From: aravind.est Date: Mon, 24 Mar 2025 18:35:41 +0000 (+0000) Subject: Include RANPM charts as part of ORAN OOM X-Git-Tag: l-release~37 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=4cc2691a36022a77c8f63a6de71e179f582518ae;p=it%2Fdep.git Include RANPM charts as part of ORAN OOM RANPM charts moved as part of ORAN OOM charts Change-Id: Icba4b3cd4671de7059a9f747e55c5eb5c142a844 Signed-off-by: aravind.est --- diff --git a/.gitignore b/.gitignore index 6d47f3f1..f154bc4f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ # ignore all logs *.log *.tar -*.tgz +# *.tgz *.swp *.lock .tox diff --git a/chartstorage/a1controller-2.0.0.tgz b/chartstorage/a1controller-2.0.0.tgz new file mode 100644 index 00000000..fec749d3 Binary files /dev/null and b/chartstorage/a1controller-2.0.0.tgz differ diff --git a/chartstorage/a1simulator-2.1.0.tgz b/chartstorage/a1simulator-2.1.0.tgz new file mode 100644 index 00000000..86797b7d Binary files /dev/null and b/chartstorage/a1simulator-2.1.0.tgz differ diff --git a/chartstorage/capifcore-1.0.0.tgz b/chartstorage/capifcore-1.0.0.tgz new file mode 100644 index 00000000..5a87c1d6 Binary files /dev/null and b/chartstorage/capifcore-1.0.0.tgz differ diff --git a/chartstorage/common-1.0.0.tgz b/chartstorage/common-1.0.0.tgz new file mode 100644 index 00000000..5a4b1ad9 Binary files /dev/null and b/chartstorage/common-1.0.0.tgz differ diff --git a/chartstorage/controlpanel-2.0.0.tgz b/chartstorage/controlpanel-2.0.0.tgz new file mode 100644 index 00000000..a63fc9d2 Binary files /dev/null and b/chartstorage/controlpanel-2.0.0.tgz differ diff --git a/chartstorage/dmaapadapterservice-1.0.0.tgz b/chartstorage/dmaapadapterservice-1.0.0.tgz new file mode 100644 index 00000000..de3519cc Binary files /dev/null and b/chartstorage/dmaapadapterservice-1.0.0.tgz differ diff --git a/chartstorage/informationservice-1.0.0.tgz b/chartstorage/informationservice-1.0.0.tgz new file mode 100644 index 00000000..46cc44b0 Binary files /dev/null and b/chartstorage/informationservice-1.0.0.tgz differ diff --git a/chartstorage/kong-1.0.0.tgz b/chartstorage/kong-1.0.0.tgz new file mode 100644 index 00000000..97a97d33 Binary files /dev/null and b/chartstorage/kong-1.0.0.tgz differ diff --git a/chartstorage/nonrtric-1.0.0.tgz b/chartstorage/nonrtric-1.0.0.tgz new file mode 100644 index 00000000..cd702464 Binary files /dev/null and b/chartstorage/nonrtric-1.0.0.tgz differ diff --git a/chartstorage/nonrtric-common-2.0.0.tgz b/chartstorage/nonrtric-common-2.0.0.tgz new file mode 100644 index 00000000..b3f0741c Binary files /dev/null and b/chartstorage/nonrtric-common-2.0.0.tgz differ diff --git a/chartstorage/nonrtricgateway-1.0.0.tgz b/chartstorage/nonrtricgateway-1.0.0.tgz new file mode 100644 index 00000000..845f7740 Binary files /dev/null and b/chartstorage/nonrtricgateway-1.0.0.tgz differ diff --git a/chartstorage/policymanagementservice-2.0.0.tgz b/chartstorage/policymanagementservice-2.0.0.tgz new file mode 100644 index 00000000..9fe63186 Binary files /dev/null and b/chartstorage/policymanagementservice-2.0.0.tgz differ diff --git a/chartstorage/ranpm-1.0.0.tgz b/chartstorage/ranpm-1.0.0.tgz new file mode 100644 index 00000000..f5d8d9d9 Binary files /dev/null and b/chartstorage/ranpm-1.0.0.tgz differ diff --git a/chartstorage/rappmanager-1.0.0.tgz b/chartstorage/rappmanager-1.0.0.tgz new file mode 100644 index 00000000..97cba8dd Binary files /dev/null and b/chartstorage/rappmanager-1.0.0.tgz differ diff --git a/chartstorage/servicemanager-1.0.0.tgz b/chartstorage/servicemanager-1.0.0.tgz new file mode 100644 index 00000000..476123d8 Binary files /dev/null and b/chartstorage/servicemanager-1.0.0.tgz differ diff --git a/chartstorage/smo-1.0.0.tgz b/chartstorage/smo-1.0.0.tgz new file mode 100644 index 00000000..a30592d6 Binary files /dev/null and b/chartstorage/smo-1.0.0.tgz differ diff --git a/chartstorage/smo-common-1.0.0.tgz b/chartstorage/smo-common-1.0.0.tgz new file mode 100644 index 00000000..bb9e8ca3 Binary files /dev/null and b/chartstorage/smo-common-1.0.0.tgz differ diff --git a/chartstorage/topology-1.0.0.tgz b/chartstorage/topology-1.0.0.tgz new file mode 100644 index 00000000..8fdfbaad Binary files /dev/null and b/chartstorage/topology-1.0.0.tgz differ diff --git a/chartstorage/topology-exposure-inventory-1.0.0.tgz b/chartstorage/topology-exposure-inventory-1.0.0.tgz new file mode 100644 index 00000000..6b8e8e23 Binary files /dev/null and b/chartstorage/topology-exposure-inventory-1.0.0.tgz differ diff --git a/smo-install/helm-override/cnf/oran-override.yaml b/smo-install/helm-override/cnf/oran-override.yaml index 91159b61..3e2d24c9 100644 --- a/smo-install/helm-override/cnf/oran-override.yaml +++ b/smo-install/helm-override/cnf/oran-override.yaml @@ -50,9 +50,6 @@ nonrtric: # Set the size to 0 if you do not need the volume (if you are using Dynamic Volume Provisioning) size: 2Gi storageClassName: ics-storage - volume3: - size: 1Gi - storageClassName: helmmanager-storage common: releasePrefix: r3-dev-nonrtric diff --git a/smo-install/helm-override/default/oran-override.yaml b/smo-install/helm-override/default/oran-override.yaml index 41bd2490..e96ce319 100644 --- a/smo-install/helm-override/default/oran-override.yaml +++ b/smo-install/helm-override/default/oran-override.yaml @@ -38,6 +38,7 @@ nonrtric: installrAppmanager: true installCapifcore: true installServicemanager: true + installRanpm: true # override default mount path root directory # referenced by persistent volumes and log files persistence: @@ -50,9 +51,6 @@ nonrtric: # Set the size to 0 if you do not need the volume (if you are using Dynamic Volume Provisioning) size: 2Gi storageClassName: ics-storage - volume3: - size: 1Gi - storageClassName: helmmanager-storage common: releasePrefix: r3-dev-nonrtric @@ -144,4 +142,5 @@ smo: #List of secrets to be copied from ONAP namespace to SMO secrets: - topology-exposure-ku - - topology-ingestion-ku \ No newline at end of file + - topology-ingestion-ku + - redpanda-console-ku \ No newline at end of file diff --git a/smo-install/helm-override/pythonsdk-tests/oran-override.yaml b/smo-install/helm-override/pythonsdk-tests/oran-override.yaml index 43235d52..79ea435b 100644 --- a/smo-install/helm-override/pythonsdk-tests/oran-override.yaml +++ b/smo-install/helm-override/pythonsdk-tests/oran-override.yaml @@ -50,9 +50,6 @@ nonrtric: # Set the size to 0 if you do not need the volume (if you are using Dynamic Volume Provisioning) size: 2Gi storageClassName: ics-storage - volume3: - size: 1Gi - storageClassName: helmmanager-storage common: releasePrefix: r3-dev-nonrtric diff --git a/smo-install/helm-override/standalone-nonrtric/oran-override.yaml b/smo-install/helm-override/standalone-nonrtric/oran-override.yaml index 54d2c2d4..056a2cf7 100644 --- a/smo-install/helm-override/standalone-nonrtric/oran-override.yaml +++ b/smo-install/helm-override/standalone-nonrtric/oran-override.yaml @@ -50,9 +50,6 @@ nonrtric: # Set the size to 0 if you do not need the volume (if you are using Dynamic Volume Provisioning) size: 2Gi storageClassName: ics-storage - volume3: - size: 1Gi - storageClassName: helmmanager-storage common: releasePrefix: r3-dev-nonrtric diff --git a/smo-install/oran_oom/smo/Chart.yaml b/smo-install/oran_oom/smo/Chart.yaml index c88a3efb..bebfa6b0 100644 --- a/smo-install/oran_oom/smo/Chart.yaml +++ b/smo-install/oran_oom/smo/Chart.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START=============================================== -# Copyright (C) 2024 OpenInfra Foundation Europe. All rights reserved. +# Copyright (C) 2024-2025 OpenInfra Foundation Europe. All rights reserved. # ======================================================================== # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +22,10 @@ description: Open Radio Access Network (ORAN) kubeVersion: ">=1.19.0-0" dependencies: + - name: common + version: ~1.0.0 + repository: "@local" + condition: nonrtric.installRanpm - name: topology-exposure-inventory version: ~1.0.0 repository: "@local" diff --git a/smo-install/oran_oom/smo/common/Chart.yaml b/smo-install/oran_oom/smo/common/Chart.yaml new file mode 100644 index 00000000..b6a821af --- /dev/null +++ b/smo-install/oran_oom/smo/common/Chart.yaml @@ -0,0 +1,50 @@ +################################################################################ +# Copyright (C) 2024-2025 OpenInfra Foundation Europe # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v2 +name: common +description: A Helm chart third party components +version: 1.0.0 +appVersion: "1.16.0" + +dependencies: + - name: smo-common + version: ^1.0.0 + repository: "@local" + - name: influxdb2 + version: 0.1.0 + repository: "file://influxdb2" + - name: kafka-client + version: 0.1.0 + repository: "file://kafka-client" + - name: keycloak + version: 0.1.0 + repository: "file://keycloak" + - name: keycloak-proxy + version: 0.1.0 + repository: "file://keycloak-proxy" + - name: minio + version: 0.1.0 + repository: "file://minio" + - name: opa + version: 0.1.0 + repository: "file://opa" + - name: opa-rule-db + version: 0.1.0 + repository: "file://opa-rule-db" + - name: redpanda-console + version: 0.1.0 + repository: "file://redpanda-console" \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/influxdb2/Chart.yaml b/smo-install/oran_oom/smo/common/influxdb2/Chart.yaml new file mode 100644 index 00000000..362425e6 --- /dev/null +++ b/smo-install/oran_oom/smo/common/influxdb2/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: influxdb2 +description: Influxdb2 helm chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v2" diff --git a/smo-install/oran_oom/smo/common/influxdb2/templates/app-service.yaml b/smo-install/oran_oom/smo/common/influxdb2/templates/app-service.yaml new file mode 100644 index 00000000..82ec4b17 --- /dev/null +++ b/smo-install/oran_oom/smo/common/influxdb2/templates/app-service.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Service +metadata: + name: influxdb2 + labels: + app: influxdb2 +spec: + ports: + - name: influxdb2 + port: 8086 + targetPort: 8086 + nodePort: 31812 + selector: + app: influxdb2 + type: NodePort \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/influxdb2/templates/app-statefulset.yaml b/smo-install/oran_oom/smo/common/influxdb2/templates/app-statefulset.yaml new file mode 100644 index 00000000..30c274b1 --- /dev/null +++ b/smo-install/oran_oom/smo/common/influxdb2/templates/app-statefulset.yaml @@ -0,0 +1,48 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: influxdb2 + name: influxdb2 +spec: + replicas: 1 + selector: + matchLabels: + app: influxdb2 + serviceName: influxdb2 + template: + metadata: + labels: + app: influxdb2 + spec: + containers: + - image: influxdb:2.6.1 + name: influxdb2 + ports: + - containerPort: 8086 + name: influxdb2 + readinessProbe: + httpGet: + path: /ping + port: 8086 + initialDelaySeconds: 10 + periodSeconds: 3 + diff --git a/smo-install/oran_oom/smo/common/kafka-client/Chart.yaml b/smo-install/oran_oom/smo/common/kafka-client/Chart.yaml new file mode 100644 index 00000000..a23bc780 --- /dev/null +++ b/smo-install/oran_oom/smo/common/kafka-client/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: kafka-client +description: Kafka client helm chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "7.2.2" diff --git a/smo-install/oran_oom/smo/common/kafka-client/templates/app-pod.yaml b/smo-install/oran_oom/smo/common/kafka-client/templates/app-pod.yaml new file mode 100644 index 00000000..ee4c3e82 --- /dev/null +++ b/smo-install/oran_oom/smo/common/kafka-client/templates/app-pod.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +# Client pod for kafka cmds and curl + +apiVersion: v1 +kind: Pod +metadata: + name: kafka-client + labels: + app: kafka-client +spec: + restartPolicy: Always + containers: + - name: kafka-client + image: confluentinc/cp-kafka:7.2.2 + command: ['sh', '-c', 'while [ true ];do sleep 60;done'] + imagePullPolicy: IfNotPresent diff --git a/smo-install/oran_oom/smo/common/keycloak-proxy/Chart.yaml b/smo-install/oran_oom/smo/common/keycloak-proxy/Chart.yaml new file mode 100644 index 00000000..aeb52ffd --- /dev/null +++ b/smo-install/oran_oom/smo/common/keycloak-proxy/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: keycloak-proxy +description: Keycloak proxy helm chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/smo-install/oran_oom/smo/common/keycloak-proxy/templates/app-configmap.yaml b/smo-install/oran_oom/smo/common/keycloak-proxy/templates/app-configmap.yaml new file mode 100644 index 00000000..eddb22a9 --- /dev/null +++ b/smo-install/oran_oom/smo/common/keycloak-proxy/templates/app-configmap.yaml @@ -0,0 +1,54 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +# http proxy to keycloak +# for accessing keycloak from outside the cluster +# +# request for generating token must be made from a pod +# from within the cluster in order to get the correct +# issuer (issuer is based on the calling host) + +apiVersion: v1 +kind: ConfigMap +metadata: + name: keycloak-proxy-conf + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +data: + nginx.conf: | + + worker_processes 1; + + events { worker_connections 10; } + + http { + + sendfile on; + + server { + listen 8080; + server_name keycloak; + location ~* ^/ { + proxy_http_version 1.1; + proxy_pass http://keycloak:8080; + + } + } + } + diff --git a/smo-install/oran_oom/smo/common/keycloak-proxy/templates/app-deployment.yaml b/smo-install/oran_oom/smo/common/keycloak-proxy/templates/app-deployment.yaml new file mode 100644 index 00000000..a201a89d --- /dev/null +++ b/smo-install/oran_oom/smo/common/keycloak-proxy/templates/app-deployment.yaml @@ -0,0 +1,52 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +# http proxy for keycloak - only for accessing the keycloak api +# cannot be used to access the admin console + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak-proxy + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +spec: + selector: + matchLabels: + app: keycloak-proxy + replicas: 1 + template: + metadata: + labels: + app: keycloak-proxy + spec: + restartPolicy: Always + containers: + - name: keycloak-proxy + image: nginx:alpine + ports: + - containerPort: 8080 + volumeMounts: + - mountPath: /etc/nginx + readOnly: true + name: keycloak-proxy-conf + volumes: + - name: keycloak-proxy-conf + configMap: + name: keycloak-proxy-conf diff --git a/smo-install/oran_oom/smo/common/keycloak-proxy/templates/app-service.yaml b/smo-install/oran_oom/smo/common/keycloak-proxy/templates/app-service.yaml new file mode 100644 index 00000000..5be7734d --- /dev/null +++ b/smo-install/oran_oom/smo/common/keycloak-proxy/templates/app-service.yaml @@ -0,0 +1,36 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Service +metadata: + name: keycloak-proxy + labels: + app: keycloak-proxy + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +spec: + selector: + app: keycloak-proxy + type: NodePort + ports: + - name: http + port: 8080 + targetPort: 8080 + nodePort: 31784 diff --git a/smo-install/oran_oom/smo/common/keycloak/Chart.yaml b/smo-install/oran_oom/smo/common/keycloak/Chart.yaml new file mode 100644 index 00000000..842e73fe --- /dev/null +++ b/smo-install/oran_oom/smo/common/keycloak/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: keycloak +description: Keycloak helm chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "20" diff --git a/smo-install/oran_oom/smo/common/keycloak/templates/app-deployment.yaml b/smo-install/oran_oom/smo/common/keycloak/templates/app-deployment.yaml new file mode 100644 index 00000000..eef0e3e0 --- /dev/null +++ b/smo-install/oran_oom/smo/common/keycloak/templates/app-deployment.yaml @@ -0,0 +1,57 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak + labels: + app: keycloak + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +spec: + replicas: 1 + selector: + matchLabels: + app: keycloak + template: + metadata: + labels: + app: keycloak + spec: + containers: + - name: keycloak + image: quay.io/keycloak/keycloak:20.0.1 + args: ["start-dev"] + env: + - name: KEYCLOAK_ADMIN + value: "admin" + - name: KEYCLOAK_ADMIN_PASSWORD + value: "admin" + - name: KC_PROXY + value: "none" + ports: + - name: http + containerPort: 8080 + readinessProbe: + httpGet: + path: /realms/master + port: 8080 + initialDelaySeconds: 20 + periodSeconds: 10 diff --git a/smo-install/oran_oom/smo/common/keycloak/templates/app-service.yaml b/smo-install/oran_oom/smo/common/keycloak/templates/app-service.yaml new file mode 100644 index 00000000..5e53a108 --- /dev/null +++ b/smo-install/oran_oom/smo/common/keycloak/templates/app-service.yaml @@ -0,0 +1,36 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Service +metadata: + name: keycloak + labels: + app: keycloak + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + nodePort: 31788 + selector: + app: keycloak + type: NodePort diff --git a/smo-install/oran_oom/smo/common/minio/Chart.yaml b/smo-install/oran_oom/smo/common/minio/Chart.yaml new file mode 100644 index 00000000..5f545060 --- /dev/null +++ b/smo-install/oran_oom/smo/common/minio/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: minio +description: Minio helm chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "RELEASE.2023-02-27T18-10-45Z" diff --git a/smo-install/oran_oom/smo/common/minio/templates/app-service.yaml b/smo-install/oran_oom/smo/common/minio/templates/app-service.yaml new file mode 100644 index 00000000..c1182530 --- /dev/null +++ b/smo-install/oran_oom/smo/common/minio/templates/app-service.yaml @@ -0,0 +1,54 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Service +metadata: + name: minio + labels: + app: minio +spec: + clusterIP: None + type: ClusterIP + clusterIP: None + selector: + app: minio + ports: + - name: tcpmain + protocol: TCP + port: 9000 + targetPort: 9000 + +--- + +apiVersion: v1 +kind: Service +metadata: + name: minio-web + labels: +spec: + type: NodePort + selector: + statefulset.kubernetes.io/pod-name: minio-0 + ports: + - name: httpweb + protocol: TCP + port: 9001 + targetPort: 9001 + nodePort: 31768 + diff --git a/smo-install/oran_oom/smo/common/minio/templates/app-statefulset.yaml b/smo-install/oran_oom/smo/common/minio/templates/app-statefulset.yaml new file mode 100644 index 00000000..e459cccd --- /dev/null +++ b/smo-install/oran_oom/smo/common/minio/templates/app-statefulset.yaml @@ -0,0 +1,77 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: minio + labels: + app: minio +spec: + serviceName: minio + replicas: 1 + selector: + matchLabels: + app: minio + template: + metadata: + labels: + app: minio + spec: + initContainers: + - name: init + image: alpine:latest + imagePullPolicy: IfNotPresent + command: ["ash","-c"] + args: ["IDX=${HOSTNAME##*-} && mkdir -p /data/ && rm -rf /data//*"] + volumeMounts: + - mountPath: /data + name: data-vol + containers: + - name: minio + # Note, in later releases only SSO seem to be possible + # so earlier release kept to be able to login with user/pwd + image: minio/minio:RELEASE.2022-10-21T22-37-48Z + imagePullPolicy: IfNotPresent + ports: + - name: tcpmain + containerPort: 9000 + - name: httpweb + containerPort: 9001 + args: + - server + - "--console-address" + - ":9001" + - /data/0/ + env: + - name: MINIO_ROOT_USER + value: admin + - name: MINIO_ROOT_PASSWORD + value: adminadmin + - name: MINIO_POLICY_PLUGIN_URL + value: http://opa:8181/v1/data/minio/authz/allow + - name: MINIO_IDENTITY_OPENID_CONFIG_URL + value: http://keycloak:8080/realms/nonrtric-realm/.well-known/openid-configuration + volumeMounts: + - mountPath: /data + name: data-vol + volumes: + - name: data-vol + emptyDir: {} + + diff --git a/smo-install/oran_oom/smo/common/minio/templates/client-pod.yaml b/smo-install/oran_oom/smo/common/minio/templates/client-pod.yaml new file mode 100644 index 00000000..f91fa973 --- /dev/null +++ b/smo-install/oran_oom/smo/common/minio/templates/client-pod.yaml @@ -0,0 +1,31 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Pod +metadata: + name: minio-client + labels: + app: minio-client +spec: + containers: + - name: mc-client + image: minio/mc + command: ['sh', '-c', 'while [ true ];do sleep 60;done'] + imagePullPolicy: Always + restartPolicy: Always diff --git a/smo-install/oran_oom/smo/common/minio/values.yaml b/smo-install/oran_oom/smo/common/minio/values.yaml new file mode 100644 index 00000000..05a55a4a --- /dev/null +++ b/smo-install/oran_oom/smo/common/minio/values.yaml @@ -0,0 +1,21 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +minio: + opa: + decisionlogs: true \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/opa-rule-db/Chart.yaml b/smo-install/oran_oom/smo/common/opa-rule-db/Chart.yaml new file mode 100644 index 00000000..f41324cd --- /dev/null +++ b/smo-install/oran_oom/smo/common/opa-rule-db/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: opa-rule-db +description: OPA rule db helm chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/smo-install/oran_oom/smo/common/opa-rule-db/data/bundle.tar.gz b/smo-install/oran_oom/smo/common/opa-rule-db/data/bundle.tar.gz new file mode 100644 index 00000000..c4b13bb9 Binary files /dev/null and b/smo-install/oran_oom/smo/common/opa-rule-db/data/bundle.tar.gz differ diff --git a/smo-install/oran_oom/smo/common/opa-rule-db/templates/app-configmap.yaml b/smo-install/oran_oom/smo/common/opa-rule-db/templates/app-configmap.yaml new file mode 100644 index 00000000..92f58232 --- /dev/null +++ b/smo-install/oran_oom/smo/common/opa-rule-db/templates/app-configmap.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: policy-bundle +binaryData: + bundle.tar.gz: |- + {{ .Files.Get "data/bundle.tar.gz" | b64enc }} + diff --git a/smo-install/oran_oom/smo/common/opa-rule-db/templates/app-deployment.yaml b/smo-install/oran_oom/smo/common/opa-rule-db/templates/app-deployment.yaml new file mode 100644 index 00000000..6a9f71b5 --- /dev/null +++ b/smo-install/oran_oom/smo/common/opa-rule-db/templates/app-deployment.yaml @@ -0,0 +1,49 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bundle-server + labels: +spec: + selector: + matchLabels: + app: bundle-server + replicas: 1 + template: + metadata: + labels: + app: bundle-server + spec: + containers: + - name: bundle-server + image: nginx:1.21 + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /usr/share/nginx/html/bundle.tar.gz + subPath: bundle.tar.gz + name: policy-bundle + volumes: + - configMap: + name: policy-bundle + name: policy-bundle + + + diff --git a/smo-install/oran_oom/smo/common/opa-rule-db/templates/app-service.yaml b/smo-install/oran_oom/smo/common/opa-rule-db/templates/app-service.yaml new file mode 100644 index 00000000..244d0006 --- /dev/null +++ b/smo-install/oran_oom/smo/common/opa-rule-db/templates/app-service.yaml @@ -0,0 +1,37 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Service +metadata: + name: bundle-server + labels: + app: bundle-server +spec: + ports: + - name: http + port: 80 + targetPort: 80 + nodePort: 32201 + selector: + app: bundle-server + type: NodePort + + + + diff --git a/smo-install/oran_oom/smo/common/opa/Chart.yaml b/smo-install/oran_oom/smo/common/opa/Chart.yaml new file mode 100644 index 00000000..b7151fcd --- /dev/null +++ b/smo-install/oran_oom/smo/common/opa/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: opa +description: OPA helm chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "RELEASE.2023-02-27T18-10-45Z" diff --git a/smo-install/oran_oom/smo/common/opa/templates/opa-deployment.yaml b/smo-install/oran_oom/smo/common/opa/templates/opa-deployment.yaml new file mode 100644 index 00000000..2356ec32 --- /dev/null +++ b/smo-install/oran_oom/smo/common/opa/templates/opa-deployment.yaml @@ -0,0 +1,47 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: opa + labels: + app: opa +spec: + selector: + matchLabels: + app: opa + template: + metadata: + labels: + app: opa + spec: + containers: + - name: opa + image: openpolicyagent/opa:0.70.0-envoy-17 + imagePullPolicy: Always + ports: + - name: http + containerPort: 8181 + args: + - "run" + - "--server" + - "--set=decision_logs.console={{ .Values.opa.decisionlogs }}" + - "--set=services.authz.url=http://bundle-server" + - "--set=bundles.authz.service=authz" + - "--set=bundles.authz.resource=bundle.tar.gz" \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/opa/templates/opa-service.yaml b/smo-install/oran_oom/smo/common/opa/templates/opa-service.yaml new file mode 100644 index 00000000..7a46e866 --- /dev/null +++ b/smo-install/oran_oom/smo/common/opa/templates/opa-service.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Service +metadata: + name: opa + labels: + app: opa +spec: + type: ClusterIP + ports: + - port: 8181 + targetPort: 8181 + protocol: TCP + name: http + selector: + app: opa \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/opa/values.yaml b/smo-install/oran_oom/smo/common/opa/values.yaml new file mode 100644 index 00000000..4c9cb47c --- /dev/null +++ b/smo-install/oran_oom/smo/common/opa/values.yaml @@ -0,0 +1,20 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +opa: + decisionlogs: true \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/redpanda-console/Chart.yaml b/smo-install/oran_oom/smo/common/redpanda-console/Chart.yaml new file mode 100644 index 00000000..0d558bf4 --- /dev/null +++ b/smo-install/oran_oom/smo/common/redpanda-console/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: redpanda-console +description: redpanda-console helm chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/smo-install/oran_oom/smo/common/redpanda-console/templates/app-deployment.yaml b/smo-install/oran_oom/smo/common/redpanda-console/templates/app-deployment.yaml new file mode 100644 index 00000000..22dd3f4e --- /dev/null +++ b/smo-install/oran_oom/smo/common/redpanda-console/templates/app-deployment.yaml @@ -0,0 +1,58 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redpanda-console + labels: +spec: + selector: + matchLabels: + app: redpanda-console + template: + metadata: + labels: + app: redpanda-console + spec: + initContainers: + - name: kafka-readiness-check + image: alpine:latest + command: ['sh', '-c', 'apk add --no-cache netcat-openbsd && nc -zv onap-strimzi-kafka-bootstrap.onap 9092'] + containers: + - name: redpanda-console + image: redpandadata/console:v2.2.3 + imagePullPolicy: IfNotPresent + env: + - name: KAFKA_BROKERS + value: "onap-strimzi-kafka-bootstrap.onap:9092" + - name: KAFKA_SASL_ENABLED + value: "true" + - name: KAFKA_SASL_MECHANISM + value: "SCRAM-SHA-512" + - name: KAFKA_SASL_USERNAME + value: "redpanda-console-ku" + - name: KAFKA_SASL_PASSWORD + valueFrom: + secretKeyRef: + name: redpanda-console-ku + key: password + ports: + - name: http + containerPort: 8080 + restartPolicy: Always \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/redpanda-console/templates/app-service.yaml b/smo-install/oran_oom/smo/common/redpanda-console/templates/app-service.yaml new file mode 100644 index 00000000..89aaba43 --- /dev/null +++ b/smo-install/oran_oom/smo/common/redpanda-console/templates/app-service.yaml @@ -0,0 +1,34 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Service +metadata: + name: redpanda-console + labels: + app: redpanda-console +spec: + type: NodePort + selector: + app: redpanda-console + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + name: http + nodePort: 31767 \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/redpanda-console/templates/kafkauser.yaml b/smo-install/oran_oom/smo/common/redpanda-console/templates/kafkauser.yaml new file mode 100644 index 00000000..6310ea8f --- /dev/null +++ b/smo-install/oran_oom/smo/common/redpanda-console/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/redpanda-console/values.yaml b/smo-install/oran_oom/smo/common/redpanda-console/values.yaml new file mode 100644 index 00000000..f1cfb0e5 --- /dev/null +++ b/smo-install/oran_oom/smo/common/redpanda-console/values.yaml @@ -0,0 +1,34 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +global: + #Strimzi Kafka properties + useStrimziKafka: true + +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: "*" + type: group + operations: [All] + - name: "*" + type: topic + operations: [All] + - name: "*" + type: cluster + operations: [All] \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/resources/patch-strimzi-kafka.sh b/smo-install/oran_oom/smo/common/resources/patch-strimzi-kafka.sh new file mode 100644 index 00000000..152cf271 --- /dev/null +++ b/smo-install/oran_oom/smo/common/resources/patch-strimzi-kafka.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# + +# This will create a new kafka listener with oauth based authentication. +# This method will point to a keycloak installed in smo namespace for the validation. +# This will terminate the current kafka pod and restart a new one with the modified settings. +kubectl patch kafka onap-strimzi -n onap --type='json' -p='[ + { + "op": "add", + "path": "/spec/kafka/listeners/-", + "value": { + "name": "oauth", + "port": 9095, + "type": "internal", + "tls": false, + "authentication": { + "type": "oauth", + "enablePlain": true, + "maxSecondsWithoutReauthentication": 300, + "validIssuerUri": "http://keycloak.smo:8080/realms/nonrtric-realm", + "jwksEndpointUri": "http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/certs", + "userNameClaim": "preferred_username" + } + } + } +]' \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/templates/strimzi-patch-configmap.yaml b/smo-install/oran_oom/smo/common/templates/strimzi-patch-configmap.yaml new file mode 100644 index 00000000..506f3fbb --- /dev/null +++ b/smo-install/oran_oom/smo/common/templates/strimzi-patch-configmap.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: strimzi-patch-config + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/templates/strimzi-patch-rbac.yaml b/smo-install/oran_oom/smo/common/templates/strimzi-patch-rbac.yaml new file mode 100644 index 00000000..49a2ef0a --- /dev/null +++ b/smo-install/oran_oom/smo/common/templates/strimzi-patch-rbac.yaml @@ -0,0 +1,56 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: strimzi-patch-sa + namespace: smo + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: strimzi-patch-role + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +rules: + - apiGroups: [''] + resources: ['pods'] + verbs: ["get","list","watch"] + - apiGroups: ['kafka.strimzi.io'] + resources: ['kafkas'] + verbs: ["get","list","watch","patch","update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: strimzi-patch-rb + namespace: onap + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: strimzi-patch-role +subjects: +- kind: ServiceAccount + name: strimzi-patch-sa + namespace: smo \ No newline at end of file diff --git a/smo-install/oran_oom/smo/common/templates/strimzi-patch.yaml b/smo-install/oran_oom/smo/common/templates/strimzi-patch.yaml new file mode 100644 index 00000000..0fc751a2 --- /dev/null +++ b/smo-install/oran_oom/smo/common/templates/strimzi-patch.yaml @@ -0,0 +1,43 @@ +################################################################################ +# Copyright (C) 2025 OpenInfra Foundation Europe # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: batch/v1 +kind: Job +metadata: + name: strimzi-patch + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "4" +spec: + template: + spec: + serviceAccountName: strimzi-patch-sa + containers: + - name: strimzi-patch-container + image: bitnami/kubectl:1.32.2 + command: ["bash","/scripts/patch-strimzi-kafka.sh"] + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + volumeMounts: + - name: strimzi-patch-config-volume + mountPath: /scripts + volumes: + - name: strimzi-patch-config-volume + configMap: + name: strimzi-patch-config + defaultMode: 0755 + restartPolicy: Never diff --git a/smo-install/oran_oom/smo/ranpm/Chart.yaml b/smo-install/oran_oom/smo/ranpm/Chart.yaml new file mode 100644 index 00000000..6d6704ae --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/Chart.yaml @@ -0,0 +1,44 @@ +################################################################################ +# Copyright (C) 2025 OpenInfra Foundation Europe # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v2 +name: ranpm +description: A Helm chart for RANPM Components +version: 1.0.0 +appVersion: "1.16.0" + +dependencies: + - name: smo-common + version: ^1.0.0 + repository: "@local" + - name: nrt-dfc + version: 0.1.0 + repository: "file://charts/dfc" + - name: nrt-kafka-producer-pm-json2influx + version: 0.1.0 + repository: "file://charts/kafka-producer-pm-json2influx" + - name: nrt-kafka-producer-pm-json2kafka + version: 0.1.0 + repository: "file://charts/kafka-producer-pm-json2kafka" + - name: nrt-kafka-producer-pm-xml2json + version: 0.1.0 + repository: "file://charts/kafka-producer-pm-xml2json" + - name: nrt-pm-log + version: 0.1.0 + repository: "file://charts/nrt-pm-log" + - name: nrt-pm-producer-json2kafka + version: 0.1.0 + repository: "file://charts/pm-producer-json2kafka" \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/dfc/Chart.yaml b/smo-install/oran_oom/smo/ranpm/charts/dfc/Chart.yaml new file mode 100644 index 00000000..b9714a1e --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/dfc/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: nrt-dfc +description: NRT DFC chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "2.5.14" diff --git a/smo-install/oran_oom/smo/ranpm/charts/dfc/config/application.yaml b/smo-install/oran_oom/smo/ranpm/charts/dfc/config/application.yaml new file mode 100644 index 00000000..41bb27c7 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/dfc/config/application.yaml @@ -0,0 +1,96 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +spring: + profiles: + active: prod +management: + endpoints: + web: + exposure: + include: "loggers,logfile,health,info,metrics" +server: + port: 8433 + ssl: + key-store-type: JKS + key-store-password: policy_agent + key-store: config/keystore.jks + key-password: policy_agent + key-alias: policy_agent +logging: + level: + ROOT: WARN + org.onap: WARN + org.springframework: WARN + org.springframework.data: WARN + org.springframework.web.reactive.function.client.ExchangeFunctions: WARN + #org.oran.datafile: WARN + org.oran.datafile: TRACE + + file: + name: /var/log/ONAP/application.log +app: + collected-files-path: "/tmp/oran_datafile/" + # Numer of worker threads. Increased number may increase throughput, but will require more executing resources. + number-of-worker-treads: 50 + # If the file name is empty, no authorization token is used + auth-token-file: /token-cache/jwt.txt + # This controls the format used for processing the file-ready messages + # Example values: + # file-ready-message-class: "" (empty) -> Default format(org.oran.datafile.model.DefaultFileReadyMessage) + # file-ready-message-class: "TS28532" (Not empty) -> org.oran.datafile.model.TS28532FileReadyMessage + file-ready-message-class: + # KAFKA boostrap servers. This is only needed if there are Information Types that uses a kafkaInputTopic + # several redundant boostrap servers can be specified, separated by a comma ','. + kafka: + bootstrap-servers: "onap-strimzi-kafka-bootstrap.onap:9095" + + # output topic + collected-file-topic: collected-file + # Override by env var + client-id: + # input topic + file-ready-event-topic: unauthenticated.VES_NOTIFICATION_OUTPUT + # Configues if oath2 tokens shall be used. If set to true, auth-token-file must also be configured + use-oath-token: true + ssl: + key-store-type: PEM + key-store-location: + # key password is needed if the private key is encrypted + key-store-password: + trust-store-type: PEM + trust-store-location: + sftp: + known-hosts-file-path: + strict-host-key-checking: false + ssl: + key-store-password-file: /opt/app/datafile/config/ftps_keystore.pass + key-store: /opt/app/datafile/config/ftps_keystore.p12 + trust-store-password-file: /opt/app/datafile/config/truststore.pass + trust-store: /opt/app/datafile/config/truststore.jks + s3: + endpointOverride: http://minio:9000 + accessKeyId: admin + secretAccessKey: adminadmin + bucket: ropfiles + +springdoc: + show-actuator: true + swagger-ui.disable-swagger-default-url: true +################ + diff --git a/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-configmap-1.yaml b/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-configmap-1.yaml new file mode 100644 index 00000000..01236ccb --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-configmap-1.yaml @@ -0,0 +1,28 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: dfc-cm-truststore + +binaryData: + truststore.jks: |- + {{ .Files.Get "truststore/truststore.jks" | b64enc }} + truststore.pass: |- + {{ .Files.Get "truststore/truststore.pass" | b64enc }} diff --git a/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-configmap-2.yaml b/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-configmap-2.yaml new file mode 100644 index 00000000..40ce1cb8 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-configmap-2.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: dfc-cm + +data: +{{ (.Files.Glob "config/application.yaml").AsConfig | nindent 2 }} + init-wait.sh: | + #!/usr/bin/bash + kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s + kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s + kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s + {{- range .Values.kafkaTopic }} + kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s + {{- end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-service.yaml b/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-service.yaml new file mode 100644 index 00000000..0a1be7f2 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-service.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Service +metadata: + name: dfc + labels: + app: dfc +spec: + clusterIP: None # Headless service + selector: + app: dfc + ports: + - name: http + protocol: TCP + port: 8100 + targetPort: 8100 diff --git a/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-statefulset.yaml b/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-statefulset.yaml new file mode 100644 index 00000000..34063eff --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/app-statefulset.yaml @@ -0,0 +1,112 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: dfc + labels: + app: dfc +spec: + replicas: 1 + serviceName: dfc + selector: + matchLabels: + app: dfc + template: + metadata: + labels: + app: dfc + spec: + serviceAccountName: ranpm-component-sa + volumes: + - name: config-truststore + configMap: + name: dfc-cm-truststore + - name: config-cm + configMap: + name: dfc-cm + - name: config-ran-certs + configMap: + name: ran-certs-config + - name: token-cache-volume + emptyDir: {} + initContainers: + - name: wait-for-keycloak-and-kafka + securityContext: + runAsUser: 0 + image: bitnami/kubectl + command: ["/usr/bin/bash"] + args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"] + volumeMounts: + - name: config-cm + mountPath: /opt/app/scripts/init-wait.sh + subPath: init-wait.sh + containers: + - name: dfc + securityContext: + runAsUser: 0 # Need to run as root - needed when writing to hostpath + image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-ranpm-datafilecollector:1.1.0 + # image: aravindtga/dfc:1.2.0-SNAPSHOT + imagePullPolicy: Always + ports: + - name: http + containerPort: 8100 + volumeMounts: + - name: config-truststore + mountPath: /opt/app/datafile/config/truststore.jks + subPath: truststore.jks + - name: config-cm + mountPath: /opt/app/datafile/config/application.yaml + subPath: application.yaml + - mountPath: /token-cache + name: token-cache-volume + env: + - name: APPID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: APPNS + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: APP_KAFKA_CLIENT-ID + value: "datafile-collector.$(APPNS).$(APPID)" + - name: auth-token + image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-auth-token-fetch:1.1.1 + imagePullPolicy: Always + env: + - name: CREDS_GRANT_TYPE + value: client_credentials + - name: CREDS_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: dfc + key: client_secret + - name: CREDS_CLIENT_ID + value: dfc + - name: AUTH_SERVICE_URL + value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token + - name: OUTPUT_FILE + value: /token-cache/jwt.txt + + volumeMounts: + - mountPath: /token-cache + name: token-cache-volume + + diff --git a/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/kafkauser.yaml b/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/kafkauser.yaml new file mode 100644 index 00000000..6310ea8f --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/dfc/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/dfc/truststore/.gitignore b/smo-install/oran_oom/smo/ranpm/charts/dfc/truststore/.gitignore new file mode 100644 index 00000000..0def8c59 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/dfc/truststore/.gitignore @@ -0,0 +1 @@ +truststore.jks diff --git a/smo-install/oran_oom/smo/ranpm/charts/dfc/truststore/truststore.pass b/smo-install/oran_oom/smo/ranpm/charts/dfc/truststore/truststore.pass new file mode 100644 index 00000000..b915b0f1 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/dfc/truststore/truststore.pass @@ -0,0 +1 @@ +policy_agent \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/dfc/values.yaml b/smo-install/oran_oom/smo/ranpm/charts/dfc/values.yaml new file mode 100644 index 00000000..b802f123 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/dfc/values.yaml @@ -0,0 +1,39 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +global: + #Strimzi Kafka properties + useStrimziKafka: true + +# Strimzi Kafka config +kafkaUser: + name: service-account-dfc + acls: + - name: osc-dmaap-adapter-unauthenticated.VES_NOTIFICATION_OUTPUT + type: group + operations: [Read] + - name: unauthenticated.VES_NOTIFICATION_OUTPUT + type: topic + operations: [Read] + - name: collected-file + type: topic + operations: [Read,Write] + +# This is a reference to the list of topics used by this component +kafkaTopic: + - "unauthenticated.ves-notification-output" + - collected-file \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/Chart.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/Chart.yaml new file mode 100644 index 00000000..d7a07e6e --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: nrt-kafka-producer-pm-json2influx +description: NRT Kafka producer for pm json to influx chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/config/application_configuration.json b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/config/application_configuration.json new file mode 100644 index 00000000..d0b91006 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/config/application_configuration.json @@ -0,0 +1,12 @@ +{ + "types": [ + { + "id": "json-file-data-from-filestore-to-influx", + "kafkaInputTopic": "json-file-ready-kp", + "inputJobType": "xml-file-data-to-filestore", + "inputJobDefinition": { + "kafkaOutputTopic": "json-file-ready-kp" + } + } + ] +} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/app-configmap.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/app-configmap.yaml new file mode 100644 index 00000000..b8d0210b --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/app-configmap.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kafka-producer-pm-json2influx-cm-config + +data: +{{ (.Files.Glob "config/application_configuration.json").AsConfig | nindent 2 }} + init-wait.sh: | + #!/usr/bin/bash + kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s + kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s + kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s + {{- range .Values.kafkaTopic }} + kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s + {{- end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/app-service.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/app-service.yaml new file mode 100644 index 00000000..944e17b2 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/app-service.yaml @@ -0,0 +1,34 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + + +apiVersion: v1 +kind: Service +metadata: + name: kafka-producer-pm-json2influx + labels: + app: kafka-producer-pm-json2influx +spec: + clusterIP: None # Headless service + selector: + app: kafka-producer-pm-json2influx + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 80 \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/app-statefulset.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/app-statefulset.yaml new file mode 100644 index 00000000..fcef2143 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/app-statefulset.yaml @@ -0,0 +1,105 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kafka-producer-pm-json2influx + labels: + app: kafka-producer-pm-json2influx + +spec: + replicas: 1 + serviceName: kafka-producer-pm-json2influx + selector: + matchLabels: + app: kafka-producer-pm-json2influx + template: + metadata: + labels: + app: kafka-producer-pm-json2influx + + spec: + serviceAccountName: ranpm-component-sa + initContainers: + - name: wait-for-keycloak-and-kafka + securityContext: + runAsUser: 0 + image: bitnami/kubectl + command: ["/usr/bin/bash"] + args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"] + volumeMounts: + - name: kafka-producer-pm-json2influx-cm-config + mountPath: /opt/app/scripts/init-wait.sh + subPath: init-wait.sh + containers: + - name: kafka-producer-pm-json2influx + image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-ranpm-pm-file-converter:1.1.1 + imagePullPolicy: Always + ports: + - name: http + containerPort: 80 + env: + - name: E1 + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KP + valueFrom: + fieldRef: + fieldPath: metadata.name + + - name: KAFKA_SERVER + value: "onap-strimzi-kafka-bootstrap.onap:9095" + # This property controls the data format used for the conversion + # Example values: + # DATA_TYPE_FORMAT = "" -> older 4G/Default Measurement file format + # DATA_TYPE_FORMAT = "TS28532" -> 5G/3GPP-TS-28.532 Measurement file format + - name: DATA_TYPE_FORMAT + value: "" + - name: ICS + value: informationservice.nonrtric:9082 + - name: SELF + value: "$(E1).kafka-producer-pm-json2influx:80" + - name: FILESTORE_USER + value: admin + - name: FILESTORE_PWD + value: adminadmin + - name: FILESTORE_SERVER + value: minio:9000 + - name: CREDS_GRANT_TYPE + value: client_credentials + - name: CREDS_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: kafka-pm-json-2-influx + key: client_secret + - name: CREDS_CLIENT_ID + value: kafka-producer-pm-json2influx + - name: AUTH_SERVICE_URL + value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token + volumeMounts: + - mountPath: /application_configuration.json + subPath: application_configuration.json + name: kafka-producer-pm-json2influx-cm-config + volumes: + - configMap: + defaultMode: 420 + name: kafka-producer-pm-json2influx-cm-config + name: kafka-producer-pm-json2influx-cm-config diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/kafkauser.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/kafkauser.yaml new file mode 100644 index 00000000..6310ea8f --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/values.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/values.yaml new file mode 100644 index 00000000..798e880f --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2influx/values.yaml @@ -0,0 +1,43 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +global: + #Strimzi Kafka properties + useStrimziKafka: true + +# Strimzi Kafka config +kafkaUser: + # For SCRAM-SHA-512 the name need not to be filled + # Name should be populated when a different authentication mechanism being used. e.g. OAUTH + # While using OAUTH authetication with keycloak, this name should match the user name of the client in keycloak + # This user name comes as OAUTH user to strimzi for the authorization. Hence the matching name authorizes the request. + name: service-account-kafka-producer-pm-json2influx + acls: + - name: kafka-procon-json-file-data-from-filestore-to-influx + type: group + operations: [Read] + - name: json-file-ready-kp + type: topic + operations: [Read, Write] + - name: json-file-ready-kpadp + type: topic + operations: [Read, Write] + +# This is a reference to the list of topics used by this component +kafkaTopic: + - json-file-ready-kp + - json-file-ready-kpadp \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/Chart.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/Chart.yaml new file mode 100644 index 00000000..85f75c83 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: nrt-kafka-producer-pm-json2kafka +description: NRT Kafka producer for pm json to kafka chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/config/application_configuration.json b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/config/application_configuration.json new file mode 100644 index 00000000..a4648c1b --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/config/application_configuration.json @@ -0,0 +1,12 @@ +{ + "types": [ + { + "id": "json-file-data-from-filestore", + "kafkaInputTopic": "json-file-ready-kp", + "inputJobType": "xml-file-data-to-filestore", + "inputJobDefinition": { + "kafkaOutputTopic": "json-file-ready-kp" + } + } + ] +} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/app-configmap.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/app-configmap.yaml new file mode 100644 index 00000000..03d03d6f --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/app-configmap.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kafka-producer-pm-json2kafka-cm-config + +data: +{{ (.Files.Glob "config/application_configuration.json").AsConfig | nindent 2 }} + init-wait.sh: | + #!/usr/bin/bash + kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s + kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s + kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s + {{- range .Values.kafkaTopic }} + kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s + {{- end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/app-service.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/app-service.yaml new file mode 100644 index 00000000..0626eb17 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/app-service.yaml @@ -0,0 +1,34 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + + +apiVersion: v1 +kind: Service +metadata: + name: kafka-producer-pm-json2kafka + labels: + app: kafka-producer-pm-json2kafka +spec: + clusterIP: None # Headless service + selector: + app: kafka-producer-pm-json2kafka + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 80 \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/app-statefulset.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/app-statefulset.yaml new file mode 100644 index 00000000..b2fde8de --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/app-statefulset.yaml @@ -0,0 +1,105 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kafka-producer-pm-json2kafka + labels: + app: kafka-producer-pm-json2kafka + +spec: + replicas: 1 + serviceName: kafka-producer-pm-json2kafka + selector: + matchLabels: + app: kafka-producer-pm-json2kafka + template: + metadata: + labels: + app: kafka-producer-pm-json2kafka + + spec: + serviceAccountName: ranpm-component-sa + initContainers: + - name: wait-for-keycloak-and-kafka + securityContext: + runAsUser: 0 + image: bitnami/kubectl + command: ["/usr/bin/bash"] + args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"] + volumeMounts: + - name: kafka-producer-pm-json2kafka-cm-config + mountPath: /opt/app/scripts/init-wait.sh + subPath: init-wait.sh + containers: + - name: kafka-producer-pm-json2kafka + image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-ranpm-pm-file-converter:1.1.1 + imagePullPolicy: Always + ports: + - name: http + containerPort: 80 + env: + - name: E1 + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KP + valueFrom: + fieldRef: + fieldPath: metadata.name + + - name: KAFKA_SERVER + value: "onap-strimzi-kafka-bootstrap.onap:9095" + # This property controls the data format used for the conversion + # Example values: + # DATA_TYPE_FORMAT = "" -> older 4G/Default Measurement file format + # DATA_TYPE_FORMAT = "TS28532" -> 5G/3GPP-TS-28.532 Measurement file format + - name: DATA_TYPE_FORMAT + value: "" + - name: ICS + value: informationservice.nonrtric:9082 + - name: SELF + value: "$(E1).kafka-producer-pm-json2kafka:80" + - name: FILESTORE_USER + value: admin + - name: FILESTORE_PWD + value: adminadmin + - name: FILESTORE_SERVER + value: minio:9000 + - name: CREDS_GRANT_TYPE + value: client_credentials + - name: CREDS_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: kafka-pm-json-2-kafka + key: client_secret + - name: CREDS_CLIENT_ID + value: kafka-producer-pm-json2kafka + - name: AUTH_SERVICE_URL + value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token + volumeMounts: + - mountPath: /application_configuration.json + subPath: application_configuration.json + name: kafka-producer-pm-json2kafka-cm-config + volumes: + - configMap: + defaultMode: 420 + name: kafka-producer-pm-json2kafka-cm-config + name: kafka-producer-pm-json2kafka-cm-config diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/kafkauser.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/kafkauser.yaml new file mode 100644 index 00000000..6310ea8f --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/values.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/values.yaml new file mode 100644 index 00000000..78a09260 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-json2kafka/values.yaml @@ -0,0 +1,43 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +global: + #Strimzi Kafka properties + useStrimziKafka: true + +# Strimzi Kafka config +kafkaUser: + # For SCRAM-SHA-512 the name need not to be filled + # Name should be populated when a different authentication mechanism being used. e.g. OAUTH + # While using OAUTH authetication with keycloak, this name should match the user name of the client in keycloak + # This user name comes as OAUTH user to strimzi for the authorization. Hence the matching name authorizes the request. + name: service-account-kafka-producer-pm-json2kafka + acls: + - name: kafka-procon-json-file-data-from-filestore + type: group + operations: [Read] + - name: json-file-ready-kp + type: topic + operations: [Read, Write] + - name: json-file-ready-kpadp + type: topic + operations: [Read, Write] + +# This is a reference to the list of topics used by this component +kafkaTopic: + - json-file-ready-kp + - json-file-ready-kpadp \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/Chart.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/Chart.yaml new file mode 100644 index 00000000..2988f0ec --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: nrt-kafka-producer-pm-xml2json +description: NRT Kafka producer for pm xml to json chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/config/application_configuration.json b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/config/application_configuration.json new file mode 100644 index 00000000..0f7c0e69 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/config/application_configuration.json @@ -0,0 +1,8 @@ +{ + "types": [ + { + "id": "xml-file-data-to-filestore", + "kafkaInputTopic": "collected-file" + } + ] + } \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/app-configmap.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/app-configmap.yaml new file mode 100644 index 00000000..3e4b3c42 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/app-configmap.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kafka-producer-pm-xml2json-cm-config + +data: +{{ (.Files.Glob "config/application_configuration.json").AsConfig | nindent 2 }} + init-wait.sh: | + #!/usr/bin/bash + kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s + kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s + kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s + {{- range .Values.kafkaTopic }} + kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s + {{- end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/app-service.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/app-service.yaml new file mode 100644 index 00000000..ee95ba2a --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/app-service.yaml @@ -0,0 +1,34 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + + +apiVersion: v1 +kind: Service +metadata: + name: kafka-producer-pm-xml2json + labels: + app: kafka-producer-pm-xml2json +spec: + clusterIP: None # Headless service + selector: + app: kafka-producer-pm-xml2json + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 80 \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/app-statefulset.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/app-statefulset.yaml new file mode 100644 index 00000000..d0663dcb --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/app-statefulset.yaml @@ -0,0 +1,105 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: kafka-producer-pm-xml2json + labels: + app: kafka-producer-pm-xml2json + +spec: + replicas: 1 + serviceName: kafka-producer-pm-xml2json + selector: + matchLabels: + app: kafka-producer-pm-xml2json + template: + metadata: + labels: + app: kafka-producer-pm-xml2json + + spec: + serviceAccountName: ranpm-component-sa + initContainers: + - name: wait-for-keycloak-and-kafka + securityContext: + runAsUser: 0 + image: bitnami/kubectl + command: ["/usr/bin/bash"] + args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"] + volumeMounts: + - name: kafka-producer-pm-xml2json-cm-config + mountPath: /opt/app/scripts/init-wait.sh + subPath: init-wait.sh + containers: + - name: kafka-producer-pm-xml2json + image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-ranpm-pm-file-converter:1.1.1 + imagePullPolicy: Always + ports: + - name: http + containerPort: 80 + env: + - name: E1 + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KP + valueFrom: + fieldRef: + fieldPath: metadata.name + + - name: KAFKA_SERVER + value: "onap-strimzi-kafka-bootstrap.onap:9095" + # This property controls the data format used for the conversion + # Example values: + # DATA_TYPE_FORMAT = "" -> older 4G/Default Measurement file format + # DATA_TYPE_FORMAT = "TS28532" -> 5G/3GPP-TS-28.532 Measurement file format + - name: DATA_TYPE_FORMAT + value: "" + - name: ICS + value: informationservice.nonrtric:9082 + - name: SELF + value: "$(E1).kafka-producer-pm-xml2json:80" + - name: FILESTORE_USER + value: admin + - name: FILESTORE_PWD + value: adminadmin + - name: FILESTORE_SERVER + value: minio:9000 + - name: CREDS_GRANT_TYPE + value: client_credentials + - name: CREDS_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: kafka-pm-xml-2-json + key: client_secret + - name: CREDS_CLIENT_ID + value: kafka-producer-pm-xml2json + - name: AUTH_SERVICE_URL + value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token + volumeMounts: + - mountPath: /application_configuration.json + subPath: application_configuration.json + name: kafka-producer-pm-xml2json-cm-config + volumes: + - configMap: + defaultMode: 420 + name: kafka-producer-pm-xml2json-cm-config + name: kafka-producer-pm-xml2json-cm-config diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/kafkauser.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/kafkauser.yaml new file mode 100644 index 00000000..6310ea8f --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/values.yaml b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/values.yaml new file mode 100644 index 00000000..e3b605b7 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/kafka-producer-pm-xml2json/values.yaml @@ -0,0 +1,47 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +global: + #Strimzi Kafka properties + useStrimziKafka: true + +# Strimzi Kafka config +kafkaUser: + # For SCRAM-SHA-512 the name need not to be filled + # Name should be populated when a different authentication mechanism being used. e.g. OAUTH + # While using OAUTH authetication with keycloak, this name should match the user name of the client in keycloak + # This user name comes as OAUTH user to strimzi for the authorization. Hence the matching name authorizes the request. + name: service-account-kafka-producer-pm-xml2json + acls: + - name: kafka-procon-xml-file-data-to-filestore + type: group + operations: [Read] + - name: collected-file + type: topic + operations: [Read, Write] + - name: json-file-ready-kp + type: topic + operations: [Read, Write] + - name: json-file-ready-kpadp + type: topic + operations: [Read, Write] + +# This is a reference to the list of topics used by this component +kafkaTopic: + - collected-file + - json-file-ready-kp + - json-file-ready-kpadp \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/Chart.yaml b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/Chart.yaml new file mode 100644 index 00000000..6d89ef64 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: nrt-pm-log +description: NRT PMLog chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/config/application.yaml b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/config/application.yaml new file mode 100644 index 00000000..b37fef69 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/config/application.yaml @@ -0,0 +1,109 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +spring: + profiles: + active: prod + main: + allow-bean-definition-overriding: true + aop: + auto: false +management: + endpoints: + web: + exposure: + # Enabling of springboot actuator features. See springboot documentation. + include: "loggers,logfile,health,info,metrics,threaddump,heapdump,shutdown" + endpoint: + shutdown: + enabled: true +lifecycle: + timeout-per-shutdown-phase: "20s" +springdoc: + show-actuator: true +logging: + # Configuration of logging + level: + ROOT: WARN + org.apache.kafka: WARN + org.springframework: ERROR + org.springframework.data: ERROR + org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR + org.oran.pmlog: DEBUG + pattern: + console: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] %logger{20} - %msg%n" + file: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] %logger{20} - %msg%n" + + file: + name: /var/log/pmlog-service/application.log +server: + # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework. + # See springboot documentation. + port : 8436 + http-port: 8084 + ssl: + key-store-type: JKS + key-store-password: policy_agent + key-store: /opt/app/pmlog-service/etc/cert/keystore.jks + key-password: policy_agent + key-alias: policy_agent + shutdown: "graceful" +app: + webclient: + # Configuration of the trust store used for the HTTP client (outgoing requests) + # The file location and the password for the truststore is only relevant if trust-store-used == true + # Note that the same keystore as for the server is used. + trust-store-used: false + trust-store-password: policy_agent + trust-store: /opt/app/pmlog-service/etc/cert/truststore.jks + # Configuration of usage of HTTP Proxy for the southbound accesses. + # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s + http.proxy-host: + http.proxy-port: 0 + kafka: + # KAFKA boostrap servers. + # several redundant boostrap servers can be specified, separated by a comma ','. + # bootstrap-servers and input-topic is overriden if defined in deliveryInfo in config/jobDefinition.json + bootstrap-servers: "onap-strimzi-kafka-bootstrap.onap:9095" + input-topic: + # The maximum number of records returned in a single call to poll() (default 100) + max-poll-records: 500 + group-id: kafkaGroupId + client-id: kafkaClientId + # Configues if oath2 tokens shall be used. If set to true, auth-token-file must also be configured + use-oath-token: true + ssl: + key-store-type: PEM + key-store-location: + # key password is needed if the private key is encrypted + key-store-password: + trust-store-type: PEM + trust-store-location: + influx: + url: http://influxdb2:8086 + # Override by env var + access-token: + bucket: pm-logg-bucket + org: est + # The user, password and database can be blank if the access-token is defined + user: + password: + database: + ics-base-url: http://informationservice.nonrtric:9082 + consumer-job-id: "pmlog" + # If the file name is empty, no authorization token is used + auth-token-file: /token-cache/jwt.txt \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/config/jobDefinition.json b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/config/jobDefinition.json new file mode 100644 index 00000000..e11fa8f4 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/config/jobDefinition.json @@ -0,0 +1,23 @@ +{ + "info_type_id": "PmData", + "job_owner": "console", + "job_definition": { + "filter": { + "sourceNames": [], + "measObjInstIds": [], + "measTypeSpecs": [ + { + "measuredObjClass": "NRCellDU", + "measTypes": [ + "pmCounterNumber101" + ] + } + ], + "measuredEntityDns": [] + }, + "deliveryInfo": { + "topic": "pmreports", + "bootStrapServers": "onap-strimzi-kafka-bootstrap.onap:9095" + } + } +} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-configmap1.yaml b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-configmap1.yaml new file mode 100644 index 00000000..87a11122 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-configmap1.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pmlog-app-cm + +data: +{{ (.Files.Glob "config/application.yaml").AsConfig | nindent 2 }} + init-wait.sh: | + #!/usr/bin/bash + kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s + kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s + kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s + {{- range .Values.kafkaTopic }} + kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s + {{- end }} diff --git a/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-configmap2.yaml b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-configmap2.yaml new file mode 100644 index 00000000..d909537a --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-configmap2.yaml @@ -0,0 +1,25 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pmlog-job-cm + +data: +{{ (.Files.Glob "config/jobDefinition.json").AsConfig | nindent 2 }} diff --git a/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-service.yaml b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-service.yaml new file mode 100644 index 00000000..7c0ccf9b --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-service.yaml @@ -0,0 +1,38 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Service +metadata: + name: pmlog + labels: + app: pmlog +spec: + type: ClusterIP + clusterIP: None + selector: + app: pmlog + ports: + - name: http + protocol: TCP + port: 8084 + targetPort: 8084 + - name: https + protocol: TCP + port: 8436 + targetPort: 8436 diff --git a/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-statefulset.yaml b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-statefulset.yaml new file mode 100644 index 00000000..e9be833d --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/app-statefulset.yaml @@ -0,0 +1,110 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: pmlog + labels: + app: pmlog +spec: + replicas: 1 + serviceName: pmlog + selector: + matchLabels: + app: pmlog + template: + metadata: + labels: + app: pmlog + spec: + serviceAccountName: ranpm-component-sa + initContainers: + - name: wait-for-keycloak-and-kafka + securityContext: + runAsUser: 0 + image: bitnami/kubectl + command: ["/usr/bin/bash"] + args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"] + volumeMounts: + - name: pmlog-app-cm + mountPath: /opt/app/scripts/init-wait.sh + subPath: init-wait.sh + volumes: + - name: pmlog-app-cm + configMap: + name: pmlog-app-cm + - name: pmlog-job-cm + configMap: + name: pmlog-job-cm + - name: token-cache-volume + emptyDir: {} + containers: + - name: auth-token + image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-auth-token-fetch:1.1.1 + imagePullPolicy: Always + env: + - name: CREDS_GRANT_TYPE + value: client_credentials + - name: CREDS_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: pm-log + key: client_secret + - name: CREDS_CLIENT_ID + value: nrt-pm-log + - name: AUTH_SERVICE_URL + value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token + - name: OUTPUT_FILE + value: /token-cache/jwt.txt + volumeMounts: + - mountPath: /token-cache + name: token-cache-volume + - name: pmlog + image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-pmlog:1.1.0 + imagePullPolicy: Always + command: + - sh + - -c + - until [ -e /token-cache/jwt.txt ]; do echo "Waiting for JWT to be available"; sleep 1; done; /jre/bin/java -jar /opt/app/pmlog-service/pmlog.jar + ports: + - name: http + containerPort: 8084 + - name: https + containerPort: 8436 + volumeMounts: + - name: pmlog-app-cm + mountPath: /opt/app/pmlog-service/config/application.yaml + subPath: application.yaml + - name: pmlog-job-cm + mountPath: /opt/app/pmlog-service/config/jobDefinition.json + subPath: jobDefinition.json + - mountPath: /token-cache + name: token-cache-volume + env: + - name: APP_INFLUX_ACCESSTOKEN + valueFrom: + secretKeyRef: + name: influxdb-api-token + key: token + + + + + diff --git a/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/kafkauser.yaml b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/kafkauser.yaml new file mode 100644 index 00000000..6310ea8f --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/values.yaml b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/values.yaml new file mode 100644 index 00000000..d9ca9050 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/nrt-pm-log/values.yaml @@ -0,0 +1,39 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +global: + #Strimzi Kafka properties + useStrimziKafka: true + +# Strimzi Kafka config +kafkaUser: + # For SCRAM-SHA-512 the name need not to be filled + # Name should be populated when a different authentication mechanism being used. e.g. OAUTH + # While using OAUTH authetication with keycloak, this name should match the user name of the client in keycloak + # This user name comes as OAUTH user to strimzi for the authorization. Hence the matching name authorizes the request. + name: service-account-nrt-pm-log + acls: + - name: kafkaGroupId + type: group + operations: [Read] + - name: pmreports + type: topic + operations: [Read, Write] + +# This is a reference to the list of topics used by this component +kafkaTopic: + - pmreports \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/Chart.yaml b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/Chart.yaml new file mode 100644 index 00000000..4ee9e681 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/Chart.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v2 +name: nrt-pm-producer-json2kafka +description: NRT PM Producer for json to kafka chart + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/config/application.yaml b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/config/application.yaml new file mode 100644 index 00000000..576d6f77 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/config/application.yaml @@ -0,0 +1,105 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +spring: + profiles: + active: prod + main: + allow-bean-definition-overriding: true + aop: + auto: false +management: + endpoints: + web: + exposure: + # Enabling of springboot actuator features. See springboot documentation. + include: "loggers,logfile,health,info,metrics,threaddump,heapdump" + endpoint: + shutdown: + enabled: true +lifecycle: + timeout-per-shutdown-phase: "20s" +springdoc: + show-actuator: true +logging: + # Configuration of logging + level: + ROOT: WARN + org.apache.kafka: WARN + org.springframework: ERROR + org.springframework.data: ERROR + org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR + org.oran.pmproducer: TRACE + pattern: + console: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] %logger{20} - %msg%n" + file: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] %logger{20} - %msg%n" + + file: + name: /var/log/pm-producer-service/application.log +server: + # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework. + # See springboot documentation. + port : 8435 + http-port: 8084 + ssl: + key-store-type: JKS + key-store-password: policy_agent + key-store: /opt/app/pm-producer-service/etc/cert/keystore.jks + key-password: policy_agent + key-alias: policy_agent + shutdown: "graceful" +app: + webclient: + # Configuration of the trust store used for the HTTP client (outgoing requests) + # The file location and the password for the truststore is only relevant if trust-store-used == true + # Note that the same keystore as for the server is used. + trust-store-used: false + trust-store-password: policy_agent + trust-store: /opt/app/pm-producer-service/etc/cert/truststore.jks + # Configuration of usage of HTTP Proxy for the southbound accesses. + # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s + http.proxy-host: + http.proxy-port: 0 + ics-base-url: http://informationservice.nonrtric:9082 + configuration-filepath: /opt/app/pm-producer-service/data/application_configuration.json + #Override from env var + pm-producer-base-url: + # KAFKA boostrap servers. This is only needed if there are Information Types that uses a kafkaInputTopic + # several redundant boostrap servers can be specified, separated by a comma ','. + kafka: + bootstrap-servers: "onap-strimzi-kafka-bootstrap.onap:9095" + # The maximum number of records returned in a single call to poll() (default 100) + max-poll-records: 500 + # Configues if oath2 tokens shall be used. If set to true, auth-token-file must also be configured + use-oath-token: true + ssl: + key-store-type: PEM + key-store-location: + # key password is needed if the private key is encrypted + key-store-password: + trust-store-type: PEM + trust-store-location: + # If the file name is empty, no authorization token is used + auth-token-file: /token-cache/jwt.txt + pm-files-path: /pm-files + zip-output: false + s3: + endpointOverride: http://minio:9000 + accessKeyId: admin + secretAccessKey: adminadmin + locksBucket: pm-files-json-locks + bucket: pm-files-json diff --git a/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/config/application_configuration.json b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/config/application_configuration.json new file mode 100644 index 00000000..392afed5 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/config/application_configuration.json @@ -0,0 +1,14 @@ +{ + "types": [ + { + "id": "PmData", + "kafkaInputTopic": "json-file-ready-kpadp", + "useHttpProxy": false, + "dataType": "pmData", + "inputJobType": "xml-file-data-to-filestore", + "inputJobDefinition": { + "kafkaOutputTopic": "json-file-ready-kpadp" + } + } + ] +} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-configmap1.yaml b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-configmap1.yaml new file mode 100644 index 00000000..e4d8c372 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-configmap1.yaml @@ -0,0 +1,25 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pm-producer-json2kafka-cm-data + +data: +{{ (.Files.Glob "config/application_configuration.json").AsConfig | nindent 2 }} diff --git a/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-configmap2.yaml b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-configmap2.yaml new file mode 100644 index 00000000..caf612ce --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-configmap2.yaml @@ -0,0 +1,33 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pm-producer-json2kafka-cm-config + +data: +{{ (.Files.Glob "config/application.yaml").AsConfig | nindent 2 }} + init-wait.sh: | + #!/usr/bin/bash + kubectl wait job.batch/keycloak-init --for condition=complete --timeout 300s + kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=informationservice -n nonrtric --timeout=300s + kubectl wait kafkausers {{ .Values.kafkaUser.name }} -n onap --for condition=ready --timeout 300s + {{- range .Values.kafkaTopic }} + kubectl wait kafkatopics {{.}}-kt -n onap --for condition=ready --timeout 300s + {{- end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-service.yaml b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-service.yaml new file mode 100644 index 00000000..ec4d65f2 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-service.yaml @@ -0,0 +1,34 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + + +apiVersion: v1 +kind: Service +metadata: + name: pm-producer-json2kafka + labels: + app: pm-producer-json2kafka +spec: + clusterIP: None # Headless service + selector: + app: pm-producer-json2kafka + ports: + - name: http + protocol: TCP + port: 8084 + targetPort: 8084 \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-statefulset.yaml b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-statefulset.yaml new file mode 100644 index 00000000..281738d3 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/app-statefulset.yaml @@ -0,0 +1,106 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: pm-producer-json2kafka + labels: + app: pm-producer-json2kafka +spec: + replicas: 1 + serviceName: pm-producer-json2kafka + selector: + matchLabels: + app: pm-producer-json2kafka + template: + metadata: + labels: + app: pm-producer-json2kafka + spec: + serviceAccountName: ranpm-component-sa + initContainers: + - name: wait-for-keycloak-and-kafka + securityContext: + runAsUser: 0 + image: bitnami/kubectl + command: ["/usr/bin/bash"] + args: ["-c", "cp /opt/app/scripts/init-wait.sh /opt/ && chmod +x /opt/init-wait.sh && /opt/init-wait.sh"] + volumeMounts: + - name: pm-producer-json2kafka-cm-config + mountPath: /opt/app/scripts/init-wait.sh + subPath: init-wait.sh + containers: + - name: pm-producer-json2kafka + image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-pmproducer:1.1.0 + imagePullPolicy: Always + ports: + - name: http + containerPort: 8084 + env: + - name: APPID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: APPNS + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # Overriding value in application.yaml + - name: APP_PM-PRODUCER-BASE-URL + value: "http://$(APPID).pm-producer-json2kafka.$(APPNS):8084" + volumeMounts: + - mountPath: /opt/app/pm-producer-service/data/application_configuration.json + subPath: application_configuration.json + name: pm-producer-json2kafka-cm-data + - mountPath: /opt/app/pm-producer-service/config/application.yaml + subPath: application.yaml + name: pm-producer-json2kafka-cm-config + - mountPath: /token-cache + name: token-cache-volume + - name: auth-token + image: nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-auth-token-fetch:1.1.1 + imagePullPolicy: Always + env: + - name: CREDS_GRANT_TYPE + value: client_credentials + - name: CREDS_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: pm-producer-json-2-kafka + key: client_secret + - name: CREDS_CLIENT_ID + value: pm-producer-json2kafka + - name: AUTH_SERVICE_URL + value: http://keycloak.smo:8080/realms/nonrtric-realm/protocol/openid-connect/token + - name: OUTPUT_FILE + value: /token-cache/jwt.txt + + volumeMounts: + - mountPath: /token-cache + name: token-cache-volume + volumes: + - name: pm-producer-json2kafka-cm-data + configMap: + name: pm-producer-json2kafka-cm-data + - name: pm-producer-json2kafka-cm-config + configMap: + name: pm-producer-json2kafka-cm-config + - name: token-cache-volume + emptyDir: {} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/kafkauser.yaml b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/kafkauser.yaml new file mode 100644 index 00000000..6310ea8f --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2024-2025 OpenInfra Foundation Europe. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkauser" . }} +{{ end }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/values.yaml b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/values.yaml new file mode 100644 index 00000000..c4d2a95c --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/charts/pm-producer-json2kafka/values.yaml @@ -0,0 +1,43 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +global: + #Strimzi Kafka properties + useStrimziKafka: true + +# Strimzi Kafka config +kafkaUser: + # For SCRAM-SHA-512 the name need not to be filled + # Name should be populated when a different authentication mechanism being used. e.g. OAUTH + # While using OAUTH authetication with keycloak, this name should match the user name of the client in keycloak + # This user name comes as OAUTH user to strimzi for the authorization. Hence the matching name authorizes the request. + name: service-account-pm-producer-json2kafka + acls: + - name: osc-pm_producer-PmData + type: group + operations: [Read] + - name: pmreports + type: topic + operations: [Read, Write] + - name: json-file-ready-kpadp + type: topic + operations: [Read, Write] + +# This is a reference to the list of topics used by this component +kafkaTopic: + - pmreports + - json-file-ready-kpadp \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/resources/scripts/ics/configure_ics.sh b/smo-install/oran_oom/smo/ranpm/resources/scripts/ics/configure_ics.sh new file mode 100644 index 00000000..dc675a00 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/resources/scripts/ics/configure_ics.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +# Install required dependencies +apk add --no-cache curl jq envsubst + +. scripts/ics_utils.sh +. scripts/keycloak_utils.sh + +# Generic error printout function +# args: +check_error() { + if [ $1 -ne 0 ]; then + echo "Failed: $2" + echo "Exiting..." + exit 1 + fi +} + +cid="console-setup" +TOKEN=$(get_client_token nonrtric-realm $cid) + +JOB='{"info_type_id": "json-file-data-from-filestore-to-influx", + "job_owner": "console", + "status_notification_uri": "http://callback.nonrtric:80/post", + "job_definition": { + "db-url":"http://influxdb2:8086", + "db-org":"est", + "db-bucket":"pm-bucket", + "db-token":"'$INFLUXDB2_TOKEN'", + "filterType":"pmdata", + "filter":{} + }}' +echo $JOB > .job.json +create_ics_job kp-influx-json 0 $TOKEN + +echo "done" + + + + diff --git a/smo-install/oran_oom/smo/ranpm/resources/scripts/ics/ics_utils.sh b/smo-install/oran_oom/smo/ranpm/resources/scripts/ics/ics_utils.sh new file mode 100644 index 00000000..957defb3 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/resources/scripts/ics/ics_utils.sh @@ -0,0 +1,107 @@ +#!/usr/bin/env bash + +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +# Script intended to be sourced by other script to add functions to the keycloak rest API + +export ICSPROTOCOL=${1:-$ICS_PROTOCOL} +export ICSHOSTNAME=${2:-$ICS_HOST} +export ICSPORT=${3:-$ICS_PORT} + +echo "Ics Protocol is: $ICSPROTOCOL" +echo "Ics Host is: $ICSHOSTNAME" +echo "Ics Port is: $ICSPORT" + +ICSHOST="$ICSPROTOCOL://$ICSHOSTNAME" + +__wait_for_ics_availability() { + while true; do + STATUS_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$ICSHOST:$ICSPORT/status") + if [ "$STATUS_CODE" -eq 200 ]; then + echo "Ics is ready." + break + fi + echo "Ics is not ready..." + sleep 5 + done +} + +# args: [] +# job file shall exist in file "".job.json" +create_ics_job() { + JOB=$(<.job.json) + echo $JOB + retcode=1 + echo "Creating job-$1"'-'"$2" + while [ $retcode -ne 0 ]; do + if [ -z "$3" ]; then + __bearer="" + else + __bearer="Authorization: Bearer $TOKEN" + fi + STAT=$(curl -s -X PUT -w '%{http_code}' -H accept:application/json -H Content-Type:application/json $ICSHOST:$ICSPORT/data-consumer/v1/info-jobs/job-$1"-"$2 --data-binary @.job.json -H "$__bearer" ) + retcode=$? + echo "curl return code: $retcode" + if [ $retcode -eq 0 ]; then + status=${STAT:${#STAT}-3} + echo "http status code: "$status + if [ "$status" == "200" ]; then + echo "Job created ok" + elif [ "$status" == "201" ]; then + echo "Job created ok" + else + retcode=1 + fi + fi + sleep 1 + done +} + +# args: [] +# job file shall exist in file "".job.json" +update_ics_job() { + JOB=$(<.job.json) + echo $JOB + retcode=1 + echo "Updating job $1" + while [ $retcode -ne 0 ]; do + if [ -z "$2" ]; then + __bearer="" + else + __bearer="Authorization: Bearer $TOKEN" + fi + STAT=$(curl -s -X PUT -w '%{http_code}' -H accept:application/json -H Content-Type:application/json $ICSHOST:$ICSPORT/data-consumer/v1/info-jobs/$1 --data-binary @.job.json -H "$__bearer" ) + retcode=$? + echo "curl return code: $retcode" + if [ $retcode -eq 0 ]; then + status=${STAT:${#STAT}-3} + echo "http status code: "$status + if [ "$status" == "200" ]; then + echo "Job created ok" + elif [ "$status" == "201" ]; then + echo "Job created ok" + else + retcode=1 + fi + fi + sleep 1 + done +} + +__wait_for_ics_availability diff --git a/smo-install/oran_oom/smo/ranpm/resources/scripts/influxdb2/configure_influx.sh b/smo-install/oran_oom/smo/ranpm/resources/scripts/influxdb2/configure_influx.sh new file mode 100644 index 00000000..976cf508 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/resources/scripts/influxdb2/configure_influx.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +# Install required dependencies +apk add --no-cache curl jq envsubst + +. scripts/influx_utils.sh + +# Generic error printout function +# args: +check_error() { + if [ $1 -ne 0 ]; then + echo "Failed: $2" + echo "Exiting..." + exit 1 + fi +} + +if get_influxdb2_setup_allowed; then + echo "influx setup allowed..." + setup_influxdb2 + create_influxdb2_bucket pm-bucket + create_influxdb2_bucket pm-logg-bucket +else + echo "Influx onboarding already completed" +fi + + + diff --git a/smo-install/oran_oom/smo/ranpm/resources/scripts/influxdb2/influx_utils.sh b/smo-install/oran_oom/smo/ranpm/resources/scripts/influxdb2/influx_utils.sh new file mode 100644 index 00000000..b9124f4e --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/resources/scripts/influxdb2/influx_utils.sh @@ -0,0 +1,106 @@ +#!/usr/bin/env bash + +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +# Script intended to be sourced by other script to add functions to the keycloak rest API + +export INFLUXDB2PROTOCOL=${1:-$INFLUXDB2_PROTOCOL} +export INFLUXDB2HOSTNAME=${2:-$INFLUXDB2_HOST} +export INFLUXDB2_PORT=${3:-$INFLUXDB2_PORT} +export INFLUXDB2_ORGANIZATION=${4:-$INFLUXDB2_ORGANIZATION} +export INFLUXDB2_BUCKET=${5:-$INFLUXDB2_BUCKET} +export INFLUXDB2_USERNAME=${6:-$INFLUXDB2_USERNAME} +export INFLUXDB2_PASSWORD=${7:-$INFLUXDB2_PASSWORD} +export INFLUXDB2_DEFAULT_TOKEN=${8:-$INFLUXDB2_DEFAULT_TOKEN} + +export INFLUXDB2_ORGANIZATION_ID="" + +echo "Influx Protocol is: $INFLUXDB2PROTOCOL" +echo "Influx Host is: $INFLUXDB2HOSTNAME" +echo "Influx Port is: $INFLUXDB2_PORT" + +INFLUXDB2HOST="$INFLUXDB2PROTOCOL://$INFLUXDB2HOSTNAME" + +__wait_for_influxdb2_availability() { + while true; do + STATUS_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$INFLUXDB2HOST:$INFLUXDB2_PORT/api/v2/setup") + if [ "$STATUS_CODE" -eq 200 ]; then + echo "Influxdb2 is ready." + break + fi + echo "Influxdb2 is not ready..." + sleep 5 + done +} + +get_influxdb2_setup_allowed() { + __influxdb2_setup_allowed=$(curl -s -X GET "$INFLUXDB2HOST:$INFLUXDB2_PORT/api/v2/setup" | jq -r '.allowed') + if [ "$__influxdb2_setup_allowed" = "true" ]; then + return 0 + fi + return 1 +} + +setup_influxdb2() { + +cat > .jsonfile1 <<- "EOF" +{ +"bucket": "$INFLUXDB2_BUCKET", +"org": "$INFLUXDB2_ORGANIZATION", +"password": "$INFLUXDB2_PASSWORD", +"username": "$INFLUXDB2_USERNAME", +"retentionPeriodSeconds": 0, +"token":"$INFLUXDB2_DEFAULT_TOKEN" +} +EOF + envsubst < .jsonfile1 > .jsonfile2 + RESPONSE=$(curl -s -X POST "$INFLUXDB2HOST:$INFLUXDB2_PORT/api/v2/setup" \ + -H "Content-Type: application/json" \ + -d @".jsonfile2") + + if [ $? -ne 0 ]; then + echo "Command failed, setup influx" + exit 1 + fi + INFLUXDB2_ORGANIZATION_ID=$(echo "$RESPONSE" | jq -r '.org.id') + echo "OK, Setup influx" +} + +create_influxdb2_bucket() { +INFLUXDB2_BUCKET=$1 +cat > .jsonfile1 <<- "EOF" +{ +"name": "$INFLUXDB2_BUCKET", +"orgID": "$INFLUXDB2_ORGANIZATION_ID" +} +EOF + envsubst < .jsonfile1 > .jsonfile2 + curl -s -X POST "$INFLUXDB2HOST:$INFLUXDB2_PORT/api/v2/buckets" \ + --header "Authorization: Token $INFLUXDB2_DEFAULT_TOKEN" \ + --header "Content-Type: application/json" \ + -d @".jsonfile2" + + if [ $? -ne 0 ]; then + echo "Bucket $1 creation failed." + exit 1 + fi + echo "Bucket $1 created." +} + +__wait_for_influxdb2_availability diff --git a/smo-install/oran_oom/smo/ranpm/resources/scripts/keycloak/configure_keycloak.sh b/smo-install/oran_oom/smo/ranpm/resources/scripts/keycloak/configure_keycloak.sh new file mode 100644 index 00000000..31d616cd --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/resources/scripts/keycloak/configure_keycloak.sh @@ -0,0 +1,103 @@ +#!/usr/bin/env bash +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +# Install required dependencies +sed -i -e 's/us.archive.ubuntu.com/archive.ubuntu.com/g' /etc/apt/sources.list +apt update +apt install -y curl jq gettext + +# Create realm in keycloak +. scripts/keycloak_utils.sh + +# Generic error printout function +# args: +check_error() { + if [ $1 -ne 0 ]; then + echo "Failed: $2" + echo "Exiting..." + exit 1 + fi +} + +create_realms nonrtric-realm +while [ $? -ne 0 ]; do + create_realms nonrtric-realm +done + +# Create client for admin calls +cid="console-setup" +create_clients nonrtric-realm $cid +check_error $? +generate_client_secrets nonrtric-realm $cid +check_error $? + +cid="kafka-producer-pm-xml2json" +create_clients nonrtric-realm $cid +check_error $? +generate_client_secrets nonrtric-realm $cid +check_error $? + +KAFKA_PM_XML_2_JSON_APP_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid) +kubectl create secret generic kafka-pm-xml-2-json --from-literal=client_secret=$KAFKA_PM_XML_2_JSON_APP_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f - + +cid="kafka-producer-pm-json2kafka" +create_clients nonrtric-realm $cid +check_error $? +generate_client_secrets nonrtric-realm $cid +check_error $? + +KAFKA_PM_JSON_2_KAFKA_APP_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid) +kubectl create secret generic kafka-pm-json-2-kafka --from-literal=client_secret=$KAFKA_PM_JSON_2_KAFKA_APP_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f - + +cid="kafka-producer-pm-json2influx" +create_clients nonrtric-realm $cid +check_error $? +generate_client_secrets nonrtric-realm $cid +check_error $? + +KAFKA_PM_JSON_2_INFLUX_APP_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid) +kubectl create secret generic kafka-pm-json-2-influx --from-literal=client_secret=$KAFKA_PM_JSON_2_INFLUX_APP_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f - + +cid="pm-producer-json2kafka" +create_clients nonrtric-realm $cid +check_error $? +generate_client_secrets nonrtric-realm $cid +check_error $? + +PM_PRODUCER_JSON_2_KAFKA_APP_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid) +kubectl create secret generic pm-producer-json-2-kafka --from-literal=client_secret=$PM_PRODUCER_JSON_2_KAFKA_APP_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f - + +cid="dfc" +create_clients nonrtric-realm $cid +check_error $? +generate_client_secrets nonrtric-realm $cid +check_error $? + +DFC_APP_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid) +kubectl create secret generic dfc --from-literal=client_secret=$DFC_APP_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f - + +cid="nrt-pm-log" +create_clients nonrtric-realm $cid +check_error $? +generate_client_secrets nonrtric-realm $cid +check_error $? + +PM_LOG_CLIENT_SECRET=$(< .sec_nonrtric-realm_$cid) +kubectl create secret generic pm-log --from-literal=client_secret=$PM_LOG_CLIENT_SECRET -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -n $NAMESPACE -f - + +exit 0 \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/resources/scripts/keycloak/keycloak_utils.sh b/smo-install/oran_oom/smo/ranpm/resources/scripts/keycloak/keycloak_utils.sh new file mode 100644 index 00000000..3150380e --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/resources/scripts/keycloak/keycloak_utils.sh @@ -0,0 +1,507 @@ +#!/usr/bin/env bash + +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# Copyright (C) 2023-2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +# Script intended to be sourced by other script to add functions to the keycloak rest API + +KEYCLOAKPROTOCOL=${1:-$KEYCLOAK_PROTOCOL} +KEYCLOAKHOSTNAME=${2:-$KEYCLOAK_HOST} +KC_PROXY_PORT=${3:-$KEYCLOAK_PROXY_PORT} +NAMESPACE=${4:-$NAMESPACE} + +echo "Keycloak Protocol is: $KEYCLOAKPROTOCOL" +echo "Keycloak Host is: $KEYCLOAKHOSTNAME" +echo "Keycloak Port is: $KC_PROXY_PORT" +echo "Namespace is: $NAMESPACE" + +KEYCLOAKHOST="$KEYCLOAKPROTOCOL://$KEYCLOAKHOSTNAME" + +__wait_for_keycloak_availability() { + while true; do + STATUS_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$KEYCLOAKHOST:$KC_PROXY_PORT/realms/master") + if [ "$STATUS_CODE" -eq 200 ]; then + echo "Keycloak is ready." + break + fi + echo "Keycloak is not ready..." + sleep 5 + done +} + +__get_admin_token() { + echo "Get admin token" + ADMIN_TOKEN="" + while [ "${#ADMIN_TOKEN}" -lt 20 ]; do + ADMIN_TOKEN=$(curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/realms/master/protocol/openid-connect/token" \ + --max-time 2 \ + -H "Content-Type: application/x-www-form-urlencoded" \ + -d "username=admin" \ + -d "password=admin" \ + -d 'grant_type=password' \ + -d "client_id=admin-cli" \ + | jq -r '.access_token') + + if [ "${#ADMIN_TOKEN}" -lt 20 ]; then + echo "Could not get admin token, retrying..." + echo "Retrieved token: $ADMIN_TOKEN" + fi + done + echo "Admin token: ${ADMIN_TOKEN:0:10}..." + echo $ADMIN_TOKEN > .admin_token + __ADM_TOKEN_TS=$SECONDS +} + +__check_admin_token() { + __diff=$(($SECONDS-$__ADM_TOKEN_TS)) + if [ $__diff -gt 15 ]; then + __get_admin_token + fi +} + +__wait_for_keycloak_availability +__get_admin_token + +indent1() { sed 's/^/ /'; } +indent2() { sed 's/^/ /'; } + +decode_token() { + echo "Decoding access_token" + echo $1 | jq -R 'split(".") | .[0,1] | @base64d | fromjson' +} + +decode_jwt() { + echo "Decoding jwt" + echo $1 | jq -r .access_token | jq -R 'split(".") | .[0,1] | @base64d | fromjson' +} + +list_realms() { + echo "Listing all realms" + __check_admin_token + + curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" \ + | jq -r '.[].id' | indent2 +} +delete_realms() { + echo "$@" + for realm in "$@"; do + echo "Attempt to delete realm: $realm" + __check_admin_token + + curl -s -X DELETE "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$realm" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" \ + | indent1 + + if [ $? -ne 0 ]; then + echo "Command failed, delete_realms" + exit 1 + fi + echo " OK, delete_realms" + done +} + +create_realms() { + echo "Creating realms: $@" + while [ $# -gt 0 ]; do + echo " Attempt to create realm: $1" + __check_admin_token +cat > .jsonfile1 <<- "EOF" +{ +"realm":"$__realm_name", +"enabled":true +} +EOF + export __realm_name=$1 + envsubst < .jsonfile1 > .jsonfile2 + curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" \ + -H "Content-Type: application/json" \ + -d @".jsonfile2" \ + | indent2 + + if [ $? -ne 0 ]; then + echo "Command failed, create_realms" + exit 1 + fi + echo " OK, create_realms" + shift + done +} + +create_clients() { + __realm=$1 + shift + echo "Attempt to create clients $@ for realm: $__realm" + +cat > .jsonfile1 <<- "EOF" +{ + "clientId":"$__client_name", + "publicClient": false, + "serviceAccountsEnabled": true, + "rootUrl":"https://example.com/example/", + "adminUrl":"https://example.com/example/" +} +EOF + while [ $# -gt 0 ]; do + echo " Creating client: $1" + __check_admin_token + export __client_name=$1 + envsubst < .jsonfile1 > .jsonfile2 + + curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" \ + -H "Content-Type: application/json" \ + -d @".jsonfile2" \ + | indent1 + + if [ $? -ne 0 ]; then + echo "Command failed, create_clients" + exit 1 + fi + echo " OK, create_clients" + shift + done +} + +__get_client_id() { + __client_data=$(curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$1/clients?clientId=$2" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" ) + + if [ $? -ne 0 ]; then + return 1 + fi + __client_id=$(echo $__client_data | jq -r '.[0].id') + echo $__client_id + return 0 +} + +generate_client_secrets() { + __realm=$1 + shift + echo "Attempt to generate secret for clients $@ in realm $__realm" + while [ $# -gt 0 ]; do + __check_admin_token + __client_id=$(__get_client_id $__realm $1) + if [ $? -ne 0 ]; then + echo "Command failed, generate_client_secrets, __get_client_id" + exit 1 + fi + echo " Client id for client $1 in realm $__realm: "$__client_id | indent1 + echo " Creating secret" + + __client_secret=$(curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/client-secret" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" ) + + if [ $? -ne 0 ]; then + echo "Command failed, generate_client_secrets, client_secret POST" + exit 1 + fi + + __client_secret=$(curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/client-secret" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" ) + + if [ $? -ne 0 ]; then + echo "Command failed, generate_client_secrets, client_secret GET" + exit 1 + fi + + __client_secret=$(echo $__client_secret | jq -r .value) + echo " Client secret for client $1 in realm $__realm: "$__client_secret | indent1 + echo $__client_secret > ".sec_$__realm""_$1" + echo " OK, generate_client_secrets" + shift + done +} + +create_client_roles() { + # []+ + __check_admin_token + __client_id=$(__get_client_id $1 $2) + if [ $? -ne 0 ]; then + echo "Command failed, create_client_roles, __get_client_id" + exit 1 + fi + __realm=$1 + shift; shift; + while [ $# -gt 0 ]; do + +cat > .jsonfile1 <<- "EOF" +{ + "name":"$__role" +} +EOF + export __role=$1 + envsubst < .jsonfile1 > .jsonfile2 + + curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/roles" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" \ + -H "Content-Type: application/json" \ + -d @".jsonfile2" \ + | indent1 + + if [ $? -ne 0 ]; then + echo "Command failed, create_client_roles" + exit 1 + fi + shift + done +} + +__get_service_account_id() { + # + + __service_account_data=$(curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$1/clients/$2/service-account-user" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" ) + + if [ $? -ne 0 ]; then + return 1 + fi + + __service_account_id=$(echo $__service_account_data | jq -r '.id') + echo $__service_account_id + return 0 +} + +__get_client_available_role_id() { + # + + __client_role_data=$(curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$1/users/$2/role-mappings/clients/$3/available" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" ) + + if [ $? -ne 0 ]; then + return 1 + fi + __client_role_id=$(echo $__client_role_data | jq -r '.[] | select(.name=="'$4'") | .id ') + echo $__client_role_id + return 0 +} + +__get_client_mapped_role_id() { + # + + __client_role_data=$(curl -s -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$1/users/$2/role-mappings/clients/$3" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" ) + + if [ $? -ne 0 ]; then + return 1 + fi + __client_role_id=$(echo $__client_role_data | jq -r '.[] | select(.name=="'$4'") | .id ') + echo $__client_role_id + return 0 +} + +add_client_roles_mapping() { + # []+ + echo "Attempt to add roles ${@:3} to client $2 in realm $1" + __check_admin_token + __realm=$1 + __client=$2 + __client_id=$(__get_client_id $__realm $__client) + if [ $? -ne 0 ]; then + echo "Command failed, add_client_roles_mapping, __get_client_id" + exit 1 + fi + echo " Client id for client $__client in realm $__realm: "$__client_id | indent1 + __service_account_id=$(__get_service_account_id $__realm $__client_id) + if [ $? -ne 0 ]; then + echo "Command failed, add_client_roles_mapping, __get_service_account_id" + exit 1 + fi + echo " Service account id for client $__client in realm $__realm: "$__service_account_id | indent1 + shift; shift + + __cntr=0 + __all_roles=$@ + + while [ $# -gt 0 ]; do + if [ $__cntr -eq 0 ]; then + echo "[" > .jsonfile2 + fi + __client_role_id=$(__get_client_available_role_id $__realm $__service_account_id $__client_id $1) + if [ $? -ne 0 ]; then + echo "Command failed, add_client_roles_mapping, __get_client_available_role_id" + exit 1 + fi + #echo "CLIENT ROLE ID $1 "$__client_role_id + #echo " Role id for role $1 and client $__client in realm $__realm: "$__client_role_id | indent1 + __role='{"name":"'$1'","id":"'$__client_role_id'","composite": false,"clientRole": true}' + if [ $__cntr -gt 0 ]; then + echo "," >> .jsonfile2 + fi + echo $__role >> .jsonfile2 + let __cntr=__cntr+1 + shift + done + + echo "]" >> .jsonfile2 + echo " Adding roles $__all_roles to client $__client in realm $__realm" + + curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/users/$__service_account_id/role-mappings/clients/$__client_id" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" \ + -H "Content-Type: application/json" \ + -d @".jsonfile2" \ + | indent2 + + if [ $? -ne 0 ]; then + echo "Command failed, add_client_roles_mapping, adding roles" + exit 1 + fi + echo " OK, add_client_roles_mapping" +} + + + +remove_client_roles_mapping() { + # []+ + echo "Attempt to removed roles ${@:3} from client $2 in realm $1" + __check_admin_token + __realm=$1 + __client=$2 + __client_id=$(__get_client_id $__realm $__client) + if [ $? -ne 0 ]; then + echo "Command failed, remove_client_roles_mapping, __get_client_id" + exit 1 + fi + echo " Client id for client $__client in realm $__realm: "$__client_id | indent1 + __service_account_id=$(__get_service_account_id $__realm $__client_id) + if [ $? -ne 0 ]; then + echo "Command failed, remove_client_roles_mapping, __get_service_account_id" + exit 1 + fi + echo " Service account id for client $__client in realm $__realm: "$__service_account_id | indent1 + shift; shift + __cntr=0 + __all_roles=$@ + while [ $# -gt 0 ]; do + if [ $__cntr -eq 0 ]; then + echo "[" > .jsonfile2 + fi + __client_role_id=$(__get_client_mapped_role_id $__realm $__service_account_id $__client_id $1) + if [ $? -ne 0 ]; then + echo "Command failed, remove_client_roles_mapping, __get_client_mapped_role_id" + exit 1 + fi + #echo "CLIENT ROLE ID $1 "$__client_role_id + #echo " Role id for role $1 and client $__client in realm $__realm: "$__client_role_id | indent1 + __role='{"name":"'$1'","id":"'$__client_role_id'","composite": false,"clientRole": true}' + if [ $__cntr -gt 0 ]; then + echo "," >> .jsonfile2 + fi + echo $__role >> .jsonfile2 + let __cntr=__cntr+1 + shift + done + echo "]" >> .jsonfile2 + echo " Removing roles $__all_roles from client $__client in realm $__realm" + + curl -s -X DELETE "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/users/$__service_account_id/role-mappings/clients/$__client_id" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" \ + -H "Content-Type: application/json" \ + -d @".jsonfile2" \ + | indent2 + + if [ $? -ne 0 ]; then + echo "Command failed, remove_client_roles_mapping, delete" + exit 1 + fi + echo " OK, remove client roles mapping" +} + +add_client_hardcoded-claim-mapper() { +# + __check_admin_token + __realm=$1 + __client=$2 + export __mapper_name=$3 + export __claim_name=$4 + export __claim_value=$5 + + __client_id=$(__get_client_id $__realm $__client) + if [ $? -ne 0 ]; then + echo " Fatal error when getting client id, response: "$? + exit 1 + fi + cat > .jsonfile1 <<- "EOF" +{ + "name": "$__mapper_name", + "protocol": "openid-connect", + "protocolMapper": "oidc-hardcoded-claim-mapper", + "consentRequired": false, + "config": { + "claim.value": "$__claim_value", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "$__claim_name", + "access.tokenResponse.claim": "false" + } +} +EOF + envsubst < .jsonfile1 > .jsonfile2 + + curl -s -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/nonrtric-realm/clients/"$__client_id"/protocol-mappers/models" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" \ + -H "Content-Type: application/json" \ + -d @".jsonfile2" \ + | indent2 + + if [ $? -ne 0 ]; then + echo "Command failed, add_client_hardcoded-claim-mapper" + exit 1 + fi + set +x + cat .jsonfile2 + echo " OK, add_client_hardcoded-claim-mapper" +} + +# Get a client token +# args: +get_client_token() { + __check_admin_token + __realm=$1 + __client=$2 + __client_id=$(__get_client_id $__realm $__client) + if [ $? -ne 0 ]; then + echo " Fatal error when getting client id, response: "$? + exit 1 + fi + #echo " Client id for client $__client in realm $__realm: "$__client_id | indent1 + + __client_secret=$(curl -s -f -X GET "$KEYCLOAKHOST:$KC_PROXY_PORT/admin/realms/$__realm/clients/$__client_id/client-secret" \ + -H "Authorization: Bearer ${ADMIN_TOKEN}" ) + + if [ $? -ne 0 ]; then + echo " Fatal error when getting client secret, response: "$? + exit 1 + fi + + __client_secret=$(echo $__client_secret | jq -r .value) + + __TMP_TOKEN=$(curl -s -f -X POST "$KEYCLOAKHOST:$KC_PROXY_PORT/realms/$__realm/protocol/openid-connect/token" \ + -H Content-Type:application/x-www-form-urlencoded \ + -d client_id="$__client" -d client_secret="$__client_secret" -d grant_type=client_credentials) + + if [ $? -ne 0 ]; then + echo " Fatal error when getting client token, response: "$? + exit 1 + fi + + echo $__TMP_TOKEN| jq -r .access_token + return 0 +} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/templates/components-rbac.yaml b/smo-install/oran_oom/smo/ranpm/templates/components-rbac.yaml new file mode 100644 index 00000000..499f33e2 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/components-rbac.yaml @@ -0,0 +1,61 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ranpm-component-sa + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ranpm-component-role + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +rules: + - apiGroups: ['batch'] + resources: ['jobs'] + verbs: ["get", "watch", "list"] + - apiGroups: [''] + resources: ['pods'] + verbs: ["get", "watch", "list"] + - apiGroups: ['kafka.strimzi.io'] + resources: ['kafkausers'] + verbs: ["get", "watch", "list"] + - apiGroups: ['kafka.strimzi.io'] + resources: ['kafkatopics'] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ranpm-component-rb + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ranpm-component-role +subjects: +- kind: ServiceAccount + name: ranpm-component-sa + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/templates/ics-init-configmap.yaml b/smo-install/oran_oom/smo/ranpm/templates/ics-init-configmap.yaml new file mode 100644 index 00000000..50569ce2 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/ics-init-configmap.yaml @@ -0,0 +1,24 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: ics-init-config +data: +{{ tpl (.Files.Glob "resources/scripts/ics/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/scripts/keycloak/keycloak_utils.sh").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/templates/ics-init.yaml b/smo-install/oran_oom/smo/ranpm/templates/ics-init.yaml new file mode 100644 index 00000000..6a5a1869 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/ics-init.yaml @@ -0,0 +1,64 @@ +################################################################################ +# Copyright (C) 2025 OpenInfra Foundation Europe # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: batch/v1 +kind: Job +metadata: + name: ics-init +spec: + template: + spec: + serviceAccountName: ranpm-component-sa + initContainers: + - name: wait-for-keycloak-job + image: bitnami/kubectl + args: + - wait + - job.batch/keycloak-init + - --for + - condition=complete + - --timeout + - 300s + containers: + - name: ics-init-container + image: bash:latest + command: ["bash","/scripts/configure_ics.sh"] + env: + - name: ICS_HOST + value: "{{ .Values.ics.host }}" + - name: ICS_PORT + value: "{{ .Values.ics.port }}" + - name: ICS_PROTOCOL + value: "{{ .Values.ics.protocol }}" + - name: KEYCLOAK_HOST + value: "{{ .Values.keycloak.host }}" + - name: KEYCLOAK_PROXY_PORT + value: "{{ .Values.keycloak.port }}" + - name: KEYCLOAK_PROTOCOL + value: "{{ .Values.keycloak.protocol }}" + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: ics-config-volume + mountPath: /scripts + volumes: + - name: ics-config-volume + configMap: + name: ics-init-config + defaultMode: 0755 + restartPolicy: Never diff --git a/smo-install/oran_oom/smo/ranpm/templates/influxdb2-configmap.yaml b/smo-install/oran_oom/smo/ranpm/templates/influxdb2-configmap.yaml new file mode 100644 index 00000000..37c40e57 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/influxdb2-configmap.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: influxdb2-init-config +data: +{{ tpl (.Files.Glob "resources/scripts/influxdb2/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/templates/influxdb2-init.yaml b/smo-install/oran_oom/smo/ranpm/templates/influxdb2-init.yaml new file mode 100644 index 00000000..9c2d2093 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/influxdb2-init.yaml @@ -0,0 +1,62 @@ +################################################################################ +# Copyright (C) 2025 OpenInfra Foundation Europe # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: batch/v1 +kind: Job +metadata: + name: influxdb2-init +spec: + template: + spec: + containers: + - name: influxdb2-init-container + image: bash:latest + command: ["bash","/scripts/configure_influx.sh"] + env: + - name: INFLUXDB2_HOST + value: "{{ .Values.influxdb2.host }}" + - name: INFLUXDB2_PORT + value: "{{ .Values.influxdb2.port }}" + - name: INFLUXDB2_PROTOCOL + value: "{{ .Values.influxdb2.protocol }}" + - name: INFLUXDB2_ORGANIZATION + value: "{{ .Values.influxdb2.organization }}" + - name: INFLUXDB2_BUCKET + value: "{{ .Values.influxdb2.bucket }}" + - name: INFLUXDB2_USERNAME + valueFrom: + secretKeyRef: + key: username + name: influxdb2-secret + - name: INFLUXDB2_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: influxdb2-secret + - name: INFLUXDB2_DEFAULT_TOKEN + valueFrom: + secretKeyRef: + key: token + name: influxdb-api-token + volumeMounts: + - name: influxdb2-config-volume + mountPath: /scripts + volumes: + - name: influxdb2-config-volume + configMap: + name: influxdb2-init-config + defaultMode: 0755 + restartPolicy: Never diff --git a/smo-install/oran_oom/smo/ranpm/templates/influxdb2-secret.yaml b/smo-install/oran_oom/smo/ranpm/templates/influxdb2-secret.yaml new file mode 100644 index 00000000..ee423d73 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/influxdb2-secret.yaml @@ -0,0 +1,24 @@ +################################################################################ +# Copyright (C) 2025 OpenInfra Foundation Europe # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: v1 +kind: Secret +metadata: + name: influxdb2-secret +type: Opaque +data: + username: YWRtaW4= + password: bXlTdVAzclMzY3IzdFQwa2VO diff --git a/smo-install/oran_oom/smo/ranpm/templates/influxdb2-token-secret.yaml b/smo-install/oran_oom/smo/ranpm/templates/influxdb2-token-secret.yaml new file mode 100644 index 00000000..fee4ca21 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/influxdb2-token-secret.yaml @@ -0,0 +1,30 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: influxdb-api-token +data: +{{- $secret := (lookup "v1" "Secret" .Release.Namespace "influxdb-api-token") }} +{{- if $secret }} + token: {{ $secret.data.token | quote }} +{{- else }} + token: {{ randAlphaNum 32 | b64enc | quote }} +{{- end }} + diff --git a/smo-install/oran_oom/smo/ranpm/templates/kafkatopic.yaml b/smo-install/oran_oom/smo/ranpm/templates/kafkatopic.yaml new file mode 100644 index 00000000..fc2167b4 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/kafkatopic.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright © 2025 OpenInfra Foundation Europe. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ if .Values.global.useStrimziKafka }} +{{ include "common.kafkatopic" . }} +{{ end }} diff --git a/smo-install/oran_oom/smo/ranpm/templates/keycloak-configmap.yaml b/smo-install/oran_oom/smo/ranpm/templates/keycloak-configmap.yaml new file mode 100644 index 00000000..632b8d4d --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/keycloak-configmap.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: keycloak-init-config + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +data: +{{ tpl (.Files.Glob "resources/scripts/keycloak/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/templates/keycloak-init-rbac.yaml b/smo-install/oran_oom/smo/ranpm/templates/keycloak-init-rbac.yaml new file mode 100644 index 00000000..263a6ce4 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/keycloak-init-rbac.yaml @@ -0,0 +1,53 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: keycloak-init-sa + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: keycloak-init-role + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +rules: + - apiGroups: [''] + resources: ['secrets'] + verbs: ["get","create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: keycloak-init-rb + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: keycloak-init-role +subjects: +- kind: ServiceAccount + name: keycloak-init-sa + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/templates/keycloak-init.yaml b/smo-install/oran_oom/smo/ranpm/templates/keycloak-init.yaml new file mode 100644 index 00000000..dd8d339d --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/keycloak-init.yaml @@ -0,0 +1,54 @@ +################################################################################ +# Copyright (C) 2025 OpenInfra Foundation Europe # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +apiVersion: batch/v1 +kind: Job +metadata: + name: keycloak-init + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "3" +spec: + template: + spec: + serviceAccountName: keycloak-init-sa + containers: + - name: keycloak-init-container + image: bitnami/kubectl:1.32.2 + command: ["bash","/scripts/configure_keycloak.sh"] + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + env: + - name: KEYCLOAK_HOST + value: "{{ .Values.keycloak.host }}" + - name: KEYCLOAK_PROXY_PORT + value: "{{ .Values.keycloak.port }}" + - name: KEYCLOAK_PROTOCOL + value: "{{ .Values.keycloak.protocol }}" + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: keycloak-config-volume + mountPath: /scripts + volumes: + - name: keycloak-config-volume + configMap: + name: keycloak-init-config + defaultMode: 0755 + restartPolicy: Never diff --git a/smo-install/oran_oom/smo/ranpm/templates/ran-certs-configmap.yaml b/smo-install/oran_oom/smo/ranpm/templates/ran-certs-configmap.yaml new file mode 100644 index 00000000..f24436e8 --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/templates/ran-certs-configmap.yaml @@ -0,0 +1,74 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: ran-certs-config +data: + ca.key: | + -----BEGIN PRIVATE KEY----- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCapuVjYlGH0gFP + 5+XmZX8+duUAKP1Y6iMiYcRxpEhOYreBytSyLc1ed4HGQHG2HCNSYs4iOotdj8Fm + iY6ItJjquyKPNUk1F9YSRnXhhO8+pGiGV/rNF30TheneDlSNaCiBFJfzpUiBdgT4 + zd7Pm2PfsvfLrgyC/KrRy3vS1QcZtW2mTyLMl4KUgwrmzeOFlCXqNK06Rz3s2JbS + CKvq4tR3x6KlkmKpX/XuxdrCtCZva0oG+ur/nOSbzwbbl2b4s9zyprhIio0ohWVp + g9HDs5BRHGU7L6XGYBGm7Bs/FN6OtgdfhQXqmQSGQX4H2sIf7oAhqjNBTXZ5RPn9 + x3263d9DAgMBAAECggEAFMVJlbmEvbsk1fiNVg5XsqoBQ649qI15vopm+eRYmb6E + avg07OFd7cwbL+dD3nOVAuGmUc6PHTfLf9wFurKWvx/3GkjL1kenRrkT6AAUqdMm + /rQeSSFYeSDJMju2e2970SpU5jJStKCHNmtf+34hQdAlm8N6hrUstBSiQsS9uWQB + CwW4RBLC34jSD27AMlMg87HnF2TT5Xab1pFixop3DxBiXbOVhmgjsXvzR1jRhsBc + Epe5SmBVeMeVWwm+74wlaYp3ys+3ALABzR4zbTxfCkWJ5mr3gXC3BUZ5Xwy/wxjQ + TvKKeqTlyDxrfhSLmJaU+0k4l6c4xqwtpdapT0aoAQKBgQC5WimgYtWTrT1O2pWo + TRKvhYaflnEx6NTA/ZZ9n2TFwc6JAmNChbhe+vV0AU+W8BLGvmiR9NgAwA3H2uTL + iJkjRaHY0c/3RNS3WDeQSi8j+tqQuDESgWQQiPWglHDYCruNs7IfIsbFY+GqAkvI + VyXHUAtvC7wboRPy9Y9XayfKAQKBgQDVmSO6FiOv5fGEqfMFf/TU85NF2e9t2Mfx + IofllhYuE9Cwhjey5h89U1ZXa1vPUibt4Pq0p5pBxLB9V2UgmzvpYhnzB4ZbAtbT + B7Myxj9eeV/ILmRfXwmaN5JaKgbFqXr8rH9Fj5ciil+4QsAyHeEqT0IqYtQPz2Fb + M5qnY6oBQwKBgA+tP44QLe5CncfYlwXYFvd/fKZszAAjqDL2f876N0S+oqBV8l1D + ABgQc8gvADNM9NmYazHFGqvdkozPx8ArOoCQOCMlg8hvKuqi7Hgovhn18pyA562g + Af2gB95gD7dGGRzgEPWvNE6npwOBFDXKoShdbcojnPJdSlmnSUtkhcYBAoGBAMZp + C0vXNu00zoVqDKmmM3oAjGQNTiAeh5PRfKTiJtZEZ80hz+lpY8lmeUSZIF5TtH+x + RZC8Q0kmeL7liLWiHSPskagz7DTsTTsX4vieOMz8N+HOXkRNFrFfP55rfYDsrqa5 + YTvvZveZy9JwhvHG2ZqgpxiSVuQcwhWiuN0WchvbAoGAPySYGRIEvX5zY/dUE33W + /+xRNUrDqoviioKkLagfrbfLAfJHhKYFLwE/H8jN6ZT1dgYKVSqhYAnyH2jevpku + 5TSQoTA22VMNLT9/jRlY/ZJHeIid90BySPrTHy7XRl+lb+yBeEThmrH8w7K5Cw3Q + GIFZPNsgV57Fnxyiwk/mHoY= + -----END PRIVATE KEY----- + httpsca.crt: | + -----BEGIN CERTIFICATE----- + MIIDnzCCAoegAwIBAgIUFqNZ5ZQ6L2ZtNCkJlOW9rgRO89cwDQYJKoZIhvcNAQEL + BQAwXzELMAkGA1UEBhMCU0UxCjAIBgNVBAgMAS4xCjAIBgNVBAcMAS4xDDAKBgNV + BAoMA0VTVDEMMAoGA1UECwwDRVNUMRwwGgYJKoZIhvcNAQkBFg1hQGV4YW1wbGUu + Y29tMB4XDTI1MDMyNjEyMjAyNVoXDTI1MDQyNTEyMjAyNVowXzELMAkGA1UEBhMC + U0UxCjAIBgNVBAgMAS4xCjAIBgNVBAcMAS4xDDAKBgNVBAoMA0VTVDEMMAoGA1UE + CwwDRVNUMRwwGgYJKoZIhvcNAQkBFg1hQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG + 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqblY2JRh9IBT+fl5mV/PnblACj9WOojImHE + caRITmK3gcrUsi3NXneBxkBxthwjUmLOIjqLXY/BZomOiLSY6rsijzVJNRfWEkZ1 + 4YTvPqRohlf6zRd9E4Xp3g5UjWgogRSX86VIgXYE+M3ez5tj37L3y64Mgvyq0ct7 + 0tUHGbVtpk8izJeClIMK5s3jhZQl6jStOkc97NiW0gir6uLUd8eipZJiqV/17sXa + wrQmb2tKBvrq/5zkm88G25dm+LPc8qa4SIqNKIVlaYPRw7OQURxlOy+lxmARpuwb + PxTejrYHX4UF6pkEhkF+B9rCH+6AIaozQU12eUT5/cd9ut3fQwIDAQABo1MwUTAd + BgNVHQ4EFgQUYIsXwaqvhVB3toXBKUSTFmxHVIUwHwYDVR0jBBgwFoAUYIsXwaqv + hVB3toXBKUSTFmxHVIUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC + AQEAeLktWG9QPVUaxAXW8uySLKHV71pvNzIkmRUu864DZHREP5fjelCi415082xA + oWc8j8PwQ6b/WrraC2DG1MFsyd8fq2KMU4tFgeA7310DiXKjaRtZcsCMbXJqfAH3 + 2HT/8fsn2MSJU1hmTx+l29BvzEGbUuyXqJ+iAryMXyJlLzvW253B2YwO+ymtiyRS + AxG1g2drJ9e6q9WfajquVaHyX7tXmhLc8r/h/a0nqv3kkQYVnyzuWQh1ZIVQ9eHp + N5VU0luS/CNF4McifVyuRMS5uR3SiKoQdbuHeTJ08Ar5GEOpgrDonGHFTpsEUFtG + cFMmA7DJDQKQIBcVy7djbd3xlg== + -----END CERTIFICATE----- \ No newline at end of file diff --git a/smo-install/oran_oom/smo/ranpm/values.yaml b/smo-install/oran_oom/smo/ranpm/values.yaml new file mode 100644 index 00000000..5de2437a --- /dev/null +++ b/smo-install/oran_oom/smo/ranpm/values.yaml @@ -0,0 +1,49 @@ +################################################################################ +# Copyright (C) 2025 OpenInfra Foundation Europe. All rights reserved. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ + +global: + #Strimzi Kafka properties + useStrimziKafka: true + +keycloak: + host: "keycloak-proxy" + port: "8080" + protocol: "http" + +ics: + host: "informationservice.nonrtric" + port: "9082" + protocol: "http" + +influxdb2: + host: "influxdb2" + port: "8086" + protocol: "http" + organization: "est" + bucket: "pm-bucket" + +kafkaTopic: + - strimziTopicName: "unauthenticated.ves-notification-output" + name: "unauthenticated.VES_NOTIFICATION_OUTPUT" + partitions: 10 + - name: collected-file + partitions: 10 + - name: json-file-ready-kp + partitions: 10 + - name: json-file-ready-kpadp + partitions: 10 + - name: pmreports + partitions: 10 \ No newline at end of file diff --git a/smo-install/oran_oom/smo/smo-common/templates/_strimzikafka.tpl b/smo-install/oran_oom/smo/smo-common/templates/_strimzikafka.tpl index 59fe26e6..44b5be98 100644 --- a/smo-install/oran_oom/smo/smo-common/templates/_strimzikafka.tpl +++ b/smo-install/oran_oom/smo/smo-common/templates/_strimzikafka.tpl @@ -54,13 +54,17 @@ apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaUser metadata: - name: {{ include "common.name" . }}-ku + name: {{ default ( printf "%s-ku" (include "common.name" .)) .Values.kafkaUser.name }} namespace: onap labels: strimzi.io/cluster: onap-strimzi + annotations: + "helm.sh/hook": pre-install spec: + {{- if .Values.kafkaUser.authenticationType }} authentication: type: {{ .Values.kafkaUser.authenticationType | default "scram-sha-512" }} + {{- end }} authorization: type: {{ .Values.kafkaUser.authorizationType | default "simple" }} acls: @@ -68,7 +72,7 @@ spec: - resource: type: {{ $acl.type }} patternType: {{ $acl.patternType | default "literal" }} - name: {{ ternary (printf "%s-%s" $acl.name $acl.suffix) $acl.name (hasKey $acl "suffix") }} + name: '{{ ternary (printf "%s-%s" $acl.name $acl.suffix) $acl.name (hasKey $acl "suffix") }}' operations: {{- range $operation := $acl.operations }} - {{ . }} @@ -121,6 +125,8 @@ metadata: namespace: onap labels: strimzi.io/cluster: onap-strimzi + annotations: + "helm.sh/hook": pre-install spec: {{- if (hasKey $topic "partitions") }} partitions: {{ $topic.partitions }} diff --git a/smo-install/oran_oom/smo/smo/Chart.yaml b/smo-install/oran_oom/smo/smo/Chart.yaml index c88a3efb..14bdaa9e 100644 --- a/smo-install/oran_oom/smo/smo/Chart.yaml +++ b/smo-install/oran_oom/smo/smo/Chart.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START=============================================== -# Copyright (C) 2024 OpenInfra Foundation Europe. All rights reserved. +# Copyright (C) 2024-2025 OpenInfra Foundation Europe. All rights reserved. # ======================================================================== # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +22,14 @@ description: Open Radio Access Network (ORAN) kubeVersion: ">=1.19.0-0" dependencies: + - name: common + version: ~1.0.0 + repository: "@local" + condition: nonrtric.installRanpm + - name: ranpm + version: ~1.0.0 + repository: "@local" + condition: nonrtric.installRanpm - name: topology-exposure-inventory version: ~1.0.0 repository: "@local" diff --git a/smo-install/scripts/sub-scripts/install-smo.sh b/smo-install/scripts/sub-scripts/install-smo.sh index df6cafd7..b676af44 100755 --- a/smo-install/scripts/sub-scripts/install-smo.sh +++ b/smo-install/scripts/sub-scripts/install-smo.sh @@ -26,7 +26,7 @@ fi OVERRIDEYAML=$1 -helm install --debug oran-smo local/smo --namespace smo -f $OVERRIDEYAML +helm install oran-smo local/smo --namespace smo -f $OVERRIDEYAML check_for_secrets() { try=0