# ignore all logs
*.log
*.tar
-*.tgz
+# *.tgz
*.swp
*.lock
.tox
# Set the size to 0 if you do not need the volume (if you are using Dynamic Volume Provisioning)
size: 2Gi
storageClassName: ics-storage
- volume3:
- size: 1Gi
- storageClassName: helmmanager-storage
common:
releasePrefix: r3-dev-nonrtric
installrAppmanager: true
installCapifcore: true
installServicemanager: true
+ installRanpm: true
# override default mount path root directory
# referenced by persistent volumes and log files
persistence:
# Set the size to 0 if you do not need the volume (if you are using Dynamic Volume Provisioning)
size: 2Gi
storageClassName: ics-storage
- volume3:
- size: 1Gi
- storageClassName: helmmanager-storage
common:
releasePrefix: r3-dev-nonrtric
#List of secrets to be copied from ONAP namespace to SMO
secrets:
- topology-exposure-ku
- - topology-ingestion-ku
\ No newline at end of file
+ - topology-ingestion-ku
+ - redpanda-console-ku
\ No newline at end of file
# Set the size to 0 if you do not need the volume (if you are using Dynamic Volume Provisioning)
size: 2Gi
storageClassName: ics-storage
- volume3:
- size: 1Gi
- storageClassName: helmmanager-storage
common:
releasePrefix: r3-dev-nonrtric
# Set the size to 0 if you do not need the volume (if you are using Dynamic Volume Provisioning)
size: 2Gi
storageClassName: ics-storage
- volume3:
- size: 1Gi
- storageClassName: helmmanager-storage
common:
releasePrefix: r3-dev-nonrtric
# ============LICENSE_START===============================================
-# Copyright (C) 2024 OpenInfra Foundation Europe. All rights reserved.
+# Copyright (C) 2024-2025 OpenInfra Foundation Europe. All rights reserved.
# ========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
kubeVersion: ">=1.19.0-0"
dependencies:
+ - name: common
+ version: ~1.0.0
+ repository: "@local"
+ condition: nonrtric.installRanpm
- name: topology-exposure-inventory
version: ~1.0.0
repository: "@local"
--- /dev/null
+################################################################################
+# Copyright (C) 2024-2025 OpenInfra Foundation Europe #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v2
+name: common
+description: A Helm chart third party components
+version: 1.0.0
+appVersion: "1.16.0"
+
+dependencies:
+ - name: smo-common
+ version: ^1.0.0
+ repository: "@local"
+ - name: influxdb2
+ version: 0.1.0
+ repository: "file://influxdb2"
+ - name: kafka-client
+ version: 0.1.0
+ repository: "file://kafka-client"
+ - name: keycloak
+ version: 0.1.0
+ repository: "file://keycloak"
+ - name: keycloak-proxy
+ version: 0.1.0
+ repository: "file://keycloak-proxy"
+ - name: minio
+ version: 0.1.0
+ repository: "file://minio"
+ - name: opa
+ version: 0.1.0
+ repository: "file://opa"
+ - name: opa-rule-db
+ version: 0.1.0
+ repository: "file://opa-rule-db"
+ - name: redpanda-console
+ version: 0.1.0
+ repository: "file://redpanda-console"
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: influxdb2
+description: Influxdb2 helm chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "v2"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: influxdb2
+ labels:
+ app: influxdb2
+spec:
+ ports:
+ - name: influxdb2
+ port: 8086
+ targetPort: 8086
+ nodePort: 31812
+ selector:
+ app: influxdb2
+ type: NodePort
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ labels:
+ app: influxdb2
+ name: influxdb2
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: influxdb2
+ serviceName: influxdb2
+ template:
+ metadata:
+ labels:
+ app: influxdb2
+ spec:
+ containers:
+ - image: influxdb:2.6.1
+ name: influxdb2
+ ports:
+ - containerPort: 8086
+ name: influxdb2
+ readinessProbe:
+ httpGet:
+ path: /ping
+ port: 8086
+ initialDelaySeconds: 10
+ periodSeconds: 3
+
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: kafka-client
+description: Kafka client helm chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "7.2.2"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# Client pod for kafka cmds and curl
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: kafka-client
+ labels:
+ app: kafka-client
+spec:
+ restartPolicy: Always
+ containers:
+ - name: kafka-client
+ image: confluentinc/cp-kafka:7.2.2
+ command: ['sh', '-c', 'while [ true ];do sleep 60;done']
+ imagePullPolicy: IfNotPresent
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: keycloak-proxy
+description: Keycloak proxy helm chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# http proxy to keycloak
+# for accessing keycloak from outside the cluster
+#
+# request for generating token must be made from a pod
+# from within the cluster in order to get the correct
+# issuer (issuer is based on the calling host)
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: keycloak-proxy-conf
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "2"
+data:
+ nginx.conf: |
+
+ worker_processes 1;
+
+ events { worker_connections 10; }
+
+ http {
+
+ sendfile on;
+
+ server {
+ listen 8080;
+ server_name keycloak;
+ location ~* ^/ {
+ proxy_http_version 1.1;
+ proxy_pass http://keycloak:8080;
+
+ }
+ }
+ }
+
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# http proxy for keycloak - only for accessing the keycloak api
+# cannot be used to access the admin console
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: keycloak-proxy
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "2"
+spec:
+ selector:
+ matchLabels:
+ app: keycloak-proxy
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: keycloak-proxy
+ spec:
+ restartPolicy: Always
+ containers:
+ - name: keycloak-proxy
+ image: nginx:alpine
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - mountPath: /etc/nginx
+ readOnly: true
+ name: keycloak-proxy-conf
+ volumes:
+ - name: keycloak-proxy-conf
+ configMap:
+ name: keycloak-proxy-conf
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: keycloak-proxy
+ labels:
+ app: keycloak-proxy
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "2"
+spec:
+ selector:
+ app: keycloak-proxy
+ type: NodePort
+ ports:
+ - name: http
+ port: 8080
+ targetPort: 8080
+ nodePort: 31784
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: keycloak
+description: Keycloak helm chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "20"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: keycloak
+ labels:
+ app: keycloak
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "2"
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: keycloak
+ template:
+ metadata:
+ labels:
+ app: keycloak
+ spec:
+ containers:
+ - name: keycloak
+ image: quay.io/keycloak/keycloak:20.0.1
+ args: ["start-dev"]
+ env:
+ - name: KEYCLOAK_ADMIN
+ value: "admin"
+ - name: KEYCLOAK_ADMIN_PASSWORD
+ value: "admin"
+ - name: KC_PROXY
+ value: "none"
+ ports:
+ - name: http
+ containerPort: 8080
+ readinessProbe:
+ httpGet:
+ path: /realms/master
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 10
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: keycloak
+ labels:
+ app: keycloak
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "2"
+spec:
+ ports:
+ - name: http
+ port: 8080
+ targetPort: 8080
+ nodePort: 31788
+ selector:
+ app: keycloak
+ type: NodePort
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: minio
+description: Minio helm chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "RELEASE.2023-02-27T18-10-45Z"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: minio
+ labels:
+ app: minio
+spec:
+ clusterIP: None
+ type: ClusterIP
+ clusterIP: None
+ selector:
+ app: minio
+ ports:
+ - name: tcpmain
+ protocol: TCP
+ port: 9000
+ targetPort: 9000
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: minio-web
+ labels:
+spec:
+ type: NodePort
+ selector:
+ statefulset.kubernetes.io/pod-name: minio-0
+ ports:
+ - name: httpweb
+ protocol: TCP
+ port: 9001
+ targetPort: 9001
+ nodePort: 31768
+
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: minio
+ labels:
+ app: minio
+spec:
+ serviceName: minio
+ replicas: 1
+ selector:
+ matchLabels:
+ app: minio
+ template:
+ metadata:
+ labels:
+ app: minio
+ spec:
+ initContainers:
+ - name: init
+ image: alpine:latest
+ imagePullPolicy: IfNotPresent
+ command: ["ash","-c"]
+ args: ["IDX=${HOSTNAME##*-} && mkdir -p /data/ && rm -rf /data//*"]
+ volumeMounts:
+ - mountPath: /data
+ name: data-vol
+ containers:
+ - name: minio
+ # Note, in later releases only SSO seem to be possible
+ # so earlier release kept to be able to login with user/pwd
+ image: minio/minio:RELEASE.2022-10-21T22-37-48Z
+ imagePullPolicy: IfNotPresent
+ ports:
+ - name: tcpmain
+ containerPort: 9000
+ - name: httpweb
+ containerPort: 9001
+ args:
+ - server
+ - "--console-address"
+ - ":9001"
+ - /data/0/
+ env:
+ - name: MINIO_ROOT_USER
+ value: admin
+ - name: MINIO_ROOT_PASSWORD
+ value: adminadmin
+ - name: MINIO_POLICY_PLUGIN_URL
+ value: http://opa:8181/v1/data/minio/authz/allow
+ - name: MINIO_IDENTITY_OPENID_CONFIG_URL
+ value: http://keycloak:8080/realms/nonrtric-realm/.well-known/openid-configuration
+ volumeMounts:
+ - mountPath: /data
+ name: data-vol
+ volumes:
+ - name: data-vol
+ emptyDir: {}
+
+
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: minio-client
+ labels:
+ app: minio-client
+spec:
+ containers:
+ - name: mc-client
+ image: minio/mc
+ command: ['sh', '-c', 'while [ true ];do sleep 60;done']
+ imagePullPolicy: Always
+ restartPolicy: Always
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+minio:
+ opa:
+ decisionlogs: true
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: opa-rule-db
+description: OPA rule db helm chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: policy-bundle
+binaryData:
+ bundle.tar.gz: |-
+ {{ .Files.Get "data/bundle.tar.gz" | b64enc }}
+
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: bundle-server
+ labels:
+spec:
+ selector:
+ matchLabels:
+ app: bundle-server
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: bundle-server
+ spec:
+ containers:
+ - name: bundle-server
+ image: nginx:1.21
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - mountPath: /usr/share/nginx/html/bundle.tar.gz
+ subPath: bundle.tar.gz
+ name: policy-bundle
+ volumes:
+ - configMap:
+ name: policy-bundle
+ name: policy-bundle
+
+
+
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: bundle-server
+ labels:
+ app: bundle-server
+spec:
+ ports:
+ - name: http
+ port: 80
+ targetPort: 80
+ nodePort: 32201
+ selector:
+ app: bundle-server
+ type: NodePort
+
+
+
+
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: opa
+description: OPA helm chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "RELEASE.2023-02-27T18-10-45Z"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: opa
+ labels:
+ app: opa
+spec:
+ selector:
+ matchLabels:
+ app: opa
+ template:
+ metadata:
+ labels:
+ app: opa
+ spec:
+ containers:
+ - name: opa
+ image: openpolicyagent/opa:0.70.0-envoy-17
+ imagePullPolicy: Always
+ ports:
+ - name: http
+ containerPort: 8181
+ args:
+ - "run"
+ - "--server"
+ - "--set=decision_logs.console={{ .Values.opa.decisionlogs }}"
+ - "--set=services.authz.url=http://bundle-server"
+ - "--set=bundles.authz.service=authz"
+ - "--set=bundles.authz.resource=bundle.tar.gz"
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: opa
+ labels:
+ app: opa
+spec:
+ type: ClusterIP
+ ports:
+ - port: 8181
+ targetPort: 8181
+ protocol: TCP
+ name: http
+ selector:
+ app: opa
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+opa:
+ decisionlogs: true
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: redpanda-console
+description: redpanda-console helm chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: redpanda-console
+ labels:
+spec:
+ selector:
+ matchLabels:
+ app: redpanda-console
+ template:
+ metadata:
+ labels:
+ app: redpanda-console
+ spec:
+ initContainers:
+ - name: kafka-readiness-check
+ image: alpine:latest
+ command: ['sh', '-c', 'apk add --no-cache netcat-openbsd && nc -zv onap-strimzi-kafka-bootstrap.onap 9092']
+ containers:
+ - name: redpanda-console
+ image: redpandadata/console:v2.2.3
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: KAFKA_BROKERS
+ value: "onap-strimzi-kafka-bootstrap.onap:9092"
+ - name: KAFKA_SASL_ENABLED
+ value: "true"
+ - name: KAFKA_SASL_MECHANISM
+ value: "SCRAM-SHA-512"
+ - name: KAFKA_SASL_USERNAME
+ value: "redpanda-console-ku"
+ - name: KAFKA_SASL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: redpanda-console-ku
+ key: password
+ ports:
+ - name: http
+ containerPort: 8080
+ restartPolicy: Always
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: redpanda-console
+ labels:
+ app: redpanda-console
+spec:
+ type: NodePort
+ selector:
+ app: redpanda-console
+ ports:
+ - port: 8080
+ targetPort: 8080
+ protocol: TCP
+ name: http
+ nodePort: 31767
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+global:
+ #Strimzi Kafka properties
+ useStrimziKafka: true
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: "*"
+ type: group
+ operations: [All]
+ - name: "*"
+ type: topic
+ operations: [All]
+ - name: "*"
+ type: cluster
+ operations: [All]
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+#
+
+# This will create a new kafka listener with oauth based authentication.
+# This method will point to a keycloak installed in smo namespace for the validation.
+# This will terminate the current kafka pod and restart a new one with the modified settings.
+kubectl patch kafka onap-strimzi -n onap --type='json' -p='[
+ {
+ "op": "add",
+ "path": "/spec/kafka/listeners/-",
+ "value": {
+ "name": "oauth",
+ "port": 9095,
+ "type": "internal",
+ "tls": false,
+ "authentication": {
+ "type": "oauth",
+ "enablePlain": true,
+ "maxSecondsWithoutReauthentication": 300,
+ "validIssuerUri": "http://keycloak.smo:8080/realms/nonrtric-realm",
+ "jwksEndpointUri": "http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/certs",
+ "userNameClaim": "preferred_username"
+ }
+ }
+ }
+]'
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: strimzi-patch-config
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "2"
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: strimzi-patch-sa
+ namespace: smo
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: strimzi-patch-role
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+rules:
+ - apiGroups: ['']
+ resources: ['pods']
+ verbs: ["get","list","watch"]
+ - apiGroups: ['kafka.strimzi.io']
+ resources: ['kafkas']
+ verbs: ["get","list","watch","patch","update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: strimzi-patch-rb
+ namespace: onap
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: strimzi-patch-role
+subjects:
+- kind: ServiceAccount
+ name: strimzi-patch-sa
+ namespace: smo
\ No newline at end of file
--- /dev/null
+################################################################################
+# Copyright (C) 2025 OpenInfra Foundation Europe #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: strimzi-patch
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "4"
+spec:
+ template:
+ spec:
+ serviceAccountName: strimzi-patch-sa
+ containers:
+ - name: strimzi-patch-container
+ image: bitnami/kubectl:1.32.2
+ command: ["bash","/scripts/patch-strimzi-kafka.sh"]
+ securityContext:
+ allowPrivilegeEscalation: false
+ runAsUser: 0
+ volumeMounts:
+ - name: strimzi-patch-config-volume
+ mountPath: /scripts
+ volumes:
+ - name: strimzi-patch-config-volume
+ configMap:
+ name: strimzi-patch-config
+ defaultMode: 0755
+ restartPolicy: Never
--- /dev/null
+################################################################################
+# Copyright (C) 2025 OpenInfra Foundation Europe #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v2
+name: ranpm
+description: A Helm chart for RANPM Components
+version: 1.0.0
+appVersion: "1.16.0"
+
+dependencies:
+ - name: smo-common
+ version: ^1.0.0
+ repository: "@local"
+ - name: nrt-dfc
+ version: 0.1.0
+ repository: "file://charts/dfc"
+ - name: nrt-kafka-producer-pm-json2influx
+ version: 0.1.0
+ repository: "file://charts/kafka-producer-pm-json2influx"
+ - name: nrt-kafka-producer-pm-json2kafka
+ version: 0.1.0
+ repository: "file://charts/kafka-producer-pm-json2kafka"
+ - name: nrt-kafka-producer-pm-xml2json
+ version: 0.1.0
+ repository: "file://charts/kafka-producer-pm-xml2json"
+ - name: nrt-pm-log
+ version: 0.1.0
+ repository: "file://charts/nrt-pm-log"
+ - name: nrt-pm-producer-json2kafka
+ version: 0.1.0
+ repository: "file://charts/pm-producer-json2kafka"
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: nrt-dfc
+description: NRT DFC chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "2.5.14"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+spring:
+ profiles:
+ active: prod
+management:
+ endpoints:
+ web:
+ exposure:
+ include: "loggers,logfile,health,info,metrics"
+server:
+ port: 8433
+ ssl:
+ key-store-type: JKS
+ key-store-password: policy_agent
+ key-store: config/keystore.jks
+ key-password: policy_agent
+ key-alias: policy_agent
+logging:
+ level:
+ ROOT: WARN
+ org.onap: WARN
+ org.springframework: WARN
+ org.springframework.data: WARN
+ org.springframework.web.reactive.function.client.ExchangeFunctions: WARN
+ #org.oran.datafile: WARN
+ org.oran.datafile: TRACE
+
+ file:
+ name: /var/log/ONAP/application.log
+app:
+ collected-files-path: "/tmp/oran_datafile/"
+ # Numer of worker threads. Increased number may increase throughput, but will require more executing resources.
+ number-of-worker-treads: 50
+ # If the file name is empty, no authorization token is used
+ auth-token-file: /token-cache/jwt.txt
+ # This controls the format used for processing the file-ready messages
+ # Example values:
+ # file-ready-message-class: "" (empty) -> Default format(org.oran.datafile.model.DefaultFileReadyMessage)
+ # file-ready-message-class: "TS28532" (Not empty) -> org.oran.datafile.model.TS28532FileReadyMessage
+ file-ready-message-class:
+ # KAFKA boostrap servers. This is only needed if there are Information Types that uses a kafkaInputTopic
+ # several redundant boostrap servers can be specified, separated by a comma ','.
+ kafka:
+ bootstrap-servers: "onap-strimzi-kafka-bootstrap.onap:9095"
+
+ # output topic
+ collected-file-topic: collected-file
+ # Override by env var
+ client-id:
+ # input topic
+ file-ready-event-topic: unauthenticated.VES_NOTIFICATION_OUTPUT
+ # Configues if oath2 tokens shall be used. If set to true, auth-token-file must also be configured
+ use-oath-token: true
+ ssl:
+ key-store-type: PEM
+ key-store-location:
+ # key password is needed if the private key is encrypted
+ key-store-password:
+ trust-store-type: PEM
+ trust-store-location:
+ sftp:
+ known-hosts-file-path:
+ strict-host-key-checking: false
+ ssl:
+ key-store-password-file: /opt/app/datafile/config/ftps_keystore.pass
+ key-store: /opt/app/datafile/config/ftps_keystore.p12
+ trust-store-password-file: /opt/app/datafile/config/truststore.pass
+ trust-store: /opt/app/datafile/config/truststore.jks
+ s3:
+ endpointOverride: http://minio:9000
+ accessKeyId: admin
+ secretAccessKey: adminadmin
+ bucket: ropfiles
+
+springdoc:
+ show-actuator: true
+ swagger-ui.disable-swagger-default-url: true
+################
+
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: dfc-cm-truststore
+
+binaryData:
+ truststore.jks: |-
+ {{ .Files.Get "truststore/truststore.jks" | b64enc }}
+ truststore.pass: |-
+ {{ .Files.Get "truststore/truststore.pass" | b64enc }}
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: dfc-cm
+
+data:
+{{ (.Files.Glob "config/application.yaml").AsConfig | nindent 2 }}
+ init-wait.sh: |
+ #!/usr/bin/bash
+ kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s
+ kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s
+ kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s
+ {{- range .Values.kafkaTopic }}
+ kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s
+ {{- end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: dfc
+ labels:
+ app: dfc
+spec:
+ clusterIP: None # Headless service
+ selector:
+ app: dfc
+ ports:
+ - name: http
+ protocol: TCP
+ port: 8100
+ targetPort: 8100
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: dfc
+ labels:
+ app: dfc
+spec:
+ replicas: 1
+ serviceName: dfc
+ selector:
+ matchLabels:
+ app: dfc
+ template:
+ metadata:
+ labels:
+ app: dfc
+ spec:
+ serviceAccountName: ranpm-component-sa
+ volumes:
+ - name: config-truststore
+ configMap:
+ name: dfc-cm-truststore
+ - name: config-cm
+ configMap:
+ name: dfc-cm
+ - name: config-ran-certs
+ configMap:
+ name: ran-certs-config
+ - name: token-cache-volume
+ emptyDir: {}
+ initContainers:
+ - name: wait-for-keycloak-and-kafka
+ securityContext:
+ runAsUser: 0
+ image: bitnami/kubectl
+ command: ["/usr/bin/bash"]
+ args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"]
+ volumeMounts:
+ - name: config-cm
+ mountPath: /opt/app/scripts/init-wait.sh
+ subPath: init-wait.sh
+ containers:
+ - name: dfc
+ securityContext:
+ runAsUser: 0 # Need to run as root - needed when writing to hostpath
+ image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-ranpm-datafilecollector:1.1.0
+ # image: aravindtga/dfc:1.2.0-SNAPSHOT
+ imagePullPolicy: Always
+ ports:
+ - name: http
+ containerPort: 8100
+ volumeMounts:
+ - name: config-truststore
+ mountPath: /opt/app/datafile/config/truststore.jks
+ subPath: truststore.jks
+ - name: config-cm
+ mountPath: /opt/app/datafile/config/application.yaml
+ subPath: application.yaml
+ - mountPath: /token-cache
+ name: token-cache-volume
+ env:
+ - name: APPID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: APPNS
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: APP_KAFKA_CLIENT-ID
+ value: "datafile-collector.$(APPNS).$(APPID)"
+ - name: auth-token
+ image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-auth-token-fetch:1.1.1
+ imagePullPolicy: Always
+ env:
+ - name: CREDS_GRANT_TYPE
+ value: client_credentials
+ - name: CREDS_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: dfc
+ key: client_secret
+ - name: CREDS_CLIENT_ID
+ value: dfc
+ - name: AUTH_SERVICE_URL
+ value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token
+ - name: OUTPUT_FILE
+ value: /token-cache/jwt.txt
+
+ volumeMounts:
+ - mountPath: /token-cache
+ name: token-cache-volume
+
+
--- /dev/null
+{{/*
+# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
--- /dev/null
+truststore.jks
--- /dev/null
+policy_agent
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+global:
+ #Strimzi Kafka properties
+ useStrimziKafka: true
+
+# Strimzi Kafka config
+kafkaUser:
+ name: service-account-dfc
+ acls:
+ - name: osc-dmaap-adapter-unauthenticated.VES_NOTIFICATION_OUTPUT
+ type: group
+ operations: [Read]
+ - name: unauthenticated.VES_NOTIFICATION_OUTPUT
+ type: topic
+ operations: [Read]
+ - name: collected-file
+ type: topic
+ operations: [Read,Write]
+
+# This is a reference to the list of topics used by this component
+kafkaTopic:
+ - "unauthenticated.ves-notification-output"
+ - collected-file
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: nrt-kafka-producer-pm-json2influx
+description: NRT Kafka producer for pm json to influx chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
--- /dev/null
+{
+ "types": [
+ {
+ "id": "json-file-data-from-filestore-to-influx",
+ "kafkaInputTopic": "json-file-ready-kp",
+ "inputJobType": "xml-file-data-to-filestore",
+ "inputJobDefinition": {
+ "kafkaOutputTopic": "json-file-ready-kp"
+ }
+ }
+ ]
+}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: kafka-producer-pm-json2influx-cm-config
+
+data:
+{{ (.Files.Glob "config/application_configuration.json").AsConfig | nindent 2 }}
+ init-wait.sh: |
+ #!/usr/bin/bash
+ kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s
+ kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s
+ kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s
+ {{- range .Values.kafkaTopic }}
+ kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s
+ {{- end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: kafka-producer-pm-json2influx
+ labels:
+ app: kafka-producer-pm-json2influx
+spec:
+ clusterIP: None # Headless service
+ selector:
+ app: kafka-producer-pm-json2influx
+ ports:
+ - name: http
+ protocol: TCP
+ port: 80
+ targetPort: 80
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: kafka-producer-pm-json2influx
+ labels:
+ app: kafka-producer-pm-json2influx
+
+spec:
+ replicas: 1
+ serviceName: kafka-producer-pm-json2influx
+ selector:
+ matchLabels:
+ app: kafka-producer-pm-json2influx
+ template:
+ metadata:
+ labels:
+ app: kafka-producer-pm-json2influx
+
+ spec:
+ serviceAccountName: ranpm-component-sa
+ initContainers:
+ - name: wait-for-keycloak-and-kafka
+ securityContext:
+ runAsUser: 0
+ image: bitnami/kubectl
+ command: ["/usr/bin/bash"]
+ args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"]
+ volumeMounts:
+ - name: kafka-producer-pm-json2influx-cm-config
+ mountPath: /opt/app/scripts/init-wait.sh
+ subPath: init-wait.sh
+ containers:
+ - name: kafka-producer-pm-json2influx
+ image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-ranpm-pm-file-converter:1.1.1
+ imagePullPolicy: Always
+ ports:
+ - name: http
+ containerPort: 80
+ env:
+ - name: E1
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: KP
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+
+ - name: KAFKA_SERVER
+ value: "onap-strimzi-kafka-bootstrap.onap:9095"
+ # This property controls the data format used for the conversion
+ # Example values:
+ # DATA_TYPE_FORMAT = "" -> older 4G/Default Measurement file format
+ # DATA_TYPE_FORMAT = "TS28532" -> 5G/3GPP-TS-28.532 Measurement file format
+ - name: DATA_TYPE_FORMAT
+ value: ""
+ - name: ICS
+ value: informationservice.nonrtric:9082
+ - name: SELF
+ value: "$(E1).kafka-producer-pm-json2influx:80"
+ - name: FILESTORE_USER
+ value: admin
+ - name: FILESTORE_PWD
+ value: adminadmin
+ - name: FILESTORE_SERVER
+ value: minio:9000
+ - name: CREDS_GRANT_TYPE
+ value: client_credentials
+ - name: CREDS_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: kafka-pm-json-2-influx
+ key: client_secret
+ - name: CREDS_CLIENT_ID
+ value: kafka-producer-pm-json2influx
+ - name: AUTH_SERVICE_URL
+ value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token
+ volumeMounts:
+ - mountPath: /application_configuration.json
+ subPath: application_configuration.json
+ name: kafka-producer-pm-json2influx-cm-config
+ volumes:
+ - configMap:
+ defaultMode: 420
+ name: kafka-producer-pm-json2influx-cm-config
+ name: kafka-producer-pm-json2influx-cm-config
--- /dev/null
+{{/*
+# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+global:
+ #Strimzi Kafka properties
+ useStrimziKafka: true
+
+# Strimzi Kafka config
+kafkaUser:
+ # For SCRAM-SHA-512 the name need not to be filled
+ # Name should be populated when a different authentication mechanism being used. e.g. OAUTH
+ # While using OAUTH authetication with keycloak, this name should match the user name of the client in keycloak
+ # This user name comes as OAUTH user to strimzi for the authorization. Hence the matching name authorizes the request.
+ name: service-account-kafka-producer-pm-json2influx
+ acls:
+ - name: kafka-procon-json-file-data-from-filestore-to-influx
+ type: group
+ operations: [Read]
+ - name: json-file-ready-kp
+ type: topic
+ operations: [Read, Write]
+ - name: json-file-ready-kpadp
+ type: topic
+ operations: [Read, Write]
+
+# This is a reference to the list of topics used by this component
+kafkaTopic:
+ - json-file-ready-kp
+ - json-file-ready-kpadp
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: nrt-kafka-producer-pm-json2kafka
+description: NRT Kafka producer for pm json to kafka chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
--- /dev/null
+{
+ "types": [
+ {
+ "id": "json-file-data-from-filestore",
+ "kafkaInputTopic": "json-file-ready-kp",
+ "inputJobType": "xml-file-data-to-filestore",
+ "inputJobDefinition": {
+ "kafkaOutputTopic": "json-file-ready-kp"
+ }
+ }
+ ]
+}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: kafka-producer-pm-json2kafka-cm-config
+
+data:
+{{ (.Files.Glob "config/application_configuration.json").AsConfig | nindent 2 }}
+ init-wait.sh: |
+ #!/usr/bin/bash
+ kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s
+ kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s
+ kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s
+ {{- range .Values.kafkaTopic }}
+ kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s
+ {{- end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: kafka-producer-pm-json2kafka
+ labels:
+ app: kafka-producer-pm-json2kafka
+spec:
+ clusterIP: None # Headless service
+ selector:
+ app: kafka-producer-pm-json2kafka
+ ports:
+ - name: http
+ protocol: TCP
+ port: 80
+ targetPort: 80
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: kafka-producer-pm-json2kafka
+ labels:
+ app: kafka-producer-pm-json2kafka
+
+spec:
+ replicas: 1
+ serviceName: kafka-producer-pm-json2kafka
+ selector:
+ matchLabels:
+ app: kafka-producer-pm-json2kafka
+ template:
+ metadata:
+ labels:
+ app: kafka-producer-pm-json2kafka
+
+ spec:
+ serviceAccountName: ranpm-component-sa
+ initContainers:
+ - name: wait-for-keycloak-and-kafka
+ securityContext:
+ runAsUser: 0
+ image: bitnami/kubectl
+ command: ["/usr/bin/bash"]
+ args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"]
+ volumeMounts:
+ - name: kafka-producer-pm-json2kafka-cm-config
+ mountPath: /opt/app/scripts/init-wait.sh
+ subPath: init-wait.sh
+ containers:
+ - name: kafka-producer-pm-json2kafka
+ image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-ranpm-pm-file-converter:1.1.1
+ imagePullPolicy: Always
+ ports:
+ - name: http
+ containerPort: 80
+ env:
+ - name: E1
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: KP
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+
+ - name: KAFKA_SERVER
+ value: "onap-strimzi-kafka-bootstrap.onap:9095"
+ # This property controls the data format used for the conversion
+ # Example values:
+ # DATA_TYPE_FORMAT = "" -> older 4G/Default Measurement file format
+ # DATA_TYPE_FORMAT = "TS28532" -> 5G/3GPP-TS-28.532 Measurement file format
+ - name: DATA_TYPE_FORMAT
+ value: ""
+ - name: ICS
+ value: informationservice.nonrtric:9082
+ - name: SELF
+ value: "$(E1).kafka-producer-pm-json2kafka:80"
+ - name: FILESTORE_USER
+ value: admin
+ - name: FILESTORE_PWD
+ value: adminadmin
+ - name: FILESTORE_SERVER
+ value: minio:9000
+ - name: CREDS_GRANT_TYPE
+ value: client_credentials
+ - name: CREDS_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: kafka-pm-json-2-kafka
+ key: client_secret
+ - name: CREDS_CLIENT_ID
+ value: kafka-producer-pm-json2kafka
+ - name: AUTH_SERVICE_URL
+ value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token
+ volumeMounts:
+ - mountPath: /application_configuration.json
+ subPath: application_configuration.json
+ name: kafka-producer-pm-json2kafka-cm-config
+ volumes:
+ - configMap:
+ defaultMode: 420
+ name: kafka-producer-pm-json2kafka-cm-config
+ name: kafka-producer-pm-json2kafka-cm-config
--- /dev/null
+{{/*
+# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+global:
+ #Strimzi Kafka properties
+ useStrimziKafka: true
+
+# Strimzi Kafka config
+kafkaUser:
+ # For SCRAM-SHA-512 the name need not to be filled
+ # Name should be populated when a different authentication mechanism being used. e.g. OAUTH
+ # While using OAUTH authetication with keycloak, this name should match the user name of the client in keycloak
+ # This user name comes as OAUTH user to strimzi for the authorization. Hence the matching name authorizes the request.
+ name: service-account-kafka-producer-pm-json2kafka
+ acls:
+ - name: kafka-procon-json-file-data-from-filestore
+ type: group
+ operations: [Read]
+ - name: json-file-ready-kp
+ type: topic
+ operations: [Read, Write]
+ - name: json-file-ready-kpadp
+ type: topic
+ operations: [Read, Write]
+
+# This is a reference to the list of topics used by this component
+kafkaTopic:
+ - json-file-ready-kp
+ - json-file-ready-kpadp
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: nrt-kafka-producer-pm-xml2json
+description: NRT Kafka producer for pm xml to json chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
--- /dev/null
+{
+ "types": [
+ {
+ "id": "xml-file-data-to-filestore",
+ "kafkaInputTopic": "collected-file"
+ }
+ ]
+ }
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: kafka-producer-pm-xml2json-cm-config
+
+data:
+{{ (.Files.Glob "config/application_configuration.json").AsConfig | nindent 2 }}
+ init-wait.sh: |
+ #!/usr/bin/bash
+ kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s
+ kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s
+ kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s
+ {{- range .Values.kafkaTopic }}
+ kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s
+ {{- end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: kafka-producer-pm-xml2json
+ labels:
+ app: kafka-producer-pm-xml2json
+spec:
+ clusterIP: None # Headless service
+ selector:
+ app: kafka-producer-pm-xml2json
+ ports:
+ - name: http
+ protocol: TCP
+ port: 80
+ targetPort: 80
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: kafka-producer-pm-xml2json
+ labels:
+ app: kafka-producer-pm-xml2json
+
+spec:
+ replicas: 1
+ serviceName: kafka-producer-pm-xml2json
+ selector:
+ matchLabels:
+ app: kafka-producer-pm-xml2json
+ template:
+ metadata:
+ labels:
+ app: kafka-producer-pm-xml2json
+
+ spec:
+ serviceAccountName: ranpm-component-sa
+ initContainers:
+ - name: wait-for-keycloak-and-kafka
+ securityContext:
+ runAsUser: 0
+ image: bitnami/kubectl
+ command: ["/usr/bin/bash"]
+ args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"]
+ volumeMounts:
+ - name: kafka-producer-pm-xml2json-cm-config
+ mountPath: /opt/app/scripts/init-wait.sh
+ subPath: init-wait.sh
+ containers:
+ - name: kafka-producer-pm-xml2json
+ image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-ranpm-pm-file-converter:1.1.1
+ imagePullPolicy: Always
+ ports:
+ - name: http
+ containerPort: 80
+ env:
+ - name: E1
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: KP
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+
+ - name: KAFKA_SERVER
+ value: "onap-strimzi-kafka-bootstrap.onap:9095"
+ # This property controls the data format used for the conversion
+ # Example values:
+ # DATA_TYPE_FORMAT = "" -> older 4G/Default Measurement file format
+ # DATA_TYPE_FORMAT = "TS28532" -> 5G/3GPP-TS-28.532 Measurement file format
+ - name: DATA_TYPE_FORMAT
+ value: ""
+ - name: ICS
+ value: informationservice.nonrtric:9082
+ - name: SELF
+ value: "$(E1).kafka-producer-pm-xml2json:80"
+ - name: FILESTORE_USER
+ value: admin
+ - name: FILESTORE_PWD
+ value: adminadmin
+ - name: FILESTORE_SERVER
+ value: minio:9000
+ - name: CREDS_GRANT_TYPE
+ value: client_credentials
+ - name: CREDS_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: kafka-pm-xml-2-json
+ key: client_secret
+ - name: CREDS_CLIENT_ID
+ value: kafka-producer-pm-xml2json
+ - name: AUTH_SERVICE_URL
+ value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token
+ volumeMounts:
+ - mountPath: /application_configuration.json
+ subPath: application_configuration.json
+ name: kafka-producer-pm-xml2json-cm-config
+ volumes:
+ - configMap:
+ defaultMode: 420
+ name: kafka-producer-pm-xml2json-cm-config
+ name: kafka-producer-pm-xml2json-cm-config
--- /dev/null
+{{/*
+# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+global:
+ #Strimzi Kafka properties
+ useStrimziKafka: true
+
+# Strimzi Kafka config
+kafkaUser:
+ # For SCRAM-SHA-512 the name need not to be filled
+ # Name should be populated when a different authentication mechanism being used. e.g. OAUTH
+ # While using OAUTH authetication with keycloak, this name should match the user name of the client in keycloak
+ # This user name comes as OAUTH user to strimzi for the authorization. Hence the matching name authorizes the request.
+ name: service-account-kafka-producer-pm-xml2json
+ acls:
+ - name: kafka-procon-xml-file-data-to-filestore
+ type: group
+ operations: [Read]
+ - name: collected-file
+ type: topic
+ operations: [Read, Write]
+ - name: json-file-ready-kp
+ type: topic
+ operations: [Read, Write]
+ - name: json-file-ready-kpadp
+ type: topic
+ operations: [Read, Write]
+
+# This is a reference to the list of topics used by this component
+kafkaTopic:
+ - collected-file
+ - json-file-ready-kp
+ - json-file-ready-kpadp
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: nrt-pm-log
+description: NRT PMLog chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+spring:
+ profiles:
+ active: prod
+ main:
+ allow-bean-definition-overriding: true
+ aop:
+ auto: false
+management:
+ endpoints:
+ web:
+ exposure:
+ # Enabling of springboot actuator features. See springboot documentation.
+ include: "loggers,logfile,health,info,metrics,threaddump,heapdump,shutdown"
+ endpoint:
+ shutdown:
+ enabled: true
+lifecycle:
+ timeout-per-shutdown-phase: "20s"
+springdoc:
+ show-actuator: true
+logging:
+ # Configuration of logging
+ level:
+ ROOT: WARN
+ org.apache.kafka: WARN
+ org.springframework: ERROR
+ org.springframework.data: ERROR
+ org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR
+ org.oran.pmlog: DEBUG
+ pattern:
+ console: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] %logger{20} - %msg%n"
+ file: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] %logger{20} - %msg%n"
+
+ file:
+ name: /var/log/pmlog-service/application.log
+server:
+ # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework.
+ # See springboot documentation.
+ port : 8436
+ http-port: 8084
+ ssl:
+ key-store-type: JKS
+ key-store-password: policy_agent
+ key-store: /opt/app/pmlog-service/etc/cert/keystore.jks
+ key-password: policy_agent
+ key-alias: policy_agent
+ shutdown: "graceful"
+app:
+ webclient:
+ # Configuration of the trust store used for the HTTP client (outgoing requests)
+ # The file location and the password for the truststore is only relevant if trust-store-used == true
+ # Note that the same keystore as for the server is used.
+ trust-store-used: false
+ trust-store-password: policy_agent
+ trust-store: /opt/app/pmlog-service/etc/cert/truststore.jks
+ # Configuration of usage of HTTP Proxy for the southbound accesses.
+ # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s
+ http.proxy-host:
+ http.proxy-port: 0
+ kafka:
+ # KAFKA boostrap servers.
+ # several redundant boostrap servers can be specified, separated by a comma ','.
+ # bootstrap-servers and input-topic is overriden if defined in deliveryInfo in config/jobDefinition.json
+ bootstrap-servers: "onap-strimzi-kafka-bootstrap.onap:9095"
+ input-topic:
+ # The maximum number of records returned in a single call to poll() (default 100)
+ max-poll-records: 500
+ group-id: kafkaGroupId
+ client-id: kafkaClientId
+ # Configues if oath2 tokens shall be used. If set to true, auth-token-file must also be configured
+ use-oath-token: true
+ ssl:
+ key-store-type: PEM
+ key-store-location:
+ # key password is needed if the private key is encrypted
+ key-store-password:
+ trust-store-type: PEM
+ trust-store-location:
+ influx:
+ url: http://influxdb2:8086
+ # Override by env var
+ access-token:
+ bucket: pm-logg-bucket
+ org: est
+ # The user, password and database can be blank if the access-token is defined
+ user:
+ password:
+ database:
+ ics-base-url: http://informationservice.nonrtric:9082
+ consumer-job-id: "pmlog"
+ # If the file name is empty, no authorization token is used
+ auth-token-file: /token-cache/jwt.txt
\ No newline at end of file
--- /dev/null
+{
+ "info_type_id": "PmData",
+ "job_owner": "console",
+ "job_definition": {
+ "filter": {
+ "sourceNames": [],
+ "measObjInstIds": [],
+ "measTypeSpecs": [
+ {
+ "measuredObjClass": "NRCellDU",
+ "measTypes": [
+ "pmCounterNumber101"
+ ]
+ }
+ ],
+ "measuredEntityDns": []
+ },
+ "deliveryInfo": {
+ "topic": "pmreports",
+ "bootStrapServers": "onap-strimzi-kafka-bootstrap.onap:9095"
+ }
+ }
+}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: pmlog-app-cm
+
+data:
+{{ (.Files.Glob "config/application.yaml").AsConfig | nindent 2 }}
+ init-wait.sh: |
+ #!/usr/bin/bash
+ kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s
+ kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s
+ kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s
+ {{- range .Values.kafkaTopic }}
+ kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s
+ {{- end }}
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: pmlog-job-cm
+
+data:
+{{ (.Files.Glob "config/jobDefinition.json").AsConfig | nindent 2 }}
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: pmlog
+ labels:
+ app: pmlog
+spec:
+ type: ClusterIP
+ clusterIP: None
+ selector:
+ app: pmlog
+ ports:
+ - name: http
+ protocol: TCP
+ port: 8084
+ targetPort: 8084
+ - name: https
+ protocol: TCP
+ port: 8436
+ targetPort: 8436
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: pmlog
+ labels:
+ app: pmlog
+spec:
+ replicas: 1
+ serviceName: pmlog
+ selector:
+ matchLabels:
+ app: pmlog
+ template:
+ metadata:
+ labels:
+ app: pmlog
+ spec:
+ serviceAccountName: ranpm-component-sa
+ initContainers:
+ - name: wait-for-keycloak-and-kafka
+ securityContext:
+ runAsUser: 0
+ image: bitnami/kubectl
+ command: ["/usr/bin/bash"]
+ args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"]
+ volumeMounts:
+ - name: pmlog-app-cm
+ mountPath: /opt/app/scripts/init-wait.sh
+ subPath: init-wait.sh
+ volumes:
+ - name: pmlog-app-cm
+ configMap:
+ name: pmlog-app-cm
+ - name: pmlog-job-cm
+ configMap:
+ name: pmlog-job-cm
+ - name: token-cache-volume
+ emptyDir: {}
+ containers:
+ - name: auth-token
+ image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-auth-token-fetch:1.1.1
+ imagePullPolicy: Always
+ env:
+ - name: CREDS_GRANT_TYPE
+ value: client_credentials
+ - name: CREDS_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: pm-log
+ key: client_secret
+ - name: CREDS_CLIENT_ID
+ value: nrt-pm-log
+ - name: AUTH_SERVICE_URL
+ value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token
+ - name: OUTPUT_FILE
+ value: /token-cache/jwt.txt
+ volumeMounts:
+ - mountPath: /token-cache
+ name: token-cache-volume
+ - name: pmlog
+ image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-pmlog:1.1.0
+ imagePullPolicy: Always
+ command:
+ - sh
+ - -c
+ - until [ -e /token-cache/jwt.txt ]; do echo "Waiting for JWT to be available"; sleep 1; done; /jre/bin/java -jar /opt/app/pmlog-service/pmlog.jar
+ ports:
+ - name: http
+ containerPort: 8084
+ - name: https
+ containerPort: 8436
+ volumeMounts:
+ - name: pmlog-app-cm
+ mountPath: /opt/app/pmlog-service/config/application.yaml
+ subPath: application.yaml
+ - name: pmlog-job-cm
+ mountPath: /opt/app/pmlog-service/config/jobDefinition.json
+ subPath: jobDefinition.json
+ - mountPath: /token-cache
+ name: token-cache-volume
+ env:
+ - name: APP_INFLUX_ACCESSTOKEN
+ valueFrom:
+ secretKeyRef:
+ name: influxdb-api-token
+ key: token
+
+
+
+
+
--- /dev/null
+{{/*
+# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+global:
+ #Strimzi Kafka properties
+ useStrimziKafka: true
+
+# Strimzi Kafka config
+kafkaUser:
+ # For SCRAM-SHA-512 the name need not to be filled
+ # Name should be populated when a different authentication mechanism being used. e.g. OAUTH
+ # While using OAUTH authetication with keycloak, this name should match the user name of the client in keycloak
+ # This user name comes as OAUTH user to strimzi for the authorization. Hence the matching name authorizes the request.
+ name: service-account-nrt-pm-log
+ acls:
+ - name: kafkaGroupId
+ type: group
+ operations: [Read]
+ - name: pmreports
+ type: topic
+ operations: [Read, Write]
+
+# This is a reference to the list of topics used by this component
+kafkaTopic:
+ - pmreports
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v2
+name: nrt-pm-producer-json2kafka
+description: NRT PM Producer for json to kafka chart
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+spring:
+ profiles:
+ active: prod
+ main:
+ allow-bean-definition-overriding: true
+ aop:
+ auto: false
+management:
+ endpoints:
+ web:
+ exposure:
+ # Enabling of springboot actuator features. See springboot documentation.
+ include: "loggers,logfile,health,info,metrics,threaddump,heapdump"
+ endpoint:
+ shutdown:
+ enabled: true
+lifecycle:
+ timeout-per-shutdown-phase: "20s"
+springdoc:
+ show-actuator: true
+logging:
+ # Configuration of logging
+ level:
+ ROOT: WARN
+ org.apache.kafka: WARN
+ org.springframework: ERROR
+ org.springframework.data: ERROR
+ org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR
+ org.oran.pmproducer: TRACE
+ pattern:
+ console: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] %logger{20} - %msg%n"
+ file: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] %logger{20} - %msg%n"
+
+ file:
+ name: /var/log/pm-producer-service/application.log
+server:
+ # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework.
+ # See springboot documentation.
+ port : 8435
+ http-port: 8084
+ ssl:
+ key-store-type: JKS
+ key-store-password: policy_agent
+ key-store: /opt/app/pm-producer-service/etc/cert/keystore.jks
+ key-password: policy_agent
+ key-alias: policy_agent
+ shutdown: "graceful"
+app:
+ webclient:
+ # Configuration of the trust store used for the HTTP client (outgoing requests)
+ # The file location and the password for the truststore is only relevant if trust-store-used == true
+ # Note that the same keystore as for the server is used.
+ trust-store-used: false
+ trust-store-password: policy_agent
+ trust-store: /opt/app/pm-producer-service/etc/cert/truststore.jks
+ # Configuration of usage of HTTP Proxy for the southbound accesses.
+ # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s
+ http.proxy-host:
+ http.proxy-port: 0
+ ics-base-url: http://informationservice.nonrtric:9082
+ configuration-filepath: /opt/app/pm-producer-service/data/application_configuration.json
+ #Override from env var
+ pm-producer-base-url:
+ # KAFKA boostrap servers. This is only needed if there are Information Types that uses a kafkaInputTopic
+ # several redundant boostrap servers can be specified, separated by a comma ','.
+ kafka:
+ bootstrap-servers: "onap-strimzi-kafka-bootstrap.onap:9095"
+ # The maximum number of records returned in a single call to poll() (default 100)
+ max-poll-records: 500
+ # Configues if oath2 tokens shall be used. If set to true, auth-token-file must also be configured
+ use-oath-token: true
+ ssl:
+ key-store-type: PEM
+ key-store-location:
+ # key password is needed if the private key is encrypted
+ key-store-password:
+ trust-store-type: PEM
+ trust-store-location:
+ # If the file name is empty, no authorization token is used
+ auth-token-file: /token-cache/jwt.txt
+ pm-files-path: /pm-files
+ zip-output: false
+ s3:
+ endpointOverride: http://minio:9000
+ accessKeyId: admin
+ secretAccessKey: adminadmin
+ locksBucket: pm-files-json-locks
+ bucket: pm-files-json
--- /dev/null
+{
+ "types": [
+ {
+ "id": "PmData",
+ "kafkaInputTopic": "json-file-ready-kpadp",
+ "useHttpProxy": false,
+ "dataType": "pmData",
+ "inputJobType": "xml-file-data-to-filestore",
+ "inputJobDefinition": {
+ "kafkaOutputTopic": "json-file-ready-kpadp"
+ }
+ }
+ ]
+}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: pm-producer-json2kafka-cm-data
+
+data:
+{{ (.Files.Glob "config/application_configuration.json").AsConfig | nindent 2 }}
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: pm-producer-json2kafka-cm-config
+
+data:
+{{ (.Files.Glob "config/application.yaml").AsConfig | nindent 2 }}
+ init-wait.sh: |
+ #!/usr/bin/bash
+ kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s
+ kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s
+ kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s
+ {{- range .Values.kafkaTopic }}
+ kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s
+ {{- end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: pm-producer-json2kafka
+ labels:
+ app: pm-producer-json2kafka
+spec:
+ clusterIP: None # Headless service
+ selector:
+ app: pm-producer-json2kafka
+ ports:
+ - name: http
+ protocol: TCP
+ port: 8084
+ targetPort: 8084
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: pm-producer-json2kafka
+ labels:
+ app: pm-producer-json2kafka
+spec:
+ replicas: 1
+ serviceName: pm-producer-json2kafka
+ selector:
+ matchLabels:
+ app: pm-producer-json2kafka
+ template:
+ metadata:
+ labels:
+ app: pm-producer-json2kafka
+ spec:
+ serviceAccountName: ranpm-component-sa
+ initContainers:
+ - name: wait-for-keycloak-and-kafka
+ securityContext:
+ runAsUser: 0
+ image: bitnami/kubectl
+ command: ["/usr/bin/bash"]
+ args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"]
+ volumeMounts:
+ - name: pm-producer-json2kafka-cm-config
+ mountPath: /opt/app/scripts/init-wait.sh
+ subPath: init-wait.sh
+ containers:
+ - name: pm-producer-json2kafka
+ image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-pmproducer:1.1.0
+ imagePullPolicy: Always
+ ports:
+ - name: http
+ containerPort: 8084
+ env:
+ - name: APPID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: APPNS
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ # Overriding value in application.yaml
+ - name: APP_PM-PRODUCER-BASE-URL
+ value: "http://$(APPID).pm-producer-json2kafka.$(APPNS):8084"
+ volumeMounts:
+ - mountPath: /opt/app/pm-producer-service/data/application_configuration.json
+ subPath: application_configuration.json
+ name: pm-producer-json2kafka-cm-data
+ - mountPath: /opt/app/pm-producer-service/config/application.yaml
+ subPath: application.yaml
+ name: pm-producer-json2kafka-cm-config
+ - mountPath: /token-cache
+ name: token-cache-volume
+ - name: auth-token
+ image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-auth-token-fetch:1.1.1
+ imagePullPolicy: Always
+ env:
+ - name: CREDS_GRANT_TYPE
+ value: client_credentials
+ - name: CREDS_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: pm-producer-json-2-kafka
+ key: client_secret
+ - name: CREDS_CLIENT_ID
+ value: pm-producer-json2kafka
+ - name: AUTH_SERVICE_URL
+ value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token
+ - name: OUTPUT_FILE
+ value: /token-cache/jwt.txt
+
+ volumeMounts:
+ - mountPath: /token-cache
+ name: token-cache-volume
+ volumes:
+ - name: pm-producer-json2kafka-cm-data
+ configMap:
+ name: pm-producer-json2kafka-cm-data
+ - name: pm-producer-json2kafka-cm-config
+ configMap:
+ name: pm-producer-json2kafka-cm-config
+ - name: token-cache-volume
+ emptyDir: {}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+global:
+ #Strimzi Kafka properties
+ useStrimziKafka: true
+
+# Strimzi Kafka config
+kafkaUser:
+ # For SCRAM-SHA-512 the name need not to be filled
+ # Name should be populated when a different authentication mechanism being used. e.g. OAUTH
+ # While using OAUTH authetication with keycloak, this name should match the user name of the client in keycloak
+ # This user name comes as OAUTH user to strimzi for the authorization. Hence the matching name authorizes the request.
+ name: service-account-pm-producer-json2kafka
+ acls:
+ - name: osc-pm_producer-PmData
+ type: group
+ operations: [Read]
+ - name: pmreports
+ type: topic
+ operations: [Read, Write]
+ - name: json-file-ready-kpadp
+ type: topic
+ operations: [Read, Write]
+
+# This is a reference to the list of topics used by this component
+kafkaTopic:
+ - pmreports
+ - json-file-ready-kpadp
\ No newline at end of file
--- /dev/null
+#!/usr/bin/env bash
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# Install required dependencies
+apk add --no-cache curl jq envsubst
+
+. scripts/ics_utils.sh
+. scripts/keycloak_utils.sh
+
+# Generic error printout function
+# args: <numeric-response-code> <descriptive-string>
+check_error() {
+ if [ $1 -ne 0 ]; then
+ echo "Failed: $2"
+ echo "Exiting..."
+ exit 1
+ fi
+}
+
+cid="console-setup"
+TOKEN=$(get_client_token nonrtric-realm $cid)
+
+JOB='{"info_type_id": "json-file-data-from-filestore-to-influx",
+ "job_owner": "console",
+ "status_notification_uri": "http://callback.nonrtric:80/post",
+ "job_definition": {
+ "db-url":"http://influxdb2:8086",
+ "db-org":"est",
+ "db-bucket":"pm-bucket",
+ "db-token":"'$INFLUXDB2_TOKEN'",
+ "filterType":"pmdata",
+ "filter":{}
+ }}'
+echo $JOB > .job.json
+create_ics_job kp-influx-json 0 $TOKEN
+
+echo "done"
+
+
+
+
--- /dev/null
+#!/usr/bin/env bash
+
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# Script intended to be sourced by other script to add functions to the keycloak rest API
+
+export ICSPROTOCOL=${1:-$ICS_PROTOCOL}
+export ICSHOSTNAME=${2:-$ICS_HOST}
+export ICSPORT=${3:-$ICS_PORT}
+
+echo "Ics Protocol is: $ICSPROTOCOL"
+echo "Ics Host is: $ICSHOSTNAME"
+echo "Ics Port is: $ICSPORT"
+
+ICSHOST="$ICSPROTOCOL://$ICSHOSTNAME"
+
+__wait_for_ics_availability() {
+ while true; do
+ STATUS_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$ICSHOST:$ICSPORT/status")
+ if [ "$STATUS_CODE" -eq 200 ]; then
+ echo "Ics is ready."
+ break
+ fi
+ echo "Ics is not ready..."
+ sleep 5
+ done
+}
+
+# args: <job-id> <job-index-suffix> [<access-token>]
+# job file shall exist in file "".job.json"
+create_ics_job() {
+ JOB=$(<.job.json)
+ echo $JOB
+ retcode=1
+ echo "Creating job-$1"'-'"$2"
+ while [ $retcode -ne 0 ]; do
+ if [ -z "$3" ]; then
+ __bearer=""
+ else
+ __bearer="Authorization: Bearer $TOKEN"
+ fi
+ STAT=$(curl -s -X PUT -w '%{http_code}' -H accept:application/json -H Content-Type:application/json $ICSHOST:$ICSPORT/data-consumer/v1/info-jobs/job-$1"-"$2 --data-binary @.job.json -H "$__bearer" )
+ retcode=$?
+ echo "curl return code: $retcode"
+ if [ $retcode -eq 0 ]; then
+ status=${STAT:${#STAT}-3}
+ echo "http status code: "$status
+ if [ "$status" == "200" ]; then
+ echo "Job created ok"
+ elif [ "$status" == "201" ]; then
+ echo "Job created ok"
+ else
+ retcode=1
+ fi
+ fi
+ sleep 1
+ done
+}
+
+# args: <job-id> <job-index-suffix> [<access-token>]
+# job file shall exist in file "".job.json"
+update_ics_job() {
+ JOB=$(<.job.json)
+ echo $JOB
+ retcode=1
+ echo "Updating job $1"
+ while [ $retcode -ne 0 ]; do
+ if [ -z "$2" ]; then
+ __bearer=""
+ else
+ __bearer="Authorization: Bearer $TOKEN"
+ fi
+ STAT=$(curl -s -X PUT -w '%{http_code}' -H accept:application/json -H Content-Type:application/json $ICSHOST:$ICSPORT/data-consumer/v1/info-jobs/$1 --data-binary @.job.json -H "$__bearer" )
+ retcode=$?
+ echo "curl return code: $retcode"
+ if [ $retcode -eq 0 ]; then
+ status=${STAT:${#STAT}-3}
+ echo "http status code: "$status
+ if [ "$status" == "200" ]; then
+ echo "Job created ok"
+ elif [ "$status" == "201" ]; then
+ echo "Job created ok"
+ else
+ retcode=1
+ fi
+ fi
+ sleep 1
+ done
+}
+
+__wait_for_ics_availability
--- /dev/null
+#!/usr/bin/env bash
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# Install required dependencies
+apk add --no-cache curl jq envsubst
+
+. scripts/influx_utils.sh
+
+# Generic error printout function
+# args: <numeric-response-code> <descriptive-string>
+check_error() {
+ if [ $1 -ne 0 ]; then
+ echo "Failed: $2"
+ echo "Exiting..."
+ exit 1
+ fi
+}
+
+if get_influxdb2_setup_allowed; then
+ echo "influx setup allowed..."
+ setup_influxdb2
+ create_influxdb2_bucket pm-bucket
+ create_influxdb2_bucket pm-logg-bucket
+else
+ echo "Influx onboarding already completed"
+fi
+
+
+
--- /dev/null
+#!/usr/bin/env bash
+
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# Script intended to be sourced by other script to add functions to the keycloak rest API
+
+export INFLUXDB2PROTOCOL=${1:-$INFLUXDB2_PROTOCOL}
+export INFLUXDB2HOSTNAME=${2:-$INFLUXDB2_HOST}
+export INFLUXDB2_PORT=${3:-$INFLUXDB2_PORT}
+export INFLUXDB2_ORGANIZATION=${4:-$INFLUXDB2_ORGANIZATION}
+export INFLUXDB2_BUCKET=${5:-$INFLUXDB2_BUCKET}
+export INFLUXDB2_USERNAME=${6:-$INFLUXDB2_USERNAME}
+export INFLUXDB2_PASSWORD=${7:-$INFLUXDB2_PASSWORD}
+export INFLUXDB2_DEFAULT_TOKEN=${8:-$INFLUXDB2_DEFAULT_TOKEN}
+
+export INFLUXDB2_ORGANIZATION_ID=""
+
+echo "Influx Protocol is: $INFLUXDB2PROTOCOL"
+echo "Influx Host is: $INFLUXDB2HOSTNAME"
+echo "Influx Port is: $INFLUXDB2_PORT"
+
+INFLUXDB2HOST="$INFLUXDB2PROTOCOL://$INFLUXDB2HOSTNAME"
+
+__wait_for_influxdb2_availability() {
+ while true; do
+ STATUS_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$INFLUXDB2HOST:$INFLUXDB2_PORT/api/v2/setup")
+ if [ "$STATUS_CODE" -eq 200 ]; then
+ echo "Influxdb2 is ready."
+ break
+ fi
+ echo "Influxdb2 is not ready..."
+ sleep 5
+ done
+}
+
+get_influxdb2_setup_allowed() {
+ __influxdb2_setup_allowed=$(curl -s -X GET "$INFLUXDB2HOST:$INFLUXDB2_PORT/api/v2/setup" | jq -r '.allowed')
+ if [ "$__influxdb2_setup_allowed" = "true" ]; then
+ return 0
+ fi
+ return 1
+}
+
+setup_influxdb2() {
+
+cat > .jsonfile1 <<- "EOF"
+{
+"bucket": "$INFLUXDB2_BUCKET",
+"org": "$INFLUXDB2_ORGANIZATION",
+"password": "$INFLUXDB2_PASSWORD",
+"username": "$INFLUXDB2_USERNAME",
+"retentionPeriodSeconds": 0,
+"token":"$INFLUXDB2_DEFAULT_TOKEN"
+}
+EOF
+ envsubst < .jsonfile1 > .jsonfile2
+ RESPONSE=$(curl -s -X POST "$INFLUXDB2HOST:$INFLUXDB2_PORT/api/v2/setup" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2")
+
+ if [ $? -ne 0 ]; then
+ echo "Command failed, setup influx"
+ exit 1
+ fi
+ INFLUXDB2_ORGANIZATION_ID=$(echo "$RESPONSE" | jq -r '.org.id')
+ echo "OK, Setup influx"
+}
+
+create_influxdb2_bucket() {
+INFLUXDB2_BUCKET=$1
+cat > .jsonfile1 <<- "EOF"
+{
+"name": "$INFLUXDB2_BUCKET",
+"orgID": "$INFLUXDB2_ORGANIZATION_ID"
+}
+EOF
+ envsubst < .jsonfile1 > .jsonfile2
+ curl -s -X POST "$INFLUXDB2HOST:$INFLUXDB2_PORT/api/v2/buckets" \
+ --header "Authorization: Token $INFLUXDB2_DEFAULT_TOKEN" \
+ --header "Content-Type: application/json" \
+ -d @".jsonfile2"
+
+ if [ $? -ne 0 ]; then
+ echo "Bucket $1 creation failed."
+ exit 1
+ fi
+ echo "Bucket $1 created."
+}
+
+__wait_for_influxdb2_availability
--- /dev/null
+#!/usr/bin/env bash
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# Install required dependencies
+sed -i -e 's/us.archive.ubuntu.com/archive.ubuntu.com/g' /etc/apt/sources.list
+apt update
+apt install -y curl jq gettext
+
+# Create realm in keycloak
+. scripts/keycloak_utils.sh
+
+# Generic error printout function
+# args: <numeric-response-code> <descriptive-string>
+check_error() {
+ if [ $1 -ne 0 ]; then
+ echo "Failed: $2"
+ echo "Exiting..."
+ exit 1
+ fi
+}
+
+create_realms nonrtric-realm
+while [ $? -ne 0 ]; do
+ create_realms nonrtric-realm
+done
+
+# Create client for admin calls
+cid="console-setup"
+create_clients nonrtric-realm $cid
+check_error $?
+generate_client_secrets nonrtric-realm $cid
+check_error $?
+
+cid="kafka-producer-pm-xml2json"
+create_clients nonrtric-realm $cid
+check_error $?
+generate_client_secrets nonrtric-realm $cid
+check_error $?
+
+KAFKA_PM_XML_2_JSON_APP_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid)
+kubectl create secret generic kafka-pm-xml-2-json --from-literal=client_secret=$KAFKA_PM_XML_2_JSON_APP_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f -
+
+cid="kafka-producer-pm-json2kafka"
+create_clients nonrtric-realm $cid
+check_error $?
+generate_client_secrets nonrtric-realm $cid
+check_error $?
+
+KAFKA_PM_JSON_2_KAFKA_APP_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid)
+kubectl create secret generic kafka-pm-json-2-kafka --from-literal=client_secret=$KAFKA_PM_JSON_2_KAFKA_APP_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f -
+
+cid="kafka-producer-pm-json2influx"
+create_clients nonrtric-realm $cid
+check_error $?
+generate_client_secrets nonrtric-realm $cid
+check_error $?
+
+KAFKA_PM_JSON_2_INFLUX_APP_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid)
+kubectl create secret generic kafka-pm-json-2-influx --from-literal=client_secret=$KAFKA_PM_JSON_2_INFLUX_APP_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f -
+
+cid="pm-producer-json2kafka"
+create_clients nonrtric-realm $cid
+check_error $?
+generate_client_secrets nonrtric-realm $cid
+check_error $?
+
+PM_PRODUCER_JSON_2_KAFKA_APP_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid)
+kubectl create secret generic pm-producer-json-2-kafka --from-literal=client_secret=$PM_PRODUCER_JSON_2_KAFKA_APP_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f -
+
+cid="dfc"
+create_clients nonrtric-realm $cid
+check_error $?
+generate_client_secrets nonrtric-realm $cid
+check_error $?
+
+DFC_APP_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid)
+kubectl create secret generic dfc --from-literal=client_secret=$DFC_APP_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f -
+
+cid="nrt-pm-log"
+create_clients nonrtric-realm $cid
+check_error $?
+generate_client_secrets nonrtric-realm $cid
+check_error $?
+
+PM_LOG_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid)
+kubectl create secret generic pm-log --from-literal=client_secret=$PM_LOG_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f -
+
+exit 0
\ No newline at end of file
--- /dev/null
+#!/usr/bin/env bash
+
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+# Script intended to be sourced by other script to add functions to the keycloak rest API
+
+KEYCLOAKPROTOCOL=${1:-$KEYCLOAK_PROTOCOL}
+KEYCLOAKHOSTNAME=${2:-$KEYCLOAK_HOST}
+KC_PROXY_PORT=${3:-$KEYCLOAK_PROXY_PORT}
+NAMESPACE=${4:-$NAMESPACE}
+
+echo "Keycloak Protocol is: $KEYCLOAKPROTOCOL"
+echo "Keycloak Host is: $KEYCLOAKHOSTNAME"
+echo "Keycloak Port is: $KC_PROXY_PORT"
+echo "Namespace is: $NAMESPACE"
+
+KEYCLOAKHOST="$KEYCLOAKPROTOCOL://$KEYCLOAKHOSTNAME"
+
+__wait_for_keycloak_availability() {
+ while true; do
+ STATUS_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$KEYCLOAKHOST:$KC_PROXY_PORT/realms/master")
+ if [ "$STATUS_CODE" -eq 200 ]; then
+ echo "Keycloak is ready."
+ break
+ fi
+ echo "Keycloak is not ready..."
+ sleep 5
+ done
+}
+
+__get_admin_token() {
+ echo "Get admin token"
+ ADMIN_TOKEN=""
+ while [ "${#ADMIN_TOKEN}" -lt 20 ]; do
+ ADMIN_TOKEN=$(curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/realms/master/protocol/openid-connect/token" \
+ --max-time 2 \
+ -H "Content-Type: application/x-www-form-urlencoded" \
+ -d "username=admin" \
+ -d "password=admin" \
+ -d 'grant_type=password' \
+ -d "client_id=admin-cli" \
+ | jq -r '.access_token')
+
+ if [ "${#ADMIN_TOKEN}" -lt 20 ]; then
+ echo "Could not get admin token, retrying..."
+ echo "Retrieved token: $ADMIN_TOKEN"
+ fi
+ done
+ echo "Admin token: ${ADMIN_TOKEN:0:10}..."
+ echo $ADMIN_TOKEN > .admin_token
+ __ADM_TOKEN_TS=$SECONDS
+}
+
+__check_admin_token() {
+ __diff=$(($SECONDS-$__ADM_TOKEN_TS))
+ if [ $__diff -gt 15 ]; then
+ __get_admin_token
+ fi
+}
+
+__wait_for_keycloak_availability
+__get_admin_token
+
+indent1() { sed 's/^/ /'; }
+indent2() { sed 's/^/ /'; }
+
+decode_token() {
+ echo "Decoding access_token"
+ echo $1 | jq -R 'split(".") | .[0,1] | @base64d | fromjson'
+}
+
+decode_jwt() {
+ echo "Decoding jwt"
+ echo $1 | jq -r .access_token | jq -R 'split(".") | .[0,1] | @base64d | fromjson'
+}
+
+list_realms() {
+ echo "Listing all realms"
+ __check_admin_token
+
+ curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ | jq -r '.[].id' | indent2
+}
+delete_realms() {
+ echo "$@"
+ for realm in "$@"; do
+ echo "Attempt to delete realm: $realm"
+ __check_admin_token
+
+ curl -s -X DELETE "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$realm" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ | indent1
+
+ if [ $? -ne 0 ]; then
+ echo "Command failed, delete_realms"
+ exit 1
+ fi
+ echo " OK, delete_realms"
+ done
+}
+
+create_realms() {
+ echo "Creating realms: $@"
+ while [ $# -gt 0 ]; do
+ echo " Attempt to create realm: $1"
+ __check_admin_token
+cat > .jsonfile1 <<- "EOF"
+{
+"realm":"$__realm_name",
+"enabled":true
+}
+EOF
+ export __realm_name=$1
+ envsubst < .jsonfile1 > .jsonfile2
+ curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent2
+
+ if [ $? -ne 0 ]; then
+ echo "Command failed, create_realms"
+ exit 1
+ fi
+ echo " OK, create_realms"
+ shift
+ done
+}
+
+create_clients() {
+ __realm=$1
+ shift
+ echo "Attempt to create clients $@ for realm: $__realm"
+
+cat > .jsonfile1 <<- "EOF"
+{
+ "clientId":"$__client_name",
+ "publicClient": false,
+ "serviceAccountsEnabled": true,
+ "rootUrl":"https://example.com/example/",
+ "adminUrl":"https://example.com/example/"
+}
+EOF
+ while [ $# -gt 0 ]; do
+ echo " Creating client: $1"
+ __check_admin_token
+ export __client_name=$1
+ envsubst < .jsonfile1 > .jsonfile2
+
+ curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent1
+
+ if [ $? -ne 0 ]; then
+ echo "Command failed, create_clients"
+ exit 1
+ fi
+ echo " OK, create_clients"
+ shift
+ done
+}
+
+__get_client_id() {
+ __client_data=$(curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$1/clients?clientId=$2" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
+ if [ $? -ne 0 ]; then
+ return 1
+ fi
+ __client_id=$(echo $__client_data | jq -r '.[0].id')
+ echo $__client_id
+ return 0
+}
+
+generate_client_secrets() {
+ __realm=$1
+ shift
+ echo "Attempt to generate secret for clients $@ in realm $__realm"
+ while [ $# -gt 0 ]; do
+ __check_admin_token
+ __client_id=$(__get_client_id $__realm $1)
+ if [ $? -ne 0 ]; then
+ echo "Command failed, generate_client_secrets, __get_client_id"
+ exit 1
+ fi
+ echo " Client id for client $1 in realm $__realm: "$__client_id | indent1
+ echo " Creating secret"
+
+ __client_secret=$(curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/client-secret" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
+ if [ $? -ne 0 ]; then
+ echo "Command failed, generate_client_secrets, client_secret POST"
+ exit 1
+ fi
+
+ __client_secret=$(curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/client-secret" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
+ if [ $? -ne 0 ]; then
+ echo "Command failed, generate_client_secrets, client_secret GET"
+ exit 1
+ fi
+
+ __client_secret=$(echo $__client_secret | jq -r .value)
+ echo " Client secret for client $1 in realm $__realm: "$__client_secret | indent1
+ echo $__client_secret > ".sec_$__realm""_$1"
+ echo " OK, generate_client_secrets"
+ shift
+ done
+}
+
+create_client_roles() {
+ # <realm-name> <client-name> [<role-name>]+
+ __check_admin_token
+ __client_id=$(__get_client_id $1 $2)
+ if [ $? -ne 0 ]; then
+ echo "Command failed, create_client_roles, __get_client_id"
+ exit 1
+ fi
+ __realm=$1
+ shift; shift;
+ while [ $# -gt 0 ]; do
+
+cat > .jsonfile1 <<- "EOF"
+{
+ "name":"$__role"
+}
+EOF
+ export __role=$1
+ envsubst < .jsonfile1 > .jsonfile2
+
+ curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/roles" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent1
+
+ if [ $? -ne 0 ]; then
+ echo "Command failed, create_client_roles"
+ exit 1
+ fi
+ shift
+ done
+}
+
+__get_service_account_id() {
+ # <realm-name> <client-id>
+
+ __service_account_data=$(curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$1/clients/$2/service-account-user" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
+ if [ $? -ne 0 ]; then
+ return 1
+ fi
+
+ __service_account_id=$(echo $__service_account_data | jq -r '.id')
+ echo $__service_account_id
+ return 0
+}
+
+__get_client_available_role_id() {
+ # <realm-name> <service-account-id> <client-id> <client-role-name>
+
+ __client_role_data=$(curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$1/users/$2/role-mappings/clients/$3/available" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
+ if [ $? -ne 0 ]; then
+ return 1
+ fi
+ __client_role_id=$(echo $__client_role_data | jq -r '.[] | select(.name=="'$4'") | .id ')
+ echo $__client_role_id
+ return 0
+}
+
+__get_client_mapped_role_id() {
+ # <realm-name> <service-account-id> <client-id> <client-role-name>
+
+ __client_role_data=$(curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$1/users/$2/role-mappings/clients/$3" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
+ if [ $? -ne 0 ]; then
+ return 1
+ fi
+ __client_role_id=$(echo $__client_role_data | jq -r '.[] | select(.name=="'$4'") | .id ')
+ echo $__client_role_id
+ return 0
+}
+
+add_client_roles_mapping() {
+ # <realm-name> <client-name> [<role-name>]+
+ echo "Attempt to add roles ${@:3} to client $2 in realm $1"
+ __check_admin_token
+ __realm=$1
+ __client=$2
+ __client_id=$(__get_client_id $__realm $__client)
+ if [ $? -ne 0 ]; then
+ echo "Command failed, add_client_roles_mapping, __get_client_id"
+ exit 1
+ fi
+ echo " Client id for client $__client in realm $__realm: "$__client_id | indent1
+ __service_account_id=$(__get_service_account_id $__realm $__client_id)
+ if [ $? -ne 0 ]; then
+ echo "Command failed, add_client_roles_mapping, __get_service_account_id"
+ exit 1
+ fi
+ echo " Service account id for client $__client in realm $__realm: "$__service_account_id | indent1
+ shift; shift
+
+ __cntr=0
+ __all_roles=$@
+
+ while [ $# -gt 0 ]; do
+ if [ $__cntr -eq 0 ]; then
+ echo "[" > .jsonfile2
+ fi
+ __client_role_id=$(__get_client_available_role_id $__realm $__service_account_id $__client_id $1)
+ if [ $? -ne 0 ]; then
+ echo "Command failed, add_client_roles_mapping, __get_client_available_role_id"
+ exit 1
+ fi
+ #echo "CLIENT ROLE ID $1 "$__client_role_id
+ #echo " Role id for role $1 and client $__client in realm $__realm: "$__client_role_id | indent1
+ __role='{"name":"'$1'","id":"'$__client_role_id'","composite": false,"clientRole": true}'
+ if [ $__cntr -gt 0 ]; then
+ echo "," >> .jsonfile2
+ fi
+ echo $__role >> .jsonfile2
+ let __cntr=__cntr+1
+ shift
+ done
+
+ echo "]" >> .jsonfile2
+ echo " Adding roles $__all_roles to client $__client in realm $__realm"
+
+ curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/users/$__service_account_id/role-mappings/clients/$__client_id" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent2
+
+ if [ $? -ne 0 ]; then
+ echo "Command failed, add_client_roles_mapping, adding roles"
+ exit 1
+ fi
+ echo " OK, add_client_roles_mapping"
+}
+
+
+
+remove_client_roles_mapping() {
+ # <realm-name> <client-name> [<role-name>]+
+ echo "Attempt to removed roles ${@:3} from client $2 in realm $1"
+ __check_admin_token
+ __realm=$1
+ __client=$2
+ __client_id=$(__get_client_id $__realm $__client)
+ if [ $? -ne 0 ]; then
+ echo "Command failed, remove_client_roles_mapping, __get_client_id"
+ exit 1
+ fi
+ echo " Client id for client $__client in realm $__realm: "$__client_id | indent1
+ __service_account_id=$(__get_service_account_id $__realm $__client_id)
+ if [ $? -ne 0 ]; then
+ echo "Command failed, remove_client_roles_mapping, __get_service_account_id"
+ exit 1
+ fi
+ echo " Service account id for client $__client in realm $__realm: "$__service_account_id | indent1
+ shift; shift
+ __cntr=0
+ __all_roles=$@
+ while [ $# -gt 0 ]; do
+ if [ $__cntr -eq 0 ]; then
+ echo "[" > .jsonfile2
+ fi
+ __client_role_id=$(__get_client_mapped_role_id $__realm $__service_account_id $__client_id $1)
+ if [ $? -ne 0 ]; then
+ echo "Command failed, remove_client_roles_mapping, __get_client_mapped_role_id"
+ exit 1
+ fi
+ #echo "CLIENT ROLE ID $1 "$__client_role_id
+ #echo " Role id for role $1 and client $__client in realm $__realm: "$__client_role_id | indent1
+ __role='{"name":"'$1'","id":"'$__client_role_id'","composite": false,"clientRole": true}'
+ if [ $__cntr -gt 0 ]; then
+ echo "," >> .jsonfile2
+ fi
+ echo $__role >> .jsonfile2
+ let __cntr=__cntr+1
+ shift
+ done
+ echo "]" >> .jsonfile2
+ echo " Removing roles $__all_roles from client $__client in realm $__realm"
+
+ curl -s -X DELETE "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/users/$__service_account_id/role-mappings/clients/$__client_id" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent2
+
+ if [ $? -ne 0 ]; then
+ echo "Command failed, remove_client_roles_mapping, delete"
+ exit 1
+ fi
+ echo " OK, remove client roles mapping"
+}
+
+add_client_hardcoded-claim-mapper() {
+# <realm-name> <client-name> <mapper-name> <claim-name> <claim-value>
+ __check_admin_token
+ __realm=$1
+ __client=$2
+ export __mapper_name=$3
+ export __claim_name=$4
+ export __claim_value=$5
+
+ __client_id=$(__get_client_id $__realm $__client)
+ if [ $? -ne 0 ]; then
+ echo " Fatal error when getting client id, response: "$?
+ exit 1
+ fi
+ cat > .jsonfile1 <<- "EOF"
+{
+ "name": "$__mapper_name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-hardcoded-claim-mapper",
+ "consentRequired": false,
+ "config": {
+ "claim.value": "$__claim_value",
+ "userinfo.token.claim": "true",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "$__claim_name",
+ "access.tokenResponse.claim": "false"
+ }
+}
+EOF
+ envsubst < .jsonfile1 > .jsonfile2
+
+ curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/nonrtric-realm/clients/"$__client_id"/protocol-mappers/models" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" \
+ -H "Content-Type: application/json" \
+ -d @".jsonfile2" \
+ | indent2
+
+ if [ $? -ne 0 ]; then
+ echo "Command failed, add_client_hardcoded-claim-mapper"
+ exit 1
+ fi
+ set +x
+ cat .jsonfile2
+ echo " OK, add_client_hardcoded-claim-mapper"
+}
+
+# Get a client token
+# args: <realm-name> <client-name>
+get_client_token() {
+ __check_admin_token
+ __realm=$1
+ __client=$2
+ __client_id=$(__get_client_id $__realm $__client)
+ if [ $? -ne 0 ]; then
+ echo " Fatal error when getting client id, response: "$?
+ exit 1
+ fi
+ #echo " Client id for client $__client in realm $__realm: "$__client_id | indent1
+
+ __client_secret=$(curl -s -f -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/client-secret" \
+ -H "Authorization: Bearer ${ADMIN_TOKEN}" )
+
+ if [ $? -ne 0 ]; then
+ echo " Fatal error when getting client secret, response: "$?
+ exit 1
+ fi
+
+ __client_secret=$(echo $__client_secret | jq -r .value)
+
+ __TMP_TOKEN=$(curl -s -f -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/realms/$__realm/protocol/openid-connect/token" \
+ -H Content-Type:application/x-www-form-urlencoded \
+ -d client_id="$__client" -d client_secret="$__client_secret" -d grant_type=client_credentials)
+
+ if [ $? -ne 0 ]; then
+ echo " Fatal error when getting client token, response: "$?
+ exit 1
+ fi
+
+ echo $__TMP_TOKEN| jq -r .access_token
+ return 0
+}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: ranpm-component-sa
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: ranpm-component-role
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+rules:
+ - apiGroups: ['batch']
+ resources: ['jobs']
+ verbs: ["get", "watch", "list"]
+ - apiGroups: ['']
+ resources: ['pods']
+ verbs: ["get", "watch", "list"]
+ - apiGroups: ['kafka.strimzi.io']
+ resources: ['kafkausers']
+ verbs: ["get", "watch", "list"]
+ - apiGroups: ['kafka.strimzi.io']
+ resources: ['kafkatopics']
+ verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: ranpm-component-rb
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: ranpm-component-role
+subjects:
+- kind: ServiceAccount
+ name: ranpm-component-sa
+ namespace: {{ .Release.Namespace }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: ics-init-config
+data:
+{{ tpl (.Files.Glob "resources/scripts/ics/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/scripts/keycloak/keycloak_utils.sh").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+################################################################################
+# Copyright (C) 2025 OpenInfra Foundation Europe #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: ics-init
+spec:
+ template:
+ spec:
+ serviceAccountName: ranpm-component-sa
+ initContainers:
+ - name: wait-for-keycloak-job
+ image: bitnami/kubectl
+ args:
+ - wait
+ - job.batch/keycloak-init
+ - --for
+ - condition=complete
+ - --timeout
+ - 300s
+ containers:
+ - name: ics-init-container
+ image: bash:latest
+ command: ["bash","/scripts/configure_ics.sh"]
+ env:
+ - name: ICS_HOST
+ value: "{{ .Values.ics.host }}"
+ - name: ICS_PORT
+ value: "{{ .Values.ics.port }}"
+ - name: ICS_PROTOCOL
+ value: "{{ .Values.ics.protocol }}"
+ - name: KEYCLOAK_HOST
+ value: "{{ .Values.keycloak.host }}"
+ - name: KEYCLOAK_PROXY_PORT
+ value: "{{ .Values.keycloak.port }}"
+ - name: KEYCLOAK_PROTOCOL
+ value: "{{ .Values.keycloak.protocol }}"
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - name: ics-config-volume
+ mountPath: /scripts
+ volumes:
+ - name: ics-config-volume
+ configMap:
+ name: ics-init-config
+ defaultMode: 0755
+ restartPolicy: Never
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: influxdb2-init-config
+data:
+{{ tpl (.Files.Glob "resources/scripts/influxdb2/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+################################################################################
+# Copyright (C) 2025 OpenInfra Foundation Europe #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: influxdb2-init
+spec:
+ template:
+ spec:
+ containers:
+ - name: influxdb2-init-container
+ image: bash:latest
+ command: ["bash","/scripts/configure_influx.sh"]
+ env:
+ - name: INFLUXDB2_HOST
+ value: "{{ .Values.influxdb2.host }}"
+ - name: INFLUXDB2_PORT
+ value: "{{ .Values.influxdb2.port }}"
+ - name: INFLUXDB2_PROTOCOL
+ value: "{{ .Values.influxdb2.protocol }}"
+ - name: INFLUXDB2_ORGANIZATION
+ value: "{{ .Values.influxdb2.organization }}"
+ - name: INFLUXDB2_BUCKET
+ value: "{{ .Values.influxdb2.bucket }}"
+ - name: INFLUXDB2_USERNAME
+ valueFrom:
+ secretKeyRef:
+ key: username
+ name: influxdb2-secret
+ - name: INFLUXDB2_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: influxdb2-secret
+ - name: INFLUXDB2_DEFAULT_TOKEN
+ valueFrom:
+ secretKeyRef:
+ key: token
+ name: influxdb-api-token
+ volumeMounts:
+ - name: influxdb2-config-volume
+ mountPath: /scripts
+ volumes:
+ - name: influxdb2-config-volume
+ configMap:
+ name: influxdb2-init-config
+ defaultMode: 0755
+ restartPolicy: Never
--- /dev/null
+################################################################################
+# Copyright (C) 2025 OpenInfra Foundation Europe #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: influxdb2-secret
+type: Opaque
+data:
+ username: YWRtaW4=
+ password: bXlTdVAzclMzY3IzdFQwa2VO
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+ name: influxdb-api-token
+data:
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace "influxdb-api-token") }}
+{{- if $secret }}
+ token: {{ $secret.data.token | quote }}
+{{- else }}
+ token: {{ randAlphaNum 32 | b64enc | quote }}
+{{- end }}
+
--- /dev/null
+{{/*
+# Copyright © 2025 OpenInfra Foundation Europe. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkatopic" . }}
+{{ end }}
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: keycloak-init-config
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+data:
+{{ tpl (.Files.Glob "resources/scripts/keycloak/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: keycloak-init-sa
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: keycloak-init-role
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+rules:
+ - apiGroups: ['']
+ resources: ['secrets']
+ verbs: ["get","create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: keycloak-init-rb
+ namespace: {{ .Release.Namespace }}
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: keycloak-init-role
+subjects:
+- kind: ServiceAccount
+ name: keycloak-init-sa
+ namespace: {{ .Release.Namespace }}
\ No newline at end of file
--- /dev/null
+################################################################################
+# Copyright (C) 2025 OpenInfra Foundation Europe #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: keycloak-init
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "3"
+spec:
+ template:
+ spec:
+ serviceAccountName: keycloak-init-sa
+ containers:
+ - name: keycloak-init-container
+ image: bitnami/kubectl:1.32.2
+ command: ["bash","/scripts/configure_keycloak.sh"]
+ securityContext:
+ allowPrivilegeEscalation: false
+ runAsUser: 0
+ env:
+ - name: KEYCLOAK_HOST
+ value: "{{ .Values.keycloak.host }}"
+ - name: KEYCLOAK_PROXY_PORT
+ value: "{{ .Values.keycloak.port }}"
+ - name: KEYCLOAK_PROTOCOL
+ value: "{{ .Values.keycloak.protocol }}"
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - name: keycloak-config-volume
+ mountPath: /scripts
+ volumes:
+ - name: keycloak-config-volume
+ configMap:
+ name: keycloak-init-config
+ defaultMode: 0755
+ restartPolicy: Never
--- /dev/null
+# ============LICENSE_START===============================================
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved.
+# ========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: ran-certs-config
+data:
+ ca.key: |
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCapuVjYlGH0gFP
+ 5+XmZX8+duUAKP1Y6iMiYcRxpEhOYreBytSyLc1ed4HGQHG2HCNSYs4iOotdj8Fm
+ iY6ItJjquyKPNUk1F9YSRnXhhO8+pGiGV/rNF30TheneDlSNaCiBFJfzpUiBdgT4
+ zd7Pm2PfsvfLrgyC/KrRy3vS1QcZtW2mTyLMl4KUgwrmzeOFlCXqNK06Rz3s2JbS
+ CKvq4tR3x6KlkmKpX/XuxdrCtCZva0oG+ur/nOSbzwbbl2b4s9zyprhIio0ohWVp
+ g9HDs5BRHGU7L6XGYBGm7Bs/FN6OtgdfhQXqmQSGQX4H2sIf7oAhqjNBTXZ5RPn9
+ x3263d9DAgMBAAECggEAFMVJlbmEvbsk1fiNVg5XsqoBQ649qI15vopm+eRYmb6E
+ avg07OFd7cwbL+dD3nOVAuGmUc6PHTfLf9wFurKWvx/3GkjL1kenRrkT6AAUqdMm
+ /rQeSSFYeSDJMju2e2970SpU5jJStKCHNmtf+34hQdAlm8N6hrUstBSiQsS9uWQB
+ CwW4RBLC34jSD27AMlMg87HnF2TT5Xab1pFixop3DxBiXbOVhmgjsXvzR1jRhsBc
+ Epe5SmBVeMeVWwm+74wlaYp3ys+3ALABzR4zbTxfCkWJ5mr3gXC3BUZ5Xwy/wxjQ
+ TvKKeqTlyDxrfhSLmJaU+0k4l6c4xqwtpdapT0aoAQKBgQC5WimgYtWTrT1O2pWo
+ TRKvhYaflnEx6NTA/ZZ9n2TFwc6JAmNChbhe+vV0AU+W8BLGvmiR9NgAwA3H2uTL
+ iJkjRaHY0c/3RNS3WDeQSi8j+tqQuDESgWQQiPWglHDYCruNs7IfIsbFY+GqAkvI
+ VyXHUAtvC7wboRPy9Y9XayfKAQKBgQDVmSO6FiOv5fGEqfMFf/TU85NF2e9t2Mfx
+ IofllhYuE9Cwhjey5h89U1ZXa1vPUibt4Pq0p5pBxLB9V2UgmzvpYhnzB4ZbAtbT
+ B7Myxj9eeV/ILmRfXwmaN5JaKgbFqXr8rH9Fj5ciil+4QsAyHeEqT0IqYtQPz2Fb
+ M5qnY6oBQwKBgA+tP44QLe5CncfYlwXYFvd/fKZszAAjqDL2f876N0S+oqBV8l1D
+ ABgQc8gvADNM9NmYazHFGqvdkozPx8ArOoCQOCMlg8hvKuqi7Hgovhn18pyA562g
+ Af2gB95gD7dGGRzgEPWvNE6npwOBFDXKoShdbcojnPJdSlmnSUtkhcYBAoGBAMZp
+ C0vXNu00zoVqDKmmM3oAjGQNTiAeh5PRfKTiJtZEZ80hz+lpY8lmeUSZIF5TtH+x
+ RZC8Q0kmeL7liLWiHSPskagz7DTsTTsX4vieOMz8N+HOXkRNFrFfP55rfYDsrqa5
+ YTvvZveZy9JwhvHG2ZqgpxiSVuQcwhWiuN0WchvbAoGAPySYGRIEvX5zY/dUE33W
+ /+xRNUrDqoviioKkLagfrbfLAfJHhKYFLwE/H8jN6ZT1dgYKVSqhYAnyH2jevpku
+ 5TSQoTA22VMNLT9/jRlY/ZJHeIid90BySPrTHy7XRl+lb+yBeEThmrH8w7K5Cw3Q
+ GIFZPNsgV57Fnxyiwk/mHoY=
+ -----END PRIVATE KEY-----
+ httpsca.crt: |
+ -----BEGIN CERTIFICATE-----
+ MIIDnzCCAoegAwIBAgIUFqNZ5ZQ6L2ZtNCkJlOW9rgRO89cwDQYJKoZIhvcNAQEL
+ BQAwXzELMAkGA1UEBhMCU0UxCjAIBgNVBAgMAS4xCjAIBgNVBAcMAS4xDDAKBgNV
+ BAoMA0VTVDEMMAoGA1UECwwDRVNUMRwwGgYJKoZIhvcNAQkBFg1hQGV4YW1wbGUu
+ Y29tMB4XDTI1MDMyNjEyMjAyNVoXDTI1MDQyNTEyMjAyNVowXzELMAkGA1UEBhMC
+ U0UxCjAIBgNVBAgMAS4xCjAIBgNVBAcMAS4xDDAKBgNVBAoMA0VTVDEMMAoGA1UE
+ CwwDRVNUMRwwGgYJKoZIhvcNAQkBFg1hQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG
+ 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqblY2JRh9IBT+fl5mV/PnblACj9WOojImHE
+ caRITmK3gcrUsi3NXneBxkBxthwjUmLOIjqLXY/BZomOiLSY6rsijzVJNRfWEkZ1
+ 4YTvPqRohlf6zRd9E4Xp3g5UjWgogRSX86VIgXYE+M3ez5tj37L3y64Mgvyq0ct7
+ 0tUHGbVtpk8izJeClIMK5s3jhZQl6jStOkc97NiW0gir6uLUd8eipZJiqV/17sXa
+ wrQmb2tKBvrq/5zkm88G25dm+LPc8qa4SIqNKIVlaYPRw7OQURxlOy+lxmARpuwb
+ PxTejrYHX4UF6pkEhkF+B9rCH+6AIaozQU12eUT5/cd9ut3fQwIDAQABo1MwUTAd
+ BgNVHQ4EFgQUYIsXwaqvhVB3toXBKUSTFmxHVIUwHwYDVR0jBBgwFoAUYIsXwaqv
+ hVB3toXBKUSTFmxHVIUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+ AQEAeLktWG9QPVUaxAXW8uySLKHV71pvNzIkmRUu864DZHREP5fjelCi415082xA
+ oWc8j8PwQ6b/WrraC2DG1MFsyd8fq2KMU4tFgeA7310DiXKjaRtZcsCMbXJqfAH3
+ 2HT/8fsn2MSJU1hmTx+l29BvzEGbUuyXqJ+iAryMXyJlLzvW253B2YwO+ymtiyRS
+ AxG1g2drJ9e6q9WfajquVaHyX7tXmhLc8r/h/a0nqv3kkQYVnyzuWQh1ZIVQ9eHp
+ N5VU0luS/CNF4McifVyuRMS5uR3SiKoQdbuHeTJ08Ar5GEOpgrDonGHFTpsEUFtG
+ cFMmA7DJDQKQIBcVy7djbd3xlg==
+ -----END CERTIFICATE-----
\ No newline at end of file
--- /dev/null
+################################################################################
+# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+global:
+ #Strimzi Kafka properties
+ useStrimziKafka: true
+
+keycloak:
+ host: "keycloak-proxy"
+ port: "8080"
+ protocol: "http"
+
+ics:
+ host: "informationservice.nonrtric"
+ port: "9082"
+ protocol: "http"
+
+influxdb2:
+ host: "influxdb2"
+ port: "8086"
+ protocol: "http"
+ organization: "est"
+ bucket: "pm-bucket"
+
+kafkaTopic:
+ - strimziTopicName: "unauthenticated.ves-notification-output"
+ name: "unauthenticated.VES_NOTIFICATION_OUTPUT"
+ partitions: 10
+ - name: collected-file
+ partitions: 10
+ - name: json-file-ready-kp
+ partitions: 10
+ - name: json-file-ready-kpadp
+ partitions: 10
+ - name: pmreports
+ partitions: 10
\ No newline at end of file
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
- name: {{ include "common.name" . }}-ku
+ name: {{ default ( printf "%s-ku" (include "common.name" .)) .Values.kafkaUser.name }}
namespace: onap
labels:
strimzi.io/cluster: onap-strimzi
+ annotations:
+ "helm.sh/hook": pre-install
spec:
+ {{- if .Values.kafkaUser.authenticationType }}
authentication:
type: {{ .Values.kafkaUser.authenticationType | default "scram-sha-512" }}
+ {{- end }}
authorization:
type: {{ .Values.kafkaUser.authorizationType | default "simple" }}
acls:
- resource:
type: {{ $acl.type }}
patternType: {{ $acl.patternType | default "literal" }}
- name: {{ ternary (printf "%s-%s" $acl.name $acl.suffix) $acl.name (hasKey $acl "suffix") }}
+ name: '{{ ternary (printf "%s-%s" $acl.name $acl.suffix) $acl.name (hasKey $acl "suffix") }}'
operations:
{{- range $operation := $acl.operations }}
- {{ . }}
namespace: onap
labels:
strimzi.io/cluster: onap-strimzi
+ annotations:
+ "helm.sh/hook": pre-install
spec:
{{- if (hasKey $topic "partitions") }}
partitions: {{ $topic.partitions }}
# ============LICENSE_START===============================================
-# Copyright (C) 2024 OpenInfra Foundation Europe. All rights reserved.
+# Copyright (C) 2024-2025 OpenInfra Foundation Europe. All rights reserved.
# ========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
kubeVersion: ">=1.19.0-0"
dependencies:
+ - name: common
+ version: ~1.0.0
+ repository: "@local"
+ condition: nonrtric.installRanpm
+ - name: ranpm
+ version: ~1.0.0
+ repository: "@local"
+ condition: nonrtric.installRanpm
- name: topology-exposure-inventory
version: ~1.0.0
repository: "@local"
OVERRIDEYAML=$1
-helm install --debug oran-smo local/smo --namespace smo -f $OVERRIDEYAML
+helm install oran-smo local/smo --namespace smo -f $OVERRIDEYAML
check_for_secrets() {
try=0
Code Review / it / dep.git / commitdiff