...
18. Provide REST interface to support HELM generation
REQUIREMENTS
Attached is the draft requirements for Helm Generator
...
1. ENV SETTING SUPPORT
Component Spec
- Need spec schema update to include list of parameters (key/value for applicationEnv)
Values.yaml specification
applicationEnv:
PMSH_PG_URL: dcae-pmsh-pg-primary
PMSH_PG_USERNAME:
secretUid: *pgUserCredsSecretUid
key: login
PMSH_PG_PASSWORD:
secretUid: *pgUserCredsSecretUid
key: password
Note: Text in blue should be mapped from component-spec. If using secret UID, its responsibility of MS developer to include them also on values.yaml
Example
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-pmsh-pg-user-creds'
type: basicAuth
externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "pmsh-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
2. CONFIG-MAP SUPPORT (WIP)
Component Spec
| Code Block | ||||
|---|---|---|---|---|
| ||||
"config_map_volume": {
"type": "object",
"properties": {
"config_volume": {
"type": "object",
"name": {
"type": "string"
}
},
"container": {
"type": "object",
"bind": {
"type": "string"
},
"mode": {
"type": "string"
}
}
},
"required": ["config_volume", "container"]
}, |
Example:
| Code Block | ||||
|---|---|---|---|---|
| ||||
"volumes": [{
"config_volume": {
"name": "dcae-external-repo-configmap-schema-map"
},
"container": {
"bind": "/opt/app/VESCollector/etc/externalRepo/"
}
},
{
"config_volume": {
"name": "dcae-external-repo-configmap-sa88-rel16"
},
"container": {
"bind": "/opt/app/VESCollector/etc/externalRepo/3gpp/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI/"
}
}
], |
https://git.onap.org/dcaegen2/collectors/ves/tree/dpo/spec/vescollector-componentspec.json
Values.yaml specification
TBA
3. CMVP2 Certificates support
Component Spec
| Code Block | ||||
|---|---|---|---|---|
| ||||
"tls_info": {
"description": "Component information to use tls certificates",
"type": "object",
"properties": {
"cert_directory": {
"description": "The path in the container where the component certificates will be placed by the init container",
"type": "string"
},
"use_tls": {
"description": "Boolean flag to determine if the application is using tls certificates",
"type": "boolean"
},
"use_external_tls": {
"description": "Boolean flag to determine if the application is using tls certificates for external communication",
"type": "boolean"
}
},
"required": [
"cert_directory","use_tls"
],
"additionalProperties": false
}, |
Example:
| Code Block | ||||
|---|---|---|---|---|
| ||||
"tls_info":{
"cert_directory":"/opt/app/dcae-certificate/",
"use_tls":true,
"use_external_tls": true
} |
https://git.onap.org/dcaegen2/collectors/ves/tree/dpo/spec/vescollector-componentspec.json
Values.yaml specification
| Code Block | ||||
|---|---|---|---|---|
| ||||
# CMPv2 certificate
certificates:
- mountPath: /opt/app/dcae-certificate/external
commonName: dcae-ves-collector
dnsNames:
- dcae-ves-collector
- ves-collector
- ves
keystore:
outputType:
- jks
passwordSecretRef:
name: ves-cmpv2-keystore-password
key: password
create: true |
requirement.yaml
| Code Block | ||||
|---|---|---|---|---|
| ||||
- name: certManagerCertificate
version: ~8.x-0
repository: '@local' |
templates/certificates.yaml
| Code Block | ||||
|---|---|---|---|---|
| ||||
{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
{{ include "certManagerCertificate.certificate" . }}
{{ end }} |
4. POLICY SIDECAR SUPPORT
Component Spec
| Code Block | ||||
|---|---|---|---|---|
| ||||
"policy_info": {
"type": "object",
"properties": {
"policy":
{
"type": "array",
"items":
{
"type": "object",
"properties":
{
"node_label":
{
"type": "string"
},
"policy_id":
{
"type": "string"
},
"policy_model_id":
{
"type": "string"
}
},
"required": ["node_label", "policy_model_id"]
}
}
},
"additionalProperties": false
}
} |
Example:
TBA
Values.yaml specification
#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
policies:
duration: 300
policyID: |
'["onap.vfirewall.tca","abc"]'
# filter: |
# '["DCAE.Config_vfirewall_.*"]'
5. POSTGRES SUPPORT
Component Spec
| Code Block | ||||
|---|---|---|---|---|
| ||||
"databases": {
"description": "The databases the application is connecting to using the pgaas",
"type": "object",
"additionalProperties": {
"type": "string",
"enum": [
"postgres"
]
}
}, |
- Need secret suffix or retrieve from spec-name?
Values.yaml specification
| Code Block | ||||
|---|---|---|---|---|
| ||||
#################################################################
# Secrets Configuration.
#################################################################
secrets:
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-pmsh-pg-user-creds'
type: basicAuth
externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "pmsh-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
postgres:
nameOverride: dcae-pmsh-postgres
service:
name: dcae-pmsh-postgres
name2: dcae-pmsh-pg-primary
name3: dcae-pmsh-pg-replica
container:
name:
primary: dcae-pmsh-pg-primary
replica: dcae-pmsh-pg-replica
persistence:
mountSubPath: pmsh/data
mountInitPath: pmsh
config:
pgUserName: pmsh
pgDatabase: pmsh
pgUserExternalSecret: *pgUserCredsSecretName |
Note: applicationEnv setting if required should be mapped from spec as-is (req#1). Example above contains <pmsh> part of secret name and PG name which should be mapped to component-name from spec file
6. DMAAP – Secure Topic/Feed (WIP)
Component Spec
TBD
Values.yaml specification
| Code Block | ||||
|---|---|---|---|---|
| ||||
#################################################################
# Secrets Configuration.
#################################################################
secrets:
- uid: &aafCredsUID aafcreds
type: basicAuth
login: '{{ .Values.aafCreds.identity }}'
password: '{{ .Values.aafCreds.password }}'
passwordPolicy: required
# AAF Credentials
aafCreds:
identity: dcae@dcae.onap.org
password: demo123456!
credentials:
- name: AAF_USER
uid: *aafCredsUID
key: login
- name: AAF_PASSWORD
uid: *aafCredsUID
key: password |
Note: applicationConfig should use same names as defined under credentials
Example:
enable_tls: true
aaf_identity: ${AAF_USER}
aaf_password: ${AAF_PASSWORD}
streams_publishes:
ves-3gpp-fault-supervision:
type: kafka
aaf_credentials:
username: ${AAF_USER}
password: ${AAF_PASSWORD}
kafka_info:
bootstrap_servers: message-router-kafka:9092
topic_name: SEC_3GPP_FAULTSUPERVISION_OUTPUT
7. SERVICE MAPPING
Component Spec
TBD
- Schema change required need to determine if nodeport vs clusterip
- Require nodeport as input
Values.yaml specification
| Code Block | ||||
|---|---|---|---|---|
| ||||
service:
type: ClusterIP
name: dcae-tcagen2
ports:
- port: 9091
name: http |
OR
| Code Block | ||||
|---|---|---|---|---|
| ||||
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
# service configuration
service:
type: NodePort
name: dcae-ves-collector
ports:
- name: http
port: 8443
plain_port: 8080
port_protocol: http
nodePort: 17
useNodePortExt: true |
REFERENCE
Discussed ppt slides Helm_deployment.pptx
MOD-HelmGenerator-Requirements_v0.2.docx
MOD-HelmGenerator-Usecase_v0.2.docx