob/master/docs/manual.md) which is a serverspec like tool written in golang. See [goss.yaml](examples/default/test/goss.yaml) for an example of what the tests look like.
+
+To run the goss tests against the default example:
+
+```
+cd examples/default
+make goss
+```
--- /dev/null
+default: test
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-six
+
+install:
+ helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ ; \
+
+restart:
+ helm upgrade --set terminationGracePeriod=121 --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ ; \
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
--- /dev/null
+http:
+ http://localhost:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ body:
+ - 'green'
+ - '"number_of_nodes":3'
+ - '"number_of_data_nodes":3'
+
+ http://localhost:9200:
+ status: 200
+ timeout: 2000
+ body:
+ - '"number" : "6.8.1"'
+ - '"cluster_name" : "six"'
+ - '"name" : "six-master-0"'
+ - 'You Know, for Search'
--- /dev/null
+---
+
+clusterName: "six"
+imageTag: "6.8.1"
--- /dev/null
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-default
+
+install:
+ helm upgrade --wait --timeout=600 --install $(RELEASE) ../../ ; \
+
+restart:
+ helm upgrade --set terminationGracePeriod=121 --wait --timeout=600 --install $(RELEASE) ../../ ; \
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
--- /dev/null
+#!/usr/bin/env bash -x
+
+kubectl proxy || true &
+
+make &
+PROC_ID=$!
+
+while kill -0 "$PROC_ID" >/dev/null 2>&1; do
+ echo "PROCESS IS RUNNING"
+ if curl --fail 'http://localhost:8001/api/v1/proxy/namespaces/default/services/elasticsearch-master:9200/_search' ; then
+ echo "cluster is healthy"
+ else
+ echo "cluster not healthy!"
+ exit 1
+ fi
+ sleep 1
+done
+echo "PROCESS TERMINATED"
+exit 0
--- /dev/null
+kernel-param:
+ vm.max_map_count:
+ value: '262144'
+
+http:
+ http://elasticsearch-master:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ body:
+ - 'green'
+ - '"number_of_nodes":3'
+ - '"number_of_data_nodes":3'
+
+ http://localhost:9200:
+ status: 200
+ timeout: 2000
+ body:
+ - '"number" : "7.3.0"'
+ - '"cluster_name" : "elasticsearch"'
+ - '"name" : "elasticsearch-master-0"'
+ - 'You Know, for Search'
+
+file:
+ /usr/share/elasticsearch/data:
+ exists: true
+ mode: "2775"
+ owner: root
+ group: elasticsearch
+ filetype: directory
+
+mount:
+ /usr/share/elasticsearch/data:
+ exists: true
+
+user:
+ elasticsearch:
+ exists: true
+ uid: 1000
+ gid: 1000
--- /dev/null
+default: test
+
+RELEASE := helm-es-docker-for-mac
+
+install:
+ helm upgrade --wait --timeout=900 --install --values values.yaml $(RELEASE) ../../
+
+test: install
+ helm test $(RELEASE)
+
+purge:
+ helm del --purge $(RELEASE)
--- /dev/null
+---
+# Permit co-located instances for solitary minikube virtual machines.
+antiAffinity: "soft"
+
+# Shrink default JVM heap.
+esJavaOpts: "-Xmx128m -Xms128m"
+
+# Allocate smaller chunks of memory per pod.
+resources:
+ requests:
+ cpu: "100m"
+ memory: "512M"
+ limits:
+ cpu: "1000m"
+ memory: "512M"
+
+# Request smaller persistent volumes.
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: "hostpath"
+ resources:
+ requests:
+ storage: 100M
--- /dev/null
+PREFIX := helm-es-migration
+
+data:
+ helm upgrade --wait --timeout=600 --install --values ./data.yml $(PREFIX)-data ../../
+
+master:
+ helm upgrade --wait --timeout=600 --install --values ./master.yml $(PREFIX)-master ../../
+
+client:
+ helm upgrade --wait --timeout=600 --install --values ./client.yml $(PREFIX)-client ../../
--- /dev/null
+# Migration Guide from helm/charts
+
+There are two viable options for migrating from the community Elasticsearch helm chart from the [helm/charts](https://github.com/helm/charts/tree/master/stable/elasticsearch) repo.
+
+1. Restoring from Snapshot to a fresh cluster
+2. Live migration by joining a new cluster to the existing cluster.
+
+## Restoring from Snapshot
+
+This is the recommended and preferred option. The downside is that it will involve a period of write downtime during the migration. If you have a way to temporarily stop writes to your cluster then this is the way to go. This is also a lot simpler as it just involves launching a fresh cluster and restoring a snapshot following the [restoring to a different cluster guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.6/modules-snapshots.html#_restoring_to_a_different_cluster).
+
+## Live migration
+
+If restoring from a snapshot is not possible due to the write downtime then a live migration is also possible. It is very important to first test this in a testing environment to make sure you are comfortable with the process and fully understand what is happening.
+
+This process will involve joining a new set of master, data and client nodes to an existing cluster that has been deployed using the [helm/charts](https://github.com/helm/charts/tree/master/stable/elasticsearch) community chart. Nodes will then be replaced one by one in a controlled fashion to decommission the old cluster.
+
+This example will be using the default values for the existing helm/charts release and for the elastic helm-charts release. If you have changed any of the default values then you will need to first make sure that your values are configured in a compatible way before starting the migration.
+
+The process will involve a re-sync and a rolling restart of all of your data nodes. Therefore it is important to disable shard allocation and perform a synced flush like you normally would during any other rolling upgrade. See the [rolling upgrades guide](https://www.elastic.co/guide/en/elasticsearch/reference/6.6/rolling-upgrades.html) for more information.
+
+* The default image for this chart is `docker.elastic.co/elasticsearch/elasticsearch` which contains the default distribution of Elasticsearch with a [basic license](https://www.elastic.co/subscriptions). Make sure to update the `image` and `imageTag` values to the correct Docker image and Elasticsearch version that you currently have deployed.
+* Convert your current helm/charts configuration into something that is compatible with this chart.
+* Take a fresh snapshot of your cluster. If something goes wrong you want to be able to restore your data no matter what.
+* Check that your clusters health is green. If not abort and make sure your cluster is healthy before continuing.
+ ```
+ curl localhost:9200/_cluster/health
+ ```
+* Deploy new data nodes which will join the existing cluster. Take a look at the configuration in [data.yml](./data.yml)
+ ```
+ make data
+ ```
+* Check that the new nodes have joined the cluster (run this and any other curl commands from within one of your pods).
+ ```
+ curl localhost:9200/_cat/nodes
+ ```
+* Check that your cluster is still green. If so we can now start to scale down the existing data nodes. Assuming you have the default amount of data nodes (2) we now want to scale it down to 1.
+ ```
+ kubectl scale statefulsets my-release-elasticsearch-data --replicas=1
+ ```
+* Wait for your cluster to become green again
+ ```
+ watch 'curl -s localhost:9200/_cluster/health'
+ ```
+* Once the cluster is green we can scale down again.
+ ```
+ kubectl scale statefulsets my-release-elasticsearch-data --replicas=0
+ ```
+* Wait for the cluster to be green again.
+* OK. We now have all data nodes running in the new cluster. Time to replace the masters by firstly scaling down the masters from 3 to 2. Between each step make sure to wait for the cluster to become green again, and check with `curl localhost:9200/_cat/nodes` that you see the correct amount of master nodes. During this process we will always make sure to keep at least 2 master nodes as to not lose quorum.
+ ```
+ kubectl scale statefulsets my-release-elasticsearch-master --replicas=2
+ ```
+* Now deploy a single new master so that we have 3 masters again. See [master.yml](./master.yml) for the configuration.
+ ```
+ make master
+ ```
+* Scale down old masters to 1
+ ```
+ kubectl scale statefulsets my-release-elasticsearch-master --replicas=1
+ ```
+* Edit the masters in [masters.yml](./masters.yml) to 2 and redeploy
+ ```
+ make master
+ ```
+* Scale down the old masters to 0
+ ```
+ kubectl scale statefulsets my-release-elasticsearch-master --replicas=0
+ ```
+* Edit the [masters.yml](./masters.yml) to have 3 replicas and remove the `discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then redeploy the masters. This will make sure all 3 masters are running in the new cluster and are pointing at each other for discovery.
+ ```
+ make master
+ ```
+* Remove the `discovery.zen.ping.unicast.hosts` entry from `extraEnvs` then redeploy the data nodes to make sure they are pointing at the new masters.
+ ```
+ make data
+ ```
+* Deploy the client nodes
+ ```
+ make client
+ ```
+* Update any processes that are talking to the existing client nodes and point them to the new client nodes. Once this is done you can scale down the old client nodes
+ ```
+ kubectl scale deployment my-release-elasticsearch-client --replicas=0
+ ```
+* The migration should now be complete. After verifying that everything is working correctly you can cleanup leftover resources from your old cluster.
--- /dev/null
+---
+
+replicas: 2
+
+clusterName: "elasticsearch"
+nodeGroup: "client"
+
+esMajorVersion: 6
+
+roles:
+ master: "false"
+ ingest: "false"
+ data: "false"
+
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: "standard"
+ resources:
+ requests:
+ storage: 1Gi # Currently needed till pvcs are made optional
+
+persistence:
+ enabled: false
--- /dev/null
+---
+
+replicas: 2
+
+esMajorVersion: 6
+
+extraEnvs:
+ - name: discovery.zen.ping.unicast.hosts
+ value: "my-release-elasticsearch-discovery"
+
+clusterName: "elasticsearch"
+nodeGroup: "data"
+
+roles:
+ master: "false"
+ ingest: "false"
+ data: "true"
--- /dev/null
+---
+
+# Temporarily set to 3 so we can scale up/down the old a new cluster
+# one at a time whilst always keeping 3 masters running
+replicas: 1
+
+esMajorVersion: 6
+
+extraEnvs:
+ - name: discovery.zen.ping.unicast.hosts
+ value: "my-release-elasticsearch-discovery"
+
+clusterName: "elasticsearch"
+nodeGroup: "master"
+
+roles:
+ master: "true"
+ ingest: "false"
+ data: "false"
+
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: "standard"
+ resources:
+ requests:
+ storage: 4Gi
--- /dev/null
+default: test
+
+RELEASE := helm-es-minikube
+
+install:
+ helm upgrade --wait --timeout=900 --install --values values.yaml $(RELEASE) ../../
+
+test: install
+ helm test $(RELEASE)
+
+purge:
+ helm del --purge $(RELEASE)
--- /dev/null
+---
+# Permit co-located instances for solitary minikube virtual machines.
+antiAffinity: "soft"
+
+# Shrink default JVM heap.
+esJavaOpts: "-Xmx128m -Xms128m"
+
+# Allocate smaller chunks of memory per pod.
+resources:
+ requests:
+ cpu: "100m"
+ memory: "512M"
+ limits:
+ cpu: "1000m"
+ memory: "512M"
+
+# Request smaller persistent volumes.
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ storageClassName: "standard"
+ resources:
+ requests:
+ storage: 100M
--- /dev/null
+default: test
+
+include ../../../helpers/examples.mk
+
+PREFIX := helm-es-multi
+RELEASE := helm-es-multi-master
+
+install:
+ helm upgrade --wait --timeout=600 --install --values ./master.yml $(PREFIX)-master ../../
+ helm upgrade --wait --timeout=600 --install --values ./data.yml $(PREFIX)-data ../../
+
+test: install goss
+
+purge:
+ helm del --purge $(PREFIX)-master
+ helm del --purge $(PREFIX)-data
--- /dev/null
+---
+
+clusterName: "multi"
+nodeGroup: "data"
+
+roles:
+ master: "false"
+ ingest: "true"
+ data: "true"
--- /dev/null
+---
+
+clusterName: "multi"
+nodeGroup: "master"
+
+roles:
+ master: "true"
+ ingest: "false"
+ data: "false"
--- /dev/null
+http:
+ http://localhost:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ body:
+ - 'green'
+ - '"cluster_name":"multi"'
+ - '"number_of_nodes":6'
+ - '"number_of_data_nodes":3'
--- /dev/null
+default: test
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-oss
+
+install:
+ helm upgrade --wait --timeout=600 --install $(RELEASE) --values ./values.yaml ../../ ; \
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
--- /dev/null
+http:
+ http://localhost:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ body:
+ - 'green'
+ - '"number_of_nodes":3'
+ - '"number_of_data_nodes":3'
+
+ http://localhost:9200:
+ status: 200
+ timeout: 2000
+ body:
+ - '"number" : "7.3.0"'
+ - '"cluster_name" : "oss"'
+ - '"name" : "oss-master-0"'
+ - 'You Know, for Search'
--- /dev/null
+---
+
+clusterName: "oss"
+image: "docker.elastic.co/elasticsearch/elasticsearch-oss"
--- /dev/null
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-security
+
+install:
+ helm upgrade --wait --timeout=600 --install --values ./security.yml $(RELEASE) ../../ ; \
+
+purge:
+ kubectl delete secrets elastic-credentials elastic-certificates elastic-certificate-pem || true
+ helm del --purge $(RELEASE)
+
+test: secrets install goss
+
+secrets:
+ docker rm -f elastic-helm-charts-certs || true
+ rm -f elastic-certificates.p12 elastic-certificate.pem elastic-stack-ca.p12 || true
+ password=$$([ ! -z "$$ELASTIC_PASSWORD" ] && echo $$ELASTIC_PASSWORD || echo $$(docker run --rm docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION) /bin/sh -c "< /dev/urandom tr -cd '[:alnum:]' | head -c20")) && \
+ docker run --name elastic-helm-charts-certs -i -w /app \
+ docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION) \
+ /bin/sh -c " \
+ elasticsearch-certutil ca --out /app/elastic-stack-ca.p12 --pass '' && \
+ elasticsearch-certutil cert --name security-master --ca /app/elastic-stack-ca.p12 --pass '' --ca-pass '' --out /app/elastic-certificates.p12" && \
+ docker cp elastic-helm-charts-certs:/app/elastic-certificates.p12 ./ && \
+ docker rm -f elastic-helm-charts-certs && \
+ openssl pkcs12 -nodes -passin pass:'' -in elastic-certificates.p12 -out elastic-certificate.pem && \
+ kubectl create secret generic elastic-certificates --from-file=elastic-certificates.p12 && \
+ kubectl create secret generic elastic-certificate-pem --from-file=elastic-certificate.pem && \
+ kubectl create secret generic elastic-credentials --from-literal=password=$$password --from-literal=username=elastic && \
+ rm -f elastic-certificates.p12 elastic-certificate.pem elastic-stack-ca.p12
--- /dev/null
+---
+clusterName: "security"
+nodeGroup: "master"
+
+roles:
+ master: "true"
+ ingest: "true"
+ data: "true"
+
+protocol: https
+
+esConfig:
+ elasticsearch.yml: |
+ xpack.security.enabled: true
+ xpack.security.transport.ssl.enabled: true
+ xpack.security.transport.ssl.verification_mode: certificate
+ xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
+ xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
+ xpack.security.http.ssl.enabled: true
+ xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
+ xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
+
+extraEnvs:
+ - name: ELASTIC_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: elastic-credentials
+ key: password
+ - name: ELASTIC_USERNAME
+ valueFrom:
+ secretKeyRef:
+ name: elastic-credentials
+ key: username
+
+secretMounts:
+ - name: elastic-certificates
+ secretName: elastic-certificates
+ path: /usr/share/elasticsearch/config/certs
--- /dev/null
+http:
+ https://security-master:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: '{{ .Env.ELASTIC_USERNAME }}'
+ password: '{{ .Env.ELASTIC_PASSWORD }}'
+ body:
+ - 'green'
+ - '"number_of_nodes":3'
+ - '"number_of_data_nodes":3'
+
+ https://localhost:9200/:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: '{{ .Env.ELASTIC_USERNAME }}'
+ password: '{{ .Env.ELASTIC_PASSWORD }}'
+ body:
+ - '"cluster_name" : "security"'
+ - '"name" : "security-master-0"'
+ - 'You Know, for Search'
+
+ https://localhost:9200/_xpack/license:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: '{{ .Env.ELASTIC_USERNAME }}'
+ password: '{{ .Env.ELASTIC_PASSWORD }}'
+ body:
+ - 'active'
+ - 'basic'
+
+file:
+ /usr/share/elasticsearch/config/elasticsearch.yml:
+ exists: true
+ contains:
+ - 'xpack.security.enabled: true'
+ - 'xpack.security.transport.ssl.enabled: true'
+ - 'xpack.security.transport.ssl.verification_mode: certificate'
+ - 'xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12'
+ - 'xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12'
+ - 'xpack.security.http.ssl.enabled: true'
+ - 'xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12'
+ - 'xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12'
--- /dev/null
+default: test
+
+include ../../../helpers/examples.mk
+
+RELEASE := helm-es-upgrade
+
+# Right now the version is hardcoded because helm install will ignore
+# anything with an alpha tag when trying to install the latest release
+# This hardcoding can be removed once we drop the alpha tag
+# The "--set terminationGracePeriod=121" always makes sure that a rolling
+# upgrade is forced for this test
+install:
+ helm repo add elastic https://helm.elastic.co && \
+ helm upgrade --wait --timeout=600 --install $(RELEASE) elastic/elasticsearch --version 7.0.0-alpha1 --set clusterName=upgrade ; \
+ kubectl rollout status sts/upgrade-master --timeout=600s
+ helm upgrade --wait --timeout=600 --set terminationGracePeriod=121 --install $(RELEASE) ../../ --set clusterName=upgrade ; \
+ kubectl rollout status sts/upgrade-master --timeout=600s
+
+init:
+ helm init --client-only
+
+test: init install goss
+
+purge:
+ helm del --purge $(RELEASE)
--- /dev/null
+http:
+ http://localhost:9200/_cluster/health:
+ status: 200
+ timeout: 2000
+ body:
+ - 'green'
+ - '"number_of_nodes":3'
+ - '"number_of_data_nodes":3'
+
+ http://localhost:9200:
+ status: 200
+ timeout: 2000
+ body:
+ - '"number" : "7.3.0"'
+ - '"cluster_name" : "upgrade"'
+ - '"name" : "upgrade-master-0"'
+ - 'You Know, for Search'
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "uname" -}}
+{{ .Values.clusterName }}-{{ .Values.nodeGroup }}
+{{- end -}}
+
+{{- define "masterService" -}}
+{{- if empty .Values.masterService -}}
+{{ .Values.clusterName }}-master
+{{- else -}}
+{{ .Values.masterService }}
+{{- end -}}
+{{- end -}}
+
+{{- define "endpoints" -}}
+{{- $replicas := .replicas | int }}
+{{- $uname := printf "%s-%s" .clusterName .nodeGroup }}
+ {{- range $i, $e := untilStep 0 $replicas 1 -}}
+{{ $uname }}-{{ $i }},
+ {{- end -}}
+{{- end -}}
+
+{{- define "esMajorVersion" -}}
+{{- if .Values.esMajorVersion -}}
+{{ .Values.esMajorVersion }}
+{{- else -}}
+{{- $version := int (index (.Values.imageTag | splitList ".") 0) -}}
+ {{- if and (contains "docker.elastic.co/elasticsearch/elasticsearch" .Values.image) (not (eq $version 0)) -}}
+{{ $version }}
+ {{- else -}}
+7
+ {{- end -}}
+{{- end -}}
+{{- end -}}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+{{- if .Values.esConfig }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "uname" . }}-config
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: "{{ template "uname" . }}"
+data:
+{{- range $path, $config := .Values.esConfig }}
+ {{ $path }}: |
+{{ $config | indent 4 -}}
+{{- end -}}
+{{- end -}}
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# limitations under the License. #
################################################################################
-apiVersion: v1
-kind: Service
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "uname" . -}}
+{{- $servicePort := .Values.httpPort -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
metadata:
- name: {{ include "common.servicename.dbaas.tcp" . }}
- namespace: {{ include "common.namespace.platform" . }}
+ name: {{ $fullName }}
labels:
- app: {{ include "common.namespace.platform" . }}-{{ include "common.name.dbaas" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app: {{ .Chart.Name }}
release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
+ heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
spec:
- selector:
- app: {{ include "common.namespace.platform" . }}-{{ include "common.name.dbaas" . }}
- release: {{ .Release.Name }}
- ports:
- - port: {{ include "common.serviceport.dbaas.tcp" . }}
- targetPort: "sql"
- protocol: "TCP"
- name: "sql"
+{{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+{{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: {{ $ingressPath }}
+ backend:
+ serviceName: {{ $fullName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+{{- end }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+---
+{{- if .Values.maxUnavailable }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: "{{ template "uname" . }}-pdb"
+spec:
+ maxUnavailable: {{ .Values.maxUnavailable }}
+ selector:
+ matchLabels:
+ app: "{{ template "uname" . }}"
+{{- end }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: {{ template "uname" . }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: "{{ template "uname" . }}"
+ annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ selector:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: "{{ template "uname" . }}"
+ ports:
+ - name: http
+ protocol: TCP
+ port: {{ .Values.httpPort }}
+{{- if .Values.service.nodePort }}
+ nodePort: {{ .Values.service.nodePort }}
+{{- end }}
+ - name: transport
+ protocol: TCP
+ port: {{ .Values.transportPort }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: {{ template "uname" . }}-headless
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: "{{ template "uname" . }}"
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+spec:
+ clusterIP: None # This is needed for statefulset hostnames like elasticsearch-0 to resolve
+ # Create endpoints also if the related pod isn't ready
+ publishNotReadyAddresses: true
+ selector:
+ app: "{{ template "uname" . }}"
+ ports:
+ - name: http
+ port: {{ .Values.httpPort }}
+ - name: transport
+ port: {{ .Values.transportPort }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "uname" . }}
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: "{{ template "uname" . }}"
+ {{- range $key, $value := .Values.labels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ annotations:
+ esMajorVersion: "{{ include "esMajorVersion" . }}"
+spec:
+ serviceName: {{ template "uname" . }}-headless
+ selector:
+ matchLabels:
+ app: "{{ template "uname" . }}"
+ replicas: {{ default .Values.replicas }}
+ podManagementPolicy: {{ .Values.podManagementPolicy }}
+ updateStrategy:
+ type: {{ .Values.updateStrategy }}
+ {{- if .Values.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ template "uname" . }}
+ {{- with .Values.persistence.annotations }}
+ annotations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ spec:
+{{ toYaml .Values.volumeClaimTemplate | indent 6 }}
+ {{- end }}
+ template:
+ metadata:
+ name: "{{ template "uname" . }}"
+ labels:
+ heritage: {{ .Release.Service | quote }}
+ release: {{ .Release.Name | quote }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ app: "{{ template "uname" . }}"
+ annotations:
+ {{- range $key, $value := .Values.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{/* This forces a restart if the configmap has changed */}}
+ {{- if .Values.esConfig }}
+ configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
+ {{- end }}
+ spec:
+ {{- if .Values.schedulerName }}
+ schedulerName: "{{ .Values.schedulerName }}"
+ {{- end }}
+ securityContext:
+{{ toYaml .Values.podSecurityContext | indent 8 }}
+ {{- if .Values.fsGroup }}
+ fsGroup: {{ .Values.fsGroup }} # Deprecated value, please use .Values.podSecurityContext.fsGroup
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 6 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- if or (eq .Values.antiAffinity "hard") (eq .Values.antiAffinity "soft") .Values.nodeAffinity }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+ {{- end }}
+ affinity:
+ {{- end }}
+ {{- if eq .Values.antiAffinity "hard" }}
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - "{{ template "uname" .}}"
+ topologyKey: {{ .Values.antiAffinityTopologyKey }}
+ {{- else if eq .Values.antiAffinity "soft" }}
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: {{ .Values.antiAffinityTopologyKey }}
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - "{{ template "uname" . }}"
+ {{- end }}
+ {{- with .Values.nodeAffinity }}
+ nodeAffinity:
+{{ toYaml . | indent 10 }}
+ {{- end }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriod }}
+ volumes:
+ {{- range .Values.secretMounts }}
+ - name: {{ .name }}
+ secret:
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- if .Values.esConfig }}
+ - name: esconfig
+ configMap:
+ name: {{ template "uname" . }}-config
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+{{ tpl .Values.extraVolumes . | indent 6 }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ initContainers:
+ {{- if .Values.sysctlInitContainer.enabled }}
+ - name: configure-sysctl
+ securityContext:
+ runAsUser: 0
+ privileged: true
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ command: ["sysctl", "-w", "vm.max_map_count={{ .Values.sysctlVmMaxMapCount}}"]
+ resources:
+{{ toYaml .Values.initResources | indent 10 }}
+ {{- end }}
+ {{- if .Values.extraInitContainers }}
+{{ tpl .Values.extraInitContainers . | indent 6 }}
+ {{- end }}
+ containers:
+ - name: "{{ template "name" . }}"
+ securityContext:
+{{ toYaml .Values.securityContext | indent 10 }}
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+ readinessProbe:
+{{ toYaml .Values.readinessProbe | indent 10 }}
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash -e
+ # If the node is starting up wait for the cluster to be ready (request params: '{{ .Values.clusterHealthCheckParams }}' )
+ # Once it has started only check that the node itself is responding
+ START_FILE=/tmp/.es_start_file
+
+ http () {
+ local path="${1}"
+ if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then
+ BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}"
+ else
+ BASIC_AUTH=''
+ fi
+ curl -XGET -s -k --fail ${BASIC_AUTH} {{ .Values.protocol }}://127.0.0.1:{{ .Values.httpPort }}${path}
+ }
+
+ if [ -f "${START_FILE}" ]; then
+ echo 'Elasticsearch is already running, lets check the node is healthy'
+ http "/"
+ else
+ echo 'Waiting for elasticsearch cluster to become cluster to be ready (request params: "{{ .Values.clusterHealthCheckParams }}" )'
+ if http "/_cluster/health?{{ .Values.clusterHealthCheckParams }}" ; then
+ touch ${START_FILE}
+ exit 0
+ else
+ echo 'Cluster is not yet ready (request params: "{{ .Values.clusterHealthCheckParams }}" )'
+ exit 1
+ fi
+ fi
+ ports:
+ - name: http
+ containerPort: {{ .Values.httpPort }}
+ - name: transport
+ containerPort: {{ .Values.transportPort }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ env:
+ - name: node.name
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ {{- if eq .Values.roles.master "true" }}
+ {{- if ge (int (include "esMajorVersion" .)) 7 }}
+ - name: cluster.initial_master_nodes
+ value: "{{ template "endpoints" .Values }}"
+ {{- else }}
+ - name: discovery.zen.minimum_master_nodes
+ value: "{{ .Values.minimumMasterNodes }}"
+ {{- end }}
+ {{- end }}
+ {{- if lt (int (include "esMajorVersion" .)) 7 }}
+ - name: discovery.zen.ping.unicast.hosts
+ value: "{{ template "masterService" . }}-headless"
+ {{- else }}
+ - name: discovery.seed_hosts
+ value: "{{ template "masterService" . }}-headless"
+ {{- end }}
+ - name: cluster.name
+ value: "{{ .Values.clusterName }}"
+ - name: network.host
+ value: "{{ .Values.networkHost }}"
+ - name: ES_JAVA_OPTS
+ value: "{{ .Values.esJavaOpts }}"
+ {{- range $role, $enabled := .Values.roles }}
+ - name: node.{{ $role }}
+ value: "{{ $enabled }}"
+ {{- end }}
+{{- if .Values.extraEnvs }}
+{{ toYaml .Values.extraEnvs | indent 10 }}
+{{- end }}
+ volumeMounts:
+ {{- if .Values.persistence.enabled }}
+ - name: "{{ template "uname" . }}"
+ mountPath: /usr/share/elasticsearch/data
+ {{- end }}
+ {{- range .Values.secretMounts }}
+ - name: {{ .name }}
+ mountPath: {{ .path }}
+ {{- if .subPath }}
+ subPath: {{ .subPath }}
+ {{- end }}
+ {{- end }}
+ {{- range $path, $config := .Values.esConfig }}
+ - name: esconfig
+ mountPath: /usr/share/elasticsearch/config/{{ $path }}
+ subPath: {{ $path }}
+ {{- end -}}
+ {{- if .Values.extraVolumeMounts }}
+{{ tpl .Values.extraVolumeMounts . | indent 10 }}
+ {{- end }}
+ {{- if .Values.masterTerminationFix }}
+ {{- if eq .Values.roles.master "true" }}
+ # This sidecar will prevent slow master re-election
+ # https://github.com/elastic/helm-charts/issues/63
+ - name: elasticsearch-master-graceful-termination-handler
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+ command:
+ - "sh"
+ - -c
+ - |
+ #!/usr/bin/env bash
+ set -eo pipefail
+
+ http () {
+ local path="${1}"
+ if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then
+ BASIC_AUTH="-u ${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}"
+ else
+ BASIC_AUTH=''
+ fi
+ curl -XGET -s -k --fail ${BASIC_AUTH} {{ .Values.protocol }}://{{ template "masterService" . }}:{{ .Values.httpPort }}${path}
+ }
+
+ cleanup () {
+ while true ; do
+ local master="$(http "/_cat/master?h=node" || echo "")"
+ if [[ $master == "{{ template "masterService" . }}"* && $master != "${NODE_NAME}" ]]; then
+ echo "This node is not master."
+ break
+ fi
+ echo "This node is still master, waiting gracefully for it to step down"
+ sleep 1
+ done
+
+ exit 0
+ }
+
+ trap cleanup SIGTERM
+
+ sleep infinity &
+ wait $!
+ resources:
+{{ toYaml .Values.sidecarResources | indent 10 }}
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ {{- if .Values.extraEnvs }}
+{{ toYaml .Values.extraEnvs | indent 10 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- if .Values.lifecycle }}
+ lifecycle:
+{{ toYaml .Values.lifecycle | indent 10 }}
+{{- end }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test"
+ annotations:
+ "helm.sh/hook": test-success
+spec:
+ containers:
+ - name: "{{ .Release.Name }}-{{ randAlpha 5 | lower }}-test"
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ command:
+ - "sh"
+ - "-c"
+ - |
+ #!/usr/bin/env bash -e
+ curl -XGET --fail '{{ template "uname" . }}:{{ .Values.httpPort }}/_cluster/health?{{ .Values.clusterHealthCheckParams }}'
+ restartPolicy: Never
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+---
+clusterName: "elasticsearch"
+nodeGroup: "master"
+
+# The service that non master groups will try to connect to when joining the cluster
+# This should be set to clusterName + "-" + nodeGroup for your master group
+masterService: ""
+
+# Elasticsearch roles that will be applied to this nodeGroup
+# These will be set as environment variables. E.g. node.master=true
+roles:
+ master: "true"
+ ingest: "true"
+ data: "true"
+
+replicas: 1
+minimumMasterNodes: 1
+
+esMajorVersion: ""
+
+# Allows you to add any config files in /usr/share/elasticsearch/config/
+# such as elasticsearch.yml and log4j2.properties
+esConfig: {}
+# elasticsearch.yml: |
+# key:
+# nestedkey: value
+# log4j2.properties: |
+# key = value
+
+# Extra environment variables to append to this nodeGroup
+# This will be appended to the current 'env:' key. You can use any of the kubernetes env
+# syntax here
+extraEnvs: []
+# - name: MY_ENVIRONMENT_VAR
+# value: the_value_goes_here
+
+# A list of secrets and their paths to mount inside the pod
+# This is useful for mounting certificates for security and for mounting
+# the X-Pack license
+secretMounts: []
+# - name: elastic-certificates
+# secretName: elastic-certificates
+# path: /usr/share/elasticsearch/config/certs
+
+image: "docker.elastic.co/elasticsearch/elasticsearch"
+imageTag: "7.3.0"
+imagePullPolicy: "IfNotPresent"
+
+podAnnotations: {}
+ # iam.amazonaws.com/role: es-cluster
+
+# additionals labels
+labels: {}
+
+esJavaOpts: "-Xmx1g -Xms1g"
+
+resources:
+ requests:
+ cpu: "100m"
+ memory: "2Gi"
+ limits:
+ cpu: "1000m"
+ memory: "2Gi"
+
+initResources: {}
+ # limits:
+ # cpu: "25m"
+ # # memory: "128Mi"
+ # requests:
+ # cpu: "25m"
+ # memory: "128Mi"
+
+sidecarResources: {}
+ # limits:
+ # cpu: "25m"
+ # # memory: "128Mi"
+ # requests:
+ # cpu: "25m"
+ # memory: "128Mi"
+
+networkHost: "0.0.0.0"
+
+volumeClaimTemplate:
+ accessModes: [ "ReadWriteOnce" ]
+ resources:
+ requests:
+ storage: 30Gi
+
+persistence:
+ enabled: false
+ annotations: {}
+
+extraVolumes: []
+ # - name: extras
+ # emptyDir: {}
+
+extraVolumeMounts: []
+ # - name: extras
+ # mountPath: /usr/share/extras
+ # readOnly: true
+
+extraInitContainers: []
+ # - name: do-something
+ # image: busybox
+ # command: ['do', 'something']
+
+# This is the PriorityClass settings as defined in
+# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
+priorityClassName: ""
+
+# By default this will make sure two pods don't end up on the same node
+# Changing this to a region would allow you to spread pods across regions
+antiAffinityTopologyKey: "kubernetes.io/hostname"
+
+# Hard means that by default pods will only be scheduled if there are enough nodes for them
+# and that they will never end up on the same node. Setting this to soft will do this "best effort"
+antiAffinity: "hard"
+
+# This is the node affinity settings as defined in
+# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
+nodeAffinity: {}
+
+# The default is to deploy all pods serially. By setting this to parallel all pods are started at
+# the same time when bootstrapping the cluster
+podManagementPolicy: "Parallel"
+
+protocol: http
+httpPort: 9200
+transportPort: 9300
+
+service:
+ type: ClusterIP
+ nodePort:
+ annotations: {}
+
+updateStrategy: RollingUpdate
+
+# This is the max unavailable setting for the pod disruption budget
+# The default value of 1 will make sure that kubernetes won't allow more than 1
+# of your pods to be unavailable during maintenance
+maxUnavailable: 1
+
+podSecurityContext:
+ fsGroup: 1000
+
+# The following value is deprecated,
+# please use the above podSecurityContext.fsGroup instead
+fsGroup: ""
+
+securityContext:
+ capabilities:
+ drop:
+ - ALL
+ # readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+
+# How long to wait for elasticsearch to stop gracefully
+terminationGracePeriod: 120
+
+sysctlVmMaxMapCount: 262144
+
+readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 3
+ timeoutSeconds: 5
+
+# https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html#request-params wait_for_status
+clusterHealthCheckParams: "wait_for_status=green&timeout=1s"
+
+## Use an alternate scheduler.
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+schedulerName: ""
+
+imagePullSecrets: []
+nodeSelector: {}
+tolerations: []
+
+# Enabling this will publically expose your Elasticsearch instance.
+# Only enable this if you have security enabled on your cluster
+ingress:
+ enabled: false
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ path: /
+ hosts:
+ - chart-example.local
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+nameOverride: ""
+fullnameOverride: ""
+
+# https://github.com/elastic/helm-charts/issues/63
+masterTerminationFix: false
+
+lifecycle: {}
+ # preStop:
+ # exec:
+ # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
+ # postStart:
+ # exec:
+ # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
+
+sysctlInitContainer:
+ enabled: true
--- /dev/null
+tests/
+.pytest_cache/
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+apiVersion: v1
+appVersion: 7.3.0
+description: Official Elastic helm chart for Kibana
+home: https://github.com/elastic/helm-charts
+icon: https://helm.elastic.co/icons/kibana.png
+maintainers:
+- email: helm-charts@elastic.co
+ name: Elastic
+name: kibana
+sources:
+- https://github.com/elastic/kibana
+version: 7.3.0
\ No newline at end of file
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# limitations under the License. #
################################################################################
-apiVersion: v1
-appVersion: "1.0"
-description: DBaaS realized with standalone, non-persistent, non-redundant Redis
-name: dbaas
-version: 1.1.0
+include ../helpers/common.mk
--- /dev/null
+# Kibana Helm Chart
+
+This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
+
+This helm chart is a lightweight way to configure and run our official [Kibana docker image](https://www.elastic.co/guide/en/kibana/current/docker.html)
+
+## Requirements
+
+* Kubernetes >= 1.8
+* [Helm](https://helm.sh/) >= 2.8.0
+
+## Installing
+
+* Add the elastic helm charts repo
+ ```
+ helm repo add elastic https://helm.elastic.co
+ ```
+* Install it
+ ```
+ helm install --name kibana elastic/kibana
+ ```
+
+## Compatibility
+
+This chart is tested with the latest supported versions. The currently tested versions are:
+
+| 6.x | 7.x |
+| ----- | ----- |
+| 6.8.1 | 7.3.0 |
+
+Examples of installing older major versions can be found in the [examples](./examples) directory.
+
+While only the latest releases are tested, it is possible to easily install old or new releases by overriding the `imageTag`. To install version `7.3.0` of Kibana it would look like this:
+
+```
+helm install --name kibana elastic/kibana --set imageTag=7.3.0
+```
+
+## Configuration
+
+| Parameter | Description | Default |
+| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
+| `elasticsearchHosts` | The URLs used to connect to Elasticsearch. | `http://elasticsearch-master:9200` |
+| `elasticsearchURL` | The URL used to connect to Elasticsearch. Deprecated, needs to be used for Kibana versions < 6.6 | |
+| `replicas` | Kubernetes replica count for the deployment (i.e. how many pods) | `1` |
+| `extraEnvs` | Extra [environment variables](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#using-environment-variables-inside-of-your-config) which will be appended to the `env:` definition for the container | `[]` |
+| `secretMounts` | Allows you easily mount a secret as a file inside the deployment. Useful for mounting certificates and other secrets. See [values.yaml](./values.yaml) for an example | `[]` |
+| `image` | The Kibana docker image | `docker.elastic.co/kibana/kibana` |
+| `imageTag` | The Kibana docker image tag | `7.3.0` |
+| `imagePullPolicy` | The Kubernetes [imagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#updating-images) value | `IfNotPresent` |
+| `podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Kibana pods | `{}` |
+| `resources` | Allows you to set the [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) for the statefulset | `requests.cpu: 100m`<br>`requests.memory: 2Gi`<br>`limits.cpu: 1000m`<br>`limits.memory: 2Gi` |
+| `protocol` | The protocol that will be used for the readinessProbe. Change this to `https` if you have `server.ssl.enabled: true` set | `http` |
+| `serverHost` | The [`server.host`](https://www.elastic.co/guide/en/kibana/current/settings.html) Kibana setting. This is set explicitly so that the default always matches what comes with the docker image. | `0.0.0.0` |
+| `healthCheckPath` | The path used for the readinessProbe to check that Kibana is ready. If you are setting `server.basePath` you will also need to update this to `/${basePath}/app/kibana` | `/app/kibana` |
+| `kibanaConfig` | Allows you to add any config files in `/usr/share/kibana/config/` such as `kibana.yml`. See [values.yaml](./values.yaml) for an example of the formatting. | `{}` |
+| `podSecurityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000` |
+| `securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the container | `capabilities.drop:[ALL]`<br>`runAsNonRoot: true`<br>`runAsUser: 1000` |
+| `serviceAccount` | Allows you to overwrite the "default" [serviceAccount](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) for the pod | `[]` |
+| `priorityClassName` | The [name of the PriorityClass](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass). No default is supplied as the PriorityClass must be created first. | `` |
+| `antiAffinityTopologyKey` | The [anti-affinity topology key](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). By default this will prevent multiple Kibana instances from running on the same Kubernetes node | `kubernetes.io/hostname` |
+| `antiAffinity` | Setting this to hard enforces the [anti-affinity rules](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). If it is set to soft it will be done "best effort" | `hard` |
+| `httpPort` | The http port that Kubernetes will use for the healthchecks and the service. | `5601` |
+| `maxUnavailable` | The [maxUnavailable](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget) value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod | `1` |
+| `updateStrategy` | Allows you to change the default update [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment) for the deployment. A [standard upgrade](https://www.elastic.co/guide/en/kibana/current/upgrade-standard.html) of Kibana requires a full stop and start which is why the default strategy is set to `Recreate` | `Recreate` |
+| `readinessProbe` | Configuration for the [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/) | `failureThreshold: 3`<br>`initialDelaySeconds: 10`<br>`periodSeconds: 10`<br>`successThreshold: 3`<br>`timeoutSeconds: 5` |
+| `imagePullSecrets` | Configuration for [imagePullSecrets](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) so that you can use a private registry for your image | `[]` |
+| `nodeSelector` | Configurable [nodeSelector](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) so that you can target specific nodes for your Kibana instances | `{}` |
+| `tolerations` | Configurable [tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` |
+| `ingress` | Configurable [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose the Kibana service. See [`values.yaml`](./values.yaml) for an example | `enabled: false` |
+| `service` | Configurable [service](https://kubernetes.io/docs/concepts/services-networking/service/) to expose the Kibana service. See [`values.yaml`](./values.yaml) for an example | `type: ClusterIP`<br>`port: 5601`<br>`nodePort:`<br>`annotations: {}` |
+| `labels` | Configurable [label](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) applied to all Kibana pods | `{}` |
+
+## Examples
+
+In [examples/](./examples) you will find some example configurations. These examples are used for the automated testing of this helm chart
+
+### Default
+
+* Deploy the [default Elasticsearch helm chart](../elasticsearch/README.md#default)
+* Deploy Kibana with the default values
+ ```
+ cd examples/default
+ make
+ ```
+* You can now setup a port forward and access Kibana at http://localhost:5601
+ ```
+ kubectl port-forward deployment/helm-kibana-default-kibana 5601
+ ```
+
+### Security
+
+* Deploy a [security enabled Elasticsearch cluster](../elasticsearch/README.md#security)
+* Deploy Kibana with the security example
+ ```
+ cd examples/security
+ make
+ ```
+* Setup a port forward and access Kibana at https://localhost:5601
+ ```
+ # Setup the port forward
+ kubectl port-forward deployment/helm-kibana-security-kibana 5601
+
+ # Run this in a seperate terminal
+ # Get the auto generated password
+ password=$(kubectl get secret elastic-credentials -o jsonpath='{.data.password}' | base64 --decode)
+ echo $password
+
+ # Test Kibana is working with curl or access it with your browser at https://localhost:5601
+ # The example certificate is self signed so you may see a warning about the certificate
+ curl -I -k -u elastic:$password https://localhost:5601/app/kibana
+ ```
+
+## Testing
+
+This chart uses [pytest](https://docs.pytest.org/en/latest/) to test the templating logic. The dependencies for testing can be installed from the [`requirements.txt`](../requirements.txt) in the parent directory.
+
+```
+pip install -r ../requirements.txt
+make test
+```
+
+
+You can also use `helm template` to look at the YAML being generated
+
+```
+make template
+```
+
+It is possible to run all of the tests and linting inside of a docker container
+
+```
+make test
+```
--- /dev/null
+default: test
+include ../../../helpers/examples.mk
+
+RELEASE := helm-kibana-six
+
+install:
+ helm upgrade --wait --timeout=600 --install --values ./values.yml $(RELEASE) ../../ ; \
+
+purge:
+ helm del --purge $(RELEASE)
+
+test: install goss
--- /dev/null
+http:
+ http://localhost:5601/api/status:
+ status: 200
+ timeout: 2000
+ body:
+ - '"number":"6.8.1"'
+
+ http://localhost:5601/app/kibana:
+ status: 200
+ timeout: 2000
--- /dev/null
+---
+
+imageTag: 6.8.1
+elasticsearchHosts: "http://six-master:9200"
--- /dev/null
+default: test
+include ../../../helpers/examples.mk
+
+RELEASE := helm-kibana-default
+
+install:
+ echo "Goss container: $(GOSS_CONTAINER)"
+ helm upgrade --wait --timeout=600 --install $(RELEASE) ../../ ; \
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
--- /dev/null
+http:
+ http://localhost:5601/api/status:
+ status: 200
+ timeout: 2000
+ body:
+ - '"number":"7.3.0"'
+
+ http://localhost:5601/app/kibana:
+ status: 200
+ timeout: 2000
+
+ http://helm-kibana-default-kibana:5601/app/kibana:
+ status: 200
+ timeout: 2000
--- /dev/null
+default: test
+include ../../../helpers/examples.mk
+
+RELEASE := helm-kibana-oss
+
+install:
+ helm upgrade --wait --timeout=600 --install --values ./values.yml $(RELEASE) ../../ ; \
+
+test: install goss
+
+purge:
+ helm del --purge $(RELEASE)
--- /dev/null
+http:
+ http://localhost:5601/app/kibana:
+ status: 200
+ timeout: 2000
--- /dev/null
+---
+
+image: "docker.elastic.co/kibana/kibana-oss"
+elasticsearchHosts: "http://oss-master:9200"
--- /dev/null
+default: test
+include ../../../helpers/examples.mk
+
+RELEASE := helm-kibana-security
+
+install:
+ helm upgrade --wait --timeout=600 --install --values ./security.yml $(RELEASE) ../../ ; \
+
+test: secrets install goss
+
+purge:
+ kubectl delete secret kibana || true
+ helm del --purge $(RELEASE)
+
+secrets:
+ encryptionkey=$$(echo $$(docker run --rm docker.elastic.co/elasticsearch/elasticsearch:$(STACK_VERSION) /bin/sh -c "< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c50")) && \
+ kubectl create secret generic kibana --from-literal=encryptionkey=$$encryptionkey
--- /dev/null
+---
+
+elasticsearchHosts: "https://security-master:9200"
+
+extraEnvs:
+ - name: 'ELASTICSEARCH_USERNAME'
+ valueFrom:
+ secretKeyRef:
+ name: elastic-credentials
+ key: username
+ - name: 'ELASTICSEARCH_PASSWORD'
+ valueFrom:
+ secretKeyRef:
+ name: elastic-credentials
+ key: password
+ - name: 'KIBANA_ENCRYPTION_KEY'
+ valueFrom:
+ secretKeyRef:
+ name: kibana
+ key: encryptionkey
+
+kibanaConfig:
+ kibana.yml: |
+ server.ssl:
+ enabled: true
+ key: /usr/share/kibana/config/certs/elastic-certificate.pem
+ certificate: /usr/share/kibana/config/certs/elastic-certificate.pem
+ xpack.security.encryptionKey: ${KIBANA_ENCRYPTION_KEY}
+ elasticsearch.ssl:
+ certificateAuthorities: /usr/share/kibana/config/certs/elastic-certificate.pem
+ verificationMode: certificate
+
+protocol: https
+
+secretMounts:
+ - name: elastic-certificate-pem
+ secretName: elastic-certificate-pem
+ path: /usr/share/kibana/config/certs
--- /dev/null
+http:
+ https://localhost:5601/app/kibana:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: '{{ .Env.ELASTICSEARCH_USERNAME }}'
+ password: '{{ .Env.ELASTICSEARCH_PASSWORD }}'
+
+ https://helm-kibana-security-kibana:5601/app/kibana:
+ status: 200
+ timeout: 2000
+ allow-insecure: true
+ username: '{{ .Env.ELASTICSEARCH_USERNAME }}'
+ password: '{{ .Env.ELASTICSEARCH_PASSWORD }}'
+
+file:
+ /usr/share/kibana/config/kibana.yml:
+ exists: true
+ contains:
+ - 'server.ssl:'
+ - ' enabled: true'
+ - ' key: /usr/share/kibana/config/certs/elastic-certificate.pem'
+ - ' certificate: /usr/share/kibana/config/certs/elastic-certificate.pem'
+ - 'xpack.security.encryptionKey:'
+ - 'elasticsearch.ssl:'
+ - ' certificateAuthorities: /usr/share/kibana/config/certs/elastic-certificate.pem'
+ - ' verificationMode: certificate'
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Release.Name .Values.nameOverride -}}
+{{- printf "%s-%s" $name .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+{{- if .Values.kibanaConfig }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "fullname" . }}-config
+ labels:
+ app: {{ .Chart.Name }}
+ release: {{ .Release.Name | quote }}
+data:
+{{- range $path, $config := .Values.kibanaConfig }}
+ {{ $path }}: |
+{{ $config | indent 4 -}}
+{{- end -}}
+{{- end -}}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "fullname" . }}
+ labels:
+ app: {{ .Chart.Name }}
+ release: {{ .Release.Name | quote }}
+ {{- range $key, $value := .Values.labels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.replicas }}
+ strategy:
+{{ toYaml .Values.updateStrategy | indent 4 }}
+ selector:
+ matchLabels:
+ app: kibana
+ release: {{ .Release.Name | quote }}
+ template:
+ metadata:
+ labels:
+ app: kibana
+ release: {{ .Release.Name | quote }}
+ annotations:
+ {{- range $key, $value := .Values.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{/* This forces a restart if the configmap has changed */}}
+ {{- if .Values.kibanaConfig }}
+ configchecksum: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
+ {{- end }}
+ spec:
+{{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+{{- end }}
+ securityContext:
+{{ toYaml .Values.podSecurityContext | indent 8 }}
+ {{- if .Values.serviceAccount }}
+ serviceAccount: {{ .Values.serviceAccount }}
+ {{- end }}
+ volumes:
+ {{- range .Values.secretMounts }}
+ - name: {{ .name }}
+ secret:
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- if .Values.kibanaConfig }}
+ - name: kibanaconfig
+ configMap:
+ name: {{ template "fullname" . }}-config
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ containers:
+ - name: kibana
+ securityContext:
+{{ toYaml .Values.securityContext | indent 10 }}
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+ env:
+ {{- if .Values.elasticsearchURL }}
+ - name: ELASTICSEARCH_URL
+ value: "{{ .Values.elasticsearchURL }}"
+ {{- else if .Values.elasticsearchHosts }}
+ - name: ELASTICSEARCH_HOSTS
+ value: "{{ .Values.elasticsearchHosts }}"
+ {{- end }}
+ - name: SERVER_HOST
+ value: "{{ .Values.serverHost }}"
+{{- if .Values.extraEnvs }}
+{{ toYaml .Values.extraEnvs | indent 10 }}
+{{- end }}
+ readinessProbe:
+{{ toYaml .Values.readinessProbe | indent 10 }}
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash -e
+ http () {
+ local path="${1}"
+ set -- -XGET -s --fail
+
+ if [ -n "${ELASTIC_USERNAME}" ] && [ -n "${ELASTIC_PASSWORD}" ]; then
+ set -- "$@" -u "${ELASTIC_USERNAME}:${ELASTIC_PASSWORD}"
+ fi
+
+ curl -k "$@" "{{ .Values.protocol }}://localhost:{{ .Values.httpPort }}${path}"
+ }
+
+ http "{{ .Values.healthCheckPath }}"
+ ports:
+ - containerPort: {{ .Values.httpPort }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ volumeMounts:
+ {{- range .Values.secretMounts }}
+ - name: {{ .name }}
+ mountPath: {{ .path }}
+ {{- if .subPath }}
+ subPath: {{ .subPath }}
+ {{- end }}
+ {{- end }}
+ {{- range $path, $config := .Values.kibanaConfig }}
+ - name: kibanaconfig
+ mountPath: /usr/share/kibana/config/{{ $path }}
+ subPath: {{ $path }}
+ {{- end -}}
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# limitations under the License. #
################################################################################
-apiVersion: v1
-kind: Service
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "fullname" . -}}
+{{- $servicePort := .Values.service.port -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
metadata:
- name: {{ include "ricxapp.servicename.rmr" . }}
- namespace: {{ include "ricxapp.namespace" . }}
+ name: {{ $fullName }}
labels:
- app: {{ include "ricxapp.namespace" . }}-{{ include "ricxapp.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app: {{ .Chart.Name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
spec:
- type: ClusterIP
- ports:
- - port: {{ .Values.ricxapp.service.rmr.data.port }}
- targetPort: rmrdata
- protocol: TCP
- name: rmrdata
- - port: {{ .Values.ricxapp.service.rmr.route.port }}
- targetPort: rmrroute
- protocol: TCP
- name: rmrroute
- selector:
- app: {{ include "ricxapp.namespace" . }}-{{ include "ricxapp.name" . }}
- release: {{ .Release.Name }}
+{{- if .Values.ingress.tls }}
+ tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+{{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: {{ $ingressPath }}
+ backend:
+ serviceName: {{ $fullName }}
+ servicePort: {{ $servicePort }}
+ {{- end }}
+{{- end }}
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# limitations under the License. #
################################################################################
+---
apiVersion: v1
kind: Service
metadata:
- name: {{ include "ricxapp.servicename.http" . }}
- namespace: {{ include "ricxapp.namespace" . }}
+ name: {{ template "fullname" . }}
labels:
- app: {{ include "ricxapp.namespace" . }}-{{ include "ricxapp.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
+ app: {{ .Chart.Name }}
+ release: {{ .Release.Name | quote }}
heritage: {{ .Release.Service }}
+{{- with .Values.service.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
spec:
- type: ClusterIP
+ type: {{ .Values.service.type }}
ports:
- - port: {{ .Values.ricxapp.service.http.port }}
- targetPort: http
+ - port: {{ .Values.service.port }}
+{{- if .Values.service.nodePort }}
+ nodePort: {{ .Values.service.nodePort }}
+{{- end }}
protocol: TCP
name: http
+ targetPort: {{ .Values.httpPort }}
selector:
- app: {{ include "ricxapp.namespace" . }}-{{ include "ricxapp.name" . }}
- release: {{ .Release.Name }}
+ app: {{ .Chart.Name }}
+ release: {{ .Release.Name | quote }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+---
+
+elasticsearchURL: "" # "http://elasticsearch-master:9200"
+elasticsearchHosts: "http://elasticsearch-master:9200"
+
+replicas: 1
+
+# Extra environment variables to append to this nodeGroup
+# This will be appended to the current 'env:' key. You can use any of the kubernetes env
+# syntax here
+extraEnvs:
+# - name: XPACK_SECURITY_ENABLED
+# value: "false"
+# - name: MY_ENVIRONMENT_VAR
+# # value: the_value_goes_here
+
+
+# A list of secrets and their paths to mount inside the pod
+# This is useful for mounting certificates for security and for mounting
+# the X-Pack license
+secretMounts: []
+# - name: kibana-keystore
+# secretName: kibana-keystore
+# path: /usr/share/kibana/data/kibana.keystore
+# subPath: kibana.keystore # optional
+
+image: "docker.elastic.co/kibana/kibana-oss"
+imageTag: "7.3.0"
+imagePullPolicy: "IfNotPresent"
+
+# additionals labels
+labels: {}
+
+podAnnotations: {}
+ # iam.amazonaws.com/role: es-cluster
+
+resources:
+ requests:
+ cpu: "100m"
+ memory: "500m"
+ limits:
+ cpu: "1000m"
+ memory: "1Gi"
+
+protocol: http
+
+serverHost: "0.0.0.0"
+
+healthCheckPath: "/app/kibana"
+
+# Allows you to add any config files in /usr/share/kibana/config/
+# such as kibana.yml
+kibanaConfig: {}
+# kibana.yml: |
+# # key:
+# # nestedkey: value
+
+#kibanaConfig:
+# kibana.yml: |
+# xpack.security.enabled: false
+
+# If Pod Security Policy in use it may be required to specify security context as well as service account
+
+podSecurityContext:
+ fsGroup: 1000
+
+securityContext:
+ capabilities:
+ drop:
+ - ALL
+ # readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 1000
+
+serviceAccount: ""
+
+# This is the PriorityClass settings as defined in
+# https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
+priorityClassName: ""
+
+# By default this will make sure two pods don't end up on the same node
+# Changing this to a region would allow you to spread pods across regions
+antiAffinityTopologyKey: "kubernetes.io/hostname"
+
+# Hard means that by default pods will only be scheduled if there are enough nodes for them
+# and that they will never end up on the same node. Setting this to soft will do this "best effort"
+antiAffinity: "hard"
+
+httpPort: 5601
+
+# This is the max unavailable setting for the pod disruption budget
+# The default value of 1 will make sure that kubernetes won't allow more than 1
+# of your pods to be unavailable during maintenance
+maxUnavailable: 1
+
+updateStrategy:
+ type: "Recreate"
+
+service:
+ type: ClusterIP
+ port: 5601
+ nodePort:
+ annotations: {}
+ # cloud.google.com/load-balancer-type: "Internal"
+ # service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
+ # service.beta.kubernetes.io/azure-load-balancer-internal: "true"
+ # service.beta.kubernetes.io/openstack-internal-load-balancer: "true"
+ # service.beta.kubernetes.io/cce-load-balancer-internal-vpc: "true"
+
+ingress:
+ enabled: false
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ path: /
+ hosts:
+ - chart-example.local
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ successThreshold: 3
+ timeoutSeconds: 5
+
+imagePullSecrets: []
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
+nameOverride: ""
+fullnameOverride: ""
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+appVersion: 6.7.0
+description: Logstash is an open source, server-side data processing pipeline
+home: https://www.elastic.co/products/logstash
+icon: https://www.elastic.co/assets/blt86e4472872eed314/logo-elastic-logstash-lt.svg
+maintainers:
+- email: pete.brown@powerhrg.com
+ name: rendhalver
+- email: jrodgers@powerhrg.com
+ name: jar361
+- email: christian.roggia@gmail.com
+ name: christian-roggia
+name: logstash
+sources:
+- https://www.docker.elastic.co
+- https://www.elastic.co/guide/en/logstash/current/index.html
+version: 1.13.0
--- /dev/null
+approvers:
+- christian-roggia
+- rendhalver
+reviewers:
+- christian-roggia
+- rendhalver
--- /dev/null
+# Logstash
+
+[Logstash](https://www.elastic.co/products/logstash) is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite “stash.”
+
+## TL;DR;
+
+```console
+$ helm install stable/logstash
+```
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install --name my-release stable/logstash
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm delete my-release
+```
+
+The command removes nearly all the Kubernetes components associated with the
+chart and deletes the release.
+
+## Best Practices
+
+### Release and tune this chart once per Logstash pipeline
+
+To achieve multiple pipelines with this chart, current best practice is to
+maintain one pipeline per chart release. In this way configuration is
+simplified and pipelines are more isolated from one another.
+
+### Default Pipeline: Beats Input -> Elasticsearch Output
+
+Current best practice for ELK logging is to ship logs from hosts using Filebeat
+to logstash where persistent queues are enabled. Filebeat supports structured
+(e.g. JSON) and unstructured (e.g. log lines) log shipment.
+
+### Load Beats-generated index template into Elasticsearch
+
+To best utilize the combination of Beats, Logstash and Elasticsearch,
+load Beats-generated index templates into Elasticsearch as described [here](
+https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-template.html).
+
+On a remote-to-Kubernetes Linux instance you might run the following command to
+load that instance's Beats-generated index template into Elasticsearch
+(Elasticsearch hostname will vary).
+
+```
+filebeat setup --template -E output.logstash.enabled=false \
+ -E 'output.elasticsearch.hosts=["elasticsearch.cluster.local:9200"]'
+```
+
+### Links
+
+Please review the following links that expound on current best practices.
+
+- https://www.elastic.co/blog/structured-logging-filebeat
+- https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-template.html
+- https://www.elastic.co/guide/en/logstash/current/deploying-and-scaling.html
+- https://www.elastic.co/guide/en/logstash/current/persistent-queues.html
+
+## Configuration
+
+The following table lists the configurable parameters of the chart and its default values.
+
+| Parameter | Description | Default |
+| --------------------------- | -------------------------------------------------- | ------------------------------------------------ |
+| `replicaCount` | Number of replicas | `1` |
+| `podDisruptionBudget` | Pod disruption budget | `maxUnavailable: 1` |
+| `updateStrategy` | Update strategy | `type: RollingUpdate` |
+| `image.repository` | Container image name | `docker.elastic.co/logstash/logstash-oss` |
+| `image.tag` | Container image tag | `6.7.0` |
+| `image.pullPolicy` | Container image pull policy | `IfNotPresent` |
+| `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` |
+| `service.annotations` | Service annotations | `{}` |
+| `service.ports` | Ports exposed by service | beats |
+| `service.loadBalancerIP` | The load balancer IP for the service | unset |
+| `service.loadBalancerSourceRanges` | CIDR ranges to allow access to load balancer | unset |
+| `service.clusterIP` | The cluster IP for the service | unset |
+| `service.nodePort` | The nodePort for the service | unset |
+| `service.externalTrafficPolicy` | Set externalTrafficPolicy | unset |
+| `ports` | Ports exposed by logstash container | beats |
+| `ingress.enabled` | Enables Ingress | `false` |
+| `ingress.annotations` | Ingress annotations | `{}` |
+| `ingress.path` | Ingress path | `/` |
+| `ingress.hosts` | Ingress accepted hostnames | `["logstash.cluster.local"]` |
+| `ingress.tls` | Ingress TLS configuration | `[]` |
+| `logstashJavaOpts` | Java options for logstash like heap size | `"-Xmx1g -Xms1g"` |
+| `resources` | Pod resource requests & limits | `{}` |
+| `priorityClassName` | priorityClassName | `nil` |
+| `nodeSelector` | Node selector | `{}` |
+| `tolerations` | Tolerations | `[]` |
+| `affinity` | Affinity or Anti-Affinity | `{}` |
+| `podAnnotations` | Pod annotations | `{}` |
+| `podLabels` | Pod labels | `{}` |
+| `extraEnv` | Extra pod environment variables | `[]` |
+| `extraInitContainers` | Add additional initContainers | `[]` |
+| `podManagementPolicy` | podManagementPolicy of the StatefulSet | `OrderedReady` |
+| `livenessProbe` | Liveness probe settings for logstash container | (see `values.yaml`) |
+| `readinessProbe` | Readiness probe settings for logstash container | (see `values.yaml`) |
+| `persistence.enabled` | Enable persistence | `true` |
+| `persistence.storageClass` | Storage class for PVCs | unset |
+| `persistence.accessMode` | Access mode for PVCs | `ReadWriteOnce` |
+| `persistence.size` | Size for PVCs | `2Gi` |
+| `volumeMounts` | Volume mounts to configure for logstash container | (see `values.yaml`) |
+| `volumes` | Volumes to configure for logstash container | [] |
+| `terminationGracePeriodSeconds` | Duration the pod needs to terminate gracefully | `30`
+| `exporter.logstash` | Prometheus logstash-exporter settings | (see `values.yaml`) |
+| `exporter.logstash.enabled` | Enables Prometheus logstash-exporter | `false` |
+| `elasticsearch.host` | ElasticSearch hostname | `elasticsearch-client.default.svc.cluster.local` |
+| `elasticsearch.port` | ElasticSearch port | `9200` |
+| `config` | Logstash configuration key-values | (see `values.yaml`) |
+| `patterns` | Logstash patterns configuration | `nil` |
+| `files` | Logstash custom files configuration | `nil` |
+| `binaryFiles` | Logstash custom binary files | `nil` |
+| `inputs` | Logstash inputs configuration | beats |
+| `filters` | Logstash filters configuration | `nil` |
+| `outputs` | Logstash outputs configuration | elasticsearch |
+| `securityContext.fsGroup` | Group ID for the container | `1000` |
+| `securityContext.runAsUser` | User ID for the container | `1000` |
--- /dev/null
+{{- if .Values.service.ports.http }}
+Get the Logstash HTTP Input URL by running these commands:
+ {{- if .Values.ingress.enabled }}
+ {{- range .Values.ingress.hosts }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+ {{- end }}
+ {{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "logstash.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+ {{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ template "logstash.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "logstash.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.ports.http.port }}
+ {{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "logstash.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:{{ .Values.service.ports.http.port }}
+ {{- end }}
+{{- end }}
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
{{/*
Expand the name of the chart.
*/}}
-{{- define "dbaas.name" -}}
+{{- define "logstash.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
-{{- define "dbaas.fullname" -}}
+{{- define "logstash.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
-{{- define "dbaas.chart" -}}
+{{- define "logstash.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
-
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "logstash.fullname" . }}-files
+ labels:
+ app: {{ template "logstash.name" . }}
+ chart: {{ template "logstash.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{- range $key, $value := .Values.files }}
+ {{ $key }}: |-
+{{ $value | indent 4 }}
+{{- end }}
+binaryData:
+ {{- range $key, $value := .Values.binaryFiles }}
+ {{ $key }}: |-
+{{ $value | indent 4 }}
+ {{- end }}
+
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "logstash.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ app: {{ template "logstash.name" . }}
+ chart: {{ template "logstash.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+{{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ . }}
+ http:
+ paths:
+ - path: {{ $ingressPath }}
+ backend:
+ serviceName: {{ $fullName }}
+ servicePort: http
+ {{- end }}
+{{- end }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "logstash.fullname" . }}-patterns
+ labels:
+ app: {{ template "logstash.name" . }}
+ chart: {{ template "logstash.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{- range $key, $value := .Values.patterns }}
+ {{ $key }}: |-
+{{ $value | indent 4 }}
+{{- end }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "logstash.fullname" . }}-pipeline
+ labels:
+ app: {{ template "logstash.name" . }}
+ chart: {{ template "logstash.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{- range $key, $value := .Values.inputs }}
+ input_{{ $key }}: |-
+{{ $value | indent 4 }}
+{{- end }}
+
+{{- range $key, $value := .Values.filters }}
+ filter_{{ $key }}: |-
+{{ $value | indent 4 }}
+{{- end }}
+
+{{- range $key, $value := .Values.outputs }}
+ output_{{ $key }}: |-
+{{ $value | indent 4 }}
+{{- end }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "logstash.fullname" . }}
+ labels:
+ app: {{ template "logstash.name" . }}
+ chart: {{ template "logstash.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "logstash.name" . }}
+ release: {{ .Release.Name }}
+{{ toYaml .Values.podDisruptionBudget | indent 2 }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "logstash.fullname" . }}
+ labels:
+ app: {{ template "logstash.name" . }}
+ chart: {{ template "logstash.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+{{- with .Values.service.annotations }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.service.type }}
+{{- if .Values.service.externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+{{- end }}
+ ports:
+ {{- range $key, $value := .Values.service.ports }}
+ - name: {{ $key }}
+{{ toYaml $value | indent 6 }}
+ {{- end }}
+ selector:
+ app: {{ template "logstash.name" . }}
+ release: {{ .Release.Name }}
+{{- if eq .Values.service.type "LoadBalancer" }}
+{{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+{{- end }}
+{{- if .Values.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+{{- range $cidr := .Values.service.loadBalancerSourceRanges }}
+ - {{ $cidr }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if .Values.service.clusterIP }}
+ clusterIP: {{ .Values.service.clusterIP }}
+{{- end }}
+{{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
+ nodePort: {{ .Values.service.nodePort }}
+{{- end }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ template "logstash.fullname" . }}
+ labels:
+ app: {{ template "logstash.name" . }}
+ chart: {{ template "logstash.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ serviceName: {{ template "logstash.fullname" . }}
+ replicas: {{ .Values.replicaCount }}
+ podManagementPolicy: {{ .Values.podManagementPolicy }}
+ selector:
+ matchLabels:
+ app: {{ template "logstash.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ template "logstash.name" . }}
+ release: {{ .Release.Name }}
+ {{- if .Values.podLabels }}
+ ## Custom pod labels
+ {{- range $key, $value := .Values.podLabels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ annotations:
+ checksum/patterns: {{ include (print $.Template.BasePath "/patterns-config.yaml") . | sha256sum }}
+ checksum/templates: {{ include (print $.Template.BasePath "/files-config.yaml") . | sha256sum }}
+ checksum/pipeline: {{ include (print $.Template.BasePath "/pipeline-config.yaml") . | sha256sum }}
+ {{- if .Values.podAnnotations }}
+ ## Custom pod annotations
+ {{- range $key, $value := .Values.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ spec:
+ {{- if .Values.priorityClassName }}
+ priorityClassName: "{{ .Values.priorityClassName }}"
+ {{- end }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- if .Values.image.pullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.image.pullSecrets | indent 8 }}
+ {{- end }}
+ initContainers:
+{{- if .Values.extraInitContainers }}
+{{ toYaml .Values.extraInitContainers | indent 8 }}
+{{- end }}
+ containers:
+
+ ## logstash
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - name: monitor
+ containerPort: {{ .Values.exporter.logstash.target.port }}
+ protocol: TCP
+{{ toYaml .Values.ports | indent 12 }}
+ livenessProbe:
+{{ toYaml .Values.livenessProbe | indent 12 }}
+ readinessProbe:
+{{ toYaml .Values.readinessProbe | indent 12 }}
+ env:
+ ## Logstash monitoring API host and port env vars
+ - name: HTTP_HOST
+ value: "0.0.0.0"
+ - name: HTTP_PORT
+ value: {{ .Values.exporter.logstash.target.port | quote }}
+ ## Elasticsearch output
+ - name: ELASTICSEARCH_HOST
+ value: {{ .Values.elasticsearch.host | quote }}
+ - name: ELASTICSEARCH_PORT
+ value: {{ .Values.elasticsearch.port | quote }}
+ # Logstash Java Options
+ - name: LS_JAVA_OPTS
+ value: {{ .Values.logstashJavaOpts }}
+ ## Additional env vars
+ {{- range $key, $value := .Values.config }}
+ - name: {{ $key | upper | replace "." "_" }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.extraEnv }}
+{{ .Values.extraEnv | toYaml | indent 12 }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ volumeMounts:
+{{ toYaml .Values.volumeMounts | indent 12 }}
+
+{{- if .Values.exporter.logstash.enabled }}
+ ## logstash-exporter
+ - name: {{ .Chart.Name }}-exporter
+ image: "{{ .Values.exporter.logstash.image.repository }}:{{ .Values.exporter.logstash.image.tag }}"
+ imagePullPolicy: {{ .Values.exporter.logstash.image.pullPolicy }}
+ command: ["/bin/sh", "-c"]
+ ## Delay start of logstash-exporter to give logstash more time to come online.
+ args:
+ - >-
+ sleep 60;
+ exec /logstash_exporter
+ --logstash.endpoint=http://localhost:{{ .Values.exporter.logstash.target.port }}
+ --web.listen-address=:{{ .Values.exporter.logstash.port }}
+ ports:
+ - name: ls-exporter
+ containerPort: {{ .Values.exporter.logstash.port }}
+ protocol: TCP
+ livenessProbe:
+{{ toYaml .Values.exporter.logstash.livenessProbe | indent 12 }}
+ readinessProbe:
+{{ toYaml .Values.exporter.logstash.readinessProbe | indent 12 }}
+ {{- with .Values.exporter.logstash.config }}
+ env:
+ {{- range $key, $value := . }}
+ - name: {{ $key | upper | replace "." "_" }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.exporter.logstash.resources | indent 12 }}
+{{- end }}
+
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+ volumes:
+ - name: patterns
+ configMap:
+ name: {{ template "logstash.fullname" . }}-patterns
+ - name: files
+ configMap:
+ name: {{ template "logstash.fullname" . }}-files
+ - name: pipeline
+ configMap:
+ name: {{ template "logstash.fullname" . }}-pipeline
+ {{- with .Values.volumes }}
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- if not .Values.persistence.enabled }}
+ - name: data
+ emptyDir: {}
+{{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: data
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ {{- if .Values.persistence.storageClass }}
+ {{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+ {{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+ {{- end }}
+ {{- end }}
+{{- end }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+replicaCount: 1
+
+podDisruptionBudget:
+ maxUnavailable: 1
+
+updateStrategy:
+ type: RollingUpdate
+
+terminationGracePeriodSeconds: 30
+
+image:
+ repository: docker.elastic.co/logstash/logstash-oss
+ tag: 7.3.0
+ pullPolicy: IfNotPresent
+ ## Add secrets manually via kubectl on kubernetes cluster and reference here
+ # pullSecrets:
+ # - name: "myKubernetesSecret"
+
+service:
+ type: ClusterIP
+ # clusterIP: None
+ # nodePort:
+ # Set this to local, to preserve client source ip. Default stripes out the source ip
+ # externalTrafficPolicy: Local
+ annotations: {}
+ ## AWS example for use with LoadBalancer service type.
+ # external-dns.alpha.kubernetes.io/hostname: logstash.cluster.local
+ # service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+ # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ ports:
+ # syslog-udp:
+ # port: 1514
+ # targetPort: syslog-udp
+ # protocol: UDP
+ # syslog-tcp:
+ # port: 1514
+ # targetPort: syslog-tcp
+ # protocol: TCP
+ beats:
+ port: 5044
+ targetPort: 8080
+ protocol: TCP
+ # http:
+ # port: 8080
+ # targetPort: http
+ # protocol: TCP
+ # loadBalancerIP: 10.0.0.1
+ # loadBalancerSourceRanges:
+ # - 192.168.0.1
+ports:
+ # - name: syslog-udp
+ # containerPort: 1514
+ # protocol: UDP
+ # - name: syslog-tcp
+ # containerPort: 1514
+ # protocol: TCP
+ - name: beats
+ containerPort: 5044
+ protocol: TCP
+ # - name: http
+ # containerPort: 8080
+ # protocol: TCP
+
+ingress:
+ enabled: false
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ path: /
+ hosts:
+ - logstash.cluster.local
+ tls: []
+ # - secretName: logstash-tls
+ # hosts:
+ # - logstash.cluster.local
+
+# set java options like heap size
+logstashJavaOpts: "-Xmx1g -Xms1g"
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+priorityClassName: ""
+
+nodeSelector: {}
+
+tolerations: []
+
+securityContext:
+ fsGroup: 1000
+ runAsUser: 1000
+
+affinity: {}
+ # podAntiAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # - topologyKey: "kubernetes.io/hostname"
+ # labelSelector:
+ # matchLabels:
+ # release: logstash
+
+podAnnotations: {}
+ # iam.amazonaws.com/role: "logstash-role"
+ # prometheus.io/scrape: "true"
+ # prometheus.io/path: "/metrics"
+ # prometheus.io/port: "9198"
+
+podLabels: {}
+ # team: "developers"
+ # service: "logstash"
+
+extraEnv: []
+
+extraInitContainers: []
+ # - name: echo
+ # image: busybox
+ # imagePullPolicy: Always
+ # args:
+ # - echo
+ # - hello
+
+podManagementPolicy: OrderedReady
+ # can be OrderReady or Parallel
+#livenessProbe:
+ #httpGet:
+ #path: /
+ #port: monitor
+ #initialDelaySeconds: 20
+ # periodSeconds: 30
+ # timeoutSeconds: 30
+ # failureThreshold: 6
+ # successThreshold: 1
+
+#readinessProbe:
+ #httpGet:
+ #path: /
+ #port: monitor
+ #initialDelaySeconds: 20
+ # periodSeconds: 30
+ # timeoutSeconds: 30
+ # failureThreshold: 6
+ # successThreshold: 1
+
+persistence:
+ enabled: false
+ ## logstash data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessMode: ReadWriteOnce
+ size: 2Gi
+
+volumeMounts:
+ - name: data
+ mountPath: /usr/share/logstash/data
+ - name: patterns
+ mountPath: /usr/share/logstash/patterns
+ - name: files
+ mountPath: /usr/share/logstash/files
+ - name: pipeline
+ mountPath: /usr/share/logstash/pipeline
+
+volumes: []
+ # - name: tls
+ # secret:
+ # secretName: logstash-tls
+ # - name: pipeline
+ # configMap:
+ # name: logstash-pipeline
+ # - name: certs
+ # hostPath:
+ # path: /tmp
+
+exporter:
+ logstash:
+ enabled: false
+ image:
+ repository: bonniernews/logstash_exporter
+ tag: v0.1.2
+ pullPolicy: IfNotPresent
+ env: {}
+ resources: {}
+ path: /metrics
+ port: 9198
+ target:
+ port: 9600
+ path: /metrics
+ livenessProbe:
+ httpGet:
+ path: /metrics
+ port: ls-exporter
+ periodSeconds: 15
+ timeoutSeconds: 60
+ failureThreshold: 8
+ successThreshold: 1
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: ls-exporter
+ periodSeconds: 15
+ timeoutSeconds: 60
+ failureThreshold: 8
+ successThreshold: 1
+
+elasticsearch:
+ host: elasticsearch-data.kube-system.svc.rec.io
+ port: 9200
+
+## ref: https://github.com/elastic/logstash-docker/blob/master/build/logstash/env2yaml/env2yaml.go
+config:
+ config.reload.automatic: "true"
+ path.config: /usr/share/logstash/pipeline
+ path.data: /usr/share/logstash/data
+
+ ## ref: https://www.elastic.co/guide/en/logstash/current/persistent-queues.html
+ queue.checkpoint.writes: 1
+ queue.drain: "true"
+ queue.max_bytes: 1gb # disk capacity must be greater than the value of `queue.max_bytes`
+ queue.type: persisted
+
+## Patterns for filters.
+## Each YAML heredoc will become a separate pattern file.
+patterns:
+ # main: |-
+ # TESTING {"foo":.*}$
+
+## Custom files that can be referenced by plugins.
+## Each YAML heredoc will become located in the logstash home directory under
+## the files subdirectory.
+files:
+ # logstash-template.json: |-
+ # {
+ # "order": 0,
+ # "version": 1,
+ # "index_patterns": [
+ # "logstash-*"
+ # ],
+ # "settings": {
+ # "index": {
+ # "refresh_interval": "5s"
+ # }
+ # },
+ # "mappings": {
+ # "doc": {
+ # "_meta": {
+ # "version": "1.0.0"
+ # },
+ # "enabled": false
+ # }
+ # },
+ # "aliases": {}
+ # }
+
+## Custom binary files encoded as base64 string that can be referenced by plugins
+## Each base64 encoded string is decoded & mounted as a file under logstash home directory under
+## the files subdirectory.
+binaryFiles: {}
+
+## NOTE: To achieve multiple pipelines with this chart, current best practice
+## is to maintain one pipeline per chart release. In this way configuration is
+## simplified and pipelines are more isolated from one another.
+
+inputs:
+ main: |-
+ input {
+ # udp {
+ # port => 1514
+ # type => syslog
+ # }
+ # tcp {
+ # port => 1514
+ # type => syslog
+ # }
+ #beats {
+ # port => 5044
+ #}
+ http {
+ port => 8080
+ }
+ # http {
+ # port => 8080
+ # }
+ # kafka {
+ # ## ref: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-kafka.html
+ # bootstrap_servers => "kafka-input:9092"
+ # codec => json { charset => "UTF-8" }
+ # consumer_threads => 1
+ # topics => ["source"]
+ # type => "example"
+ # }
+ }
+
+
+filters:
+ main: |-
+ filter {
+ if "GS-LITE MC" in [message] {
+ if "mc_connected_cnt" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","count_connected_ue","TS"]
+ separator => ","
+ convert => {
+ "count_connected_ue" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "mc_unique_ue_cnt" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","count_unique_ue","TS"]
+ separator => ","
+ convert => {
+ "count_unique_ue" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "reconfig_status_reject_cause" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","total_reconfig_reject","count_radio_network","count_transport","count_protocol","count_misc","GNB_ID","TS"]
+ separator => ","
+ convert => {
+ "total_reconfig_reject" => "integer"
+ "count_radio_network" => "integer"
+ "count_transport" => "integer"
+ "count_protocol" => "integer"
+ "count_misc" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "release_req_success_stats" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","min_success_time","max_success_time","avg_success_time","pctl_05_success_time","pctl_95_success_time","GNB_ID","stddev_success_time","TS"]
+ separator => ","
+ convert => {
+ "min_success_time" => "float"
+ "max_success_time" => "float"
+ "avg_success_time" => "float"
+ "pctl_05_success_time" => "float"
+ "pctl_95_success_time" => "float"
+ "stddev_success_time" => "float"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "mod_status_refuse_cause" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","total_reconfig_refuse","count_radio_network","count_transport","count_protocol","count_misc","GNB_ID","TS"]
+ separator => ","
+ convert => {
+ "total_reconfig_refuse" => "integer"
+ "count_radio_network" => "integer"
+ "count_transport" => "integer"
+ "count_protocol" => "integer"
+ "count_misc" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "release_cause" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","total_reconfig_refuse","count_radio_network","count_transport","count_protocol","count_misc","GNB_ID","TS"]
+ separator => ","
+ convert => {
+ "total_reconfig_refuse" => "integer"
+ "count_radio_network" => "integer"
+ "count_transport" => "integer"
+ "count_protocol" => "integer"
+ "count_misc" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "addreq_pdf_nr_gnb" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","rsrp_medium","rsrp_bad","cnt","rsrp_vbad","GNB_ID","rsrp_good","rsrp_vgood","TS"]
+ separator => ","
+ convert => {
+ "rsrp_medium" => "integer"
+ "rsrp_bad" => "integer"
+ "cnt" => "integer"
+ "rsrp_vbad" => "integer"
+ "rsrp_good" => "integer"
+ "rsrp_vgood" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "addreq_success_stats" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","stddev_success_time","max_success_time","avg_success_time","pctl_95_success_time","pctl_05_success_time","GNB_ID","min_success_time","TS"]
+ separator => ","
+ convert => {
+ "stddev_success_time" => "float"
+ "max_success_time" => "float"
+ "avg_success_time" => "float"
+ "pctl_95_success_time" => "float"
+ "pctl_05_success_time" => "float"
+ "min_success_time" => "float"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "mc_connects_cnt" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","count_ue_connects","TS"]
+ separator => ","
+ convert => {
+ "count_ue_connects" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "erab_stats" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","qCI_other","total_erabs","qCI_9","qCI_8","qCI_7","qCI_6","qCI_5","qCI_4","qCI_3","qCI_2","qCI_1","TS"]
+ separator => ","
+ convert => {
+ "qCI_other" => "integer"
+ "total_erabs" => "integer"
+ "qCI_9" => "integer"
+ "qCI_8" => "integer"
+ "qCI_7" => "integer"
+ "qCI_6" => "integer"
+ "qCI_5" => "integer"
+ "qCI_4" => "integer"
+ "qCI_3" => "integer"
+ "qCI_2" => "integer"
+ "qCI_1" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "mc_disconnects_cnt" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","count_ue_disconnects","TS"]
+ separator => ","
+ convert => {
+ "count_ue_disconnects" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "reconfig_status_success_rate" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","successful_reconfiguration_requests","GNB_ID","success_rate","total_reconfiguration_requests","TS"]
+ separator => ","
+ convert => {
+ "successful_reconfiguration_requests" => "integer"
+ "success_rate" => "integer"
+ "total_reconfiguration_requests" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "addreq_pdf_nr_cell" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","rsrp_medium","rsrp_bad","cnt","rsrp_vbad","CELL_ID","rsrp_good","rsrp_vgood","TS"]
+ separator => ","
+ convert => {
+ "rsrp_medium" => "integer"
+ "rsrp_bad" => "integer"
+ "cnt" => "integer"
+ "rsrp_vbad" => "integer"
+ "CELL_ID" => "integer"
+ "rsrp_good" => "integer"
+ "rsrp_vgood" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "rrcx_pdf_serv_cell" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","rsrp_medium","rsrp_bad","cnt","rsrp_vbad","CELL_ID","rsrp_good","rsrp_vgood","TS"]
+ separator => ","
+ convert => {
+ "rsrp_medium" => "integer"
+ "rsrp_bad" => "integer"
+ "cnt" => "integer"
+ "rsrp_vbad" => "integer"
+ "CELL_ID" => "integer"
+ "rsrp_good" => "integer"
+ "rsrp_vgood" => "integer"
+ "TS" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "rrcx_stats_serv_gnb" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","median_rsrp","cnt","max_rsrp","stddev_rsrp","GNB_ID","pctl_95_rsrp","pctl_05_rsrp","TS","min_rsrp"]
+ separator => ","
+ convert => {
+ "median_rsrp" => "integer"
+ "cnt" => "integer"
+ "max_rsrp" => "integer"
+ "stddev_rsrp" => "float"
+ "pctl_95_rsrp" => "integer"
+ "pctl_05_rsrp" => "integer"
+ "TS" => "integer"
+ "min_rsrp" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "addreq_stats_nr_cell" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","median_rsrp","cnt","max_rsrp","stddev_rsrp","CELL_ID","pctl_95_rsrp","pctl_05_rsrp","TS","min_rsrp"]
+ separator => ","
+ convert => {
+ "median_rsrp" => "integer"
+ "cnt" => "integer"
+ "max_rsrp" => "integer"
+ "stddev_rsrp" => "float"
+ "CELL_ID" => "integer"
+ "pctl_95_rsrp" => "integer"
+ "pctl_05_rsrp" => "integer"
+ "TS" => "integer"
+ "min_rsrp" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "addreq_stats_nr_gnb" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","median_rsrp","cnt","max_rsrp","stddev_rsrp","GNB_ID","pctl_95_rsrp","pctl_05_rsrp","TS","min_rsrp"]
+ separator => ","
+ convert => {
+ "median_rsrp" => "integer"
+ "cnt" => "integer"
+ "max_rsrp" => "integer"
+ "stddev_rsrp" => "float"
+ "pctl_95_rsrp" => "integer"
+ "pctl_05_rsrp" => "integer"
+ "TS" => "integer"
+ "min_rsrp" => "integer"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ else if "mc_connection_stats" in [message] {
+ csv {
+ columns => ["reportingEntityName","eventType","avg_connected_time","pctl_05_connected_time","pctl_95_connected_time","min_connected_time","stddev_connected_time", "max_connected_time", "TS"]
+ separator => ","
+ convert => {
+ "avg_connected_time" => "float"
+ "pctl_05_connected_time" => "float"
+ "pctl_95_connected_time" => "float"
+ "min_connected_time" => "float"
+ "stddev_connected_time" => "float"
+ "max_connected_time" => "float"
+ "TS" => "float"
+ }
+ }
+ date {
+ match => [ "TS", "UNIX" ]
+ target => "TS"
+ }
+ }
+ }
+ else if "AC xAPP" in [message] {
+ csv {
+ columns => ["reportingEntityName","SgNB_Request_Rate","SgNB_Accept_Rate"]
+ separator => ","
+ convert => {
+ "SgNB_Request_Rate" => "integer"
+ "SgNB_Accept_Rate" => "integer"
+ }
+ }
+ }
+ else {
+ csv {
+ columns => ["reportingEntityName","Unknown1","Unknown2"]
+ separator => ","
+ }
+ }
+ }
+
+
+outputs:
+ main: |-
+ output {
+ if "GS-LITE MC" in [reportingEntityName] {
+ if "mc_connected_cnt" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-connected-cnt"
+ }
+ }
+ else if "erab_stats" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-erab-stats"
+ }
+ }
+ else if "reconfig_status_reject_cause" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-reconfig-status-reject-cause"
+ }
+ }
+ else if "release_req_success_stats" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-release-req-success-stats"
+ }
+ }
+ else if "mod_status_refuse_cause" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-mod-status-refuse-cause"
+ }
+ }
+ else if "release_cause" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-release-cause"
+ }
+ }
+ else if "mc_unique_ue_cnt" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-unique-ue-cnt"
+ }
+ }
+ else if "mc_connection_stats" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-conn-stats"
+ }
+ }
+ else if "addreq_pdf_nr_gnb" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-addreq-pdf-nr-gnb"
+ }
+ }
+ else if "rrcx_stats_serv_gnb" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-rrcx-stats-serv-gnb"
+ }
+ }
+ else if "rrcx_pdf_serv_cell" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-rrcx-pdf-serv-cell"
+ }
+ }
+ else if "reconfig_status_success_rate" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-reconfig-status-success-rate"
+ }
+ }
+ else if "mc_disconnects_cnt" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-disconnects-cnt"
+ }
+ }
+ else if "mc_connects_cnt" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-connects-cnt"
+ }
+ }
+ else if "addreq_success_stats" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-addreq-success-stats"
+ }
+ }
+ else if "addreq_stats_nr_gnb" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-addreq-stats-nr-gnb"
+ }
+ }
+ else if "addreq_stats_nr_cell" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-addreq-stats-nr-cell"
+ }
+ }
+ else if "addreq_pdf_nr_cell" in [eventType] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-mc-addreq-pdf-nr-cell"
+ }
+ }
+ }
+ else if "AC xAPP" in [reportingEntityName] {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-ac"
+ }
+ }
+ else {
+ elasticsearch {
+ hosts => "elasticsearch-data.kube-system.svc.rec.io"
+ index => "events-ves-other"
+ }
+ }
+ }
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+dependencies:
+- name: elasticsearch
+ version: ^7.3.0
+ condition: elasticsearch.enabled
+- name: kibana
+ version: ^7.3.0
+ condition: kibana.enabled
+- name: logstash
+ version: ^1.6.0
+ condition: logstash.enabled
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# Default values for elk.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+elasticsearch:
+ enabled: true
+
+kibana:
+ enabled: true
+ env:
+ ELASTICSEARCH_HOSTS: http://{{ .Release.Name }}-elasticsearch-client:9200
+
+logstash:
+ enabled: true
+ # elasticsearch:
+ # host: elastic-stack-elasticsearch-client
ports:
- port: {{ $root.Values.service.externalPort }}
targetPort: {{ $root.Values.service.externalPort }}
- nodePort: {{ $root.Values.service.baseNodePort | add $i }}
+ nodePort: {{ add 30940 $i }}
name: {{ $root.Values.service.name }}-{{ $i }}
{{ end }}
################################################################################
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
spec:
serviceName: {{ .Values.service.name }}
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
podManagementPolicy: Parallel
template:
metadata:
value: "{{ .Values.replicaCount }}"
- name: KAFKA_NUM_PARTITIONS
value: "{{ .Values.defaultpartitions }}"
+ - name: KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS
+ value: "60000"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
heritage: "{{ .Release.Service }}"
{{ end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: "docker-reg-cred"
\ No newline at end of file
selector:
matchLabels:
app: {{ include "common.name" . }}
- maxUnavailable: {{ include "zk.maxUnavailable" . }}
+ maxUnavailable: 1
################################################################################
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
spec:
serviceName: {{ .Values.service.name }}
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
updateStrategy:
type: RollingUpdate
rollingUpdate:
- maxUnavailable: {{ .Values.maxUnavailable }}
+ maxUnavailable: {{ .Values.rollingUpdate.maxUnavailable }}
podManagementPolicy: Parallel
template:
metadata:
- sh
- -exec
- >
- chown -R 1000:1000 /tmp/zookeeper/apikeys;
+ mkdir -p /tmp/zookeeper/apikeys/version-2 && chown -R 1000:1000 /tmp/zookeeper/apikeys;
image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
heritage: "{{ .Release.Service }}"
{{ end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: "docker-reg-cred"
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+# subchart configurations
+message-router-kafka:
+ ubuntuInitRepository: docker.io
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ busyBoxRepository: docker.io
+ busyBoxImage: busybox:1.30
+ onapRepository: nexus3.onap.org:10001
+ image: onap/dmaap/kafka111:1.0.0
+ replicaCount: 3
+ service:
+ baseNodePort: 30490
+
+message-router-zookeeper:
+ ubuntuInitRepository: docker.io
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ busyBoxRepository: docker.io
+ busyBoxImage: busybox:1.30
+ onapRepository: nexus3.onap.org:10001
+ image: onap/dmaap/zookeeper:5.0.0
+ replicaCount: 3
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-name: onap
-version: 5.0.0
-appVersion: El Alto
-description: Open Network Automation Platform (ONAP)
-home: https://www.onap.org/
-sources:
-- https://gerrit.onap.org/r/#/admin/projects/
-icon: https://wiki.onap.org/download/thumbnails/1015829/onap_704x271%20copy.png?version=1&modificationDate=1488326334000&api=v2
+++ /dev/null
-# Copyright © 2019 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Referencing a named repo called 'local'.
-# Can add this repo by running commands like:
-# > helm serve
-# > helm repo add local http://127.0.0.1:8879
-dependencies:
- - name: ric-common
- version: ~2.0.0
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
- nodePortPrefixExt: 304
-
- # ONAP Repository
- # Uncomment the following to enable the use of a single docker
- # repository but ONLY if your repository mirrors all ONAP
- # docker images. This includes all images from dockerhub and
- # any other repository that hosts images for ONAP components.
- #repository: nexus3.onap.org:10001
-
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
- # logging agent - temporary repo until images migrated to nexus3
- loggingRepository: docker.elastic.co
-
- # image pull policy
- pullPolicy: IfNotPresent
-
- # override default mount path root directory
- # referenced by persistent volumes and log files
- persistence:
- mountPath: /dockerdata-nfs
-
- # flag to enable debugging - application support required
- debugEnabled: true
-
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the ONAP deployment.
-#################################################################
-aaf:
- enabled: false
-aai:
- enabled: false
- aai-cassandra:
- replicaCount: 1
-appc:
- enabled: false
-cassandra:
- enabled: false
- replicaCount: 1
-clamp:
- enabled: false
-cli:
- enabled: false
-consul:
- enabled: false
-contrib:
- enabled: false
-dcaegen2:
- enabled: false
-dmaap:
- enabled: false
-esr:
- enabled: false
-log:
- enabled: false
- log-logstash:
- replicaCount: 1
-sniro-emulator:
- enabled: false
-oof:
- enabled: false
-mariadb-galera:
- enabled: false
-msb:
- enabled: false
-multicloud:
- enabled: false
-nbi:
- enabled: false
-policy:
- enabled: false
-pomba:
- enabled: false
-portal:
- enabled: false
-robot:
- enabled: true
-sdc:
- enabled: false
-sdnc:
- enabled: false
-
- replicaCount: 1
-
- mysql:
- replicaCount: 1
-so:
- enabled: false
-
- replicaCount: 1
-
- liveness:
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
- # so server configuration
- config:
- # message router configuration
- dmaapTopic: "AUTO"
- # openstack configuration
- openStackUserName: "vnf_user"
- openStackRegion: "RegionOne"
- openStackKeyStoneUrl: "http://1.2.3.4:5000"
- openStackServiceTenantName: "service"
- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
-
- # configure embedded mariadb
- mariadb:
- config:
- mariadbRootPassword: password
-uui:
- enabled: false
-vfc:
- enabled: false
-vid:
- enabled: false
-vnfsdk:
- enabled: false
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# This override file is useful to test one or more subcharts.
-# It overrides the default ONAP parent chart behaviour to deploy
-# all of ONAP.
-#
-# Example use to enable a single subchart (from this directory):
-#
-# helm install local/onap -n onap --namespace onap -f disable-allcharts.yaml --set so.enabled=true
-
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the ONAP deployment.
-#################################################################
-aaf:
- enabled: false
-aai:
- enabled: false
-appc:
- enabled: false
-cassandra:
- enabled: false
-clamp:
- enabled: false
-cli:
- enabled: false
-consul:
- enabled: false
-contrib:
- enabled: false
-dcaegen2:
- enabled: false
-dmaap:
- enabled: false
-esr:
- enabled: false
-log:
- enabled: false
-sniro-emulator:
- enabled: false
-mariadb-galera:
- enabled: false
-msb:
- enabled: false
-multicloud:
- enabled: false
-nbi:
- enabled: false
-oof:
- enabled: false
-policy:
- enabled: false
-pomba:
- enabled: false
-portal:
- enabled: false
-robot:
- enabled: false
-sdc:
- enabled: false
-sdnc:
- enabled: false
-so:
- enabled: false
-uui:
- enabled: false
-vfc:
- enabled: false
-vid:
- enabled: false
-vnfsdk:
- enabled: false
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# This override file is used to deploy a minmal configuration to
-# to onboard and deploy a VNF.
-# It includes the following components:
-# A&AI, DMAAP, Portal, Robot, SDC, SDNC, SO, VID
-#
-# Minimal resources are also reviewed for the various containers
-# A&AI: no override => to be fixed
-# DMAAP: no override
-# Portal: new values
-# Robot: new values
-# SO: no override
-# SDC: new values
-# SDNC: no override
-# VID: no override
-#
-# Replica are set to 1 (A&AI Cassandra)
-#
-# In addition, some parameters are set to limit the memory footprint
-#
-# It overrides the default ONAP parent chart behaviour to deploy
-# all of ONAP.
-#
-# helm deploy minimal local/onap --namespace onap -f minimal-onap.yaml
-
-#################################################################
-# Minimal ONAP deployment to onboard and deploy a VNF
-#################################################################
-aai:
- enabled: true
- global:
- cassandra:
- replicas: 1
- aai-cassandra:
- replicaCount: 1
-aaf:
- enabled: false
-appc:
- enabled: false
-cassandra:
- enabled: false
- replicaCount: 1
-clamp:
- enabled: false
-cli:
- enabled: false
-consul:
- enabled: false
-contrib:
- enabled: false
-dcaegen2:
- enabled: false
-dmaap:
- enabled: true
-esr:
- enabled: false
-log:
- enabled: false
-mariadb-galera:
- enabled: true
-msb:
- enabled: false
-multicloud:
- enabled: false
-nbi:
- enabled: false
-oof:
- enabled: false
-policy:
- enabled: false
-pomba:
- enabled: false
-portal:
- enabled: true
- portal-cassandra:
- config:
- cassandraJvmOpts: "-Xmx512m -Xms256m"
- resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 1Gi
- portal-app:
- resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 1Gi
- resources:
- portal-mariaddb:
- resources:
- small:
- limits:
- cpu: 800m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 500Mi
- portal-widget:
- resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 500Mi
-robot:
- enabled: true
- config:
- openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
- resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 100Mi
-sdc:
- enabled: true
- sdc-be:
- config:
- javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4000,server=y,suspend=n -Xmx512m -Xms256m"
- sdc-fe:
- resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 10m
- memory: 500Mi
- sdc-cs:
- config:
- maxHeapSize: "512M"
- heapNewSize: "256M"
-sdnc:
- enabled: true
-sniro-emulator:
- enabled: false
-so:
- enabled: true
- config:
- # openstack configuration
- openStackUserName: "$OPENSTACK_USER_NAME"
- openStackRegion: "$OPENSTACK_REGION"
- openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL"
- openStackServiceTenantName: "$OPENSTACK_TENANT_NAME"
- openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
-uui:
- enabled: false
-vid:
- enabled: true
-vfc:
- enabled: false
-vnfsdk:
- enabled: false
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#
-#
-# This is specifically for the environments which take time to
-# deploy ONAP. This increase in timeouts prevents restarting of
-# the pods thereby the components will be deployed without error.
-#################################################################
-aaf:
- aaf-cs:
- liveness:
- initialDelaySeconds: 240
- readiness:
- initialDelaySeconds: 240
- aaf-gui:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- aaf-oauth:
- liveness:
- initialDelaySeconds: 300
- readiness:
- initialDelaySeconds: 300
- aaf-service:
- liveness:
- initialDelaySeconds: 300
- readiness:
- initialDelaySeconds: 300
-aai:
- aai-champ:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-cassandra:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-clamp:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
-dcaegen2:
- dcae-cloudify-manager:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-dmaap:
- dmaap-bus-controller:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- message-router:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- dmaap-dr-prov:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- dmaap-dr-node:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-
-portal:
- portal-app:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
-sdc:
- sdc-be:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- sdc-cs:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- sdc-es:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 120
- sdc-onboarding-be:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-sdnc:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
-
- dmaap-listener:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- sdnc-ansible-server:
- readiness:
- initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
- ueb-listener:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
-
-so:
- liveness:
- initialDelaySeconds: 120
- so-mariadb:
- liveness:
- initialDelaySeconds: 900
- readiness:
- initialDelaySeconds: 900
-
-uui:
- uui-server:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-mariadb-galera:
- mariadb-galera-server:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-
+++ /dev/null
-# Copyright © 2017,2019 Amdocs, AT&T , Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#
-#
-# This is specifically for the environments which take time to
-# deploy ONAP. This increase in timeouts prevents false restarting of
-# the pods during startup configuration.
-#
-# These timers have been tuned by the ONAP integration team. They
-# have been tested and validated in the ONAP integration lab (Intel/Windriver lab).
-# They are however indicative and may be adapted to your environment as they
-# depend on the performance of the infrastructure you are installing ONAP on.
-#
-# Please note that these timers must remain reasonable, in other words, if
-# your infrastructure is not performant enough, extending the timers to very
-# large value may not fix all installation issues on over subscribed hardware.
-#
-#################################################################
-aaf:
- aaf-cs:
- liveness:
- initialDelaySeconds: 240
- readiness:
- initialDelaySeconds: 240
- aaf-gui:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- aaf-oauth:
- liveness:
- initialDelaySeconds: 300
- readiness:
- initialDelaySeconds: 300
- aaf-service:
- liveness:
- initialDelaySeconds: 300
- readiness:
- initialDelaySeconds: 300
-aai:
- liveness:
- initialDelaySeconds: 120
- aai-champ:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- aai-data-router:
- liveness:
- initialDelaySeconds: 120
- aai-sparky-be:
- liveness:
- initialDelaySeconds: 120
- aai-spike:
- liveness:
- initialDelaySeconds: 120
- aai-cassandra:
- liveness:
- periodSeconds: 120
- readiness:
- periodSeconds: 60
-appc:
- mariadb-galera:
- liveness:
- initialDelaySeconds: 180
- periodSeconds: 60
-cassandra:
- liveness:
- initialDelaySeconds: 120
- periodSeconds: 120
- readiness:
- initialDelaySeconds: 120
- periodSeconds: 60
-clamp:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
-dcaegen2:
- dcae-cloudify-manager:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-dmaap:
- dmaap-bus-controller:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- message-router:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- dmaap-dr-prov:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- mariadb:
- liveness:
- initialDelaySeconds: 180
- periodSeconds: 60
- dmaap-dr-node:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-mariadb-galera:
- liveness:
- initialDelaySeconds: 180
- periodSeconds: 60
- mariadb-galera-server:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-modeling:
- mariadb-galera:
- liveness:
- initialDelaySeconds: 180
- periodSeconds: 60
-oof:
- oof-has:
- music:
- music-cassandra:
- liveness:
- periodSeconds: 120
- readiness:
- periodSeconds: 60
-portal:
- portal-app:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
- portal-cassandra:
- liveness:
- periodSeconds: 120
- readiness:
- periodSeconds: 60
-sdc:
- sdc-be:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- sdc-cs:
- liveness:
- initialDelaySeconds: 120
- periodSeconds: 120
- readiness:
- initialDelaySeconds: 120
- periodSeconds: 60
- sdc-es:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 120
- sdc-onboarding-be:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-sdnc:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
- dmaap-listener:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- mariadb-galera:
- liveness:
- initialDelaySeconds: 180
- periodSeconds: 60
- sdnc-ansible-server:
- readiness:
- initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
- ueb-listener:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
-so:
- liveness:
- initialDelaySeconds: 120
- mariadb:
- liveness:
- initialDelaySeconds: 900
- readiness:
- initialDelaySeconds: 900
-uui:
- uui-server:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-vfc:
- mariadb-galera:
- liveness:
- initialDelaySeconds: 180
- periodSeconds: 60
+++ /dev/null
-# Copyright © 2019 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-###################################################################
-# This override file enables helm charts for all ONAP applications.
-###################################################################
-cassandra:
- enabled: true
-mariadb-galera:
- enabled: true
-
-aaf:
- enabled: true
-aai:
- enabled: true
-appc:
- enabled: true
-clamp:
- enabled: true
-cli:
- enabled: true
-consul:
- enabled: true
-contrib:
- enabled: true
-dcaegen2:
- enabled: true
-dmaap:
- enabled: true
-esr:
- enabled: true
-log:
- enabled: true
-sniro-emulator:
- enabled: true
-oof:
- enabled: true
-msb:
- enabled: true
-multicloud:
- enabled: true
-nbi:
- enabled: true
-policy:
- enabled: true
-pomba:
- enabled: true
-portal:
- enabled: true
-robot:
- enabled: true
-sdc:
- enabled: true
-sdnc:
- enabled: true
-so:
- enabled: true
-uui:
- enabled: true
-vfc:
- enabled: true
-vid:
- enabled: true
- ingress:
- enabled: true
-vnfsdk:
- enabled: true
-nginx-ingress:
- enabled: true
+++ /dev/null
-# Copyright © 2019 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-###################################################################
-# This override file enables helm charts for all ONAP applications.
-###################################################################
-cassandra:
- enabled: true
-mariadb-galera:
- enabled: true
-
-aaf:
- enabled: true
-aai:
- enabled: true
-appc:
- enabled: true
-clamp:
- enabled: true
-cli:
- enabled: true
-consul:
- enabled: true
-contrib:
- enabled: true
-dcaegen2:
- enabled: true
-dmaap:
- enabled: true
-esr:
- enabled: true
-log:
- enabled: true
-sniro-emulator:
- enabled: true
-oof:
- enabled: true
-msb:
- enabled: true
-multicloud:
- enabled: true
-nbi:
- enabled: true
-policy:
- enabled: true
-pomba:
- enabled: true
-portal:
- enabled: true
-robot:
- enabled: true
-sdc:
- enabled: true
-sdnc:
- enabled: true
-so:
- enabled: true
-uui:
- enabled: true
-vfc:
- enabled: true
-vid:
- enabled: true
-vnfsdk:
- enabled: true
-modeling:
- enabled: true
+++ /dev/null
-# Copyright © 2019 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-###################################################################
-# This override file enables ONAP Application helm charts for the
-# vFW use case.
-###################################################################
-cassandra:
- enabled: true
-mariadb-galera:
- enabled: true
-
-aaf:
- enabled: true
-aai:
- enabled: true
-appc:
- enabled: true
-clamp:
- enabled: true
-consul:
- enabled: true
-dcaegen2:
- enabled: true
-dmaap:
- enabled: true
-log:
- enabled: true
-oof:
- enabled: true
-msb:
- enabled: true
-policy:
- enabled: true
-portal:
- enabled: true
-robot:
- enabled: true
-sdc:
- enabled: true
-sdnc:
- enabled: true
-so:
- enabled: true
\ No newline at end of file
+++ /dev/null
-# Copyright © 2019 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# This override file configures openstack parameters for ONAP
-#################################################################
-appc:
- config:
- enableClustering: false
- openStackType: "OpenStackProvider"
- openStackName: "OpenStack"
- openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
- openStackServiceTenantName: "OPENSTACK_TENANTNAME_HERE"
- openStackDomain: "Default"
- openStackUserName: "OPENSTACK_USERNAME_HERE"
- openStackEncryptedPassword: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
-robot:
- appcUsername: "appc@appc.onap.org"
- appcPassword: "demo123456!"
- openStackKeyStoneUrl: "http://10.12.25.2:5000"
- openStackPublicNetId: "971040b2-7059-49dc-b220-4fab50cb2ad4"
- openStackTenantId: "09d8566ea45e43aa974cf447ed591d77"
- openStackUserName: "OPENSTACK_USERNAME_HERE"
- ubuntu14Image: "ubuntu-14-04-cloud-amd64"
- ubuntu16Image: "ubuntu-16-04-cloud-amd64"
- openStackPrivateNetId: "c7824f00-bef7-4864-81b9-f6c3afabd313"
- openStackPrivateSubnetId: "2a0e8888-f93e-4615-8d28-fc3d4d087fc3"
- openStackPrivateNetCidr: "10.0.0.0/16"
- openStackSecurityGroup: "3a7a1e7e-6d15-4264-835d-fab1ae81e8b0"
- openStackOamNetworkCidrPrefix: "10.0"
- dcaeCollectorIp: "10.12.6.88"
- vnfPubKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKXDgoo3+WOqcUG8/5uUbk81+yczgwC4Y8ywTmuQqbNxlY1oQ0YxdMUqUnhitSXs5S/yRuAVOYHwGg2mCs20oAINrP+mxBI544AMIb9itPjCtgqtE2EWo6MmnFGbHB4Sx3XioE7F4VPsh7japsIwzOjbrQe+Mua1TGQ5d4nfEOQaaglXLLPFfuc7WbhbJbK6Q7rHqZfRcOwAMXgDoBqlyqKeiKwnumddo2RyNT8ljYmvB6buz7KnMinzo7qB0uktVT05FH9Rg0CTWH5norlG5qXgP2aukL0gk1ph8iAt7uYLf1ktp+LJI2gaF6L0/qli9EmVCSLr1uJ38Q8CBflhkh"
- demoArtifactsVersion: "1.4.0-SNAPSHOT"
- demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases"
- scriptVersion: "1.4.0-SNAPSHOT"
- rancherIpAddress: "10.12.5.127"
- config:
- # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
- openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
-so:
- # so server configuration
- so-catalog-db-adapter:
- config:
- openStackUserName: "OPENSTACK_USERNAME_HERE"
- openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
- openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
-nbi:
- config:
- # openstack configuration
- openStackRegion: "Yolo"
- openStackVNFTenantId: "1234"
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-
-{{/*
- Resolve the image repository secret token.
- The value for .Values.global.repositoryCred is used:
- repositoryCred:
- user: user
- password: password
- mail: email (optional)
-*/}}
-{{- define "common.repository.secret" -}}
- {{- $repo := include "common.repository" . }}
- {{- $repo := default "nexus3.onap.org:10001" $repo }}
- {{- $cred := .Values.global.repositoryCred }}
- {{- $mail := default "@" $cred.mail }}
- {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }}
- {{- printf "{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}" $repo $cred.user $cred.password $mail $auth | b64enc -}}
-{{- end -}}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
- name: {{ include "common.namespace" . }}-binding
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
- - kind: ServiceAccount
- name: default
- namespace: {{ include "common.namespace" . }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.namespace" . }}-docker-registry-key
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
- .dockercfg: {{ include "common.repository.secret" . }}
-type: kubernetes.io/dockercfg
+++ /dev/null
-{{/*
-# Copyright © 2019 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ if .Values.global.persistence.enableDefaultStorageclass }}
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
- name: "{{ include "common.namespace" . }}-default-storageclass"
- namespace: {{ include "common.namespace" . }}
- annotations:
- storageclass.kubernetes.io/is-default-class: "true"
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-provisioner: {{ .Values.global.persistence.storageclassProvisioner }}
-reclaimPolicy: {{ .Values.global.persistence.volumeReclaimPolicy }}
-parameters:
-{{ toYaml .Values.global.persistence.parameters | indent 2 }}
-{{ end }}
+++ /dev/null
-# Copyright © 2019 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- # default mount path root directory referenced
- # by persistent volumes and log files
- persistence:
- mountPath: /dockerdata-nfs
- enableDefaultStorageclass: false
- parameters: {}
- storageclassProvisioner: kubernetes.io/no-provisioner
- volumeReclaimPolicy: Retain
# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
ext_central_access_user_name = aaf_admin@people.osaaf.org
ext_central_access_password = VTCIC7wfMI0Zy61wkqKQC0bF0EK2YmL2JLl1fQU2YC4=
-ext_central_access_url = https://aaf-service:8100/authz/
+ext_central_access_url = https://aaf-service.onap:8100/authz/
ext_central_access_user_domain = @people.osaaf.org
# External Central Auth system access
remote_centralized_system_access = true
#cookie domain
-cookie_domain = onap.org
+cookie_domain = {{.Values.global.cookieDomain}}
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
+ {{- if .Values.annotations }}
+ annotations:
+ {{- .Values.annotations | nindent 8 -}}
+ {{ end }}
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
portalFEPort: "30225"
# application's front end hostname. Must be resolvable on the client side environment
portalHostName: "portal.api.simpledemo.onap.org"
+ cookieDomain: "onap.org"
keystoreFile: "keystoreONAPPortal.p12"
truststoreFile: "truststoreONAPall.jks"
keypass: ",@{9!OOv%HO@#c+0Z}axu!xV"
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+ nodeAffinity:
+ required:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: portal-storage
+ operator: In
+ values:
+ - enable
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
{{- end -}}
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: portal/cassandra/data
+ storageClass: "manual"
+
service:
type: ClusterIP
/* Create RIC Dashboard app */
INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
-(12, 'RIC-Dashboard', '', NULL, NULL, 'http://{{.Values.config.ricdashboardHostName}}:{{.Values.config.ricdashboardPort}}', '','http://portal.api.simpledemo.onap.org:8990/ONAPPORTALSDK/api/v2', '', '', NULL, 'password', 'N', 'Y', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL);
-
+(12, 'RIC-Dashboard', '', NULL, NULL, '{{.Values.config.ricdashboardProtocol}}://{{.Values.config.ricdashboardHostName}}:{{.Values.config.ricdashboardPort}}', '','http://service-ricaux-dashboard-http:8080/api/v3', '', '', NULL, 'password', 'N', 'Y', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL);
/*
UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y';
-/*
-Onboard LF Acumos App
-*/
-INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
-(11, 'LF Acumos Marketplace', 'images/cache/portal_907838932_26954.png', NULL, NULL, 'https://marketplace.acumos.org/#/home', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 2,'N',NULL);
-
-
--- add Acumos thumbnail
-UPDATE`fn_app`SET`thumbnail`=0x89504E470D0A1A0A0000000D494844520000010D0000004408060000009B326018000000017352474200AECE1CE90000000467414D410000B18F0BFC6105000000097048597300000EC400000EC401952B0E1B000051D749444154785EED7D07605555D6F54AEFBDF742120221F41E7A930E0A2A36D451B18E7DFC6C63EF3ACE388EBD6043054511A448EFBD844012D27BEFBD27FF5EFBBD28202558E67766B2E0E625EFB673CB5E67ED7DF639C7A443803F289A9BDB50515E8F152BE2B07A6D124C4C4DE0E06085871F9A0467672B242695A0ADDD048BBF3884E69676B8B8D962D8207F0C1FE887A8084F24A69600268087AB9D2CB63031913FBAD18D6EFC2AFC7F278DC2FC2AC41F2F4479692D2CADCD919F5B0D5F7F27F48EF6C5FAB509D8B93B0BA56575B077B4468B10C3002185E8DEDE58BE2A1E0E7696080E71C5965DE9B07790F56D406D630B5AE592AEBA241A3985B5D8B43713013E8E1814ED8388101739A329C2839CD13FD2D350806E74A31B1784FF6FA471707726962CDE8F92E21A2585BBFE321EC34787E2F18757A3674F2F9C482E415646194C2DCC6061618EC6D636F8783BE1A69B87E3B3250771F0483EEEBF672C3E5A72081DA6663033073ACC4CE507D0C2A5AD1D174F8BC489CC0A1C8C2B8095ADA5F085095ADADB10E2EB84293121F074B3C194E1C1C61275A31BDDE80AFEADA4D12A522023A504AFBFB811B107F2E02C465B5BDB8C19F3FBE1BE4726EB36CDB2CDE5733ED46D69E8266626686BEB40B390C05F1F9D821DBB32F0FDDA440C1D120467576BECDA93250AC502EDE27A989ACBB67239266666FA49A2B9624E1F1C4E2844625AB91CCF02AD72ACB0205704F9D8E3D3D589880872C193B78E44DF080F3D7F37BAD18D7343AAE6DF1759A92538B8331DFF7A76039EB9F73B3C74F357488E2F4280B8080162BC93A6F746700F77E3D6404E6639AAAB1B6069694E6140E180CAAA465CBB70308A44956CDB960A7B714B7CBCEC91935D095321156E632A3FDB4918F20779D054AECC4294C7722198FE3D3D1112E084E6A656D9B203365666B2AD097C3DEC515AD18067DFDF8BC389C5D87630475C20F171BAD18D6E9C15664F088CBFFF66686D6EC3C615C7F1CE4B9B4425B4E3BD57B6E2C89E0CE48991F78CF6C6806181E83F34182EEE7628CCADC4FEDD194200E5B016C5B0757332FAF4F545427C21CCC5E8EBEA5B3054B69F32B5279E7AEA079889AB626F6F891E611E481443178610C63085528709DD13611A3287280F33F9BEADBD0369D9559838320825E50DA8AC6D52F78401D29CC26A580939719BB6D60EFCE3B343D8775C084D088984D28D6E74E3E7F85D94464D5503CA4BAA111EE585CDDFC5C3D1C91A73AE1E827B9F9A0EDF405714E455E3DB2507B0EEDB38A48B12A14BB272D951EC1215B172591CEA6B9A71DB9DA34519B4C04388E5A2A99178F491756AE02489800017716B1A505BD748DB97A55D7F76B4B70B6F1874877E25DB9A8B5C696C6EC5EAADE9983C32183616E2CAC8AACADA46833221C7D0B591ED6C6DCC91955F855B9EDA886D877265AB6E74A31BA7E3778D6964A79562C95BBBE0EBE78CF8B83C242714C1CCDC1466A220CCADCDD121864AA36D1745D0DED20107676BF419E087E5CB6231624C18EEB8670C7C7D9CF0FE7B7BF1CD3747E1EC6A8792D25ADC7DCF587CF6C5117525CCCDCD657F03515068B4CBF13AC465818919AF4E8F4D57A54A148BAD9D05AE9E1D8DE89EEE2815D5F1F83BBB61696E8656F15AE64EEC818D7BB3515A590F37671B0CE8E981876E18063B1B0BC3C574A31BDD50FCA64AA3AEA6D1F89B01813DDC917EA2108BFFB90D19C9C5B013B7C2D6C61216E286988A410B65A82230E96817B7C314B9D915080C71839D9D158E1ECA868DAD052CACCC30615218EAEB5A9095550E7F21A0CCCC72545634A83A686B6B13C26947B3587E93B8450DCDED528E6654563608C1D4A1A0A81AC5A58D701542F2F3B4C7F4B1A1880EF7C0787179E68C0FD37D064779E2C68BFBE09EAB07E0A2114118D4CB03E5D54D4817D7A91BDDE8C6A9F8554AA3BDAD1DA50535D8BF351947F765236A4000D62F3F8A1B1F9D2CC6EF8A7D5B528420CC912A0AE3D8A11C5494D5A343C8C2C2C2523EDBD101337527DACD4415886BD1D8D486E8817EDAA272FC7821264C8D40AFDEBED8B02E11B32FE98BB008778486BAE39147D6E0E0915CB8B8DA6A1CC4D28A8B1C43140609C743C8C1DBD3019E1E767075B245634B2BF28A6B909255851BE747CB3A43BCE2D977F748194CB070566F04FA38EA77052535C8C8AB4589B85835428225423E61FECE18290AC84DDCAC6E74E37F1DBF9834F2324A11BB3303C7850C18836453C7F6EFE331686C0F210A4B34D43521490C7FD2DC3E6896DA9F6E4987FC4B4F2A467A6AA9A80E2B3172C377A6421A8C2FB4B677C02FD0052E1EF6D8B92D0DD3E74623E158018E1D2FC082AB07E3EE7BC7EAB95B455D3CF6F8063838580A5998CB37A259E4FC248DBAFA6694890A2912822A1157A356DC121373463D4C34DFE396AB07C2C949CE2D0AE799F7F68942E9C0B0BEDE78EECE51F866630A36EDCF4190B783B6CA3434B6C2CFCB1EF72F1CACE7ED4637BAF10B5B4FF2C43D483A9287A37BB3509A5F8D82AC0AA4C717C1D1CD0EA3A6F4C2F6B509E839C01F1525B5C84B2F478F282FA42516A140DC8F7E4383316058104E08193436B4AA719A98507188D10B5A5BDBE01BE08ADCCC32F41F1C80C2C26A3489F13258397D666FDD265548870961B1B105881342C9C8AC405A7A2952A55C39B955281375C0E42E4BB6B4385AC1C6CA12E6421C57CE89C2CE43F958B53515FE5E0EC82DAA858D28A176718F2AC5A5F97455BC0665738A6A905520D75552872BA74522C4CF49CF7B5814934F77AB4A37FEC771C1A4919F5186D59F1DC4CAC507909F5E863A632B04839AA3A7F5C291BD99A8AD6A847FB02B6A6B9A502D069C23063D767A14F2B24BB16753AAB8297598B770089CDCAC5155DE246E40931CD9A038D844EBE5EB888A8A460487B9232DA5144D0D2D98785124BEFD260E8D8D2D78E7ED3DEABE4C9A180E5F712B68E8241636B1527958989B69BC8344441DD5D8D48A9821816810923A9258289E503B22A47CCDADEDC828A8C2A59323B0799F2826E12D531353398E09A2C40D9A363A04EF7E7D0CF58D4DC82DAE45627A051EFEE72E38DA5B2032C4CD7043FECD484F4F47515109CA2BCA51525A8ABABA7A383B1B48AD1BDD381D35627F6952515695D6A1BCA0064599557016F5CCC688AE808E48E29E6C146654222FA904D6F69617E69E241ECEC1130B3F1735D00E7B91F8CC99606442BC0538B9DAA0F7D020ECDD9484E6A6360C1917266AA11C456294B4DC167103E6888B117F24178971F9AA307A0D0C44786F4F0D5A1E3D948B8AF23A315C33F41DE48FCAAA06F48EF6C1DAD509983AB30FF2F32AB17D7B3A1A8520DE7C6B3EEEB9F73B58D95868BE464888AB2809536489CA484A2B81B98519CC2CCDE59CEDA86F6E4564B827860DF4C7D2D5F13057774688A4A51DF75E3F148FBDB113B72D18802FD69D1032E980BBB30D068B32AAAD6FC57E51316CAE8D94E3975736C2CED60243FAF860E59654FCF5E6E188E9EFA7C7FA77A1AABA1AB7DF719794A54AAED70C2D52B6007F3FBCFBF6BF8C5B74A31BA762C9939BF1F1131BE1225E80982A8ACA2BB1F8E87D081197BC2B6066F69F7ABC8AAAE27A5434D5E2910F1674BDF5A4A2B806FFBCFF3B357647210833062F850C5833D78981470F0B46767231DA9A8546C4F8E84EB0C6679E9585F61F31C3FA15C7101EE58D9E7D7D5401A4C4E763CDD77128CAADC678511293448D58DB98225D8E13262A836C16DDD7175555F538723817F6F656183E2C5093BF7AF7F28295A5190A0A2AB1735726E2C4DD610BC96C513BE13DDC515FD3027F512C7D7A0A610CF0C39ACD295A16930EBA432668686A41AAB84B93C4553A72A244FE6EC55021A9182197A32965D829E446E5C126597B21272F775BA464552253C86BEAA810DCF7CA367CBE26D17073FE4D484FCF40756DAD90A2B9DE7F0B21C6CAEA2AE4648B4AEA4637CE80836B93606B632DCA9BFDB3E49D811992F6753D07898A9DEADD5AD4B5B5ECCD0AB9CBA4B14C6AE48AA23A58DB592963197E98A059DC054F7F6771356C912A866B2E86CC55861805C39C063010DA2A35E3C6157188EAEF8F3031FA56A9ED2D8484524F1461D5D223C813A39C3AA72FAEB969246EBD672C6EBC7524C27B7A61DBA614588B8190A7AEB86AB09245CCA8505538E6723318AFA8AA6EC4814379DA2BD65A2EF2963F0DC67BAFCEC11BCFCF10C337415E41B5121E6326CCEFA04B532F6ECF8BF78DC590686F5C3A25920D381AEF2816F7C9C64A6E2F133CE41A790D24391B6B33511F4568927D678DED81E73ED8872FD69CD0EBFB7720AFA040DD370B7323695858A05648242D33D3B84537BA712AF2922A602D0A99F6672A2E899D8D0DF67C7B21EFAC89DA0DED598EA079555D228DF48442EC58190F4B1BB28C9108E4477B7B1B3AE40833AF1A88AFDED90D3B472B35311EB8435E6EF57CD4E2E4D4F2BB419D9862F597471035C01F3DA37C34186A618C43241ECFC3CA2F631112E6AAB5285B3B7CFD1C515FDB2C46DE8AFEB24F546F2F9E1DE3C6F5808BB315DAC405A172A08B66656586868666ACDB90AC01CE4E8C1911848B64FB61E24E0CECE38D3E111E1810E98587160DD7F5D7CEEA8D84F412EC1275C1E0A9A5B02955462778CD3C07FFD94859576E4D839790E4D491C178FE83FD2828A9356EF9FB8171A3B4D474BDA72C0BC1CF367906054226DDE8C6E9488BCD47637DB3D8DD4F66CEE127B2C49E7F0DBA441A6B3E3E8086DA4635640365C84B2BFF5B5B3A10D9CF1FC70FE648ED4F16922FD53581760E63A733F15594343AC42DE0BE06C633C1C695C7111CEE8E883EBE68A8695426B31515D3D6DA8A7D3B33F4BC3C46B528883113C25059D1881917472361733ABE7C6E2B02029C1112EA8626512F3421AA045E0CF7099675B572B30A8A6BD1246EC8079FC7E2D0D13CA46694A1B8B4566E648B2A0DF639518821E617D769CCC2688FA7C2F825B7A65C73B4B5C4C7AB12B4235C94B851EF7F7B4CD7FF9E686C6840764E8E14C55066067309733373A4A6A58B826267BC5F86D2B2721C8F4F405CDC71A4A4A619BF3D376A6AEB909B9B2F845588A2A2626D81EA0A2A2A2A919F5F8002594A4B4B8DDF1A617C1C67425171313233B3905F58A0EE6F5751585884CCAC6C3DE7AF459DA8BAE494541C8D3BA69F3535BFAEB2A895FD4F2425EBBD4FCFC8D0BCA7DF12E9B185686E6E517BEB7C5F482035E50D28C9ADD2BF7F09BA14089DEEFD28BC825C55DEB00F28E3027CC2ACFD46CDE885C3DB33505FDF045331AE0E133331E416F4ECE7AB599EF187F345013065DCF0A2B38584BBD34D6017F68BE6F5D5CE6C69C92586B13398013AAD0F32334A515C5CA3B189B03E5E181113825917F7C513B33E959B51808F33EE475C6201EEB97B259C5D6DF5980CC07AFB3A62D28470AC589D48FEC29851C158B12E093636426062F0ADCC3597B25709A98C1E1288BBAE1BA22FE15FFEBE0D85A5F5E2FF9D9A36CE817FFAF52439B5235148874A8460F9A9662E9D128135DB33B1E485E9FAFDEF85FCC2423CF0E0C342A2B55A067D09E47EF3A5F0F1F6C2DF5F7E11F60E17D61CBC69F3567CBBE23B949697CBF3AB5715C3B47C6727470C1F3E14575F7105ECECEC8C5B9F8AE5DFACC0DBEF7F0027074778C9F99F7FFA49383A3A18D79E1D7FFBFB6BD8BE63973C810EF4EAD51B2F3EFBA4710DB0E09AEBE4FEDBA0AAAA0A77DE7E0B468F1A854F967C8E6DDB7748F91A9418593E2B2B4B840405E3F65B6F86A7E7CF8734A8936B79F783C5883B7A4C5CD07AC37EF2AED9D8DA62C4D0A1B8FCF2F9728D5D6F714A494DC5871F7E82ACDC6C51B28D72CF9BA542B494725821223C0CB7DF7233BCBCBA3EA8D3B1F8447CF8F147282E2CD6B2F259D2D5B4B1B6469F3E5172BC9BE020F7F5D7E2ADBB5663CD5BFBE1E06A2395B229DAE59DA50D971556E3E9D50B31647A4FE39667477B5B076E897A0DD5ECEC595287073E9D7F6EA5D12086F5C683AB60EF6CA3014FC801CC483152DBD5D736A1F7E0409497D6A1A2A446D7EB2A13210659DF202E859DAD35CF4A7A817C6DD88635921C877EB954F5F8F6A3FD881A148879D70CC6F5778CC6B44BFA234708E3C4B17CD456376B3F921D9B92111AE18E385119C7B6666A6C65F9ABBBD02FDA0F11F27D436D0B5AEA5BD1A7B73762860663F98A63A8AD6B4249592DECACE56188E2618F59AA040B59AC84CCE86A4489D2197BF5122CF93E01D7CE8ED2DEAD4CE8D20B3905244983DAE8045B2FAAEB5AB0646D12E64D0A47A5361BFF7E28CC93DAB9A0486B0A7B0707C4C4C4FC68E4256565C8931AB8ABC8CECDC51D77DD8FBF3CF81032B2B2D0D8D8A8C7B1104320A83C967CB10CD366CEC5DE7DFBF4BBD3D1D6D62A06D480C6A646DDBFD3653A1F9A5B9AE51E1BF669967D4F46BEB859C5A228D84AF4C3C64D983BEF727CF0E1C7A248CA757B1A575353132A2BABB067FF7E4C9F7B095E7BFD0D253C82EB972DFF0613264FC3AA55DFCB7594EAF6BA9F187A9990E3E7CB9661C6EC8BF1DDCAD57AFFCE052A89E75F7A190BAFBF09878FC66AF336AFD35A8C9B9FBCFE3DFBF663EEA597E39DF73F947B72EE6115CA45653DFEE4B3B8F6FA3F21E944326AEAEAF438DA7F4ACA585D5383F51B3763F28C3958FAF572E35EBF0C3C5EC2CE6CD8DA5BA2BAAC01F31F18A53DB9F96ED3ED4FDCFDCB83E767250DD6BE2FDFFE35B689013AB8D8A9AA2028723AE4E4D622D1C3A27D70786BAA30B8A53E00C37BC3D609533437081B4B4DCCDD648D128D6E4349201BF2A218CD6564F6E0F6345C77C718CC5D301033E645235E5C89BABA66D4892196145523BABF1FA2A27CF1BDB02607E4616067C757F168916D66CC8C4265553D2688E17A78D861D5DA04348BE133586A21ECCA1A8DA9EB94CFDA7222A4C1E65F17276B0D74BA3AD9606F5C81E68AF41577C35D58992ECF8FC4219FBC2EC3B59D0AC63758CE6FB6A42221B5144542A0BF1732A59663262CEF2163436347C7E82789902F7757E5774949291EFEEB13E2D2A4A0478F1EF2C25AA8D151FE17899AA9A8A8D04BF7F4F080938B339E7AF605AC5DFB8361E79340C94BD7882F3C09B9ABE0B6BA8F2CA7E70A58496DCB1A9C2A80AE9289AC670DCE6746A2A91405C2C06F9BBC3BF6A280820202F0FDDA75F8EB134FE9FEFF7AE36DBCFFFE62F8F9F9C2D5D555BFA3A1733FD6E87C193DDCDDE12ECBEB6FBD850F167FACDB9C0D4F3EFBBCAA315F5F1FD8DBDB0B41CAFB5852823CA36BC5BF1D85C0BDBDBCF09518F94B7FFB8771CF9F83E57FE6F917B06BCF6EBDEF241E920CCB5626A4CF67C867EB2AF7DCC7CB1B1F8852FAE8E34F8D7B5F38CAF36B64A916F56E8EA6D666F41E1988B0413E1AE360AA42AA7800BF14674DEE7A6CC12738BE37138ECEB654F5F222D1E06485B046A348E27173FB885B928646A9E5D90C43FFA3C354B7926DE4B593173A24D203A9C70B35B6C17C0E53715D94DDE580A6F2A9BD5CE54F4BB988590B06E879EDEDAD11D4C31DC347F5C0D09860F4EAE38BEB6F1B898AAC2ABC7AC7D770F370D2F3652617C23BD415D32FEF2F72DD547CC20AEC3B98A301513359CF7270F42E929BB5FC5D5ED5242445E33741ADB852F32E8AC4BA9DE92AD7AA453579BAD9A1ACAA01BD42DD902B6E115B584C29E984A4BC3D6C95344BCAEB7FF6A233685A2EFB6517D6A0A2BA51D3CE1DD8C2F41BE3BD0F3E16D96EE84047497CF5950BB062E52A91CAAD526337C1C5D909C3447A9F0F575F7B83D468D56A04AC29298BC78C1E2D527F11E6CE9E8D5E3D7B222B3B5B6B452B3160BA905BB76F47FF7E7DD5383A91909888FD070EC34A5E7E1AF094C993D46D381F76EFD9A33106C2C3C35DF7EB045D114AFECEDA97464E92701302183A7408264F1C0FFFA000A914C4784BCB94F429E9A950D6AD5F8FB8E3C7F5BA181C6E1077C64B5C9751A34662C2D831F0F1F4929ABD560D94C4642DE7D9272AC1598C3452AEF974BC4A376AD72EB9AFCEF22EB4A84B327CC810DC74D30D5878CD9518346080BA3D1999D9FA4ED8885B159F9080D696560C1CD0DF78949FF0F853CFE2C8915838CBF1E8BEB7C812E8EF8FF9975C82C99326C0C7C70BE5E5157ADFA90458C69DBB760B89B8213232C27894AEE3C09A64ECFE3651EE9189DC232B2C78740C9A4419EFFB3E09B68E56EA098CB9AC0F6CD89DE31C904780EFDFDC87A686568D05C65CD2FBCC4A63E5077B706C4F269CC490280CC8017439A8325A9ADBE017ECA646999F5AA63108AD8D4D459AB5B33A66CD2E062B37CFD2D2C2A8500CF91C1DF2309581A4A6903DE49FB8398DCDB0B631C7210EC493558E171F5E8D6D1B92B07CC9413CF9C04A1CDE9F096F4F47ACF8FB6E5881B2507615B8B838E0D34737CB31A05DEF776C4F959ACA4C5F24BD5259CC854CB2B32B85D9DD34206A2A17C3264B27B9515413F57213581C5B7161761CCA41CF6057EC3E928FE9A3427558C056B600C975B3A4C6D39E11DCFF84943D59CE157BA2CCF8ED6F8BD8B8A35A3B35CB0B1C121CA4DF458485C97535C2567CF5838762F5BB73E1F32FBE446945191CC4B0688CBD7AF5C45BFF7A0D0FDC77B71A419FA8DE98356B063E7AFF5D5C77F55572EC668D05D0C0FEFEFABF37818CB5708B18EAEC9933F0F187EFE1A1BFDC87CB2F9D8F3B6FB9056FFFEB9F78F2AF8FC8B336536366DC8535353F196B6240F1E6458BB058AEE39E3BFF8CCB64BFBBEFFE3316BFF70E16CA7551E5B2F2721445B3F893CF548D9C8CC38763B165C74E5511748B78DCA79F7C0C4F3CF608468F1C81F0D0508C17227AF2B147657958899704C2ED7FD8B0116969E9C62319B07BEF3EECD8B1038E8E8E5A5E1AF1C30FDE8FB7DFF827165C360F53A74CC6AD52DE8F3E7817375EBF50EF3B89D343D4DE3FFEF5CBEE7B6A6C3E5A44713339CB23C409F62EB6088CF65295C177B9AEBC1129877E99DAF8196964261661E5FB7BE12CB52B0FAE8BFC508540F690DFC3C52D39BE3F1B162C00BF5362309000C17DF467A7C1A9111BBEE3EFBC2134C60631DAB09E5E183ABA075E796C2D567C7608DB37266947B7F0080F5C76CD50F1170DAC3DED96A1B2B761842DC2D2DA0C1585B558FBEE014D275F70C540D48BABC0726A49F8299BB68A9131C78365D77F42062E4EB6A8956D35182BFC45366EA86F456E41B52671ED921B3E634CA8BA68243D5E3F8F792E38D858E2B0DCBBDDE25A192FF637035D8616216183F2694770908134FAF58BD60021C939F53CAD1ED5D5D5D82852DB450C852F2E7B1A3FFDC4E3521B9F3980B7E0F24B317BC674A9F92AB416E5F11910FC77A15E8C75EA9429B8E3B65BF4BA4FC730511E7F11B2A30A2009D070F91E9697970B09DE8B8B67CF306E792AAEBAE2725CB56081920CF761D075CBB6EDC6B506ACDFB4194D727E3E75BA7F2C0349F54C60396EF8D3427DB7E82E928C491227E34371833A039B54770FFDDF5F306AE448FDFB74CC9F7709AEBEEA0A7D5EBC6E12E3CA95DF1BD7761D25A2CCD95193EEBC5F989BAA73EF1017B87839C87B2DA421AA9895FE2FC1CF9EC6966F8EA2B2B816E63434351543FC81710AB624048A31338DBC30B35C5B4714F45BC44E9434E4C119BE6BD702F36FD11946E313C333AE673F10BF00174D375FF7F551B4092BDAD859C0D6CE5A7BC86E589388267123464F88C0076FED127FCC1753FE3408B5150DBA3FCF66EF6C8DE57FDB857629CF94291122A17D3536A18511B074626BAA2AACD9314DCAC37F9C07A5B8ACE1470223B998C90D8E4D2A45FF087764E456A348D6C70CF4937D0DC1ADCECB3A1B781C2A8E8DFBB2B16C7D8AF1DBDF06FB0F1E9617DC102C6300B957642FFD3EB26784948BD7C001884C909A7E76E2484E4ED5788685100C9B3D6FBDF90695F6E7C22D37DF68787EB2588A81B1D5E3DF01D6DA2E4E8E5824AEC0B9307CD8505C24C4525D5D23F700A815831C346800468B4B722E5C76E9251ADBE0794888DB4E228D969666ECD9BB57BF671075A8B82431230CF93C67C3B42917A17764A46E4F1C893DAACF8AA8A8AC404E7E9E1CCF5ACB396EDC580C1057EF5CB85208DBD3C35355A5B5EC177BEC9851B1770D65F9D5C84928D1CA84EF65483F43CAB8930801375F074365292E555EF26F401AC53995D8BD3A01760E56CA467C59D4E4E95AC817EDE287450D0F46DCAE74B918CA1C59ABEE0037960388FCEFBCB48E16832B63705FD8A2C24D643B395693280CBF00678C98148E355F1E5212222B32BB9379086672A1ACE5A7CCEA836C21A74FDED98D155FC7E2EA47C7C3C9D356FD4682637514A557206177365C84087A84BAA15F5F1F7978CCDD907F72523605B734B7C3D5C95A1E244B67026747A9618469D9BB5624882CE2CA48F92AAA1B50585287617D3DB1F560166CAD2C101DE681EA9A6634C98D56123C07D8FFC55AAE978AE3B704E3077413784F2CAD2DD5FF2502038244C2BA6A6D6B67678B6DDBCF6ED46C31696D6F55A5E2E4ECA43182AE60CCA81891EF75EA021D3B9E60FCF6F705DD8551725EBEF4E743CC88611A07E1B36D1675306FEE6CE39A7363FEFCB9DA4A43E24C3C9164FC562A98C616E4E6E4684C81EFFFC8E1C38C6BCE8DBE7DFB295170BFC2C242D4D51B82E2F1F189F23E1B62798C7D4C1A3F5EBF3F1FA65E344594739D3E77E69A5455767D402806414BB2AB74747E33331304F531BC2F768ED608161785E66A25B6937A300F7555A7B6607505A79046E2A16CD456366820B1D33C9406C48829FDFB8F0D436E7209AAA5B6A7B8A0612AC882FC9555B63C3CB23E13A7DAA586B79207CF422A64A7C6BA4678FA3961A4B8141BBE3D267FB3ED9DC3FD71F42ED9460ED1D0206E4BA427060E0BC28A2F63E5C19A61C907FBE01AEC8411737AA159540A37ACAF6AC2A069E1881CE10F6F0F7B79099A7464AF1E216E22C1DB34D8CA547533291753CB99A52AF7105E6EF6C6B472C335D018D98E6D29E5D87D341F23FBFA098199E2EB8DC9880872C64DF3FB625A4C885E42A9DC9FCA9A46540AE9742E0C80F2B35C1E4095289DEADA66DDF6B7006B85DCDC3C7D199BA416EC21FE742748141E6E547E2D2AB5D3334EF5A54F4683B1F5802D0FCE22959953D315D8D9DBA3B2AA5ADDA092B262E3B7BF2F5AE47AFC7C7C8C7F9D1B0E0EF64268361A0321B1D9D9762D57C5D7DB5B2B1FD6C4AD6DAD3FAA847A1A3B5F0C45071C1CBB962FC15C1955D282063916DD498284AB55AFDC7B4B2B4B25ECAE80DB65E7E46AAB566E5EBEC656BA8A8C6345FADEF09C76A2C67D420D2D490CFA07F47297EFDBD55D29CCA84055E9A9F19CAEE014D2387120076D2DA22CA486A6FD134A00626C6CC2ECD93F0087B7A569932779829B74928AFE4572503211C2905A9929DE6C52D56C41594D77C3D5C31113664561FD37C7502B8646C6E30BCC6DD984C7E1726A2A1BB170D1485494D661FBA6243839D92991FC202ECBC2C727C88368D45A9F893637BD320DFB572763EDBBFB70D32DC3F1AD10D184096172BA0E1D538342889DD148029CBA31C0D711F945D55A460E2DCA1B687CD61ADBE0A03D8744294C1D1D8A8AAA0684FA3962402F4FCC1A1B8AC76E1E81CBA7F4C49FE646E3964BFBE3D605FD71BB2C775C3E00B75D219FF2FB7D0B0763D2B04075E57E0B544A0D939797A7A4C09A67D8905307040A09095183A1FF5B595125EE598D71CD69A00AD440B53C1F7DEAC68B3E0F2E131FFBEF2FBF80179E7B1AF7DF738FF1DBDF0F343C4A71ED72D005E8BB6ABC14EE4BF2EF0AD8818BEF00F7E1313A732CA8167E245429C78F15E379C0B3D21E0883ED18FEB21322D3E3C8319988D7D0D0B566F9A183066AC21E03B0F7DF7B175C5C9C8D6BCE8F9443B91AFBA38DDA89C20E8AFA296EE51DEAA2F796EF404B633B724E9418D7741DA7DCE18C8442F179E526C9C90C2F9618BFBC68EC68367EDE006CFEFAB0484133BDA97A33C528F9A9FE96BC94FCCAB4DD38C0AFB0378D941314313FA2A9A1195E3ECE9830A70F562E39887AA9ADA942E404421386F8079B4E1BEADA30626C0F0C15A37DFD858D1ADF3097F7C7CAD214CB3EDE0F73776B4CBB7E08F28A4B31E78E91F00A71C66B37ADC0A78F6D85B3BD15AEBD76089E7F710B6EBF6504EC6C2CF502B3322BE1EFEF84DADA464C1EDD039B77640A9919A2C86C5161F9DAE5A5E1C3B61355B3FB709E267A3197C3C5591EBA11EEAED6281195B5431ECA27E2C6BDF6E921FC4B94D0BBDFC4E1BDAFE2F0CED771787F791C5EFA683F46DFB014B9856731E00B405A7ABA1099210988FD6F4EF7D7478E1CAEE3A3B28992E9DC59523B9D11BC58230CAF73D7C0969A91E2D30F1D3CE8BCBEF8FF179C7631AC2CBA02D6C23F816F89F1067512C685A2B3963D0D43878B1BA8F6C23398E09D7717D3AA0C2BCF011F1F6FCC9C310D93274C5017D1DADAC6B8E6FC48DE97AFEA9D15B157D0A9CAA6FFC41EB07660ACC3545CB166C46D3CBB3A3D1B4E218D9A8A7AED1B42A864978BA50FECEEE388C6FA46D494378A9F644898D25B4072E00DE08DD687209FFC2F44D32E4CD72612894A8299A5B6F6D61833B31776AC494093B83A1C8D9C7E0B9B67D97B8E8F9B29E6249149337BA3A2BC16FB76A58B3CB4963398889C3247B1B814EBBF4BC0C26726C0C5CA5EB3DC7EF8E020EA2AC43510F5B0E38B384C9FDD0B9EEE36F8528C79EA9408D8D858A0B4B4162E0EC2B801CE48CF2A975A9BE794F24A99D98AC3739BC9C568DC465D1513EC8DCDC7A8FE7E282EAFC396FDD9D8139B87A7DEDEAB4DC4D1E1EE9837310C574FEF8D20512E0DE2073343D456AE89FD57DC8468189C5DB7FBD7F73E4DCFCC56A5C71AD0CFD7578E7F6A5A3765B185B156A6FB525C7AE13547377E3F589A5B62A8A843B642D9DBDB69B0FAF1279E4195B87CBF07182FCC4B2D85A58DB9DA59FF2961C6350670D6421B3B4B7D9F989290117FE1F1B71F49E318FB7F70701C3118150DF283E4502F7E7ACF8101C817FF877E9A2637899D71ADEE2E864716FD31206A0447CBAA979ABD4E5C0D5B29E4DCEB0663EDD2232893DA9783F7980AB1F03CCA32240F35D876788B22183BB5173EFCC70E752998F04D22A1BAB1950B7EFBD5ED70F575C23F0FDD0A3731D88F1FD9A8AD288E2EB678EF8175F076B3C784F111484E29C521510C93C7856917782670B9CA368C653053B4336783B114CDD9901BDCC84C5271919CED2DE1EFE380C76F1B816F37A6E858A22BB7A7A14CAEE5586A197E103258B72B03C9B9E5983F290C8F2E1A0E2F371B1D098C933BD12D627F1B8ED3F16B9199912EB7A75D9B49434282B46FC6C9707674D20C48CA6B76F6CB48EBEE26FF47C3BD77DEAEA3ABD58A7BC96CD783878F60D16D7760F3D66DC62D7E3B146555C87B5AAD71C9BAB6460C9BF9F3C4B5DE314168A869520249FB0599A14A1A1C1323764B0AE6DC3412EE62904DA20C18372053B9FB39C1C5D316F1FB45D25B5BA87A205DD0255135220BA55EBB100AFD282693B00DD83FC405F3E478D73F380193E6F5C35AA9F91B6A9A6121F29F2D2406CA919F240C2106D6FD9C64E9D607262235B110077667E81406EA73CA5A06312D2C99CCD3847FBDBA4DFC342FBC7AFD724346AAA5B996ADAAB4012BFEB60B77DF351A33847838C87071492DA6882AE817ED8D0517472345589803F070D8401DB9DCCD4E7BAA4E1BDF03B3274660EA9810CC1A178E948C723C2BCAA257A8AB8E48EEED6AAF2D23D65206A6423736B7214988F4F9F70FE05D714BA68E0CC575B3A330634C0FF879D8C9353139ECDC7D11CE07F695C8C894FB6E69A81998CCD5D93FA413EE1E1CA13D5454468B3E07E652B0A9AE1B7F1C383939E31FAFBC02773737CDBF60C09681D7871E7D1CB7FDF96E6CDBB14353D27F0B6CFF2A1EB626563ACBA1B7872B3C835C8C6B7EC2F8ABFBA1BAA9415B368BCA2A50947D6153752869EC5A158F0DAA02AAD137A607265F31087D4784E0CFAFCCC5D34BAFC5C7CF6D109FCA122DA21E480C6D523B33D049D7857641DF89C1155B276BB8793B20A8A71716DE3701BD06FA638818A0871051694115CCA590745D0C1E5E2759C83F2111CAF946510403460663A39487C4C5E09E12926CC920255B66786E9F00839F66EF62A8753BFD53DE845DDF26A043882BBCA79BEC63AA599DE3C78661DAE49E18C39EB25323316E6408A68CEB81417DBC1115E1A199A4F12925D8272EC88A0DC958FCCD511D7478EBC11C8C18E0077B212492048FC773D17DE1EF9CF1CD5B08A249CAF4CED7B1F876530AF28A6A30B09717668E09C56C39C7D603BFBC6310D38AF30B0AF53E30101A1814605C732AD8078339272497DCDC5C7476E0EAC61F0741F2EC9E79F2714446466A65400406F823332B0B2FBCF8373CFED433DA09EFD722767D0A6C1CACD44DE931E0CC2D503DFAF9E8085E740C6C618D436B928D6BBA06531AFE916DA93A18F0814D4958FEC6766C5F1187BFBC7D29864B6DEDE6ED88EB1E9A8251337B63D2E5FD31FD9AC1987DE308CCBB3D0657DC331E57DD370E57DF3B1E178B441F3F371AFD4785C027D8552CD9780601ED9DC4221667F446D86221EA41B7216130FFC00C834787A24654CA66210D8EDD41462365304F84CA8663657096B57997F65797E28697A68A41B175C770322B31EE9423F9D8B5E204E6CCED8394B412AC597B420C4EB95131697C1876EFCBC61E21841DFBB2B079473A62138A5020245121F780238939DA5BA9A2609EC6BA1D9998333E140919A5F017426C6939E9C204BC060B7353383958A34E48EF6872093E5D2DC425DFD7335FBFE997AB8DA2E222D4371A92D94808BE3EBEFAFBE90813A541523113D78A636ED49E9616DD8D3F06820203F0F2F3CFE09A2BAF906754ABFD4CA83A98C075FC783C9E78F2193CF4C863F2DC7FB95B5B985E29B6648E5679EF7A0CF8A9AFD0C9B077B5416098A776ECB411577CEFAA9FF254BA025376712F2F96DA5164F54221873B5EB9180327448832F829505353598F0431B24352936E5A1E8B95EFEFC1672F6FC63B7FFD1E6F3FB2066F3DFA3D168B1AF9F2F5ED58FDD1416C5F790C6F3EB606B13BD3B1EA9383CA1F0347F740A3B827DAB4C51A5B3844DD0E59C7C2F71D168CC131A178FDC91FB4C544C7E0602C83D4411746544643631BFEFC9771422C0DB8FDFA2FD061698A2B1E9B809A52C3602854004C8679FFFEB5B0B630C7FD778FC30DD70FC3B7DFC5232BBB02B97955F87C692C6EB87A304244B63166C24E6DA41473EDB569D0403C17E3289C802921AD0C6EAEB64A003D7C1DB5A5E24C20A9B1BF8A839D05AE9D19A54DC45BF7E768B098B3D177AAA10BC1A1234785C4D853B8035EEE1E67CD5D0809098615631DBC4FB26D6CEC61E39A6EFCD1C044B43F5DB7102BBF5A863933A76B9C83791DAC141C1C1CE499C7E28AABAFC5D7DF7E6BDCA3EB483A90AB7147BE031636E6E815136C5CF373840AA1508D305C50927981EE495D7513FC42DC44DA5B60F3D24358F2D206EC5C791C2F2D5AAA999F6545D5F8FCD5ADA82AAB456579BD32189B73EC1DADE1222A84B9EC74495CDC1DE0EC6E0B7B7151189D8D1A1288951FEDC7472F6D4296487F374F7B8C12D78064A18381C8C9D54151FB6CC7F4F9FD34B6B26D5D229C5D6CB58F080D98A0BDB536B76B7F940917F5C292C5FB112B3768B3A888E9370D82AB9FA3BA4E848DA395104411F6AF4A44CC9860EC946BF8E18713D8BD374B5B4E366F4FC357E27E70D4F1A913C230415C155F2F3BED7BD2748A2A10BA1235C4806E49590382FD9C747473954AA741B311C5250A0B70C68C3161A811D2B3B1B1E421B06A5B1A0E8992F97194B00BC0891349DA94DA2244E5EEE90157D79FFBA704BF0FF0F3D52659F6F2DCBE73AF714D37FEA8B0B5B7C39D77DC867FBCF222A64C9CA041F9BADA3A1DC888CB3BEF7D88F73E586CDCBA6BC8385A8016A9586963D6527985449F7DC4F188C1FEE0F0066C8D600C3233AEEB43009A16A4976205E711D99381FADA16F1D54596DB5AA238BF123F2C398C6FDEDC8509F3FAE928E3E652B36B2F52A9D1D5748C06CF58039B2E69DCFC9B391001611EC816A9CE74F3CA925A241DCD07C79E9872991C4B24BEE6BF930C5ADAE1EC668721A274BE786B37EC8470D80CABAC42188D8DA9E131E37BE8EF5F7E7C4088C5068BDFDE0D07773B4CB8B29F0E61C6425125B8393AE3B3C736C3D9DE1AC1E22A31C18C6AA1A8B01691E11E62D4CD58BF350D1BB7A6A2A2A20183FBF9E1C605FDD4FD282EA9D332F1CEB37C74AD9233CB94102A850C1CE56118D2D10DA0A1322374CAF0204C1C1E28F7A70385A50D3ADEE8D1A462047A39A24E941453E32F046C2D292D2B53D260AB88CF394686622DC5E658068959932526FE7B4749EFC62F07BBE5DF7BD79FF1F4937F4540803F8AC535A1EBCEE106BE5CF6B528E365C62DCF8FA28C4AD99759C4EDDAC7C4DEEDECB91D3D870B6998339E086DA02848AF30AE393F4CD9D468C3E1C96D3962B1D81D9BFCE540AC299D4439FC20EEC584CB07E877ED5299B79BB2B615A391B39930218A2422166E224C492A61EE7EAF210128C828456D65A3924CA618CF00914ABBD726E2D8DE6C5C7CE3102513C628CA8BAB71FF0BB3502424B5ED87C41FBBEE1A5A650C6569935ADCDDDD1E975E33043B36A760E2E4484C9DD95B9487A7D4C6459871CB5078048A1210E324380072F689526CF9E408EEBB6F9C1CC29038969C528C90401725167BB95E2A8BA30985F86A550296AF49C298C101B87FD17084FA3B69AC84528F6549CAAC90BF4D10E0E928FB59A94B43E2600CC3C1D61A2FDC3D0AE181AE3896528A2FD625238E5339C87AE66E84C8B102BDEDD575BA10A4A6A7A3B4A44449835DA5274E9E685C73660CECD74F5B6BF8C23112CFDE9EDDF8CF41BFE868BCFBD6BF70E7ED37EBF3A68BE1E4E488D7DF780B79F9EC397D6ED063483B92AFF6D82236D86F620FED437636F845B88B7DDBFF58D1A7C7757DE43753361FAA0F6F30553A0CCA09CCA560B771CE7770684312A245C63333D4A49D244183E6468CC08A93A1BBCABE721CFAF011D17E38B63F5B0393661626282BA84695D4E8034787E284D4C0DBBE4BC084397DE1E5EB8C88BE7E88ECE78B4DDFC5EBCC6B8651A0581E39243FE43CEC421F332E14B93995080876C34D778FC6D5370CC3ED42081C04C725D809E3456D340A01B25C6C6DE0540AABDF3B085771A3E6CC8E467E7E2D32B32A101AE26A28BB94952D3296B29D9D101573393E581A8BAF57272042B699383C5849C4C3C55AC8A34DF335C60FF597ED9AB58F4B656D232EBB28024FDF3142DC8F627C2E84C8D6160645D9A396E5E6F1796CED9A7F81E0C8E324015E8B95B5158EC6C6E29B15DFE1ABE5CB65F9E6A7E5EBE558F9FDF7481192E1B817DC9E2FC1B1F87F4FE7B26EFCB6983F6F9E0E88545D53AB158093A323967DF58D71EDD951535E8FC2CC4A7539F8EEB3C3DA9A77F6E3DB5777FD6C59F18F5DD8F6459C0805434F769A5BE6B1628D2D7605A694EE6CC6645E01FF913668549A192AFF5970BA199E81CEFA1D5B334C384AB06CA3C627309A3838E3975F30272A6A5077A1B3431893BBB67D770C03C6F68083938D065E37AF8843589437FEFCF4547DC9BFFBE4006CAD2DF5B86421CDCC947F3CBA9DB8043BB7A4E1A15B97E1D13BBFC1BD8B96E1BE9B97E1DE5B64B9F56B2CFBEC10AE7C688C468D7F6C491125C131128F6E4AC14D8B862127AF123672FCA3C70A10DDDB5BBBBCB3FC1A8A95FF9672B399365E55DB84EFB7A462F7E15C1416D761D4403FDC7EE5202109A6B39BE1D93B47A177A80B5EBD7F9CB82C4EF8DBC787B0666786AE77B4B352A2E03D6339388A57567E159284AC2E14F1274E68649D65A454FDECF3A5F8F0A34FF0F1A79FCBB2E4A7E5B3CFF1EEFB8BB166ED3A1DA487E7668A704ECED99B7A0DF7B56BE0F81094CC1C8794A35E75827EF34FE8FAF10C3D8BFFC030BED3178E9FEEC12F3D4227664C9B8A9E11E1A238E49D13A599939BA7CFE15C28CDAD464D5983D4E326B0167B8BDD9C8EC5FFB71E4B9EDAF2B3E5B327B6E08BA7B7EA40C10C3990688A33CBD54BE80A4CFB8882182FEE0787FFD2F13B694672E3A812B42399D47625F2E2536A734224E10CD9C4D8642ABFAB3010A3E7AD62EFD369570FD6002883A1541DDC486B4BA971F74B6D3D6C4298BEB4D515F5483E96877031E0379F5A8FFABA4698B269942FBD1C8BC76F2741C93FC6591A1B9BD022EE446B738B2A1E76086BD79EACED58F9751C6A65DBB9778D447589B12545F6E7B066FFBC7535AC85EC82839CB5DFCC8103391832C01FEDA21E38D298216E21D7A9D740F210E5214CCD818953B2CA7532A42FD724E05F0F4D4044B00BA2C33DB0F8E969784FCEF9D06BBB74B268E67970391924A5882017A4E5566A30F54271F8D0E11FC7BBD0B89180B930675B884E12E7D81709423AECFDFA230C8F563FB4AF5017F1F77FBE81F1932FC28CD997E0C65B6F377E2BC791676AA8643ACBD7B56372F01B92DAAF35ACDF0B1C6782D765FCEBA4DFCF0DDE03DE0B425EA71FC151DBA3070DC5C0A131183966220A8BBA1670E4A8E91CB087A4C18E881C55FD5C483B9CA7E3E0680F7516597EB0572B33B8CFB4A87D69A7B60E4D6FC84FAD40614AD75C5A534EA9D8536A53CE92C64E657A93E4803459551642240C0C166494212CDA57FB91E8CD64A1C4C6F57D919BC40998A3470623E14096DE3C164A098672C558B0A29C72588A02E0A44AECBA3E536A709E6FD7BA24383A1A460AE3B979D19DF79D464DF2E09804ACC5C98A3AC51C2F5C162A25E698ACFDEE38163C3C46FBA8D09D20AC44A1E4A596E1E0EA645C76697FA9B90DA33B151454C1DBC7116D1D0CC692FC486C72CD525E9687F79C44C5291939C749B9B8565FAEFD6956AAACBC2A1C4F2B83A7AB8DBA477AADA7A15594928F9B1D0A4AEBE1E57EE66900CE869CBC3C343637C9359A89E1B78203F0B05584CAC3D6EE0C8B7CCFF51CA087DB731C8ABCBC7C1DF4A5133A7E279FAB2C8CD2333FA72B607ABF7F4000BCBD3C11141068FC167075711165D962385E5D9D066EBB8292B252AD80FEA8B0B3B5F98904E5B1F25E7505159595FADE12EC02CF1EDB849B9B1B02FDFC34B9CBCBDB531B00BA829A9A6A2566123C9FA799E9B95DDC13FB7235B99121022EECDD7AB6854998EC326FEB64C81CA51D5557D6212FFDB47968CE02531BF1F9930FE5E222510864A956AD15A50611A3616D4EB140D97F58247BDFD1A172435928F9928662346E1A1E47F10A087347F2913C0D721AEF1FDF3A250F1EA7A1AE1935158D70F77680A7AF232E12435EFAF61EA989D9E1CB50FBE8D080DC4DFE19F238A42C727C133929D790C4F82DB7D36EEDB295958D39562C3B8A7629C3FCFB63502F464E704B5B7B2B2C7D7EBBFC06EDE9CA099D2BAB9B0C83F2880B61A89D0DE7309CCB703D1A9F91752437C635DC9D6DB1F5500E12D2CBB0725B1AAE9ADE4B5D1236959D0E9EAB455E0E1F4F079455D623A6DF9993B2CE866371C775AC07AA3C1AE5FDF7DE83575E7C0E2F3DFF0C5E7AEE0C8B7CFFEACB2FE0964537FDE80B9F3E423913C3CC85184944CC484C4AE95A16E0AE3D7BB5BF0BC7D3080BFB692C8FE0C040796686347F9E335194CDF9C0E9127440602A23C363FEC3C1C2C20A9E9E46E3960779E4E851E39A73233E21514D82DDDF3DDCDD748E152258C8822A966A9BC316242777EDBEEF3F74489526DF2F573717D8D99FBBE239B42E453B85D6D73463C49C9E7879C78D787ADDC2332ECF70F9E15A3CB7E13AB8F9396843839585250EAFEBDA708E1AD31832B9273E7F79132EBD638CD6B0CDF5AD70F5B64779A1B01D6B76B9199C6D7DFBB7719830BF9F14CC3031924E0B205293FD51DCBD9D34A6515956A76A8037DCC0D7F276F0006280249F435B5310DADB1757DC3E4AB7FDE1AB233ACC5F3BEFB8323C771283E501480CF2A9E792DF4822BACE786E1D514CD650113088FAE9E27DB8445C144F7145D83243D83A5822F9601E762D3D8E5973FBA81B51284AC3CBD35E4981C76302998EF921903368994972754DCD70177299240AAAB4BC16474F94E0AB0DC9F8E0DBE33AD6C68D17B3AB78C78F430276822D2775A2DA4843574EEB85C1515D9BA1BB13CCEA646DC7C5D1C911D17DFAC0C7DB1B01FEFE675D38D667AFC8087848CD462264EDCF7E2B9D888C0C878BA883565122EC3CF5F2DFFE6E5C73762CF972A98E5942894C793C6ECC58E31AC0D3CB4B0726E67C2224EF4F3EFB5CC7DB3C17962FFF56D50F0DE88F0A2AB211C386E9FD638C68CBB66D421C71C6B567C6E123B13878E8883677F399F5EDD3D730AF8F20383858542087D86B5512F8F093CFF4FB7361EBB6EDC8C9310CBCD4228A93CDB20C729F0B59E5C53A921DFB8BF51D1FAA9D39D94272B6C537CC4D47F38F1CEEAF95B99DA88E1DCBE28D473B37F4E9C5CCEE83E1D322717C6F16864CE9A9BD533DFC9CB52F8A8EAA25352F3B6BA51E2BD06EF29438ECD36130E676D9BE19BD0607203BA9C4207B69D86230AA066886ACB5655B1A24E550716E39C6CF89C6AA4F0FEAC44794AB6C62E5365AC3CB86DC9FBF185E2F2A1EFE4697C8401C9AF7A0E7D1CDE026AEC277CBE26029AA20E6E2DEDAFCCA6311ECCCB6EADDFDF076B1434C4C30F272AB35B8AA2D353C8CA194FCC5B08FFCA72209957B103328003FECC84474B82736EFCD86AB8395CE4EBF715F0E9232CB7199DC2F3B5B73ED1E4FF0A5610AFAD5337A6340A40716CE8ED2EFBB8A26794972F3F38CAE491B0244DA1A5A94CE0F66147A7B7B8942E460BB1D48CFCC32AEA13BE18A0913C669976C1A0695C3934F3F7B4A70B313725BB16ACD1A2CFB6A39DCDD5C512B12BD57644FF489328C4D4AB09BF784F163B4C2E0580F59D93978F99557751CD2D34137E69F6FBEA5031B53FEFFD13169FC58706A0682D7F7AF37DE4262D29953AD3945E3ABAFBDAEC4C967EF24CF60A2DC979371D51597EA044F2495E2A2623CF5CCF3670D6C1E3A74186FBCF39EDE5F1E8FCF72F6AC99C6B567C6A1F529B083B855627BECDF151875E6F4F133217C903F9A1B9B6126EF6C517DD73243F56D64C0E4FAC7A78B4F648EF0817E08EDE32335B4853695AA918A66679E013B9115E757232852E41B7D211AB9487C4E6F10DAC70B2744BE33804AA353A3979F6A8CD4FC84F049B3B822A3C5A0483A3BD7246AEE3B41C3D7FD68C4F283718AD2C21A21AE2A9415F1B31A25F2C9EF4AE5B3443F6BF5772EE525F528CAAFC23B6FEEC482BF8ED3B66A553902BA4BC9FBF270684D126EBB7524B2732B35DF42E76311E3523747889165E6B93938F1005107FD7B7963F9FA2444043AA3A8B45ED58521B80B384AB90F1C2FC49E6385B8E2A2489D74A95ECE49CE614D7AF3BCBEF076BFB069120906BDF272F3953438C176787898F62BE90A6CC42003FCFDF4771DA13C2DED94CE6BD72DBC5A0CDC4A0983C3E9D3F5B8FFA147F0F5B72B703C3E5E0D63EFFE0378FCA9A7F0C69BEFE8C3A06A69696952D7E774CC9E3153550E87C82361ED97DAF69E071EC4A79F7FAE83F3EE93637DB362251E78F8117CBB6215382CDF1F59657482031B0DECDF4FE3191C60989D0639C114A73B88157785F795E9DE1F7CF4311E7BF269255E2A810A515A13268CD75EC72763EEEC590811C541F562B8EF7BF0E0238F61FD864DEA4272F024BA776FBFF73E9E78F6397068463E738EC171F97C4E2179EE2107F7AF4A82BDB85574339C3DEC11D4BBEB534486F6F796774D14BBBCB876B042E2DEF377B0FC31BAC2D60E670F3B1CDF9D89DB5E9C85C29C4A94FE7D3B9C7D1CC0742B1AA08D9D15920E6461D0A4089C607F0A21010ED9B7F0FF26E1CBBF6F3510006B7F1ABE18A1928DC18AF41C4CD5EED9DF1F638434BE7E772F8AC54D7072B553A3A5356A70553E2BCBEA3145DC20E66F68CC408EA5E6AF0C64000FCB2011D54E87B8C83C678B7824765206067AC65CDE073BBE4A80935C135D2C96FFAB9777E3852DD763EEDC286CD8948298618158B5EE84A6BE931B9BDBDAB483D99431A1DA0D7FE58624396E07FACB43D8B23F476A7C294A1B0D89E733D1795FD3B22B7440E22BA6F7C2AA2DA93A695249533D9E7E771F5EB96FAC3C90930ADD05B069939319A9DF2FF017A5D155D0B50C0D09C6D6ED3BF4A54B4FCB503F9A815282B4F8CA0BCFE3C147FFAA64C2F12FCB4ACBF0DEFB1FEAF36259194761F77BC31C22ADA8961AF1BA85D760C8A0817A8C93C111B6FFF6D2F39877D9023508D68E35D5D558F2F952AD25F97C34A02C04E6E6EAA25DF6CDF89D5C1B9FD71F1574B9FFFAC843B8EA9AEB9408D8E4CD7773E9B2AFF0E5D265EAAE711C535E1B49850BA7B21C36648890EBCF4750E7F11E79E87E3CF0D05F75A63706ADE982BEFCEA6B4AA40C74733065B531516D266295548423860DC5CD37FDC97894B32337A9545C130B6DB0F00CB1D5F86257D163901FAC39F1BA54FED61652117E9F845EC3CFDC9BBA13A71CFD4F8F4F4573430B5EFFCB4A78FA3A63E845BDE013E40A8EE8C52EF17CA94A447D70EED4E09E5EDA8E1C18E6AE69E295A575F2B21903A07293A828749C42F993B33355091188A7838B6FE4E8CE2658FAC64E4D19570B145E2068884C170FEAE18E9BEE1B8F11E3C231606810068E08C26059060DE7673006CA2753CA675ED2176326C93603033072540F8C1DD703FDFAF9A9AB70FB5B73B4F5847116C256DC8A235B5370786D326EBE79848E72CE4994B4CBBD180C035896F2325C3CAD9794B705AB44F2F1A58F08729732B523471416F98B1DE9D83242854270C0E2CAAA267CFC5D3CC60D0D44BF084F6DBD49CFA9405ED1858FCE94949CA44A802F2967E3EA9CE3A4AB080A0C82995C07F7E7485E1C9CF664F4E9D31BAFFFE35584F508155553A1D7C8DACFD1D15E89C2C9C949FD71CE2BCA87F7D003F76BAFCCB381FD24967EFE29060E1820954283BE139DC7E1EC641CF897E0E0C4ECC2EFE9E1AE711212C8E92D092C73E7A227EF0AE4F1F1BD3979E90A0CDB1A9A1ECF94ADCB9C9CCF3EF950E31B3A676D63A31A3B1515631D8E0E8E62F076DAE18CD73C67F64CEDC17A36848785E395979E5352E7B8AF8493B383D894A912B5AD9D0D1CE4BE3536362801733472CE4B73BE314F8B332B509455295E82A9A64D746552E793C1F003E743610308BB7F7465CCD09F4DCB386862381C9C6DF08F3BBF86BDB32D82C5151934210279A925282FAE5557860F2A6C801FE2F76469A6684176B9CE2A4D52A1BB4217A2471F6FF41B1D8AFD9B9231784218068D0B130272C1BC453158F6F62E1CDB9BA9FDFE69B0ACE6492F7C88ECE13AF38A81E83B2C08775CF2117E5811872DDF27602397EF8ECB673C36AC3A8ECD3F9C407A4A99B82CB53828C77AEDF94D58BFE604D6CAFA43077230636EB4DED0E403F986D4747939A84AD20E17E0F2FB462129B51469E9A5F2825B2135BD0C2EE25E5C3CB3378E9D28466C62B1BC14E27F0A11DE75C3507CB93A0135F52DB85AD65F33BBB7908B09F61D37B44C903BF89ED637B6E28410D188BEDEE2AAD8E9C03DECE41626AECD8560DD0F1B919C9CA24AC1D9C901D75C75E505497A1AC096AD3BB409942ACD4B8C748048ED934163E6140116E616C8CDCB4392B825242AB68270F46B1B2B6B796927E1969B6ED0C980CE07D6B49CFC2730D05F95526A4AAA48EE2254881F5F2D06E2EDEDA3D348DEBAE8464D3ACBCACE52A3F4F5F5C6A489138C4701FEF1FA9BE2F636699F9B98E1237406F5F38123757FFEE5328DA5D0B59B3C792202859CCE07B66230598E6AAA54D4D69FAE5DA83187934125312A66A4AABD4271218E27C4A3DA38323B9545AD10EB6859BF48D4C0FC8BE71AF73A3BD84C1D337284E6D1C4279CD0B14FD8558144C1C1798AA51C51BD7A61D10D7FC282CBE7FF184C3D17328F1763C34747947C2A6A6B70E3F353E1117061EF5C567C1112F7E4AA1B4F5BE488FFD6C6B001F9FBF469194D84D5CF48E9B1DBD2F0F7BB966BFF11F6629D76ED10ED0D7760638ACE123FE1D2FED8B3F604068D0FC3AEB589689603D2FE59F871F3A371D363D35057D3888DCB8E222DBE0015A5F578E0F58BB5167FE8AA4F74EA0253710118EE603095E383729E14B61DBFB5F2267CF9F61E2C7D6F9761A01D3930678FD7CA87AA5DC8852D142DB2C8AF888CF2C5485119BB7666205B082025A5046F2CBE12FE2EB67868CA6234D5B66A6A2D512DE57870C9A570EAE781D7FFB90BFF77FF387CF5ED71F8FAD863F5C65454D43408C958EAA85FE346896F6AD681551BD3A4E6B4C6BA0F2F37C478044FBCB90719F99CEF94B107B906294B93288C1AD96FECA00084073AC1CED60A13879EFF053E19372CBA0545620094F7C3870FC5630F3D685CD375DC7EE73D2A7FD93B3632A227FEF1B7178D6BCE8C86FA46A4A4A7A901F9FAF8C0DB537C62C365FE22B0E6A4EA68E96885A39D83925EA702E8541252BF6B4571322132E8C7BFB9DEE0C29CBF10DC873912DC962D602ECE2E6A94E7836116F932254E96F7E4796ACF06AA8DDCFC7C550A6CAD62D099FBFF52F058B1B171AA5438E136E780E5B4141782556FECC5470F6F04C7E26516F6E2CCFBE0EED7B569173A11B72D1D778D7B073E5E2E6A6B8F7D770522871B72729896704BD46B2A0A9841FAC0A7F34F754F4E46FFB13DF0F69EBBB1E899E9DA99EDBD27D662DB37C7102E0A234A5440A330CF9839D1422AF57072B5C1D46B8660D153D3F0ECD26B953008469EE3F766A9B1370A8130857C87D4DA745538A319BF37280C060B20C4528B990B06A97FC5161AAA1AB22D0740E55817ECD7C10995D89AC098839DF87136E2129D905AFF9DD7B68BEF698911A26EA832D67E2F4410E18E81E2BE90213BC1710656BF770091216EF8DBCBD31112EC8207EE198D5DFBB2919EC597C84C034A541A21FE8E58BF3503D1911E1831D00FA5E2A6119C28DADCC204413E8EF0F37480AF879D2C0E08F37746FF9E9EC82BAE4190AF1396AE4D425965D7679267F43B39254D836A7C910644471BD75C18428383757F4EE0CC0C440654CF051B5B6BF4955A9DC13F2671FD1AC22068F0F6E296B8383AFFCCF855F19144847C4F5750868184E4F9CA33EF0A6110DC8706C719D3BC3C3CBB441804EF8DAF2820EED715C220E89670C0A3C103076A00F8D71006E1EFEB8B99D3A762DEC5737494F90B250C2223AE5087C264BF91F021BEDA747AA17074B38713BB2C48E5D7D2D4725E17E59CBA973D5D99F4F5D4B2EBF1D28A1B31EBC661FAA07B0F0DC645570DC2FCDB6370F1AD3178EEABEB71ED4313B50B7D70AF9F1E80A38B9DF84966F861E9617171C2A550EDD8FC350796F9A9E661B32C0BC1D803DD8839A268BEFE600F7233C475B0B712792BFE3D7D8076D624861A9D39186CC9A9AD6D1235D3A4DFB393D8813D9938202495256EC7A25B47E9F1E7FFDF281D4A908C4930269172300F8736A4C0CEE6A71B3C636A4FCC99162935A3A5D4D0ED080970D159E22F9F1585406F27A46654E0FE97B6E0B3550978EBCB58AC1676DE7E384F3BA9ED389287DD4773B12B2E1FFB8F152036A90471C9A5F2029B8ADBD2B50C4022252D55DC0AC358911C6BB577EFDEFAFB85222666B8DC9B7A35BEA2C2229414772DD3AF1BFF59A8AF6E425E5299E645913442FB79E37CB3C09F092E5E7608EAE5A1EF1C6D2B33FEDC93629D93343AE1EC6E873E234230FBA691B8ED85999875C3308408397034E390DE3EB0170571368C9D172D4AC416972C1A81551F1F405672B148294B250B064059E3B4494DC85C8F85F71A92872A8A6A1110EA2A6ECA0D98BB70B02A0506CD982549C5C13960FB0E0EC00431F28BE6F4C1745966CDED8B05B2ED1C21AE71137B225B4887F00B77C7E8CB7A8B7433D4F89C82817D58963D6798BFB3BAB6116BD625E1D57FEE444E5E35268FEFA1C1D01993C2E0266A67BD90C3CE83D9AA2EB265FDD6FDD93A0607550E7BB072FE562E36425A9CA18D04E6CF56A89452F878DAC2435CA4AE62CBB6ADDAA24137C1D3D3FD825A4E4EC6B061C3447E372AC153B227249E3F5BB31BFF7928C9AD448E9006BB68507987F6BFB0CCE34EB0853128DA5BFB74B11B46C69142B1B9B3770BE81269FC1A440D0EC45D2FCFD63E221F3EB74147F832382572724E712656C65EB67E212E9879C560BCFDEC7A24C6E662F69583E1244AE5BABBC6E2D29B8663F61503B140486BFAFCFE8888F2D666BCA2FC6A51156548901A7EFB96547CF3E511BCFFE60E7C2A4AE5D9277EC0F2A547B41975C123E361290A824C4AD0F5D9BF2B055922ED92D2CA5052560B1B295F5656053E5A7204ABD69F406D5D0BD66E4943430365BE19D88A65239F1C48884153114BAA9C7E822172CF5884AFA73D0AC4D5AAAC6ED6D695AE62F79E7D7A5F2AABAA743E13ED2FF20B400DC77E22F4BD793C1EB71BFF7D284CAB40B6284956AA8CED0544BA19D75C3882A23C34219236727C5B262A0A8CC96752B973C8090ED5590F4E37D9F6F3D693DF1A4C180B0CF7C0AAC5FB10BB3313B6F686082DC9828954FCC75EA093850CFA8F0846FCFE1CF885BA232CCA47833BE525B5F8E2AD5DD8BF231DC70E6423510822536AF182BC4A9496D4E9D48DB5E2A270B83F364F31026C6B6FA9C65227EE4B4E76A52A92C2D47224EDCF85B5A8232D57BB39D28F16E0DA07C7A1548EC1418539DD818383B5BA27CC300D0A70425246A5AA9B0E792A2C76A3105C9F080FA4E6541A5C7FFAE77A44DEDF0E6D8E1D35C05FE74519D1D71723BBC8FE6D6DAD484E4D838F97B712C6C8E1C3D1BB57A471ED85A34194065B0342434234159D6DFEDDF8EF425662319A4A9B7552E7F0813E187559F42F724F08CEED5A5DDA28C4E3AE794E232FE90D07171B55AAD90986A131BCBC5D307466CFB3B79EFC96600EC7D3377C89A2DC0A5508AA6F8430A83728E739C8CE927DF760DBEA04BCF9F85A38893B34EB1A511AE2D65455D463D907FBB4B9D4D482E6C95610A9E1A5AA67C169E034544B210BED15C86F59E38B298F9ED0035B36A6E0ED8FAE40656A251E9EF6B1F67F610B0F150107567D76ED4258063961F386147CF1F55138898A68956344F5F602F3483834E0816385B0B7B7469B1CB55DC863E2C820EC3C92A70462222E49A75C63E7B6405F7B784AB9B71DCAC3E72F4C47B04FD726FCE56360993A633DA707092F143C5EE7A3E527038CDDF8EFC28F3D95B5F2950F63CBDE2F058F6750CBF2BEC87BDD093D0FDF4B798FD838F1EBDECC2E62C3B223C8482CD20B6312155501A3B42DCDED282FAAC1C5370CD3C140367E15ABBE59CCE49E58BFFC285EBC6F05F66E4EC5A8493DC5CFE70D22D1C885D1A0C41E1807F1F275C4CC79FDF5780C9872E6341A092F8C199BCC5578E78DDDE8393200E31744A34AD409E516C7FE681417E4A3BF6E42A89F13A2FA78C2C3C3FEC7D1C639F6C6A61D19888AF094DADF5EDBD3CDE4A88C379495D523C0DB41632C1A9B11F0A3555899FD55E2D3CA71FDECA82E1306C18745C32659FC5AC22078BCCE637513C67F27D480B90859FC5AC220782C1EE764C2203ACFC14FFD5B7FFE8EA8A96CC09EB509DA2C6BEB680D3B59989D692B6E000730F60974C1823B4661EBCAE3B0B435C7DC1B86EBD080A585B5F0F67541765A29EC1DADE0EA61A7FE166F0D0DB4AABC1E4E2EB678F0B999B86AD17078783A68162A099142C44248884DB7BC4066BBB1DFC8C5F7C6207CB02F027A792030CA1311F23BB35D930FE461C4902084063133AECD7002F9EF2EF26CC50F27306A70A02A9D36F9C76629E663B0795789DEB0A91295159B6B65F71E4242375CFCCB9A4BBBD18D3F3A7E77F784929B4921741FD4BA3A21C6CD7C0B0ECBC7AEB90B635E5337E5E9C557E2E8DE4C6C59755C13B8B80BE310532F1D80CFDFDA21BF5B81B3BF47447BE3FE6767C237C030ACFFD60D27F0FCC3E2DAE808CCA67076B3D51696B5ABE2316E5284C6396EBF734CA785EB3E945D9462ECF64F6CDF9581C79ED90807676B0C88F6436A56B9E6668C1E1E846A295BACA8252689798BF288E8E18EF5BB3285F82C741EDB7A59EFED618BD9637BE09249E1BF685CD06E74E33F01BF7B20943299C119B69E309ED0B950E6337FE3C4913C6C13C33EBA3B13B73C3E056F3FB55E8D7AFCAC28241CCE57E5C04E710D421481E19EA8AE6EC00DF78EC3ED8F4CD164B14E048B11B3D973F7D634915880978F231C9DAC909F5785BEFDFCF0DD8A63484F2FC3F163F9D8BD371B3BC4E05DDD6DB176433212840CBE5F93A0EE0C07182E29AD87AFAF834E1ACDF94C720B6B103324007945B53A7646496523268F0CC6A1F822ED6CC48C42073B2BDC77ED604C1F15AA64D88D6EFCB7E277278DB38135B6A3932DAA2B840C22DC5122C6DD50D7826431EAC2EC0A9D2680533CC6EEC9D06DD971EEF2452330EB8A811830FCCC3347F51672A03F76787F964EB844C5502C6E4E5884078EC515A020B74A08A204A9C9C538129BAF81CED8238699F2BF5F73029C152D44CE939E5E0E5F219DDAFA66B0031D83ADB50DAD1831D81FC7924A8448DA1133D01F87138AC0FE369CCB756A4C302E9D72619D85BAD18DFF44FC5B5A4FBA024E0F59905589F88359A8969A9CB3D68F9C14090F76CDB7B280A30BBB10772DA0979D518655DFC4A9CAA0C2E1644699A2323A5B6E74DC53B96C27671B8C1063DF2BCA63842887152BE371E55503F0E55771888EF64171591D0AC5B5E25CB0354228532786EBDF7B8FE663DCC8203470DE9494523409A9DCB37030E6895BD28D6EFCB7E30F431ABF0798F895975B89679F58077B7191D84D8AF1070D6C88BAE04CF0D3A6478AEA2880BBB82A2666667070B0425E418DBA50B50DCDC82FAED5EEC36DE22771E0A0CBE74663A5B834754D2DB8E692BE78E38B23B011B7E6A367A722F0025A4BBAD18DFF54FC573BDF41A16EDA52C33142080EA843BED01616015B44E2138A316448000E1ECE852B9359841882039D35B5DD446E0F9B54C9AB1C5E902D27FB8FE422667080E668B03F0B6769EB27EE55376174E37F05FFF511BBFE03FCD1B3B70FAAAA0C23940B0B0871086BC887B9A50952928AB5F9D4CFD719078438CCCCCDD0BB1747A366A28B6104746D02975F2C2C4C90262E948D85B99084233272AA7454F3FBAF3BFF9813DDE8C67F0BFE27C2FCCFFE6D16BC4509D45437EB781E1C48954DC166F28FB922DFAD3A8EB9B3A390935581FCC22A9DCB64D8C0001D7884DD63D4ADE9304C914802D9B8271DE3449D5454D5E38DC726C3CFFBC2C62FE84637FE93F15F1DD338194585D5D8BB2B13E9E9A548882FD2690C6AEB5B60EF60ADAEC6C409E1422C0E183A2C10FEBE4E282CAEC57D0FAF41AD900CBBECB3058789951DF283718E6103FDF1C89F4769E7B46E74E37F09FF33A4D1095E6E4D75132ACAEB70F46801F6EFCF425A6639FCFC9DF1E273D3D53D216A6A9B448124205BC885638032C9ABACAA11CD6D1D183AC00F57CF8B4678B0AB6EDB8D6EFCEF00F87F9ED91B4B4AFAE0D90000000049454E44AE426082 WHERE `app_id`='11' and `app_name` = 'LF Acumos Marketplace';
-
-
-
Insert into fn_user_role (USER_ID,ROLE_ID,PRIORITY,APP_ID) values (1,999,null,12);
-INSERT IGNORE INTO `fn_pers_user_app_sel` (`id`,`user_id`,`app_id`,`status_cd`) VALUES (11,1,11,'S');
INSERT IGNORE INTO `fn_pers_user_app_sel` (`id`,`user_id`,`app_id`,`status_cd`) VALUES (12,1,12,'S');
commit;
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
- {{- if .Values.persistence.enabled }}
- name: mariadb-data
+ {{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}
{{- else }}
soMonitoringPort: "30224"
# application's front end hostname. Must be resolvable on the client side environment
soMonitoringHostName: "so-monitoring"
- ricdashboardPort: 30080
- ricdashboardHostName: 192.168.130.61
-
+
+ # Ingress URL assigned to RIC dashboard. This has to agree with the ingress URL defined in the common template
+ ricdashboardPort: "32443"
+ ricdashboardProtocol: "https"
+ ricdashboardHostName: "dashboard-entry"
# default number of instances
replicaCount: 1
enabled: true
readiness:
- initialDelaySeconds: 450
+ initialDelaySeconds: 30
periodSeconds: 10
## Persist data to a persitent volume
persistence:
- enabled: true
+ enabled: false
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
size: 2Gi
mountPath: /dockerdata-nfs
mountSubPath: portal/mariadb/data
+ storageClass: "manual"
+
service:
type: ClusterIP
+++ /dev/null
-apiVersion: v1
-description: Portal software development kit
-name: portal-sdk
-version: 5.0.0
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# login settings
-login_method_backdoor = backdoor
-login_method_attribute_name = login_method
-
-# These properties will be removed after SingleSignOnController is cleaned
-authentication_mechanism = BOTH
-login_method_csp = csp
-login_method_web_junction = web_junction
-
-#login message
-login.error.hrid.empty = Login failed, please contact system administrator.
-login.error.hrid.not-found = User not found, please contact system administrator.
-login.error.user.inactive = Account is disabled, please contact system administrator.
-
-# User Session settings
-user_attribute_name = user
-roles_attribute_name = roles
-role_function_list = role_function_list
-role_functions_attribute_name = role_functions
-
-# Import-user LDAP settings
-post_initial_context_factory = com.sun.jndi.ldap.LdapCtxFactory
-post_provider_url = ldap://ldap.mycompany.com:389
-post_security_principal = ou=people,o=mycompany,c=us
-post_max_result_size = 499
-
-# menu settings
-menu_query_name = menuData
-application_menu_set_name = APP
-application_menu_attribute_name = applicationMenuData
-business_direct_menu_set_name = BD
-business_direct_menu_attribute_name = businessDirectMenuData
-
-# Role settings
-sys_admin_role_id = 1
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>\r
-<!--\r
- ============LICENSE_START==========================================\r
- ONAP Portal SDK\r
- ===================================================================\r
- Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- Modifications Copyright © 2018 Amdocs, Bell Canada\r
-\r
- ===================================================================\r
-\r
- Unless otherwise specified, all software contained herein is licensed\r
- under the Apache License, Version 2.0 (the “License”);\r
- you may not use this software except in compliance with the License.\r
- You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
-\r
- Unless otherwise specified, all documentation contained herein is licensed\r
- under the Creative Commons License, Attribution 4.0 Intl. (the “License”);\r
- you may not use this documentation except in compliance with the License.\r
- You may obtain a copy of the License at\r
-\r
- https://creativecommons.org/licenses/by/4.0/\r
-\r
- Unless required by applicable law or agreed to in writing, documentation\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
-\r
- ============LICENSE_END============================================\r
-\r
- -->\r
-<configuration scan="true" scanPeriod="3 seconds" debug="true">\r
- <!--<jmxConfigurator /> -->\r
- <!-- specify the component name -->\r
- <property name="componentName" value="onapsdk"></property>\r
- <!-- specify the base path of the log directory -->\r
- <property name="logDirPrefix" value="/var/log/onap"></property>\r
- <!-- The directories where logs are written -->\r
- <property name="logDirectory" value="${logDirPrefix}/${componentName}" />\r
- <!-- Can easily relocate debug logs by modifying this path. -->\r
- <property name="debugLogDirectory" value="${logDirPrefix}/${componentName}" />\r
- <!-- log file names -->\r
- <property name="generalLogName" value="application" />\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <!--\r
- These loggers are not used in code (yet).\r
- <property name="securityLogName" value="security" /><property name="policyLogName" value="policy" /><property name="performanceLogName" value="performance" /><property name="serverLogName" value="server" />\r
- -->\r
- <!-- 1610 Logging Fields Format Revisions -->\r
- <property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
- <property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
- <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
- <property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
- <!-- use %class so library logging calls yield their class name -->\r
- <property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />\r
- <!-- Example evaluator filter applied against console appender -->\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <pattern>${defaultLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- ============================================================================ -->\r
- <!-- EELF Appenders -->\r
- <!-- ============================================================================ -->\r
- <!-- The EELFAppender is used to record events to the general application\r
- log -->\r
- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${generalLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>\r
- <!-- keep 30 days' worth of history capped at 3GB total size -->\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>3GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${applicationLoggerPattern}</pattern>\r
- </encoder>\r
- <filter class="org.onap.portalapp.util.CustomLoggingFilter" />\r
- </appender>\r
- <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <!-- Class name is part of caller data -->\r
- <includeCallerData>true</includeCallerData>\r
- <appender-ref ref="EELF" />\r
- </appender>\r
- <!-- EELF Security Appender. This appender is used to record security events\r
- to the security log file. Security events are separate from other loggers\r
- in EELF so that security log records can be captured and managed in a secure\r
- way separate from the other logs. This appender is set to never discard any\r
- events. -->\r
- <!--\r
- <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender"><file>${logDirectory}/${securityLogName}.log</file><rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"><fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip\r
- </fileNamePattern><minIndex>1</minIndex><maxIndex>9</maxIndex></rollingPolicy><triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"><maxFileSize>5MB</maxFileSize></triggeringPolicy><encoder><pattern>${defaultPattern}</pattern></encoder></appender><appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender"><queueSize>256</queueSize><discardingThreshold>0</discardingThreshold><appender-ref ref="EELFSecurity" /></appender>\r
- -->\r
- <!-- EELF Performance Appender. This appender is used to record performance\r
- records. -->\r
- <!--\r
- <appender name="EELFPerformance" class="ch.qos.logback.core.rolling.RollingFileAppender"><file>${logDirectory}/${performanceLogName}.log</file><rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"><fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip\r
- </fileNamePattern><minIndex>1</minIndex><maxIndex>9</maxIndex></rollingPolicy><triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"><maxFileSize>5MB</maxFileSize></triggeringPolicy><encoder><outputPatternAsHeader>true</outputPatternAsHeader><pattern>${defaultPattern}</pattern></encoder></appender><appender name="asyncEELFPerformance" class="ch.qos.logback.classic.AsyncAppender"><queueSize>256</queueSize><appender-ref ref="EELFPerformance" /></appender>\r
- -->\r
- <!-- EELF Server Appender. This appender is used to record Server related\r
- logging events. The Server logger and appender are specializations of the\r
- EELF application root logger and appender. This can be used to segregate Server\r
- events from other components, or it can be eliminated to record these events\r
- as part of the application root log. -->\r
- <!--\r
- <appender name="EELFServer" class="ch.qos.logback.core.rolling.RollingFileAppender"><file>${logDirectory}/${serverLogName}.log</file><rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"><fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip\r
- </fileNamePattern><minIndex>1</minIndex><maxIndex>9</maxIndex></rollingPolicy><triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"><maxFileSize>5MB</maxFileSize></triggeringPolicy><encoder><pattern>${defaultPattern}</pattern></encoder></appender><appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender"><queueSize>256</queueSize><appender-ref ref="EELFServer" /></appender>\r
- -->\r
- <!-- EELF Policy Appender. This appender is used to record Policy engine\r
- related logging events. The Policy logger and appender are specializations\r
- of the EELF application root logger and appender. This can be used to segregate\r
- Policy engine events from other components, or it can be eliminated to record\r
- these events as part of the application root log. -->\r
- <!--\r
- <appender name="EELFPolicy" class="ch.qos.logback.core.rolling.RollingFileAppender"><file>${logDirectory}/${policyLogName}.log</file><rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"><fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip\r
- </fileNamePattern><minIndex>1</minIndex><maxIndex>9</maxIndex></rollingPolicy><triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"><maxFileSize>5MB</maxFileSize></triggeringPolicy><encoder><pattern>${defaultPattern}</pattern></encoder></appender><appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender"><queueSize>256</queueSize><appender-ref ref="EELFPolicy" /></appender>\r
- -->\r
- <!-- EELF Audit Appender. This appender is used to record audit engine\r
- related logging events. The audit logger and appender are specializations\r
- of the EELF application root logger and appender. This can be used to segregate\r
- Policy engine events from other components, or it can be eliminated to record\r
- these events as part of the application root log. -->\r
- <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>\r
- <!-- keep 30 days' worth of history capped at 3GB total size -->\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>3GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${auditLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFAudit" />\r
- </appender>\r
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${metricsLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>\r
- <!-- keep 30 days' worth of history capped at 3GB total size -->\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>3GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${metricsLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFMetrics"/>\r
- </appender>\r
- <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>\r
- <!-- keep 30 days' worth of history capped at 3GB total size -->\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>3GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${errorLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFError"/>\r
- </appender>\r
- <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${debugLogDirectory}/${debugLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>\r
- <!-- keep 30 days' worth of history capped at 3GB total size -->\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>3GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${defaultLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFDebug" />\r
- </appender>\r
- <logger name="org.onap.eelf" level="info" additivity="false">\r
- <appender-ref ref="asyncEELF" />\r
- </logger>\r
- <logger name="org.onap.eelf.audit" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFAudit" />\r
- </logger>\r
- <logger name="org.onap.eelf.debug" level="debug" additivity="false">\r
- <appender-ref ref="asyncEELFDebug" />\r
- </logger>\r
- <logger name="org.onap.eelf.error" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFError" />\r
- </logger>\r
- <logger name="org.onap.eelf.metrics" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFMetrics" />\r
- </logger>\r
- <root level="DEBUG">\r
- <appender-ref ref="asyncEELF" />\r
- </root>\r
-</configuration>\r
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-music.version = v2
-music.keyspace = keyspaces
-music.session.keyspace = portalsdk
-music.tables = tables
-music.session.attr.tables = spring_session_attributes
-music.session.meta.tables = spring_session
-music.consistency.info = type
-music.consistency.info.value = eventual
-music.cache = false
-music.session.max.inactive.interval.seconds = 1800
-music.serialize.compress = true
-
-#By default it's eventual
-music.atomic.get = false
-music.atomic.put = true
-
-cassandra.host={{.Values.cassandra.service.name}}
-zookeeper.host={{.Values.zookeeper.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Properties read by ECOMP Framework library, ecompFW.jar
-
-##########################################################################
-# The following properties should NOT be changed by partner applications.
-##########################################################################
-
-portal.api.prefix = /api
-max.idle.time = 5
-user.attribute.name = user_attribute
-
-#Use REST API instead of UEB to fetch the functional menu data
-use_rest_for_functional_menu=true
-
-##########################################################################
-# The following properties MUST be changed by partner applications.
-##########################################################################
-
-# Name of java class that implements the OnBoardingApiService interface.
-# epsdk 1.3 uses org.onap prefix
-portal.api.impl.class = org.onap.portalapp.service.OnBoardingApiServiceImpl
-
-# CSP Global Log On for single sign on
-ecomp_redirect_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/login.htm
-
-# URL of the ECOMP Portal REST API
-
-ecomp_rest_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/auxapi
-
-# Applications do not need to run a UEB listener in 1610.
-ueb_listeners_enable = false
-
-# UEB Configuration
-ueb_url_list = message-router
-# ECOMP Portal listens on this UEB topic
-ecomp_portal_inbox_name = ECOMP-PORTAL-INBOX
-# Replace these 3 default values with the ones for your specific App,
-# as shown on the on-boarding page on the ECOMP Portal web application.
-ueb_app_key = jQd4a9zVNi4ePyBp
-ueb_app_secret = P0HpqEBhKJvxjRYdw2sCTUll
-ueb_app_mailbox_name = ECOMP-PORTAL-OUTBOX-APP1
-# Consumer group name for UEB topic.
-# Use the special tag '{UUID}' to generate a unique one for each sdk-app server.
-ueb_app_consumer_group_name = {UUID}
-
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Properties read by ECOMP Core library, ecompSDK-core.jar
-
-##########################################################################
-# The following properties should NOT be changed by partner applications.
-##########################################################################
-
-application_user_id = 30000
-post_default_role_id = 16
-clustered = true
-
-#Enable Fusion Mobile capabilities for the application
-mobile_enable = false
-
-# Cache config file is needed on the classpath
-cache_config_file_path = /WEB-INF/classes/cache.ccf
-cache_switch = 199
-cache_load_on_startup = false
-
-user_name = fullName
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
-
-##########################################################################
-# The following properties MAY require changes by partner applications.
-##########################################################################
-
-db.driver = org.mariadb.jdbc.Driver
-db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk
-db.userName = root
-db.password = Aa123456
-db.min_pool_size = 5
-db.max_pool_size = 10
-hb.dialect = org.hibernate.dialect.MySQLDialect
-# SQL statements are logged to stdout
-hb.show_sql = true
-hb.idle_connection_test_period = 3600
-
-app_display_name = Demo App
-files_path = /tmp
-
-#element map files
-element_map_file_path = /tmp
-element_map_icon_path = app/fusionapp/icons/
-
-#Cron Schedules
-log_cron = 0 0/1 * * * ?;
-mylogins_feed_cron = 0 0/60 * * * ?;
-#sessiontimeout_feed_cron = 0 * * * * ? *
-my_login_feed_output_dir = /tmp/MyLogins
-
-# Link shown in Help menu
-contact_us_link = https://todo_contact_us_link.com
-
-# An Unique 128-bit value defined to identify a specific version
-# of an application deployed on a specific virtual machine.
-# This value must be generated and updated by the application
-# which is using the ECOMP SDK at the time of its deployment.
-# Online Unique UUID generator - https://www.uuidgenerator.net/
-instance_uuid=8da691c9-987d-43ed-a358-00ac2f35685d
-
-# R Cloud feature - configure this property to enable notebook feature - for more details on RCloud please visit https://rcloud.social/index.html
-guard_notebook_url=
-
-#authenticate user server
-#TODO: what is this URL supposed to be pointing to? Nothing in portal opens 8383
-authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-connect-server-webapp/allUsers
-
-#cookie domain
-cookie_domain = onap.org
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onapportalsdk
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - "portal-db"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /start-apache-tomcat.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/fusion/conf/fusion.properties"
- subPath: fusion.properties
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/conf/system.properties"
- subPath: system.properties
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties"
- subPath: portal.properties
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties"
- subPath: music.properties
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/logback.xml"
- subPath: logback.xml
- - name: portal-tomcat-logs
- mountPath: "{{ .Values.global.env.tomcatDir }}/logs"
- - name: var-log-onap
- mountPath: /var/log/onap
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- - name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - name: portal-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: var-log-onap
- mountPath: /var/log/onap
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: properties-onapportalsdk
- configMap:
- name: {{ include "common.fullname" . }}-onapportalsdk
- defaultMode: 0755
- - name: filebeat-conf
- configMap:
- name: portal-filebeat
- - name: var-log-onap
- emptyDir: {}
- - name: portal-data-filebeat
- emptyDir: {}
- - name: portal-tomcat-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- env:
- tomcatDir: "/opt/apache-tomcat-8.0.37"
- # portal frontend port
- portalPort: "8989"
- portalFEPort: "30225"
- # application's front end hostname. Must be resolvable on the client side environment
- portalHostName: "portal.api.simpledemo.onap.org"
- keystoreFile: "keystoreONAPPortal.p12"
- truststoreFile: "truststoreONAPall.jks"
- keypass: ",@{9!OOv%HO@#c+0Z}axu!xV"
- trustpass: "changeit"
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/portal-sdk:2.5.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: portal-sdk
- portName: portal-sdk
- internalPort: 8080
- externalPort: 8080
- nodePort: 12
-
-mariadb:
- service:
- name: portal-db
-widget:
- service:
- name: portal-widget
-cassandra:
- service:
- name: portal-cassandra
- config:
- cassandraUsername: root
- cassandraPassword: Aa123456
-zookeeper:
- service:
- name: portal-zookeeper
-messageRouter:
- service:
- name: message-router
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 4
- memory: 10Gi
- requests:
- cpu: 2
- memory: 5Gi
- large:
- limits:
- cpu: 8
- memory: 20Gi
- requests:
- cpu: 4
- memory: 10Gi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-apiVersion: v1
-description: Portal widgets micro service application
-name: portal-widget
-version: 5.0.0
+++ /dev/null
-## General App Properties\r
-server.contextPath=/widget\r
-server.port=8082\r
-spring.http.multipart.max-file-size=128MB\r
-spring.http.multipart.max-request-size=128MB\r
-microservice.widget.location=/tmp\r
-\r
-## App DB Properties\r
-spring.datasource.url=jdbc:mysql://portal-db:3306/portal\r
-spring.datasource.username=root\r
-spring.datasource.password=Aa123456\r
-spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect\r
-spring.database.driver.classname=org.mariadb.jdbc.Driver\r
-spring.jpa.show-sql=false\r
-spring.jpa.properties.hibernate.format_sql=false\r
-\r
-## Basic Authentication Properties\r
-security.user.name=widget_user\r
-security.user.password=ENC(IjywcRnI9+nuVEh9+OFFiRWAjBT1n718)\r
-\r
-initialization.default.widgets=true\r
-initialization.widgetData.url=http://portal-app:{{.Values.global.portalPort}}/ONAPPORTAL/commonWidgets\r
-\r
-## Account Basic Authentication Properties\r
-account.user.name=portal\r
-account.user.password=6APqvG4AU2rfLgCvMdySwQ==\r
-\r
-## Certificate Properties\r
-#server.ssl.key-store=classpath:widget-keystore.p12\r
-#server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8)\r
-#server.ssl.keyStoreType=PKCS12\r
-#server.ssl.keyAlias=widget-microservice\r
-\r
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-jasypt:
- encryptor:
- password: EncryptionKey
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onapwidgetms
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPWIDGETMS/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - "portal-db"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /start-wms.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: properties-onapwidgetms
- mountPath: "/application.properties"
- subPath: application.properties
- - name: properties-onapwidgetms
- mountPath: "/application.yml"
- subPath: application.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: properties-onapwidgetms
- configMap:
- name: {{ include "common.fullname" . }}-onapwidgetms
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuInit: ubuntu-init:1.0.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/portal-wms:2.5.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-mariadb:
- service:
- name: portal-db
-
-service:
- type: ClusterIP
- name: portal-widget
- portName: portal-widget
- externalPort: 8082
- internalPort: 8082
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 500m
- memory: 2Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 1
- memory: 4Gi
- unlimited: {}
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.fullname" . }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
template:
metadata:
labels:
# limitations under the License.
global:
+ nodePortPrefix: 302
env:
tomcatDir: "/opt/apache-tomcat-8.0.37"
# portal frontend port
portalFEPort: "30225"
# application's front end hostname. Must be resolvable on the client side environment
portalHostName: "portal.api.simpledemo.onap.org"
+ cookieDomain: "onap.org"
keystoreFile: "keystoreONAPPortal.p12"
truststoreFile: "truststoreONAPall.jks"
keypass: ",@{9!OOv%HO@#c+0Z}axu!xV"
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: ves
-version: 1.1.0
+version: 1.1.1
--- /dev/null
+###############################################################################
+##
+## Collector Server config
+##
+## - Default values are shown as commented settings.
+## - Will injected as configmap to /opt/app/VESCollector/etc/collector.properties
+##
+###############################################################################
+##
+## HTTP(S) service
+##
+## Normally:
+##
+## - 8080 is http service
+## - https is disabled by default
+##
+## - At this time, the server always binds to 0.0.0.0
+##
+##
+collector.service.port=8080
+
+## Authentication is only supported via secure port
+## When enabled - require valid keystore defined
+collector.service.secure.port=8443
+
+# auth.method flags:
+#
+# noAuth - default option - no security (http)
+# certOnly - auth by certificate (https)
+# basicAuth - auth by basic auth username and password (https)
+# certBasicAuth - auth by certificate and basic auth username / password (https)
+auth.method=noAuth
+
+## Combination of userid,hashPassword encoded pwd list to be supported
+## userid and pwd comma separated; pipe delimitation between each pair
+## Password is generated by crypt-password library using BCrypt algorithm stored in dcaegen2/sdk package
+## or https://nexus.onap.org/#nexus-search;quick~crypt-password
+header.authlist=sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6
+
+## The keystore must be setup per installation when secure port is configured
+collector.keystore.file.location=etc/keystore
+collector.keystore.passwordfile=etc/passwordfile
+
+collector.cert.subject.matcher=etc/certSubjectMatcher.properties
+
+## The truststore must be setup per installation when mutual tls support is configured
+collector.truststore.file.location=etc/truststore
+collector.truststore.passwordfile=etc/trustpasswordfile
+
+## Processing
+##
+## If there's a problem that prevents the collector from processing alarms,
+## it's normally better to apply back pressure to the caller than to try to
+## buffer beyond a reasonable size limit. With a limit, the server won't crash
+## due to being out of memory, and the caller will get a 5xx reply saying the
+## server is in trouble.
+collector.inputQueue.maxPending=8096
+
+## Schema Validation checkflag
+## default no validation checkflag (-1)
+## If enabled (1) - schemafile location must be specified
+collector.schema.checkflag=1
+collector.schema.file={\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.1.json\",\"v7\":\"./etc/CommonEventFormat_30.0.1.json\"}
+
+## List all streamid per domain to be supported. The streamid should match to channel name on dmaapfile
+collector.dmaap.streamid=fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurementsForVfScaling=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration|measurement=ves-measurement
+collector.dmaapfile=./etc/DmaapConfig.json
+
+## Event transformation Flag - when set expects configurable transformation
+## defined under ./etc/eventTransform.json
+## Enabled by default; to disable set to 0
+event.transform.flag=0
+
+# Describes at what frequency (measured in minutes) should application try to fetch config from CBS
+collector.dynamic.config.update.frequency=5
+
+
# See the License for the specific language governing permissions and #
# limitations under the License. #
################################################################################
-
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.configmapname.ves" . }}
data:
- DMaapConfig.json: |
+ DmaapConfig.json: |
{
"channels": [
{
"cambria.hosts": "ricaux-message-router:3904"
}
]
- }
\ No newline at end of file
+ }
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.configmapname.ves" . }}-properties
+data:
+ {{- (.Files.Glob "resources/*").AsConfig | nindent 2 }}
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ include "common.ingressname.ves" . }}
kind: Deployment
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
metadata:
name: {{ include "common.deploymentname.ves" . }}
generation: 1
volumes:
- name: component-log
emptyDir: {}
- - name: dmaap-config-file
+ - name: ves-config-mount
configMap:
name: {{ include "common.configmapname.ves" . }}
+ - name: ves-config-mount-properties
+ configMap:
+ name: {{ include "common.configmapname.ves" . }}-properties
imagePullSecrets:
- name: onap-docker-registry-key
containers:
volumeMounts:
- name: component-log
mountPath: "/opt/app/VESCollector/logs/ecomp"
- - name: dmaap-config-file
+ - name: ves-config-mount
mountPath: "/opt/app/VESCollector/etc/DmaapConfig.json"
- subPath: DMaapConfig.json
+ subPath: DmaapConfig.json
+ - name: ves-config-mount-properties
+ mountPath: "/opt/app/VESCollector/etc/collector.properties"
+ subPath: collector.properties
readinessProbe:
httpGet:
path: "/healthcheck"
-################################################################################\r
-# Copyright (c) 2019 AT&T Intellectual Property. #\r
-# Copyright (c) 2019 Nokia. #\r
-# #\r
-# Licensed under the Apache License, Version 2.0 (the "License"); #\r
-# you may not use this file except in compliance with the License. #\r
-# You may obtain a copy of the License at #\r
-# #\r
-# http://www.apache.org/licenses/LICENSE-2.0 #\r
-# #\r
-# Unless required by applicable law or agreed to in writing, software #\r
-# distributed under the License is distributed on an "AS IS" BASIS, #\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #\r
-# See the License for the specific language governing permissions and #\r
-# limitations under the License. #\r
-################################################################################\r
-\r
-\r
-kind: Service\r
-apiVersion: v1\r
-metadata:\r
- name: {{ include "common.servicename.ves.http" . }}\r
- labels:\r
- app: {{ include "common.namespace.aux" . }}-{{ include "common.name.ves" . }}\r
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
- release: {{ .Release.Name }}\r
- heritage: {{ .Release.Service }}\r
-spec:\r
- ports:\r
- - name: http\r
- protocol: TCP\r
- port: {{ include "common.serviceport.ves.http" . }}\r
- targetPort: {{ include "common.serviceport.ves.http" . }}\r
- - name: https\r
- protocol: TCP\r
- port: {{ include "common.serviceport.ves.https" . }}\r
- targetPort: {{ include "common.serviceport.ves.https" . }}\r
- selector:\r
- app: {{ include "common.namespace.aux" . }}-{{ include "common.name.ves" . }}\r
- release: {{ .Release.Name }}\r
- type: ClusterIP\r
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+
+kind: Service
+apiVersion: v1
+metadata:
+ name: {{ include "common.servicename.ves.http" . }}
+ labels:
+ app: {{ include "common.namespace.aux" . }}-{{ include "common.name.ves" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ ports:
+ - name: http
+ protocol: TCP
+ port: {{ include "common.serviceport.ves.http" . }}
+ targetPort: {{ include "common.serviceport.ves.http" . }}
+ - name: https
+ protocol: TCP
+ port: {{ include "common.serviceport.ves.https" . }}
+ targetPort: {{ include "common.serviceport.ves.https" . }}
+ selector:
+ app: {{ include "common.namespace.aux" . }}-{{ include "common.name.ves" . }}
+ release: {{ .Release.Name }}
+ type: ClusterIP
name: onap/org.onap.dcaegen2.collectors.ves.vescollector
tag: 1.4.4
- replicaCount: 1
\ No newline at end of file
+ replicaCount: 1
# RIC Auxiliary Functions
Helm charts, configuration files, and automation scripts that deploy the auxiliary functions for RIC. The auxiliary
-functions are defined as the features and services that interact with the RIC but they do not collocated with the RIC
+functions are defined as the features and services that interact with the RIC but are not collocated with the RIC
cluster. These functions includes but not limited to non-realtime management components (e.g., dashboard, DMaaP,
VEScollector) that interact with RIC using A1/O1 interfaces.
-
### Directory Structure
.
├── 80-Auxiliary-Functions Contains components that interact with RIC through A1/O1
│ ├── bin Contains deployment and uninstall scripts
-│ ├── etc Contains deployment configuration files
│ └── helm Contains helm charts
├── 85-External Services Deployment scripts and chart for external service used by RIC to reach services outside of cluster
└── README.md This file
### To deploy the Auxiliary Functions
```sh
-$ # Modify the configuration files in ./80-Auxiliary-Functions/etc/
-$ . ./80-Auxiliary-Functions/bin/install
-$ # If you have an override value.yaml file, please use
-$ #. ./80-Auxiliary-Functions/bin/install YOUR_OVERRIDE_FILE
+$ # An override file must be used.
+$ # Modify the override file, for example ../RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE
+$ #. ./80-Auxiliary-Functions/bin/install -f YOUR_OVERRIDE_FILE
```
### Deployment Options
-You can configure the Helm release name, Kubernetes namespace using configuration files located in ./80-Auxiliary-Functions/etc/
-
-In the one-click deployment solution, the above setting will be overrided by environment variables shown below.
-*RICAUX_RELEASE_NAME
-*RICAUX_NAMESPACE
+You can configure the Helm release name, Kubernetes namespaces using the override file with
+parameters global.releasePrefix and global.namespace
### To deploy the External services
If the platform cluster is multi-node, any of the nodes can be specified here.
```sh
-$ # Set the value of ext/ip in values.yaml to be the external IP address. If you will use an override file and it has ext/ip set,
-$ # make sure it is set correctly.
-$ . ./85-Ext-Services/bin/install
-$ # If you have an override value.yaml file, please use
-$ #. ./85-Ext-Services/bin/install YOUR_OVERRIDE_FILE
+$ # An override file must be used.
+$ # Modify the override file, for example ../RECIPE_EXAMPLE/RIC_AUX_RECIPE_EXAMPLE
+$ # Set the values of extsvcaux/ricip and extsvcaux/auxip to be the external IP addresses of VM hosting RIC cluster and VM hosting AUX cluster, respectively.
+$ # These values should be set ih the override file.
+$ . ./85-Ext-Services/bin/install -f YOUR_OVERRIDE_FILE
```
-### To undeploy the Auxiliary Functions
+### To undeploy the External services
```sh
$ . ./85-Ext-Services/bin/uninstall
```
\ No newline at end of file
apiVersion: v1
description: Common templates for inclusion in other charts
name: ric-common
-version: 2.0.5
+version: 2.0.8
{{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
-{{- define "common.configmapname.e2term" -}}
- {{- $name := ( include "common.fullname.e2term" . ) -}}
+{{- define "common.configmapname.rsm" -}}
+ {{- $name := ( include "common.fullname.rsm" . ) -}}
{{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+{{- define "common.configmapname.jaegeradapter" -}}
+ {{- $name := ( include "common.fullname.jaegeradapter" . ) -}}
+ {{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
{{- define "common.configmapname.nexus" -}}
{{- $name := ( include "common.fullname.nexus" . ) -}}
{{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
-{{- define "common.containername.e2term" -}}
- {{- $name := ( include "common.fullname.e2term" . ) -}}
+{{- define "common.containername.rsm" -}}
+ {{- $name := ( include "common.fullname.rsm" . ) -}}
{{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+{{- define "common.containername.jaegeradapter" -}}
+ {{- $name := ( include "common.fullname.jaegeradapter" . ) -}}
+ {{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
{{- define "common.containername.nexus" -}}
{{- $name := ( include "common.fullname.nexus" . ) -}}
{{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
-{{- define "common.deploymentname.e2term" -}}
- {{- $name := ( include "common.fullname.e2term" . ) -}}
+{{- define "common.deploymentname.rsm" -}}
+ {{- $name := ( include "common.fullname.rsm" . ) -}}
{{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+{{- define "common.deploymentname.jaegeradapter" -}}
+ {{- $name := ( include "common.fullname.jaegeradapter" . ) -}}
+ {{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
{{- define "common.deploymentname.nexus" -}}
{{- $name := ( include "common.fullname.nexus" . ) -}}
{{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# template for component name
+{{- define "common.name.e2term" -}}
+ {{- if .Values.e2term -}}
+ {{- if .Values.e2term.nameOverride -}}
+ {{- printf "%s" .Values.e2term.nameOverride -}}
+ {{- else -}}
+ {{- printf "e2term" -}}
+ {{- end -}}
+ {{- else -}}
+ {{- printf "e2term" -}}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.fullname.e2term" -}}
+ {{- $name := ( include "common.name.e2term" . ) -}}
+ {{- $namespace := ( include "common.namespace.platform" . ) -}}
+ {{- printf "%s-%s" $namespace $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.deploymentname.e2term" -}}
+ {{- $name := ( include "common.fullname.e2term" . ) -}}
+ {{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "common.configmapname.e2term" -}}
+ {{- $name := ( include "common.fullname.e2term" . ) -}}
+ {{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "common.containername.e2term" -}}
+ {{- $name := ( include "common.fullname.e2term" . ) -}}
+ {{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "common.pvname.e2term" -}}
+ {{- $name := ( include "common.fullname.e2term" . ) -}}
+ {{- printf "pv-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "common.pvcname.e2term" -}}
+ {{- $name := ( include "common.fullname.e2term" . ) -}}
+ {{- printf "pvc-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "common.servicename.e2term.rmr" -}}
+ {{- $name := ( include "common.fullname.e2term" . ) -}}
+ {{- printf "service-%s-rmr" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "common.servicename.e2term.http" -}}
+ {{- $name := ( include "common.fullname.e2term" . ) -}}
+ {{- printf "service-%s-http" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+
+{{- define "common.serviceport.e2term.rmr.data" -}}38000{{- end -}}
+{{- define "common.serviceport.e2term.rmr.route" -}}4561{{- end -}}
+{{- define "common.serviceport.e2term.http" -}}8080{{- end -}}
+{{- define "common.serviceport.e2term.sctp" -}}5577{{- end -}}
+
+
+{{- define "common.serviceaccountname.e2term" -}}
+ {{- $name := ( include "common.fullname.e2term" . ) -}}
+ {{- printf "svcacct-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# template for component name
+{{- define "common.name.esreader" -}}
+ {{- if .Values.esreader -}}
+ {{- if .Values.esreader.nameOverride -}}
+ {{- printf "%s" .Values.esreader.nameOverride -}}
+ {{- else -}}
+ {{- printf "esreader" -}}
+ {{- end -}}
+ {{- else -}}
+ {{- printf "esreader" -}}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.fullname.esreader" -}}
+ {{- $name := ( include "common.name.esreader" . ) -}}
+ {{- $namespace := ( include "common.namespace.infra" . ) -}}
+ {{- printf "%s-%s" $namespace $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+
+{{- define "common.deploymentname.esreader" -}}
+ {{- $name := ( include "common.fullname.esreader" . ) -}}
+ {{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.configmapname.esreader" -}}
+ {{- $name := ( include "common.fullname.esreader" . ) -}}
+ {{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.containername.esreader" -}}
+ {{- $name := ( include "common.fullname.esreader" . ) -}}
+ {{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.serviceport.esreader.http" -}}8080{{- end -}}
+
+{{- define "common.pvname.esreader" -}}
+ {{- $name := ( include "common.fullname.esreader" . ) -}}
+ {{- printf "pv-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- define "common.pvcname.esreader" -}}
+ {{- $name := ( include "common.fullname.esreader" . ) -}}
+ {{- printf "pvc-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
{{- end -}}
{{- end -}}
+{{- define "common.ingressurl.dashboard" -}}
+ {{- if .Values.global -}}
+ {{- if .Values.global.ingressurl -}}
+ {{- if .Values.global.ingressurl.dashboard -}}
+ {{- printf "%s" .Values.global.ingressurl.dashboard -}}
+ {{- else -}}
+ {{- printf "dashboard-entry" -}}
+ {{- end -}}
+ {{- else -}}
+ {{- printf "dashboard-entry" -}}
+ {{- end -}}
+ {{- else -}}
+ {{- printf "dashboard-entry" -}}
+ {{- end -}}
+{{- end -}}
####################### Ingress Controller Ports ###########################################
{{- printf "ingress-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+{{- define "common.ingressname.rsm" -}}
+ {{- $name := ( include "common.fullname.rsm" . ) -}}
+ {{- printf "ingress-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
{{- define "common.ingressname.e2term" -}}
{{- $name := ( include "common.fullname.e2term" . ) -}}
{{- printf "ingress-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- $name := ( include "common.fullname.ves" . ) -}}
{{- printf "ingress-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+
+{{- define "common.ingressname.dashboard" -}}
+ {{- $name := ( include "common.fullname.dashboard" . ) -}}
+ {{- printf "ingress-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
{{/*
This file defines the URL paths that kong proxies for different servicess.
*/}}
-
{{- define "common.kongpath.aux.vescollector" -}}/vescollector{{- end -}}
{{- define "common.kongpath.aux.helm" -}}/helm{{- end -}}
{{- define "common.kongpath.ric.appmgr" -}}/appmgr{{- end -}}
{{- define "common.kongpath.ric.a1mediator" -}}/a1mediator{{- end -}}
{{- define "common.kongpath.ric.e2mgr" -}}/e2mgr{{- end -}}
+{{- define "common.kongpath.ric.rsm" -}}/rsm{{- end -}}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# template for component name
+{{- define "common.name.logstash" -}}
+ {{- if .Values.logstash -}}
+ {{- if .Values.logstash.nameOverride -}}
+ {{- printf "%s" .Values.logstash.nameOverride -}}
+ {{- else -}}
+ {{- printf "logstash" -}}
+ {{- end -}}
+ {{- else -}}
+ {{- printf "logstash" -}}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.fullname.logstash" -}}
+ {{- $name := ( include "common.name.logstash" . ) -}}
+ {{- $namespace := ( include "common.namespace.aux" . ) -}}
+ {{- printf "%s-%s" $namespace $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+
+{{- define "common.deploymentname.logstash" -}}
+ {{- $name := ( include "common.fullname.logstash" . ) -}}
+ {{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.configmapname.logstash" -}}
+ {{- $name := ( include "common.fullname.logstash" . ) -}}
+ {{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.containername.logstash" -}}
+ {{- $name := ( include "common.fullname.logstash" . ) -}}
+ {{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.serviceport.logstash.http" -}}8080{{- end -}}
+{{- define "common.servicename.logstash.http" -}}logstash{{- end -}}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 ATT Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# template for component name
+{{- define "common.name.messagerouter" -}}
+ {{- if .Values.messagerouter -}}
+ {{- if .Values.messagerouter.nameOverride -}}
+ {{- printf "%s" .Values.messagerouter.nameOverride -}}
+ {{- else -}}
+ {{- printf "messagerouter" -}}
+ {{- end -}}
+ {{- else -}}
+ {{- printf "messagerouter" -}}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.fullname.messagerouter" -}}
+ {{- $name := ( include "common.name.messagerouter" . ) -}}
+ {{- $namespace := ( include "common.namespace.aux" . ) -}}
+ {{- printf "%s-%s" $namespace $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+
+{{- define "common.deploymentname.messagerouter" -}}
+ {{- $name := ( include "common.fullname.messagerouter" . ) -}}
+ {{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.configmapname.messagerouter" -}}
+ {{- $name := ( include "common.fullname.messagerouter" . ) -}}
+ {{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+
+{{- define "common.containername.messagerouter" -}}
+ {{- $name := ( include "common.fullname.messagerouter" . ) -}}
+ {{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.serviceport.messagerouter.http" -}}3904{{- end -}}
+{{- define "common.servicename.messagerouter.http" -}}ricaux-messagerouter{{- end -}}
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# limitations under the License. #
################################################################################
-repository: "nexus3.o-ran-sc.org:10004"
-imagePullPolicy: IfNotPresent
-repositoryCred: docker-reg-cred
-
-dbaas:
- backend:
- terminationGracePeriodSeconds: 0
- replicas: 1
- image:
- name: ric-plt-dbaas
- tag: 0.1.0
-
- # Service ports are now defined in
- # ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file.
- # If need to change a service port, make the code change necessary, then
- # update the _ports.tpl file with the new port number.
\ No newline at end of file
+# template for component name
+{{- define "common.name.mrsub" -}}
+ {{- if .Values.mrsub -}}
+ {{- if .Values.mrsub.nameOverride -}}
+ {{- printf "%s" .Values.mrsub.nameOverride -}}
+ {{- else -}}
+ {{- printf "mrsub" -}}
+ {{- end -}}
+ {{- else -}}
+ {{- printf "mrsub" -}}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.fullname.mrsub" -}}
+ {{- $name := ( include "common.name.mrsub" . ) -}}
+ {{- $namespace := ( include "common.namespace.aux" . ) -}}
+ {{- printf "%s-%s" $namespace $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+
+{{- define "common.deploymentname.mrsub" -}}
+ {{- $name := ( include "common.fullname.mrsub" . ) -}}
+ {{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.configmapname.mrsub" -}}
+ {{- $name := ( include "common.fullname.mrsub" . ) -}}
+ {{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.containername.mrsub" -}}
+ {{- $name := ( include "common.fullname.mrsub" . ) -}}
+ {{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "common.serviceport.mrsub.http" -}}8080{{- end -}}
{{- printf "%s-%s" $namespace $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
-{{- define "common.name.e2term" -}}
- {{- if .Values.e2term -}}
- {{- if .Values.e2term.nameOverride -}}
- {{- printf "%s" .Values.e2term.nameOverride -}}
+
+{{- define "common.name.rsm" -}}
+ {{- if .Values.rsm -}}
+ {{- if .Values.rsm.nameOverride -}}
+ {{- printf "%s" .Values.rsm.nameOverride -}}
{{- else -}}
- {{- printf "e2term" -}}
+ {{- printf "rsm" -}}
{{- end -}}
{{- else -}}
- {{- printf "e2term" -}}
+ {{- printf "rsm" -}}
{{- end -}}
{{- end -}}
-{{- define "common.fullname.e2term" -}}
- {{- $name := ( include "common.name.e2term" . ) -}}
+{{- define "common.fullname.rsm" -}}
+ {{- $name := ( include "common.name.rsm" . ) -}}
{{- $namespace := ( include "common.namespace.platform" . ) -}}
{{- printf "%s-%s" $namespace $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
-
-
{{- define "common.name.rtmgr" -}}
{{- if .Values.rtmgr -}}
{{- if .Values.rtmgr.nameOverride -}}
{{- end -}}
+{{- define "common.name.jaegeradapter" -}}
+ {{- if .Values.jaegeradapter -}}
+ {{- if .Values.jaegeradapter.nameOverride -}}
+ {{- printf "%s" .Values.jaegeradapter.nameOverride -}}
+ {{- else -}}
+ {{- printf "jaegeradapter" -}}
+ {{- end -}}
+ {{- else -}}
+ {{- printf "jaegeradapter" -}}
+ {{- end -}}
+{{- end -}}
+
+
+{{- define "common.fullname.jaegeradapter" -}}
+ {{- $name := ( include "common.name.jaegeradapter" . ) -}}
+ {{- $namespace := ( include "common.namespace.platform" . ) -}}
+ {{- printf "%s-%s" $namespace $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
{{- define "common.name.nexus" -}}
port numbers consistent with the ports that the container code implements.
*/}}
-{{- define "common.serviceport.e2term.rmr.data" -}}38000{{- end -}}
-{{- define "common.serviceport.e2term.rmr.route" -}}4561{{- end -}}
-{{- define "common.serviceport.e2term.http" -}}8080{{- end -}}
-{{- define "common.serviceport.e2term.sctp" -}}5577{{- end -}}
-
-
{{- define "common.serviceport.e2mgr.rmr.data" -}}3801{{- end -}}
{{- define "common.serviceport.e2mgr.rmr.route" -}}4561{{- end -}}
{{- define "common.serviceport.e2mgr.http" -}}3800{{- end -}}
+{{- define "common.serviceport.rsm.rmr.data" -}}4801{{- end -}}
+{{- define "common.serviceport.rsm.rmr.route" -}}4561{{- end -}}
+{{- define "common.serviceport.rsm.http" -}}4800{{- end -}}
+
{{- define "common.serviceport.a1mediator.rmr.data" -}}4562{{- end -}}
{{- define "common.serviceport.a1mediator.rmr.route" -}}4561{{- end -}}
{{- define "common.serviceport.a1mediator.http" -}}10000{{- end -}}
{{- define "common.serviceport.vespamgr.http" -}}8080{{- end -}}
+{{- define "common.serviceport.jaegeradapter.zipkincompact" -}}5775{{- end -}}
+{{- define "common.serviceport.jaegeradapter.jaegercompact" -}}6831{{- end -}}
+{{- define "common.serviceport.jaegeradapter.jaegerbinary" -}}6832{{- end -}}
+{{- define "common.serviceport.jaegeradapter.httpquery" -}}16686{{- end -}}
+{{- define "common.serviceport.jaegeradapter.httpconfig" -}}5778{{- end -}}
+{{- define "common.serviceport.jaegeradapter.zipkinhttp" -}}9411{{- end -}}
+{{- define "common.serviceport.jaegeradapter.jaegerhttp" -}}14268{{- end -}}
+{{- define "common.serviceport.jaegeradapter.jaegerhttpt" -}}14267{{- end -}}
+
+{{- define "common.portname.jaegeradapter.zipkincompact" -}}"zipkincompact"{{- end -}}
+{{- define "common.portname.jaegeradapter.jaegercompact" -}}"jaegercompact"{{- end -}}
+{{- define "common.portname.jaegeradapter.jaegerbinary" -}}"jaegerbinary"{{- end -}}
+{{- define "common.portname.jaegeradapter.zipkinhttp" -}}"zipkinhttp"{{- end -}}
+{{- define "common.portname.jaegeradapter.jaegerhttp" -}}"jaegerhttp"{{- end -}}
+{{- define "common.portname.jaegeradapter.jaegerhttpt" -}}"jaegerhttpt"{{- end -}}
+{{- define "common.portname.jaegeradapter.httpquery" -}}"httpquery"{{- end -}}
+{{- define "common.portname.jaegeradapter.httpconfig" -}}"httpconfig"{{- end -}}
+
+
+
+
{{- define "common.serviceport.nexus.http" -}}8080{{- end -}}
{{- define "common.serviceport.chartmuseum.http" -}}8080{{- end -}}
{{- printf "svcacct-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
-{{- define "common.serviceaccountname.e2term" -}}
- {{- $name := ( include "common.fullname.e2term" . ) -}}
+
+{{- define "common.serviceaccountname.rsm" -}}
+ {{- $name := ( include "common.fullname.rsm" . ) -}}
{{- printf "svcacct-%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- printf "service-%s-rmr" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
-{{- define "common.servicename.e2term.rmr" -}}
- {{- $name := ( include "common.fullname.e2term" . ) -}}
+{{- define "common.servicename.rsm.rmr" -}}
+ {{- $name := ( include "common.fullname.rsm" . ) -}}
{{- printf "service-%s-rmr" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- printf "service-%s-http" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
-{{- define "common.servicename.e2term.http" -}}
- {{- $name := ( include "common.fullname.e2term" . ) -}}
+{{- define "common.servicename.rsm.http" -}}
+ {{- $name := ( include "common.fullname.rsm" . ) -}}
{{- printf "service-%s-http" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- printf "service-%s-http" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+{{- define "common.servicename.jaegeradapter.query" -}}
+ {{- $name := ( include "common.fullname.jaegeradapter" . ) -}}
+ {{- printf "service-%s-query" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- define "common.servicename.jaegeradapter.collector" -}}
+ {{- $name := ( include "common.fullname.jaegeradapter" . ) -}}
+ {{- printf "service-%s-collector" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- define "common.servicename.jaegeradapter.agent" -}}
+ {{- $name := ( include "common.fullname.jaegeradapter" . ) -}}
+ {{- printf "service-%s-agent" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
###################### TCP Service ##################################
{{- define "common.servicename" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- default $name .Values.service.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
if [ -z "$__RUNRICENV_DOCKER_CERT__" ]; then
export __RUNRICENV_DOCKER_CERT__=$dockercert
fi
+if [ -z "$__RUNRICENV_DOCKER_CERT_LEN__" ]; then
+ export __RUNRICENV_DOCKER_CERT_LEN__=$(echo $dockercert | wc -c)
+fi
if [ -z "$__RUNRICENV_HELMREPO_HOST__" ]; then
export __RUNRICENV_HELMREPO_HOST__=$helmrepo
fi
if [ -z "$__RUNRICENV_HELMREPO_CERT__" ]; then
export __RUNRICENV_HELMREPO_CERT__=$helmcert
fi
+if [ -z "$__RUNRICENV_HELMREPO_CERT_LEN__" ]; then
+ export __RUNRICENV_HELMREPO_CERT_LEN__=$(echo $helmcert | wc -c)
+fi
filename=$(basename -- "$TMPL")
${__RUNRICENV_DOCKER_USER__}
${__RUNRICENV_DOCKER_PASS__}
${__RUNRICENV_DOCKER_CERT__}
+ ${__RUNRICENV_DOCKER_CERT__}
+ ${__RUNRICENV_DOCKER_CERT_LEN__}
${__RUNRICENV_HELMREPO_HOST__}
${__RUNRICENV_HELMREPO_PORT__}
${__RUNRICENV_HELMREPO_IP__}
${__RUNRICENV_HELMREPO_CERT__}
+ ${__RUNRICENV_HELMREPO_CERT_LEN__}
${__RUNRICENV_HELMREPO_USER__}
${__RUNRICENV_HELMREPO_PASS__}' < "$TMPL" > "$filename"
# fill values that are supplied by Heat stack deployment process as much as we can
-sed -e "s/__docker_version__/${INFRA_DOCKER_VERSION}/g" "$filename" > tmp && mv tmp "$filename"
-sed -e "s/__k8s_version__/${INFRA_K8S_VERSION}/g" "$filename" > tmp && mv tmp "$filename"
-sed -e "s/__k8s_cni_version__/${INFRA_CNI_VERSION}/g" "$filename" > tmp && mv tmp "$filename"
-sed -e "s/__helm_version__/${INFRA_HELM_VERSION}/g" "$filename" > tmp && mv tmp "$filename"
-sed -e "s/__k8s_mst_private_ip_addr__/\$(hostname -I)/g" "$filename" > tmp && mv tmp "$filename"
-sed -e "s/__host_private_ip_addr__/\$(hostname -I)/g" "$filename" > tmp && mv tmp "$filename"
-#sed -e "s/__k8s_mst_floating_ip_addr__/\$(ec2metadata --public-ipv4)/g" "$filename" > tmp && mv tmp "$filename"
-sed -e "s/__k8s_mst_floating_ip_addr__/\$(curl ifconfig.co)/g" "$filename" > tmp && mv tmp "$filename"
-sed -e "s/__stack_name__/\$(hostname)/g" "$filename" > tmp && mv tmp "$filename"
+sed -i "" -e "s/__docker_version__/${INFRA_DOCKER_VERSION}/g" "$filename"
+sed -i "" -e "s/__k8s_version__/${INFRA_K8S_VERSION}/g" "$filename"
+sed -i "" -e "s/__k8s_cni_version__/${INFRA_CNI_VERSION}/g" "$filename"
+sed -i "" -e "s/__helm_version__/${INFRA_HELM_VERSION}/g" "$filename"
+sed -i "" -e "s/__k8s_mst_private_ip_addr__/\$(hostname -I)/g" "$filename"
+sed -i "" -e "s/__host_private_ip_addr__/\$(hostname -I)/g" "$filename"
+#sed -i "" -e "s/__k8s_mst_floating_ip_addr__/\$(ec2metadata --public-ipv4)/g" "$filename"
+sed -i "" -e "s/__k8s_mst_floating_ip_addr__/\$(curl ifconfig.co)/g" "$filename"
+sed -i "" -e "s/__stack_name__/\$(hostname)/g" "$filename"
#echo "__mtu__" > /opt/config/mtu.txt
#echo "__cinder_volume_id__" > /opt/config/cinder_volume_id.txt
+# because cloud init user data has a 16kB limit, remove all comment lines to save space.
+sed -i "" -e '/^[ \t]*#/d' "$filename"
chmod +x "$filename"
-if [ -z "$1" ]; then
- mv "$filename" k8s-1node-cloud-init.sh
- # reboot VM to load the new kernel.
- echo 'if [ "$(uname -r)" != "4.15.0-45-lowlatency" ]; then reboot; fi' >> k8s-1node-cloud-init.sh
-fi
+
+mv "$filename" ./k8s-1node-cloud-init.sh
# modify below for RIC infrastructure (docker-k8s-helm) component versions
INFRA_DOCKER_VERSION=""
-INFRA_K8S_VERSION="1.13.3"
-INFRA_CNI_VERSION="0.6.0"
+INFRA_K8S_VERSION="1.16.0"
+INFRA_CNI_VERSION="0.7.5"
+#INFRA_K8S_VERSION="1.13.3"
+#INFRA_CNI_VERSION="0.6.0"
INFRA_HELM_VERSION="2.12.3"
-
#!/bin/bash -x
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
IPv6IF="$1"
if ifconfig -a $IPv6IF; then
echo "" >> /etc/network/interfaces.d/50-cloud-init.cfg
- #echo "auto ${IPv6IF}" >> /etc/network/interfaces.d/50-cloud-init.cfg
echo "allow-hotplug ${IPv6IF}" >> /etc/network/interfaces.d/50-cloud-init.cfg
echo "iface ${IPv6IF} inet6 auto" >> /etc/network/interfaces.d/50-cloud-init.cfg
- #dhclient -r $IPv6IF
- #systemctl restart networking
ifconfig ${IPv6IF} up
fi
}
echo "__host_private_ip_addr__ $(hostname)" >> /etc/hosts
printenv
+IPV6IF=""
+#IPV6IF="ens4"
+
mkdir -p /opt/config
echo "__docker_version__" > /opt/config/docker_version.txt
echo "__k8s_version__" > /opt/config/k8s_version.txt
echo "__cinder_volume_id__" > /opt/config/cinder_volume_id.txt
echo "__stack_name__" > /opt/config/stack_name.txt
+# assume we are setting up AUX cluster VM if hostname contains "aux"
ISAUX='false'
if [[ $(cat /opt/config/stack_name.txt) == *aux* ]]; then
ISAUX='true'
modprobe -- nf_conntrack_ipv6
modprobe -- nf_conntrack_proto_sctp
-start_ipv6_if ens4
+if [ ! -z "$IPV6IF" ]; then
+ start_ipv6_if $IPV6IF
+fi
# disable swap
-SWAPFILES=$(grep swap /etc/fstab | sed '/^#/ d' |cut -f1 -d' ')
+#SWAPFILES=$(grep swap /etc/fstab | sed '/^[ \t]*#/ d' |cut -f1 -d' ')
+SWAPFILES=$(grep swap /etc/fstab | sed '/^[ \t]*#/ d' | sed 's/[\t ]/ /g' | tr -s " " | cut -f1 -d' ')
if [ ! -z $SWAPFILES ]; then
for SWAPFILE in $SWAPFILES
do
else
swapoff $SWAPFILE
fi
- # edit /etc/fstab file, remove line with /swapfile
- sed -i -e "/$SWAPFILE/d" /etc/fstab
+ sed -i "\%$SWAPFILE%d" /etc/fstab
fi
done
fi
-# disable swap
-#swapoff /swapfile
-# edit /etc/fstab file, remove line with /swapfile
-#sed -i -e '/swapfile/d' /etc/fstab
DOCKERV=$(cat /opt/config/docker_version.txt)
KUBEVERSION="${KUBEV}-00"
CNIVERSION="${KUBECNIV}-00"
DOCKERVERSION="${DOCKERV}"
+
+# adjust package version tag
+UBUNTU_RELEASE=$(lsb_release -r | sed 's/^[a-zA-Z:\t ]\+//g')
+if [[ ${UBUNTU_RELEASE} == 16.* ]]; then
+ echo "Installing on Ubuntu $UBUNTU_RELEASE (Xenial Xerus) host"
+ if [ ! -z "${DOCKERV}" ]; then
+ DOCKERVERSION="${DOCKERV}-0ubuntu1~16.04.5"
+ fi
+elif [[ ${UBUNTU_RELEASE} == 18.* ]]; then
+ echo "Installing on Ubuntu $UBUNTU_RELEASE (Bionic Beaver)"
+ if [ ! -z "${DOCKERV}" ]; then
+ DOCKERVERSION="${DOCKERV}-0ubuntu1~18.04.5"
+ fi
+else
+ echo "Unsupported Ubuntu release ($UBUNTU_RELEASE) detected. Exit."
+ exit
+fi
+
+
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/kubernetes.list
# install low latency kernel, docker.io, and kubernetes
apt-get update
-apt-get install -y virt-what
+RES=$(apt-get install -y virt-what curl jq netcat 2>&1)
+if [[ $RES == */var/lib/dpkg/lock* ]]; then
+ echo "Fail to get dpkg lock. Wait for any other package installation"
+ echo "process to finish, then rerun this script"
+ exit -1
+fi
+
if ! echo $(virt-what) | grep "virtualbox"; then
- # this version of low latency kernel causes virtualbox VM to hand.
+ # this version of low latency kernel causes virtualbox VM to hang.
# install if identifying the VM not being a virtualbox VM.
apt-get install -y linux-image-4.15.0-45-lowlatency
fi
+
+
if [ -z ${DOCKERVERSION} ]; then
- apt-get install -y curl jq netcat docker.io
+ apt-get install -y --allow-change-held-packages --allow-unauthenticated --ignore-hold docker.io
+else
+ apt-get install -y --allow-change-held-packages --allow-unauthenticated --ignore-hold docker.io=${DOCKERVERSION}
+fi
+systemctl enable docker.service
+
+if [ -z ${CNIVERSION} ]; then
+ apt-get install -y --allow-change-held-packages --allow-unauthenticated --ignore-hold kubernetes-cni
else
- apt-get install -y curl jq netcat docker.io=${DOCKERVERSION}
+ apt-get install -y --allow-change-held-packages --allow-unauthenticated --ignore-hold kubernetes-cni=${CNIVERSION}
fi
-apt-get install -y kubernetes-cni=${CNIVERSION}
-apt-get install -y --allow-unauthenticated kubeadm=${KUBEVERSION} kubelet=${KUBEVERSION} kubectl=${KUBEVERSION}
+
+if [ -z ${KUBEVERSION} ]; then
+ apt-get install -y --allow-change-held-packages --allow-unauthenticated --ignore-hold kubeadm kubelet kubectl
+else
+ apt-get install -y --allow-change-held-packages --allow-unauthenticated --ignore-hold kubeadm=${KUBEVERSION} kubelet=${KUBEVERSION} kubectl=${KUBEVERSION}
+fi
+
apt-mark hold docker.io kubernetes-cni kubelet kubeadm kubectl
# test access to k8s docker registry
-kubeadm config images pull
+kubeadm config images pull --kubernetes-version=${KUBEV}
+NODETYPE="master"
# non-master nodes have hostnames ending with -[0-9][0-9]
-if [[ $(hostname) == *-[0-9][0-9] ]]; then
- echo "Done for non-master node"
- echo "Starting an NC TCP server on port 29999 to indicate we are ready"
- nc -l -p 29999 &
-else
+if [ "$NODETYPE" == "master" ]; then
# below are steps for initializating master node, only run on the master node.
# minion node join will be triggered from the caller of the stack creation as ssh command.
-
# create kubenetes config file
if [[ ${KUBEV} == 1.13.* ]]; then
cat <<EOF >/root/config.yaml
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
-
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
-
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
EOF
-
+ elif [[ ${KUBEV} == 1.16.* ]]; then
+ cat <<EOF >/root/config.yaml
+apiVersion: kubeadm.k8s.io/v1beta2
+kubernetesVersion: v${KUBEV}
+kind: ClusterConfiguration
+apiServer:
+ extraArgs:
+ feature-gates: SCTPSupport=true
+networking:
+ dnsDomain: cluster.local
+ podSubnet: 10.244.0.0/16
+ serviceSubnet: 10.96.0.0/12
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+mode: ipvs
+EOF
else
echo "Unsupported Kubernetes version requested. Bail."
exit
fi
-
# create a RBAC file for helm (tiller)
cat <<EOF > /root/rbac-config.yaml
apiVersion: v1
namespace: kube-system
EOF
+
# start cluster (make sure CIDR is enabled with the flag)
kubeadm init --config /root/config.yaml
-
- # install Helm
- HELMV=$(cat /opt/config/helm_version.txt)
- HELMVERSION=${HELMV}
- cd /root
- mkdir Helm
- cd Helm
- wget https://storage.googleapis.com/kubernetes-helm/helm-v${HELMVERSION}-linux-amd64.tar.gz
- tar -xvf helm-v${HELMVERSION}-linux-amd64.tar.gz
- mv linux-amd64/helm /usr/local/bin/helm
-
# set up kubectl credential and config
cd /root
rm -rf .kube
kubectl get pods --all-namespaces
# install flannel
- kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml
-
+ if [[ ${KUBEV} == 1.16.* ]]; then
+ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
+ else
+ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml
+ fi
# waiting for all 8 kube-system pods to be in running state
# (at this point, minions have not joined yet)
# install RBAC for Helm
kubectl create -f rbac-config.yaml
+ # install Helm
+ HELMV=$(cat /opt/config/helm_version.txt)
+ HELMVERSION=${HELMV}
+ cd /root
+ mkdir Helm
+ cd Helm
+ wget https://storage.googleapis.com/kubernetes-helm/helm-v${HELMVERSION}-linux-amd64.tar.gz
+ tar -xvf helm-v${HELMVERSION}-linux-amd64.tar.gz
+ mv linux-amd64/helm /usr/local/bin/helm
rm -rf /root/.helm
- helm init --service-account tiller
+ if [[ ${KUBEV} == 1.16.* ]]; then
+ # helm init uses API extensions/v1beta1 which is depreciated by Kubernetes
+ # 1.16.0. Until upstream (helm) provides a fix, this is the work-around.
+ helm init --service-account tiller --override spec.selector.matchLabels.'name'='tiller',spec.selector.matchLabels.'app'='helm' --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | kubectl apply -f -
+ else
+ helm init --service-account tiller
+ fi
export HELM_HOME="/root/.helm"
# waiting for tiller pod to be in running state
wait_for_pods_running 1 kube-system tiller-deploy
-
while ! helm version; do
echo "Waiting for Helm to be ready"
sleep 15
mkdir -p /opt/data/dashboard-data
fi
- echo "Starting an NC TCP server on port 29999 to indicate we are ready"
- nc -l -p 29999 &
-
echo "Done with master node setup"
fi
echo "${__RUNRICENV_HELMREPO_IP__} ${__RUNRICENV_HELMREPO_HOST__}" >> /etc/hosts
fi
-if [ ! -z "${__RUNRICENV_HELMREPO_CERT__}" ]; then
+if [[ "${__RUNRICENV_HELMREPO_CERT_LEN__}" -gt "100" ]]; then
cat <<EOF >/etc/ca-certificates/update.d/helm.crt
${__RUNRICENV_HELMREPO_CERT__}
EOF
fi
# add cert for accessing docker registry in Azure
-if [ ! -z "${__RUNRICENV_DOCKER_CERT__}" ]; then
+if [[ "${__RUNRICENV_DOCKER_CERT_LEN__}" -gt "100" ]]; then
mkdir -p /etc/docker/certs.d/${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}
cat <<EOF >/etc/docker/ca.crt
${__RUNRICENV_DOCKER_CERT__}
docker pull ${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}/whoami:0.0.1
fi
+if [ "$(uname -r)" != "4.15.0-45-lowlatency" ]; then reboot; fi
# limitations under the License. #
################################################################################
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "common.deploymentname.chartmuseum" .}}
# See the License for the specific language governing permissions and #
# limitations under the License. #
################################################################################
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ include "common.ingressname.chartmuseum" . }}
persistentVolume:
enabled: false
kubeStateMetrics:
- enabled: true
+ enabled: false
nodeExporter:
enabled: false
pushgateway:
persistentVolume:
enabled: false
server:
+ ingress:
+ enabled: true
+ hosts:
+ - prometheus-entry
persistentVolume:
- enabled: false
+ enabled: false
+fluentd-elasticsearch:
+ enabled: true
elastic-stack:
enabled: true
kibana:
enabled: true
+ files:
+ kibana.yml:
+ elasticsearch.url: http://r1-elfkp-elasticsearch-client:9200
env:
- ELASTICSEARCH_URL: http://http.default.svc.cluster.local:9200
+ ELASTICSEARCH_URL: http://r1-elfkp-elasticsearch-client:9200
+ ELASTICSEARCH_HOSTS: http://r1-elfkp-elasticsearch-client:9200
+ ingress:
+ enabled: true
+ hosts:
+ - "kibana-entry"
logstash:
- enabled: true
+ enabled: false
persistence:
enabled: false
# elasticsearch:
# - elastic-stack-elasticsearch-client:9200
fluentd:
- enabled: false
+ enabled: true
+ output:
+ host: r1-elfkp-elasticsearch-client
fluent-bit:
enabled: false
fluentd-elasticsearch:
- enabled: false
+ enabled: true
+ elasticsearch:
+ host: 'r1-elfkp-elasticsearch-client'
nginx-ldapauth-proxy:
enabled: false
echo "Deploying RIC infra components [$COMPONENTS]"
-COMMON_CHART_VERSION=$(cat $DIR/../../../ric-common/Common-Template/helm/ric-common/Chart.yaml | grep version | awk '{print $2}')
-helm package -d /tmp $DIR/../../../ric-common/Common-Template/helm/ric-common
for component in $COMPONENTS; do
- mkdir -p $DIR/../helm/$component/charts/
- cp /tmp/ric-common-$COMMON_CHART_VERSION.tgz $DIR/../helm/$component/charts/
helm install -f $OVERRIDEYAML --namespace "${NAMESPACE}" --name "${RELEASE_PREFIX}-$component" $DIR/../helm/$component
done
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
apiVersion: v1
-appVersion: "1.2"
+appVersion: "1.3"
description: The Cloud-Native Ingress and Service Mesh for APIs and Microservices
engine: gotpl
home: https://KongHQ.com/
maintainers:
- email: shashi@konghq.com
name: shashiranjan84
+- email: harry@konghq.com
+ name: hbagdi
name: kong
sources:
- https://github.com/Kong/kong
-version: 0.12.2
+version: 0.17.0
The following table lists the configurable parameters of the Kong chart
and their default values.
-| Parameter | Description | Default |
-| ------------------------------ | -------------------------------------------------------------------------------- | ------------------- |
-| image.repository | Kong image | `kong` |
-| image.tag | Kong image version | `1.2` |
-| image.pullPolicy | Image pull policy | `IfNotPresent` |
-| image.pullSecrets | Image pull secrets | `null` |
-| replicaCount | Kong instance count | `1` |
-| admin.useTLS | Secure Admin traffic | `true` |
-| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` |
-| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` |
-| admin.nodePort | Node port when service type is `NodePort` | |
-| admin.hostPort | Host port to use for admin traffic | |
-| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
-| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` |
-| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` |
-| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
-| admin.ingress.tls | Name of secret resource, containing TLS secret | |
-| admin.ingress.hosts | List of ingress hosts. | `[]` |
-| admin.ingress.path | Ingress path. | `/` |
-| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
-| proxy.http.enabled | Enables http on the proxy | true |
-| proxy.http.servicePort | Service port to use for http | 80 |
-| proxy.http.containerPort | Container port to use for http | 8000 |
-| proxy.http.nodePort | Node port to use for http | 32080 |
-| proxy.http.hostPort | Host port to use for http | |
-| proxy.tls.enabled | Enables TLS on the proxy | true |
-| proxy.tls.containerPort | Container port to use for TLS | 8443 |
-| proxy.tls.servicePort | Service port to use for TLS | 8443 |
-| proxy.tls.nodePort | Node port to use for TLS | 32443 |
-| proxy.tls.hostPort | Host port to use for TLS | |
-| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
-| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` |
-| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | |
-| proxy.externalIPs | IPs for which nodes in the cluster will also accept traffic for the proxy | `[]` |
-| proxy.externalTrafficPolicy | k8s service's externalTrafficPolicy. Options: Cluster, Local | |
-| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
-| proxy.ingress.tls | Name of secret resource, containing TLS secret | |
-| proxy.ingress.hosts | List of ingress hosts. | `[]` |
-| proxy.ingress.path | Ingress path. | `/` |
-| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
-| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | |
-| runMigrations | Run Kong migrations job | `true` |
-| readinessProbe | Kong readiness probe | |
-| livenessProbe | Kong liveness probe | |
-| affinity | Node/pod affinities | |
-| nodeSelector | Node labels for pod assignment | `{}` |
-| podAnnotations | Annotations to add to each pod | `{}` |
-| resources | Pod resource requests & limits | `{}` |
-| tolerations | List of node taints to tolerate | `[]` |
+| Parameter | Description | Default |
+| ---------------------------------- | ------------------------------------------------------------------------------------- | ------------------- |
+| image.repository | Kong image | `kong` |
+| image.tag | Kong image version | `1.3` |
+| image.pullPolicy | Image pull policy | `IfNotPresent` |
+| image.pullSecrets | Image pull secrets | `null` |
+| replicaCount | Kong instance count | `1` |
+| admin.useTLS | Secure Admin traffic | `true` |
+| admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` |
+| admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` |
+| admin.nodePort | Node port when service type is `NodePort` | |
+| admin.hostPort | Host port to use for admin traffic | |
+| admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
+| admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` |
+| admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` |
+| admin.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
+| admin.ingress.tls | Name of secret resource, containing TLS secret | |
+| admin.ingress.hosts | List of ingress hosts. | `[]` |
+| admin.ingress.path | Ingress path. | `/` |
+| admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
+| proxy.http.enabled | Enables http on the proxy | true |
+| proxy.http.servicePort | Service port to use for http | 80 |
+| proxy.http.containerPort | Container port to use for http | 8000 |
+| proxy.http.nodePort | Node port to use for http | 32080 |
+| proxy.http.hostPort | Host port to use for http | |
+| proxy.tls.enabled | Enables TLS on the proxy | true |
+| proxy.tls.containerPort | Container port to use for TLS | 8443 |
+| proxy.tls.servicePort | Service port to use for TLS | 8443 |
+| proxy.tls.nodePort | Node port to use for TLS | 32443 |
+| proxy.tls.hostPort | Host port to use for TLS | |
+| proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` |
+| proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` |
+| proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | |
+| proxy.externalIPs | IPs for which nodes in the cluster will also accept traffic for the proxy | `[]` |
+| proxy.externalTrafficPolicy | k8s service's externalTrafficPolicy. Options: Cluster, Local | |
+| proxy.ingress.enabled | Enable ingress resource creation (works with proxy.type=ClusterIP) | `false` |
+| proxy.ingress.tls | Name of secret resource, containing TLS secret | |
+| proxy.ingress.hosts | List of ingress hosts. | `[]` |
+| proxy.ingress.path | Ingress path. | `/` |
+| proxy.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` |
+| updateStrategy | update strategy for deployment | `{}` |
+| env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | |
+| runMigrations | Run Kong migrations job | `true` |
+| readinessProbe | Kong readiness probe | |
+| livenessProbe | Kong liveness probe | |
+| affinity | Node/pod affinities | |
+| nodeSelector | Node labels for pod assignment | `{}` |
+| podAnnotations | Annotations to add to each pod | `{}` |
+| resources | Pod resource requests & limits | `{}` |
+| tolerations | List of node taints to tolerate | `[]` |
+| podDisruptionBudget.enabled | Enable PodDisruptionBudget for Kong | `false` |
+| podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` |
+| podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | |
+| serviceMonitor.enabled | Create ServiceMonitor for Prometheus Operator | false |
+| serviceMonitor.interval | Scrapping interval | 10s |
+| serviceMonitor.namespace | Where to create ServiceMonitor | |
### Admin/Proxy listener override
from fields like `proxy.http.containerPort` and `proxy.http.enabled`. This allows
you to be more prescriptive when defining listen directives.
-**Note:** Overriding `env.proxy_listen` and `env.admin_listen` will potentially cause
-`admin.containerPort`, `proxy.http.containerPort` and `proxy.tls.containerPort` to become out of sync,
+**Note:** Overriding `env.proxy_listen` and `env.admin_listen` will potentially cause
+`admin.containerPort`, `proxy.http.containerPort` and `proxy.tls.containerPort` to become out of sync,
and therefore must be updated accordingly.
-I.E. updatating to `env.proxy_listen: 0.0.0.0:4444, 0.0.0.0:4443 ssl` will need
-`proxy.http.containerPort: 4444` and `proxy.tls.containerPort: 4443` to be set in order
+I.E. updatating to `env.proxy_listen: 0.0.0.0:4444, 0.0.0.0:4443 ssl` will need
+`proxy.http.containerPort: 4444` and `proxy.tls.containerPort: 4443` to be set in order
for the service definition to work properly.
### Kong-specific parameters
will be used by Kong based on the `env.database` parameter.
Postgres is enabled by default.
-| Parameter | Description | Default |
-| ------------------------------ | -------------------------------------------------------------------- | ------------------- |
-| cassandra.enabled | Spin up a new cassandra cluster for Kong | `false` |
-| postgresql.enabled | Spin up a new postgres instance for Kong | `true` |
-| waitImage.repository | Image used to wait for database to become ready | `busybox` |
-| waitImage.tag | Tag for image used to wait for database to become ready | `latest` |
-| env.database | Choose either `postgres` or `cassandra` | `postgres` |
-| env.pg_user | Postgres username | `kong` |
-| env.pg_database | Postgres database name | `kong` |
-| env.pg_password | Postgres database password (required if you are using your own database)| `kong` |
-| env.pg_host | Postgres database host (required if you are using your own database) | `` |
-| env.pg_port | Postgres database port | `5432` |
-| env.cassandra_contact_points | Cassandra contact points (required if you are using your own database) | `` |
-| env.cassandra_port | Cassandra query port | `9042` |
-| env.cassandra_keyspace | Cassandra keyspace | `kong` |
-| env.cassandra_repl_factor | Replication factor for the Kong keyspace | `2` |
-
+| Parameter | Description | Default |
+| ------------------------------| ------------------------------------------------------------------------| ----------------------|
+| cassandra.enabled | Spin up a new cassandra cluster for Kong | `false` |
+| postgresql.enabled | Spin up a new postgres instance for Kong | `true` |
+| waitImage.repository | Image used to wait for database to become ready | `busybox` |
+| waitImage.tag | Tag for image used to wait for database to become ready | `latest` |
+| env.database | Choose either `postgres`, `cassandra` or `"off"` (for dbless mode) | `postgres` |
+| env.pg_user | Postgres username | `kong` |
+| env.pg_database | Postgres database name | `kong` |
+| env.pg_password | Postgres database password (required if you are using your own database)| `kong` |
+| env.pg_host | Postgres database host (required if you are using your own database) | `` |
+| env.pg_port | Postgres database port | `5432` |
+| env.cassandra_contact_points | Cassandra contact points (required if you are using your own database) | `` |
+| env.cassandra_port | Cassandra query port | `9042` |
+| env.cassandra_keyspace | Cassandra keyspace | `kong` |
+| env.cassandra_repl_factor | Replication factor for the Kong keyspace | `2` |
+| dblessConfig.configMap | Name of an existing ConfigMap containing the `kong.yml` file. This must have the key `kong.yml`.| `` |
+| dblessConfig.config | Yaml configuration file for the dbless (declarative) configuration of Kong | see in `values.yaml` |
All `kong.env` parameters can also accept a mapping instead of a value to ensure the parameters can be set through configmaps and secrets.
key: kong
name: postgres
```
-
+
For complete list of Kong configurations please check https://getkong.org/docs/latest/configuration/.
```console
$ helm install stable/kong --name my-release \
- --set=image.tag=1.2,env.database=cassandra,cassandra.enabled=true
+ --set=image.tag=1.3,env.database=cassandra,cassandra.enabled=true
```
Alternatively, a YAML file that specifies the values for the above parameters
`smtp_password_secret` must be a Secret containing an `smtp_password` key whose
value is your SMTP password.
+### DB-less Configuration
+
+
+When deploying Kong in DB-less mode (`env.database: "off"`) and without the Ingress
+Controller (`ingressController.enabled: false`), Kong needs a config to run. In
+this case, configuration can be provided using an exsiting ConfigMap
+(`dblessConfig.configMap`) or pushed directly into the values file under
+`dblessConfig.config`. See the example configuration in the default values.yaml
+for more details.
+
### Kong Ingress Controller
Kong Ingress Controller's primary purpose is to satisfy Ingress resources
You can can learn about kong ingress custom resource definitions [here](https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/custom-resources.md).
-| Parameter | Description | Default |
-| --------------- | ----------------------------------------- | ---------------------------------------------------------------------------- |
-| enabled | Deploy the ingress controller, rbac and crd | false |
-| replicaCount | Number of desired ingress controllers | 1 |
-| image.repository | Docker image with the ingress controller | kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller |
-| image.tag | Version of the ingress controller | 0.2.0 |
-| readinessProbe | Kong ingress controllers readiness probe | |
-| livenessProbe | Kong ingress controllers liveness probe | |
-| ingressClass | The ingress-class value for controller | nginx
+
+| Parameter | Description | Default |
+| ---------------------------------- | ------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- |
+| enabled | Deploy the ingress controller, rbac and crd | false |
+| replicaCount | Number of desired ingress controllers | 1 |
+| image.repository | Docker image with the ingress controller | kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller |
+| image.tag | Version of the ingress controller | 0.2.0 |
+| readinessProbe | Kong ingress controllers readiness probe | |
+| livenessProbe | Kong ingress controllers liveness probe | |
+| ingressClass | The ingress-class value for controller | nginx |
+| podDisruptionBudget.enabled | Enable PodDisruptionBudget for ingress controller | `false` |
+| podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` |
+| podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | |
+
+apiVersion: v1
appVersion: 3.11.3
description: Apache Cassandra is a free and open-source distributed database management
system designed to handle large amounts of data across many commodity servers, providing
+apiVersion: v1
appVersion: 10.6.0
description: Chart for PostgreSQL, an object-relational database management system
(ORDBMS) with an emphasis on extensibility and on standards-compliance.
{{- if .Values.replication.enabled }}
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "postgresql.fullname" . }}-slave"
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "postgresql.master.fullname" . }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# CI test for testing dbless deployment without ingress controllers
+ingressController:
+ enabled: false
+env:
+ database: "off"
+postgresql:
+ enabled: false
+dblessConfig:
+ # Or the configuration is passed in full-text below
+ config:
+ _format_version: "1.1"
+ services:
+ - name: test-svc
+ url: http://example.com
+ routes:
+ - name: test
+ paths:
+ - /test
+ plugins:
+ - name: request-termination
+ config:
+ status_code: 200
+ message: "dbless-config"
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# CI test for testing dbless deployment
+env:
+ database: "off"
+postgresql:
+ enabled: false
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# CI test for testing dbless deployment
+
+podDisruptionBudget:
+ enabled: true
+
+ingressController:
+ enabled: true
+ podDisruptionBudget:
+ enabled: true
+env:
+ database: "off"
+postgresql:
+ enabled: false
+++ /dev/null
-# CI test for testing dbless deployment
-ingressController:
- enabled: true
-env:
- database: "off"
-postgresql:
- enabled: false
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
# Default values for kong.
# Declare variables to be passed into your templates.
image:
repository: kong
# repository: kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition
- tag: 1.2
+ tag: 1.3
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
# The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/
session_conf_secret: you-must-create-an-rbac-session-conf-secret
# Set to the appropriate plugin config JSON if not using basic-auth
- # admin_gui_auth_conf: ''
+ admin_gui_auth_conf: {}
smtp:
enabled: false
portal_emails_from: none@example.com
# Set runMigrations to run Kong migrations
runMigrations: true
+# update strategy
+updateStrategy: {}
+ # type: RollingUpdate
+ # rollingUpdate:
+ # maxSurge: "100%"
+ # maxUnavailable: "0%"
+
# Specify Kong configurations
# Kong configurations guide https://getkong.org/docs/latest/configuration/
+# Values here take precedence over values from other sections of values.yaml,
+# e.g. setting pg_user here will override the value normally set when postgresql.enabled
+# is set below. In general, you should not set values here if they are set elsewhere.
env:
database: postgres
proxy_access_log: /dev/stdout
# Kong pod count
replicaCount: 1
+# Kong Pod Disruption Budget
+podDisruptionBudget:
+ enabled: false
+ maxUnavailable: "50%"
+
# Kong has a choice of either Postgres or Cassandra as a backend datatstore.
# This chart allows you to choose either of them with the `database.type`
# parameter. Postgres is chosen by default.
enabled: false
image:
repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller
- tag: 0.4.0
+ tag: 0.5.0
replicaCount: 1
livenessProbe:
failureThreshold: 3
name:
ingressClass: kong
+
+ podDisruptionBudget:
+ enabled: false
+ maxUnavailable: "50%"
+
+# We pass the dbless (declarative) config over here.
+dblessConfig:
+ # Either Kong's configuration is managed from an existing ConfigMap (with Key: kong.yml)
+ configMap: ""
+ # Or the configuration is passed in full-text below
+ config:
+ _format_version: "1.1"
+ services:
+ # Example configuration
+ # - name: example.com
+ # url: http://example.com
+ # routes:
+ # - name: example
+ # paths:
+ # - "/example"
+
+serviceMonitor:
+ # Specifies whether ServiceMonitor for Prometheus operator should be created
+ enabled: false
+ # interval: 10s
+ # Specifies namespace, where ServiceMonitor should be installed
+ # namespace: monitoring
- 192.168.1.1/32
- 10.10.10.10/32
+updateStrategy:
+ type: "RollingUpdate"
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+
readinessProbe:
httpGet:
path: "/status"
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
dependencies:
- name: postgresql
version: ~3.9.1
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
+{{- define "kong.dblessConfig.fullname" -}}
+{{- $name := default "kong-custom-dbless-config" .Values.dblessConfig.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
{{/*
Create the name of the service account to use
*/}}
--- /dev/null
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "kong.fullname" . }}-default-custom-server-blocks
+ labels:
+ app: {{ template "kong.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+data:
+ servers.conf: |
+ # Prometheus metrics server
+ server {
+ server_name kong_prometheus_exporter;
+ listen 0.0.0.0:9542; # can be any other port as well
+ access_log off;
+ location /metrics {
+ default_type text/plain;
+ content_by_lua_block {
+ local prometheus = require "kong.plugins.prometheus.exporter"
+ prometheus:collect()
+ }
+ }
+ location /nginx_status {
+ internal;
+ access_log off;
+ stub_status;
+ }
+ }
--- /dev/null
+{{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+{{- if not .Values.dblessConfig.configMap }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "kong.dblessConfig.fullname" . }}
+ labels:
+ app: {{ template "kong.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+data:
+ kong.yml: |
+{{ .Values.dblessConfig.config | toYaml | indent 4 }}
+{{- end }}
+{{- end }}
- list
- watch
- apiGroups:
- - "extensions"
+ - "networking.k8s.io"
resources:
- ingresses
verbs:
- create
- patch
- apiGroups:
- - "extensions"
+ - "networking.k8s.io"
resources:
- ingresses/status
verbs:
- get
- list
- watch
+ - apiGroups:
+ - "networking.k8s.io"
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
{{- end -}}
{{- if (and (.Values.ingressController.enabled) (not (eq .Values.env.database "off"))) }}
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ template "kong.fullname" . }}-controller"
{{- end }}
{{- include "kong.license" . | nindent 8 }}
{{- end }}
- {{- include "kong.env" . | indent 8 }}
{{- if .Values.admin.useTLS }}
- name: KONG_ADMIN_LISTEN
value: "0.0.0.0:{{ .Values.admin.containerPort }} ssl"
- name: KONG_CASSANDRA_CONTACT_POINTS
value: {{ template "kong.cassandra.fullname" . }}
{{- end }}
+ {{- include "kong.env" . | indent 8 }}
ports:
- name: admin
containerPort: {{ .Values.admin.containerPort }}
--- /dev/null
+{{- if and .Values.ingressController.enabled .Values.ingressController.podDisruptionBudget.enabled }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: "{{ template "kong.fullname" . }}-controller"
+ labels:
+ app: "{{ template "kong.name" . }}"
+spec:
+ {{- if .Values.ingressController.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.ingressController.podDisruptionBudget.minAvailable }}
+ {{- end }}
+ {{- if .Values.ingressController.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.ingressController.podDisruptionBudget.maxUnavailable }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: {{ template "kong.name" . }}
+ release: {{ .Release.Name }}
+ component: controller
+{{- end }}
\ No newline at end of file
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ template "kong.fullname" . }}"
app: {{ template "kong.name" . }}
release: {{ .Release.Name }}
component: app
+ {{- if .Values.updateStrategy }}
+ strategy:
+{{ toYaml .Values.updateStrategy | indent 4 }}
+ {{- end }}
+
template:
metadata:
- {{- if .Values.podAnnotations }}
annotations:
+ {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off" )) }}
+ {{- if .Values.dblessConfig.config }}
+ checksum/dbless.config: {{ toYaml .Values.dblessConfig.config | sha256sum }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
- {{- end }}
+ {{- end }}
labels:
app: {{ template "kong.name" . }}
release: {{ .Release.Name }}
component: app
spec:
- {{- if (and (.Values.ingressController) (eq .Values.env.database "off")) }}
+ {{- if (and (.Values.ingressController.enabled) (eq .Values.env.database "off")) }}
serviceAccountName: {{ template "kong.serviceAccountName" . }}
{{ end }}
{{- if .Values.image.pullSecrets }}
{{- include "kong.wait-for-db" . | nindent 6 }}
{{ end }}
containers:
- {{- if (and (.Values.ingressController) (eq .Values.env.database "off")) }}
+ {{- if (and (.Values.ingressController.enabled) (eq .Values.env.database "off")) }}
{{- include "kong.controller-container" . | nindent 6 }}
{{ end }}
- name: {{ template "kong.name" . }}
- name: KONG_ADMIN_GUI_AUTH
value: {{ .Values.enterprise.rbac.admin_gui_auth | default "basic-auth" }}
- name: KONG_ADMIN_GUI_AUTH_CONF
- value: {{ toJson .Values.enterprise.rbac.admin_gui_auth_conf | default "" }}
+ value: '{{ toJson .Values.enterprise.rbac.admin_gui_auth_conf }}'
- name: KONG_ADMIN_GUI_SESSION_CONF
valueFrom:
secretKeyRef:
{{- end }}
{{- include "kong.license" . | nindent 8 }}
{{- end }}
- {{- include "kong.env" . | indent 8 }}
+ - name: KONG_NGINX_HTTP_INCLUDE
+ value: /kong/servers.conf
{{- if .Values.postgresql.enabled }}
- name: KONG_PG_HOST
value: {{ template "kong.postgresql.fullname" . }}
- name: KONG_CASSANDRA_CONTACT_POINTS
value: {{ template "kong.cassandra.fullname" . }}
{{- end }}
+ {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/kong_dbless/kong.yml"
+ {{- end }}
+ {{- include "kong.env" . | indent 8 }}
ports:
- name: admin
containerPort: {{ .Values.admin.containerPort }}
{{- end}}
protocol: TCP
{{- end }}
+ - name: metrics
+ containerPort: 9542
+ protocol: TCP
{{- if .Values.enterprise.enabled }}
{{- if .Values.manager.http.enabled }}
- name: manager
protocol: TCP
{{- end }}
{{- end }}
+ volumeMounts:
+ - name: custom-nginx-template-volume
+ mountPath: /kong
+ {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+ - name: kong-custom-dbless-config-volume
+ mountPath: /kong_dbless/
+ {{- end }}
readinessProbe:
{{ toYaml .Values.readinessProbe | indent 10 }}
livenessProbe:
{{- end }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
+ volumes:
+ - name: custom-nginx-template-volume
+ configMap:
+ name: {{ template "kong.fullname" . }}-default-custom-server-blocks
+{{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+ - name: kong-custom-dbless-config-volume
+ configMap:
+ {{- if .Values.dblessConfig.configMap }}
+ name: {{ .Values.dblessConfig.configMap }}
+ {{- else }}
+ name: {{ template "kong.dblessConfig.fullname" . }}
+ {{- end }}
+{{- end }}
{{- $serviceName := include "kong.fullname" . -}}
{{- $servicePort := .Values.admin.servicePort -}}
{{- $path := .Values.admin.ingress.path -}}
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ template "kong.fullname" . }}-admin
tls:
{{ toYaml .Values.admin.ingress.tls | indent 4 }}
{{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
{{- $serviceName := include "kong.fullname" . -}}
{{- $servicePort := include "kong.ingress.servicePort" .Values.manager -}}
{{- $path := .Values.manager.ingress.path -}}
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ template "kong.fullname" . }}-manager
{{- $serviceName := include "kong.fullname" . -}}
{{- $servicePort := include "kong.ingress.servicePort" .Values.portalapi -}}
{{- $path := .Values.portalapi.ingress.path -}}
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ template "kong.fullname" . }}-portalapi
{{- $serviceName := include "kong.fullname" . -}}
{{- $servicePort := include "kong.ingress.servicePort" .Values.portal -}}
{{- $path := .Values.portal.ingress.path -}}
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ template "kong.fullname" . }}-portal
{{- $serviceName := include "kong.fullname" . -}}
{{- $servicePort := include "kong.ingress.servicePort" .Values.proxy -}}
{{- $path := .Values.proxy.ingress.path -}}
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ template "kong.fullname" . }}-proxy
{{- if .Values.enterprise.enabled }}
{{- include "kong.license" . | nindent 8 }}
{{- end }}
- {{- include "kong.env" . | indent 8 }}
{{- if .Values.postgresql.enabled }}
- name: KONG_PG_HOST
value: {{ template "kong.postgresql.fullname" . }}
- name: KONG_CASSANDRA_CONTACT_POINTS
value: {{ template "kong.cassandra.fullname" . }}
{{- end }}
+ {{- include "kong.env" . | indent 8 }}
command: [ "/bin/sh", "-c", "kong migrations finish" ]
restartPolicy: OnFailure
{{- end }}
{{- if .Values.enterprise.enabled }}
{{- include "kong.license" . | nindent 8 }}
{{- end }}
- {{- include "kong.env" . | indent 8 }}
{{- if .Values.postgresql.enabled }}
- name: KONG_PG_HOST
value: {{ template "kong.postgresql.fullname" . }}
- name: KONG_CASSANDRA_CONTACT_POINTS
value: {{ template "kong.cassandra.fullname" . }}
{{- end }}
+ {{- include "kong.env" . | indent 8 }}
command: [ "/bin/sh", "-c", "kong migrations up" ]
restartPolicy: OnFailure
{{- end }}
{{- if .Values.enterprise.enabled }}
{{- include "kong.license" . | nindent 8 }}
{{- end }}
- {{- include "kong.env" . | indent 8 }}
{{- if .Values.postgresql.enabled }}
- name: KONG_PG_HOST
value: {{ template "kong.postgresql.fullname" . }}
- name: KONG_CASSANDRA_CONTACT_POINTS
value: {{ template "kong.cassandra.fullname" . }}
{{- end }}
+ {{- include "kong.env" . | indent 8 }}
command: [ "/bin/sh", "-c", "kong migrations bootstrap" ]
restartPolicy: OnFailure
{{- end }}
--- /dev/null
+{{- if .Values.podDisruptionBudget.enabled }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: "{{ template "kong.fullname" . }}"
+ labels:
+ app: "{{ template "kong.name" . }}"
+spec:
+ {{- if .Values.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+ {{- end }}
+ {{- if .Values.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: {{ template "kong.name" . }}
+ release: {{ .Release.Name }}
+ component: app
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "kong.fullname" . }}
+ {{- if .Values.serviceMonitor.namespace }}
+ namespace: {{ .Values.serviceMonitor.namespace }}
+ {{- end }}
+ labels:
+ app: {{ template "kong.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+spec:
+ endpoints:
+ - targetPort: metrics
+ scheme: http
+ {{- if .Values.serviceMonitor.interval }}
+ interval: {{ .Values.serviceMonitor.interval }}
+ {{- end }}
+ jobLabel: {{ .Release.Name }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ selector:
+ matchLabels:
+ app: {{ template "kong.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
# Default values for kong.
# Declare variables to be passed into your templates.
image:
repository: kong
# repository: kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition
- tag: 1.2
+ tag: 1.3
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
# The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/
session_conf_secret: you-must-create-an-rbac-session-conf-secret
# Set to the appropriate plugin config JSON if not using basic-auth
- # admin_gui_auth_conf: ''
+ admin_gui_auth_conf: {}
smtp:
enabled: false
portal_emails_from: none@example.com
# Set runMigrations to run Kong migrations
runMigrations: true
+# update strategy
+updateStrategy: {}
+ # type: RollingUpdate
+ # rollingUpdate:
+ # maxSurge: "100%"
+ # maxUnavailable: "0%"
+
# Specify Kong configurations
# Kong configurations guide https://getkong.org/docs/latest/configuration/
+# Values here take precedence over values from other sections of values.yaml,
+# e.g. setting pg_user here will override the value normally set when postgresql.enabled
+# is set below. In general, you should not set values here if they are set elsewhere.
env:
database: postgres
proxy_access_log: /dev/stdout
# Kong pod count
replicaCount: 1
+# Kong Pod Disruption Budget
+podDisruptionBudget:
+ enabled: false
+ maxUnavailable: "50%"
+
# Kong has a choice of either Postgres or Cassandra as a backend datatstore.
# This chart allows you to choose either of them with the `database.type`
# parameter. Postgres is chosen by default.
enabled: false
image:
repository: kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller
- tag: 0.4.0
+ tag: 0.6.0
replicaCount: 1
livenessProbe:
failureThreshold: 3
name:
ingressClass: kong
+
+ podDisruptionBudget:
+ enabled: false
+ maxUnavailable: "50%"
+
+# We pass the dbless (declarative) config over here.
+dblessConfig:
+ # Either Kong's configuration is managed from an existing ConfigMap (with Key: kong.yml)
+ configMap: ""
+ # Or the configuration is passed in full-text below
+ config:
+ _format_version: "1.1"
+ services:
+ # Example configuration
+ # - name: example.com
+ # url: http://example.com
+ # routes:
+ # - name: example
+ # paths:
+ # - "/example"
+
+serviceMonitor:
+ # Specifies whether ServiceMonitor for Prometheus operator should be created
+ enabled: false
+ # interval: 10s
+ # Specifies namespace, where ServiceMonitor should be installed
+ # namespace: monitoring
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
dependencies:
- name: kong
repository: '@stable'
- version: ~0.12.2
\ No newline at end of file
+ version: ~0.17.0
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
# Default values for kong_platform.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
namespace: {{ $deployNameSpace }}
{{- end }}
---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
metadata:
labels:
namespace: {{ $deployNameSpace }}
spec:
replicas: 1
+ selector:
+ matchLabels:
+ app: helm
+ name: tiller
template:
metadata:
labels:
### Directory Structure
.
├── 00-Kubernetes Contains scripts to deploy K8S cluster
-├── 10-Nexus Contains scripts and helm charts to deploy the docker registry and helm repo
-├── 20-Monitoring Helm charts for installed ELFK stack
+├── 15-Chartmuseum Contains scripts and helm charts to deploy the Helm chart museum
+├── 20-Monitoring Helm charts for installing ELFK stack
+├── 30-Kong Helm charts for installing Kong Proxy/Ingress Controller
├── 40-Credential Helm charts to onboard credential and secrets for docker registry and helm repo
+├── 45-Tiller
└── README.md This file
$ . ./00-Kubernetes/bin/install
```
-### To deploy Nexus repo manager
+
+### To deploy the Chartmuseum
```sh
-$ # Modify the configuration files in ./10-Nexus/etc/
-$ . ./10-Nexus/bin/install
+$ # An override file must be used.
+$ # Modify the override file, for example ../RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE
+$ #. ./15-Chartmuseum/bin/install -f YOUR_OVERRIDE_FILE
+$ # To uninstall,
+$ . ./15-Chartmuseum/bin/uninstall
```
-### Nexus Deployment Options
-You can configure the Helm release name, Kubernetes namespace, and specify ingress controller port using configuration
-files located in ./10-Nexus/etc/
-
-In the one-click deployment solution, the above setting will be overrided by environment variables shown below.
-*RICINFRA_RELEASE_NAME
-*RICINFRA_NAMESPACE
-*INGRESS_PORT
-
+### To deploy ELFK stack
+```sh
+$ # An override file must be used.
+$ # Modify the override file, for example ../RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE
+$ . ./20-Monitoring/bin/install -f YOUR_OVERRIDE_FILE
+$ # To uninstall,
+$ . ./20-Monitoring/bin/uninstall
+```
-### Passing credential to RIC
-The installation process of the Nexus repo manager will generate certificates and credential for docker registry and
-helm repo.
-### To deploy ELFK stack
+### To deploy Kong
```sh
-$ # Modify the configuration files in ./20-Monitoring/etc/
-$ . ./20-Monitoring/bin/install
+$ # An override file must be used.
+$ # Modify the override file, for example ../RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE
+$ . ./30-Kong/bin/install -f YOUR_OVERRIDE_FILE
+$ # To uninstall,
+$ . ./30-Kong/bin/uninstall
```
Please make sure that the namespace is the same one as the one used for RIC platform components.
+### To deploy an additional Tiller for xapp deployment
+```sh
+$ # An override file must be used.
+$ # Modify the override file, for example ../RECIPE_EXAMPLE/RIC_INFRA_RECIPE_EXAMPLE
+$ . ./45-Tiller/bin/install -f YOUR_OVERRIDE_FILE
+$ # To uninstall,
+$ . ./45-Tiller/bin/uninstall
+```
-TODO: Fill in the details about how to pass the credential to RIC
NAMESPACE_BLOCK=$(cat $OVERRIDEYAML | awk '/^ namespace:/{getline; while ($0 ~ /^ .*|^ *$/) {print $0; if (getline == 0) {break}}}')
NAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *platform:/{print $2}')
RELEASE_PREFIX=$(echo "$GLOBAL_BLOCK" | awk '/^ *releasePrefix:/{print $2}')
-COMPONENTS=${LIST_OF_COMPONENTS:-"appmgr rtmgr dbaas e2mgr e2term a1mediator submgr vespamgr"}
+COMPONENTS=${LIST_OF_COMPONENTS:-"appmgr rtmgr e2mgr e2term a1mediator submgr vespamgr jaegeradapter"}
echo "Deploying RIC infra components [$COMPONENTS]"
# limitations under the License. #
################################################################################
-COMPONENTS="appmgr rtmgr dbaas e2mgr e2term a1mediator submgr vespamgr"
+COMPONENTS="appmgr rtmgr e2mgr e2term a1mediator submgr vespamgr jaegeradapter"
echo "Undeploying RIC platform components [$COMPONENTS]"
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ include "common.ingressname.a1mediator" . }}
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ include "common.ingressname.appmgr" . }}
namespace: {{ include "common.tillerNameSpace" $ctx }}
rules:
- apiGroups: [""]
- resources: ["configmaps"]
+ resources: ["configmaps", "endpoints"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
+++ /dev/null
-################################################################################
-# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.deploymentname.dbaas" . }}
- namespace: {{ include "common.namespace.platform" . }}
- labels:
- app: {{ include "common.namespace.platform" . }}-{{ include "common.name.dbaas" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.dbaas.backend.replicas }}
- selector:
- matchLabels:
- app: {{ include "common.namespace.platform" . }}-{{ include "common.name.dbaas" . }}
- release: {{ .Release.Name }}
- template:
- metadata:
- {{- if .Values.dbaas.annotations }}
- annotations:
- {{- .Values.dbaas.annotations | nindent 8 -}}
- {{ end }}
- labels:
- app: {{ include "common.namespace.platform" . }}-{{ include "common.name.dbaas" . }}
- release: {{ .Release.Name }}
- spec:
- imagePullSecrets:
- - name: {{ include "common.repositoryCred" . }}
- terminationGracePeriodSeconds: {{ .Values.dbaas.backend.terminationGracePeriodSeconds }}
- containers:
- - image: {{ include "common.repository" . }}/{{ .Values.dbaas.backend.image.name }}:{{ .Values.dbaas.backend.image.tag }}
- imagePullPolicy: {{ include "common.pullPolicy" . }}
- ports:
- - containerPort: {{ include "common.serviceport.dbaas.tcp" . }}
- name: sql
- protocol: TCP
- name: {{ include "common.containername.dbaas" . }}
- restartPolicy: Always
rte|1080|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|1090|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
rte|1100|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
+ rte|1200|{{ include "common.servicename.rsm.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.rsm.rmr.data" . }}
+ rte|1210|{{ include "common.servicename.rsm.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.rsm.rmr.data" . }}
+ rte|1220|{{ include "common.servicename.rsm.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.rsm.rmr.data" . }}
rte|10020|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|10060|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
rte|10061|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|10062|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
+ rte|10070|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
+ rte|10071|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
rte|10080|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|10360|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
rte|10361|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|12010|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
rte|12020|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
rte|20001|{{ include "common.servicename.a1mediator.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.a1mediator.rmr.data" . }}
- rte|12011|service-admin-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|12012|service-admin-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|12021|service-admin-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|12022|service-admin-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|12050|service-admin-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|20000|service-admin-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
newrt|end
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.configmapname.e2mgr" . }}-configuration-configmap
+ namespace: {{ include "common.namespace.platform" . }}
+data:
+ configuration.yaml: |
+ logging:
+ {{- if hasKey .Values.e2mgr "logLevel" }}
+ logLevel: {{ .Values.e2mgr.logLevel }}
+ {{- else }}
+ logLevel: "info"
+ {{- end }}
+ http:
+ {{- if hasKey .Values.e2mgr "httpPort" }}
+ port: {{ .Values.e2mgr.httpPort }}
+ {{- else }}
+ port: 3800
+ {{- end }}
+ rmr:
+ {{- if hasKey .Values.e2mgr "rmrPort" }}
+ port: {{ .Values.e2mgr.rmrPort }}
+ {{- else }}
+ port: 3801
+ {{- end }}
+ {{- if hasKey .Values.e2mgr "maxMsgSize" }}
+ maxMsgSize: {{ .Values.e2mgr.maxMsgSize }}
+ {{- else }}
+ maxMsgSize: 4096
+ {{- end }}
+
+ {{- if hasKey .Values.e2mgr "notificationResponseBuffer" }}
+ notificationResponseBuffer: {{ .Values.e2mgr.notificationResponseBuffer }}
+ {{- else }}
+ notificationResponseBuffer: 100
+ {{- end }}
+
+ {{- if hasKey .Values.e2mgr "bigRedButtonTimeoutSec" }}
+ bigRedButtonTimeoutSec: {{ .Values.e2mgr.bigRedButtonTimeoutSec }}
+ {{- else }}
+ bigRedButtonTimeoutSec: 5
+ {{- end }}
+
+ {{- if hasKey .Values.e2mgr "maxConnectionAttempts" }}
+ maxConnectionAttempts: {{ .Values.e2mgr.maxConnectionAttempts }}
+ {{- else }}
+ maxConnectionAttempts: 3
+ {{- end }}
+
+ {{- if hasKey .Values.e2mgr "maxRnibConnectionAttempts" }}
+ maxRnibConnectionAttempts: {{ .Values.e2mgr.maxRnibConnectionAttempts }}
+ {{- else }}
+ maxRnibConnectionAttempts: 3
+ {{- end }}
+
+ {{- if hasKey .Values.e2mgr "rnibRetryIntervalMs" }}
+ rnibRetryIntervalMs: {{ .Values.e2mgr.rnibRetryIntervalMs }}
+ {{- else }}
+ rnibRetryIntervalMs: 10
+ {{- end }}
+
+---
- mountPath: /opt/E2Manager/router.txt
name: local-router-file
subPath: router.txt
+ - mountPath: /opt/E2Manager/resources/configuration.yaml
+ name: local-configuration-file
+ subPath: configuration.yaml
envFrom:
- configMapRef:
name: {{ include "common.configmapname.e2mgr" . }}-env
- name: local-router-file
configMap:
name: {{ include "common.configmapname.e2mgr" . }}-router-configmap
+ - name: local-configuration-file
+ configMap:
+ name: {{ include "common.configmapname.e2mgr" . }}-configuration-configmap
DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }}
DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }}
RMR_RTG_SVC: {{ include "common.serviceport.e2mgr.rmr.route" . | quote }}
+ RMR_SRC_ID: {{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}
RIC_ID: "{{ .Values.e2mgr.env.RIC_ID }}"
#nano: {{ include "common.serviceport.e2mgr.rmr.data" . | quote }}
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: {{ include "common.ingressname.e2mgr" . }}
--- /dev/null
+#!/bin/sh
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+(
+echo "$0 cleaning old files under $1 older than $2 days" > /tmp/cleaner.log
+while true; do
+ find $1 -type f -mtime +$2 -delete
+ sleep 86400
+done
+) >/dev/null 2>&1 &
+disown -a
--- /dev/null
+Processors: pub
+pub.Class: com.att.research.basin.pubsubx.Publisher
+pub.Threads: 2
+pub.PublishURL: {{ .Values.e2term.pizpub.publishURL }}
+pub.User: {{ .Values.e2term.pizpub.user }}
+pub.Password: {{ .Values.e2term.pizpub.password }}
+pub.meta.feed_id: {{ .Values.e2term.pizpub.feedId }}
+pub.meta.version: 1
+pub.meta.splits: 1
+Factories: scanner
+scanner.Class: com.att.research.basin.pubsubx.FileScanner
+scanner.Destination: pub
+scanner.Directory: {{ .Values.e2term.pizpub.dataRootDir }}/{{ .Values.e2term.pizpub.scanDirectory }}
+scanner.MinAgeSeconds: 10
+scanner.ScanIntervalSeconds: 10
+scanner.DeleteOrGZip: delete
+scanner.LinkDirectory: {{ .Values.e2term.pizpub.dataRootDir }}/{{ .Values.e2term.pizpub.processedDirectory }}
+scanner.meta.record_count: countNewLines
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+#
+0 * * * * find {{ .Values.dataRootDir }}/{{ .Values.processedDirectory }} -type f -mtime +3 -delete
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+{{ if .Values.e2term.pizpub.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.configmapname.e2term" . }}-pizpub
+ namespace: {{ include "common.namespace.platform" . }}
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
+{{ end }}
newrt|start
rte|1080|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|1090|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
- rte|1100|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
+ rte|1100|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|10020|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|10060|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
rte|10061|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|10062|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
+ rte|10030|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
+ rte|10070|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
+ rte|10071|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|10080|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
+ rte|10091|{{ include "common.servicename.rsm.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.rsm.rmr.data" . }}
+ rte|10092|{{ include "common.servicename.rsm.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.rsm.rmr.data" . }}
rte|10360|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
rte|10361|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|10362|{{ include "common.servicename.e2mgr.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2mgr.rmr.data" . }}
rte|12010|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
rte|12020|{{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.e2term.rmr.data" . }}
rte|20001|{{ include "common.servicename.a1mediator.rmr" . }}.{{ include "common.namespace.platform" . }}:{{ include "common.serviceport.a1mediator.rmr.data" . }}
- rte|12011|service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|12050|service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|12012|service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|12021|service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|12022|service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|12050|service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
- rte|20000|service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
+ rte|12011|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
+ rte|12050|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
+ rte|12012|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
+ rte|12021|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
+ rte|12022|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
+ rte|12041|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
+ rte|12042|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
+ rte|12050|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
+ rte|20000|service-ricxapp-ueec-rmr.{{ include "common.namespace.xapp" . }}:4560;service-admission-ctrl-xapp-rmr.{{ include "common.namespace.xapp" . }}:4560
newrt|end
+
dnsPolicy: ClusterFirstWithHostNet
imagePullSecrets:
- name: {{ include "common.repositoryCred" . }}
+ {{- with .Values.e2term.nodeselector }}
+ nodeSelector: {{ toYaml . | trim | nindent 8 -}}
+ {{- end }}
containers:
- name: {{ include "common.containername.e2term" . }}
image: {{ include "common.repository" . }}/{{ .Values.e2term.image.name }}:{{ .Values.e2term.image.tag }}
- mountPath: /opt/e2/router.txt
name: local-router-file
subPath: router.txt
+ - mountPath: /tmp/rmr_verbose
+ name: local-router-file
+ subPath: rmr_verbose
+{{ if .Values.e2term.pizpub.enabled }}
+ - mountPath: "{{ .Values.e2term.env.messagecollectorfile }}"
+ name: vol-shared
+ readOnly: false
+ subPath: "{{ .Values.e2term.pizpub.scanDirectory }}"
+{{ else }}
+ - mountPath: "{{ .Values.e2term.env.messagecollectorfile }}"
+ name: vol-shared
+ readOnly: false
+{{ end }}
envFrom:
- configMapRef:
name: {{ include "common.configmapname.e2term" . }}-env
tty: true
securityContext:
privileged: {{ .Values.e2term.privilegedmode }}
+
+{{ if .Values.e2term.pizpub.enabled }}
+ - name: {{ include "common.containername.e2term" . }}-pizpub
+ image: {{ include "common.repository" . }}/{{ .Values.e2term.pizpub.imageName }}:{{ .Values.e2term.pizpub.imageVersion }}
+ imagePullPolicy: {{ include "common.pullPolicy" . }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: "{{ .Values.e2term.pizpub.dataRootDir }}"
+ name: vol-shared
+ readOnly: false
+ - name: pizpub-config
+ mountPath: /opt/app/config/conf/
+ lifecycle:
+ postStart:
+ exec:
+ command: ["/bin/sh", "/opt/app/config/conf/cleaner.sh", "{{ .Values.e2term.pizpub.dataRootDir }}/{{ .Values.e2term.pizpub.processedDirectory }}", "3"]
+{{ end }}
volumes:
- name: local-router-file
configMap:
name: {{ include "common.configmapname.e2term" . }}-router-configmap
+{{ if .Values.e2term.pizpub.enabled }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: pizpub-config
+ configMap:
+ name: {{ include "common.configmapname.e2term" . }}-pizpub
+{{ end }}
+ - name: vol-shared
+ persistentVolumeClaim:
+ claimName: {{ include "common.pvcname.e2term" . }}
+
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################1
+{{if eq .Values.e2term.storageClassName "local-storage" }}
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: {{ include "common.pvname.e2term" . }}
+ labels:
+ type: local
+spec:
+ storageClassName: {{ .Values.e2term.storageClassName }}
+ capacity:
+ storage: {{ .Values.e2term.dataVolSize }}
+ accessModes:
+ - ReadWriteOnce
+ hostPath:
+ path: /mnt/{{ include "common.pvname.e2term" . }}
+{{ end }}
--- /dev/null
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.pvcname.e2term" . }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: {{ .Values.e2term.dataVolSize }}
+ storageClassName: {{ .Values.e2term.storageClassName }}
+ #volumeName: {{ include "common.pvname.e2term" . }}
DBAAS_SERVICE_HOST: {{ include "common.servicename.dbaas.tcp" . | quote }}
DBAAS_SERVICE_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }}
DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }}
- DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }}
+ DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }}
+ RMR_SRC_ID: {{ include "common.servicename.e2term.rmr" . }}.{{ include "common.namespace.platform" . }}
RMR_RTG_SVC: {{ include "common.serviceport.e2term.rmr.route" . | quote }}
RMR_SEED_RT: "router.txt"
RMR_VCTL_FILE: "/tmp/rmr_verbose"
sctp: {{ include "common.serviceport.e2term.sctp" . | quote }}
nano: {{ include "common.serviceport.e2term.rmr.data" . | quote }}
print: "{{ .Values.e2term.env.print }}"
+ volume: "{{ .Values.e2term.env.messagecollectorfile }}"
replicaCount: 1
env:
print: "1"
-
+ messagecollectorfile: "/data/outgoing/"
# Service ports are now defined in
# ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file.
# If need to change a service port, make the code change necessary, then
# update the _ports.tpl file with the new port number.
+
+ dataVolSize: 100Mi
+ storageClassName: local-storage
+ #storageClassName: ric-storage-class
+
+ pizpub:
+ enabled: true
+ nsPrefix: ric
+ imageVersion: 0.0.5155
+ imageName: pizpub
+ publishURL: "https://feeds-drtr.web.att.com/publish/3641"
+ user: "m14983@ric.att.com"
+ password: "pizPub01!"
+ feedId: 3641
+ dataRootDir: "/data"
+ scanDirectory: "outgoing"
+ processedDirectory: "sent"
+
--- /dev/null
+# Copyright (c) 2019 AT&T Intellectual Property.
+# Copyright (c) 2019 Nokia.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright (c) 2019 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: jaegeradapter
+version: 0.1.0
################################################################################
# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
dependencies:
- name: ric-common
- version: ~2.0.0
+ version: ~2.0.7
+
--- /dev/null
+# Copyright (c) 2019 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename.jaegeradapter.agent" . }}
+ namespace: {{ include "common.namespace.platform" . }}
+ labels:
+ app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ ports:
+ - name: {{ include "common.portname.jaegeradapter.zipkincompact" . }}
+ port: {{ include "common.serviceport.jaegeradapter.zipkincompact" . }}
+ protocol: UDP
+ targetPort: {{ include "common.serviceport.jaegeradapter.zipkincompact" . }}
+ - name: {{ include "common.portname.jaegeradapter.jaegercompact" . }}
+ port: {{ include "common.serviceport.jaegeradapter.jaegercompact" . }}
+ protocol: UDP
+ targetPort: {{ include "common.serviceport.jaegeradapter.jaegercompact" . }}
+ - name: {{ include "common.portname.jaegeradapter.jaegerbinary" . }}
+ port: {{ include "common.serviceport.jaegeradapter.jaegerbinary" . }}
+ protocol: UDP
+ targetPort: {{ include "common.serviceport.jaegeradapter.jaegerbinary" . }}
+ selector:
+ app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }}
+ release: {{ .Release.Name }}
+
--- /dev/null
+# Copyright (c) 2019 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename.jaegeradapter.collector" . }}
+ namespace: {{ include "common.namespace.platform" . }}
+ labels:
+ app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ ports:
+ - name: {{ include "common.portname.jaegeradapter.jaegerhttpt" . }}
+ port: {{ include "common.serviceport.jaegeradapter.jaegerhttpt" . }}
+ protocol: TCP
+ targetPort: {{ include "common.serviceport.jaegeradapter.jaegerhttpt" . }}
+ - name: {{ include "common.portname.jaegeradapter.jaegerhttp" . }}
+ port: {{ include "common.serviceport.jaegeradapter.jaegerhttp" . }}
+ protocol: TCP
+ targetPort: {{ include "common.serviceport.jaegeradapter.jaegerhttp" . }}
+ - name: {{ include "common.portname.jaegeradapter.zipkinhttp" . }}
+ port: {{ include "common.serviceport.jaegeradapter.zipkinhttp" . }}
+ protocol: TCP
+ targetPort: {{ include "common.serviceport.jaegeradapter.zipkinhttp" . }}
+ selector:
+ app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }}
+ release: {{ .Release.Name }}
+
--- /dev/null
+# Copyright (c) 2019 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.deploymentname.jaegeradapter" . }}
+ namespace: {{ include "common.namespace.platform" . }}
+ labels:
+ app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.jaegeradapter.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ {{- if .Values.jaegeradapter.annotations }}
+ annotations:
+ {{- .Values.jaegeradapter.annotations | nindent 8 -}}
+ {{ end }}
+ labels:
+ app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }}
+ release: {{ .Release.Name }}
+ spec:
+ hostname: {{ include "common.name.jaegeradapter" . }}
+ imagePullSecrets:
+ - name: {{ include "common.repositoryCred" . }}
+ containers:
+ - name: {{ include "common.containername.jaegeradapter" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.jaegeradapter.image.name }}:{{ .Values.jaegeradapter.image.tag }}
+ imagePullPolicy: {{ include "common.pullPolicy" . }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.configmapname.jaegeradapter" . }}
+ ports:
+ - name: {{ include "common.portname.jaegeradapter.zipkincompact" . }}
+ containerPort: {{ include "common.serviceport.jaegeradapter.zipkincompact" . }}
+ protocol: UDP
+ - name: {{ include "common.portname.jaegeradapter.jaegercompact" . }}
+ containerPort: {{ include "common.serviceport.jaegeradapter.jaegercompact" . }}
+ protocol: UDP
+ - name: {{ include "common.portname.jaegeradapter.jaegerbinary" . }}
+ containerPort: {{ include "common.serviceport.jaegeradapter.jaegerbinary" . }}
+ protocol: UDP
+ - name: {{ include "common.portname.jaegeradapter.httpquery" . }}
+ containerPort: {{ include "common.serviceport.jaegeradapter.httpquery" . }}
+ protocol: TCP
+ - name: {{ include "common.portname.jaegeradapter.httpconfig" . }}
+ containerPort: {{ include "common.serviceport.jaegeradapter.httpconfig" . }}
+ protocol: TCP
+ - name: {{ include "common.portname.jaegeradapter.zipkinhttp" . }}
+ containerPort: {{ include "common.serviceport.jaegeradapter.zipkinhttp" . }}
+ protocol: TCP
+ - name: {{ include "common.portname.jaegeradapter.jaegerhttp" . }}
+ containerPort: {{ include "common.serviceport.jaegeradapter.jaegerhttp" . }}
+ protocol: TCP
+ - name: {{ include "common.portname.jaegeradapter.jaegerhttpt" . }}
+ containerPort: {{ include "common.serviceport.jaegeradapter.jaegerhttpt" . }}
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /
+ port: {{ include "common.serviceport.jaegeradapter.httpquery" . }}
+ readinessProbe:
+ httpGet:
+ path: /
+ port: {{ include "common.serviceport.jaegeradapter.httpquery" . }}
+ initialDelaySeconds: 5
--- /dev/null
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.configmapname.jaegeradapter" . }}
+ namespace: {{ include "common.namespace.platform" . }}
+data:
+ TRACING_ENABLED: "0"
+ TRACING_JAEGER_SAMPLER_TYPE: "const"
+ TRACING_JAEGER_SAMPLER_PARAM: "1"
+ TRACING_JAEGER_AGENT_ADDR: {{ include "common.servicename.jaegeradapter.agent" . }}.{{ include "common.namespace.platform" . }}
+ TRACING_JAEGER_LOG_LEVEL: "error"
--- /dev/null
+# Copyright (c) 2019 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename.jaegeradapter.query" . }}
+ namespace: {{ include "common.namespace.platform" . }}
+ labels:
+ app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ ports:
+ - name: {{ include "common.portname.jaegeradapter.httpquery" . }}
+ port: {{ include "common.serviceport.jaegeradapter.httpquery" . }}
+ protocol: TCP
+ targetPort: {{ include "common.serviceport.jaegeradapter.httpquery" . }}
+ selector:
+ app: {{ include "common.namespace.platform" . }}-{{ include "common.name.jaegeradapter" . }}
+ release: {{ .Release.Name }}
+
--- /dev/null
+# Copyright (c) 2019 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for jaeger-all-in-one.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+repository: "nexus3.o-ran-sc.org:10004"
+imagePullPolicy: IfNotPresent
+repositoryCred: docker-reg-cred
+
+jaegeradapter:
+ replicaCount: 1
+
+ repositoryOverride: docker.io
+ image:
+ name: jaegertracing/all-in-one
+ tag: 1.12
+ pullPolicy: IfNotPresent
+
+ nameOverride: ""
+ fullnameOverride: ""
+
+ ingress:
+ enabled: false
+ annotations: {}
+ tls: []
[
{
"name": "E2TERM",
- "fqdn": "{{ include "common.servicename.e2term.rmr" . }}",
+ "fqdn": "{{ printf "%s.%s" (include "common.servicename.e2term.rmr" .) (include "common.namespace.platform" .) }}",
"port": {{ include "common.serviceport.e2term.rmr.data" . }}
},
{
"name": "SUBMAN",
- "fqdn": "{{ include "common.servicename.submgr.rmr" . }}",
+ "fqdn": "{{ printf "%s.%s" (include "common.servicename.submgr.rmr" .) (include "common.namespace.platform" .) }}",
"port": {{ include "common.serviceport.submgr.rmr.data" . }}
},
{
"name": "E2MAN",
- "fqdn": "{{ include "common.servicename.e2mgr.rmr" . }}",
+ "fqdn": "{{ printf "%s.%s" (include "common.servicename.e2mgr.rmr" .) (include "common.namespace.platform" .) }}",
"port": {{ include "common.serviceport.e2mgr.rmr.data" . }}
}
]
name: rtmgrcfg
readOnly: true
ports:
+ - name: "http"
+ containerPort: {{ include "common.serviceport.rtmgr.http" . }}
- name: "rmrroute"
containerPort: {{ include "common.serviceport.rtmgr.rmr.route" . }}
- name: "rmrdata"
--- /dev/null
+#==================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#==================================================================================
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: submgrcfg
+ namespace: ricplt
+data:
+ # FQDN and port info of rtmgr
+ submgrcfg: |
+ "local":
+ "host": ":8080"
+ "logger":
+ "level": 3
+ "rmr":
+ "protPort" : "tcp:4560"
+ "maxSize": 2072
+ "numWorkers": 1
+ "rtmgr":
+ "hostAddr": {{ include "common.servicename.rtmgr.http" . | quote }}
+ "port" : {{ include "common.serviceport.rtmgr.http" . }}
+ "baseUrl" : "/ric/v1"
- name: rmrdata
containerPort: {{ include "common.serviceport.submgr.rmr.data" . }}
protocol: TCP
+ volumeMounts:
+ - name: config-volume
+ mountPath: /cfg
+ volumes:
+ - name: config-volume
+ configMap:
+ name: submgrcfg
+ items:
+ - key: submgrcfg
+ path: submgr-config.yaml
+ mode: 0644
+
DBAAS_PORT_6379_TCP_ADDR: {{ include "common.servicename.dbaas.tcp" . | quote }}
DBAAS_PORT_6379_TCP_PORT: {{ include "common.serviceport.dbaas.tcp" . | quote }}
RMR_RTG_SVC: {{ include "common.serviceport.submgr.rmr.route" . | quote }}
-
+ RMR_SRC_ID: {{ include "common.servicename.submgr.rmr" . }}.{{ include "common.namespace.platform" . }}
+ CFGFILE: "/cfg/submgr-config.yaml"
+ SUBMGR_SEED_SN: "1"
image:
name: ric-plt-submgr
- tag: 0.1.1
+ tag: 0.10.5
replicaCount: 1
hostname: {{ include "common.name.vespamgr" . }}
imagePullSecrets:
- name: {{ include "common.repositoryCred" . }}
+ {{- with .Values.vespamgr.nodeselector }}
+ nodeSelector: {{ toYaml . | trim | nindent 8 -}}
+ {{- end }}
containers:
- name: {{ include "common.containername.vespamgr" . }}
image: {{ include "common.repository" . }}/{{ .Values.vespamgr.image.name }}:{{ .Values.vespamgr.image.tag }}
name: {{ include "common.configmapname.vespamgr" . }}
- secretRef:
name: vespa-secrets
-
+ env:
+ - name: VESMGR_APPMGRDOMAIN
+ value: appmgr-service
+ livenessProbe:
+ httpGet:
+ path: /supervision
+ port: 8080
+ initialDelaySeconds: 30
+ periodSeconds: 60
+ timeoutSeconds: 20
name: vespa-secrets
type: Opaque
data:
- VESMGR_PRICOLLECTOR_USER: ""
- VESMGR_PRICOLLECTOR_PASSWORD: ""
-
+ VESMGR_PRICOLLECTOR_USER: "c2FtcGxlMQo="
+ VESMGR_PRICOLLECTOR_PASSWORD: "c2FtcGxlMQo="
image:
name: ric-plt-vespamgr
- tag: 0.0.1
+ tag: 0.0.3
# Service ports are now defined in
# ric-common/Common-Template/helm/ric-common/templates/_ports.tpl file.
### Directory Structure
.
├── 50-RIC-Platform Deployment scripts, charts and configuration files for RIC platform components
+│ ├── bin Contains deployment and uninstall scripts
+│ └── helm Contains helm charts
├── 55-Ext-Services Deployment scripts and chart for external service used by RIC to reach services outside of cluster
└── README.md This file
### To Deploy RIC Platform
```sh
-$ # Modify the configuration files in ./50-RIC-Platform/etc/
-$ . ./50-RIC-Platform/bin/install
-$ # If you have an override value.yaml file, please use
-$ #. ./50-RIC-Platform/bin/install YOUR_OVERRIDE_FILE
+$ # An override file must be used.
+$ # Modify the override file, for example ../RECIPE_EXAMPLE/RIC_PLATFORM_RECIPE_EXAMPLE
+$ #. ./50-RIC-Platform/bin/install -f YOUR_OVERRIDE_FILE
```
### RIC Platform Deployment Options
-You can configure the Helm release name, Kubernetes namespace using configuration files located in ./50-RIC-Platform/etc/
-Please make sure that the namespace is the same one as the one used for RIC platform components.
-
-In the one-click deployment solution, the above setting will be overrided by environment variables shown below.
-*RICPLT_RELEASE_NAME
-*RICPLT_NAMESPACE
+You can configure the Helm release name, Kubernetes namespaces using the override file with
+parameters global.releasePrefix and global.namespace
### To Undeploy RIC Platform
```sh
If the aux cluster is multi-node, any of the nodes can be specified here.
```sh
-$ # Set the value of ext/ip in values.yaml to be the external IP address. If you will use an override file and it has ext/ip set,
-$ # make sure it is set correctly.
-$ . ./55-Ext-Services/bin/install
-$ # If you have an override value.yaml file, please use
-$ #. ./50-Ext-Services/bin/install YOUR_OVERRIDE_FILE
+$ # An override file must be used.
+$ # Modify the override file, for example ../RECIPE_EXAMPLE/RIC_PLATFORM_RECIPE_EXAMPLE
+$ # Set the values of extsvcaux/ricip and extsvcaux/auxip to be the external IP addresses of VM hosting RIC cluster and VM hosting AUX cluster, respectively.
+$ # These values should be set in the override file
+$ . ./55-Ext-Services/bin/install -f YOUR_OVERRIDE_FILE
```
### To Undeploy External services
+++ /dev/null
-#!/bin/bash
-################################################################################
-# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-
-
-while [ -n "$1" ]; do # while loop starts
-
- case "$1" in
-
- -n)
- CHART_NAME=$2
- shift
- ;;
-
- -v) CHART_VERSION=$2
- shift
- ;; # Message for -b option
-
- -f) OVERRIDEYAML=$2
- shift
- ;; # Message for -c option
-
- -i) FULLIMAGE=$2
- shift
- ;;
-
- -d) DESCRIPTOR_PATH=$2
- shift
- ;;
-
- -c) CONFIG_JSON_PATH=$2
- shift
- ;;
-
- -h) HELM_REPO_USERNAME=$2
- shift
- ;;
-
- -p) HELM_REPO_PASSWORD=$2
- shift
- ;;
-
- *) echo "Option $1 not recognized" ;; # In case you typed a different option other than a,b,c
-
- esac
-
- shift
-
-done
-
-
-
-
-if [ -z $CHART_NAME ]; then
- echo "Please specify chart name using -n option."
- exit 1
-fi
-if [ -z $CHART_VERSION ]; then
- echo "Please specify chart version using -v option."
- exit 1
-fi
-if [ -z $FULLIMAGE ]; then
- echo "Please specify image using -i option."
- exit 1
-fi
-if [ -z $DESCRIPTOR_PATH ]; then
- echo "Please specify descriptor file using -d option."
- exit 1
-fi
-if [ -z $CONFIG_JSON_PATH ]; then
- echo "Please specify config json file using -c option."
- exit 1
-fi
-
-
-if [ ! -f $DESCRIPTOR_PATH ]; then
- echo "Descriptor file cannot be founded at $DESCRIPTOR_PATH"
- exit 1
-fi
-if [ ! -f $CONFIG_JSON_PATH ]; then
- echo "Config json file cannot be founded at $CONFIG_JSON_PATH"
- exit 1
-fi
-
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
-
-
-source $DIR/../etc/xapp.conf
-
-if [ -z $OVERRIDEYAML ]; then
- HELM_REPO=$default_helm_repo
- DOCKER_REGISTRY=$default_docker_registry
-else
- helm_repo_override=$(grep "^ *helmRepository:" $OVERRIDEYAML | awk '{gsub(/ /,""); gsub(/\"/,""); split($0, b, "tory:");split(b[2],c,"#"); print c[1]}')
- docker_reg_override=$(grep "^ *repository:" $OVERRIDEYAML | awk '{ gsub(/ /,""); gsub(/\"/,""); split($0, b, "tory:");split(b[2],c,"#"); print c[1]}')
- if [ -z $helm_repo_override ]; then
- HELM_REPO=$default_helm_repo
- else
- HELM_REPO=$helm_repo_override
- fi
-
- if [ -z $docker_reg_override ]; then
- DOCKER_REGISTRY=$default_docker_registry
- else
- DOCKER_REGISTRY=$docker_reg_override
- fi
-fi
-
-
-
-
-rm -rf /tmp/$CHART_NAME
-
-cp -r $DIR/../helm/xapp-std/ /tmp/$CHART_NAME
-
-
-
-sed -i "s/^name: xapp-std/name: $CHART_NAME/" /tmp/$CHART_NAME/Chart.yaml
-sed -i "s/^version: 0.0.1/version: $CHART_VERSION/" /tmp/$CHART_NAME/Chart.yaml
-
-
-registry_path=$(echo $FULLIMAGE | awk '{n=split($0, a, "/"); if(n>1) print a[1]}')
-
-
-
-tag=$(echo $FULLIMAGE | awk '{n=split($0, a, "/"); split(a[n], b, ":"); print b[2]}')
-
-image=$(echo $FULLIMAGE | awk -v head="$registry_path/" -v tail=":$tag" '{gsub (head, ""); gsub(tail,""); gsub(/\//,"\\/"); print $0}')
-
-
-sed -i "s/^ name: xapp-std/ name: $CHART_NAME/" /tmp/$CHART_NAME/values.yaml
-sed -i "s/^ name: xapp-std/ name: $image/" /tmp/$CHART_NAME/values.yaml
-sed -i "s/^ tag: latest/ tag: $tag/" /tmp/$CHART_NAME/values.yaml
-
-
-if [ -z $registry_path ]; then
- sed -i "s/^ repository: xapp-std-reg/ repository: $DOCKER_REGISTRY/" /tmp/$CHART_NAME/values.yaml
-else
- sed -i "s/^ repository: xapp-std-reg/ repository: $registry_path/" /tmp/$CHART_NAME/values.yaml
-fi
-
-
-mkdir /tmp/$CHART_NAME/config/
-mkdir /tmp/$CHART_NAME/descriptors/
-
-cp $CONFIG_JSON_PATH /tmp/$CHART_NAME/config/
-cp $DESCRIPTOR_PATH /tmp/$CHART_NAME/descriptors/
-
-
-helm package -d /tmp /tmp/$CHART_NAME
-
-
-echo $HELM_REPO
-#curl -k -u $HELM_REPO_USERNAME:$HELM_REPO_PASSWORD $HELM_REPO --upload-file /tmp/$CHART_NAME-$CHART_VERSION.tgz -v
-curl -Lk -u $HELM_REPO_USERNAME:$HELM_REPO_PASSWORD "$HELM_REPO"/api/charts --data-binary "@/tmp/$CHART_NAME-$CHART_VERSION.tgz"
+++ /dev/null
-################################################################################
-# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "ricxapp.name" -}}
- {{- default .Chart.Name .Values.ricxapp.name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "ricxapp.fullname" -}}
- {{- $name := ( include "ricxapp.name" . ) -}}
- {{- $fullname := ( printf "%s-%s" .Release.Namespace $name ) -}}
- {{- default $fullname .Values.ricxapp.fullname | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "ricxapp.chart" -}}
- {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "ricxapp.namespace" -}}
- {{- default .Release.Namespace .Values.nsPrefix -}}
-{{- end -}}
-
-
-
-{{- define "ricxapp.servicename.rmr" -}}
- {{- $name := ( include "ricxapp.fullname" . ) -}}
- {{- printf "service-%s-rmr" $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "ricxapp.servicename.http" -}}
- {{- $name := ( include "ricxapp.fullname" . ) -}}
- {{- printf "service-%s-http" $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "ricxapp.configmapname" -}}
- {{- $name := ( include "ricxapp.fullname" . ) -}}
- {{- printf "configmap-%s" $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "ricxapp.deploymentname" -}}
- {{- $name := ( include "ricxapp.fullname" . ) -}}
- {{- printf "deployment-%s" $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-
-{{- define "ricxapp.containername" -}}
- {{- $name := ( include "ricxapp.fullname" . ) -}}
- {{- printf "container-%s" $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "ricxapp.imagepullsecret" -}}
- {{- printf "docker-reg-cred" -}}
-{{- end -}}
+++ /dev/null
-################################################################################
-# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################'
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "ricxapp.configmapname" . }}-appconfig
-data:
-{{- $dbaasservice := .Values.ricplt.dbaasService | quote -}}
-{{- $pltingressurl := .Values.ricplt.pltIngressUrl | quote -}}
-{{- $xappingressurl := .Values.ricplt.xappIngressUrl | quote -}}
-{{- $appmgrrmrservice := .Values.ricplt.appmgrRMRService | quote -}}
-{{- $e2mgrrmrservice := .Values.ricplt.e2mgrRMRService | quote -}}
-{{- $e2termrmrservice := .Values.ricplt.e2termRMRService | quote -}}
-{{- $rtmgrrmrservice := .Values.ricplt.rtmgrRMRService | quote -}}
-{{- $a1mediatorrmrservice := .Values.ricplt.a1mediatorRMRService | quote -}}
-
-{{- (.Files.Glob "config/*").AsConfig | replace "__DBAAS_SERVICE__" $dbaasservice | replace "__PLT_INGRESS_URL__" $pltingressurl | replace "__XAPP_INGRESS_URL__" $xappingressurl | replace "__APPMGR_RMR_SERVICE__" $appmgrrmrservice | replace "__E2MGR_RMR_SERVICE__" $e2mgrrmrservice | replace "__E2TERM_RMR_SERVICE__" $e2termrmrservice | replace "__RTMGR_RMR_SERVICE__" $rtmgrrmrservice | replace "__A1MEDIATOR_RMR_SERVICE__" $a1mediatorrmrservice | nindent 2 }}
+++ /dev/null
-################################################################################
-# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################'
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "ricxapp.fullname" . }}
- labels:
- app: {{ include "ricxapp.namespace" . }}-{{ include "ricxapp.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.ricxapp.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "ricxapp.namespace" . }}-{{ include "ricxapp.name" . }}
- release: {{ .Release.Name }}
- template:
- metadata:
- labels:
- app: {{ include "ricxapp.namespace" . }}-{{ include "ricxapp.name" . }}
- release: {{ .Release.Name }}
- spec:
- hostname: {{ include "ricxapp.name" . }}
- imagePullSecrets:
- - name: {{ include "ricxapp.imagepullsecret" . }}
- containers:
- - name: {{ include "ricxapp.containername" . }}
- image: "{{ .Values.ricxapp.image.repository }}/{{ .Values.ricxapp.image.name }}:{{ .Values.ricxapp.image.tag }}"
- imagePullPolicy: {{ .Values.ricxapp.image.pullPolicy }}
- ports:
- - name: http
- containerPort: {{ .Values.ricxapp.service.http.containerPort }}
- protocol: TCP
- - name: rmrroute
- containerPort: {{ .Values.ricxapp.service.rmr.route.port }}
- protocol: TCP
- - name: rmrdata
- containerPort: {{ .Values.ricxapp.service.rmr.data.port }}
- protocol: TCP
- volumeMounts:
- - name: config-volume
- mountPath: {{ .Values.ricxapp.appconfig.path }}
- envFrom:
- - configMapRef:
- name: {{ include "ricxapp.configmapname" . }}-appenv
- {{- if .Values.ricxapp.livenessProbe }}
- livenessProbe:
- {{- .Values.ricxapp.livenessProbe | nindent 12 -}}
- {{ end }}
- {{- if .Values.ricxapp.readinessProbe }}
- readinessProbe:
- {{- .Values.ricxapp.readinessProbe | nindent 12 -}}
- {{ end }}
- restartPolicy: Always
- volumes:
- - name: config-volume
- configMap:
- name: {{ include "ricxapp.configmapname" . }}-appconfig
+++ /dev/null
-################################################################################
-# Copyright (c) 2019 AT&T Intellectual Property. #
-# Copyright (c) 2019 Nokia. #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################'
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-ricplt:
- # This section is reserved for values imported from RIC Platform charts
- dbaasService: "service-ricplt-dbaas-tcp.ricplt.svc.cluster.local"
- pltIngressUrl: "ricplt-entry"
- xappIngressUrl: "ricxapp-entry"
-
- appmgrRMRService: "service-ricplt-appmgr-rmr.ricplt.svc.cluster.local"
- e2mgrRMRService: "service-ricplt-e2mgr-rmr.ricplt.svc.cluster.local"
- e2termRMRService: "service-ricplt-e2term-rmr.ricplt.svc.cluster.local"
- rtmgrRMRService: "service-ricplt-rtmgr-rmr.ricplt.svc.cluster.local"
- a1mediatorRMRService: "service-ricplt-a1mediator-rmr.ricplt.svc.cluster.local"
-
-
-
-ricxapp:
- # This section is for xapp. Templates to be resolved from xApp descriptor
- replicaCount: 1
- name: xapp-std
- # Your can specify the chart fullname by using the following option
- #fullname: xapp-std
-
- image:
- pullPolicy: IfNotPresent
- repository: xapp-std-reg
- name: xapp-std
- tag: latest
-
- service:
- http:
- port: 8080
- containerPort: 8080
- rmr:
- route:
- port: 4561
- data:
- port: 4560
-
- livenessProbe: |-
- httpGet:
- path: ric/v1/health/alive
- port: 8080
- initialDelaySeconds: 5
- periodSeconds: 15
-
- readinessProbe: |-
- httpGet:
- path: ric/v1/health/ready
- port: 8080
- initialDelaySeconds: 5
- periodSeconds: 15
-
-
- appconfig:
- path: /opt/ric/config
-
- appenv:
+++ /dev/null
-# RIC xApps
-
-Helm charts for xApps.
-
-### Directory Structure
-.
-├── 90-xApps Helm charts for xApps
-└── README.md
-
Code Review / it / dep.git / commitdiff