diff options
| author |   Jack Lucas <jflos@sonoris.net> | 2023-03-03 14:46:05 -0500 |
|---|---|---|
| committer | Jack Lucas <jflos@sonoris.net> | 2023-03-14 13:20:26 +0000 |
| commit | 64da4e7f878c9744a8cd2e6380654a1d3b72ca3c (patch) | |
| tree | 8a20c68b9beffb512e940a54ffe993967716a1ab | |
| parent | 54f3d17790740f7c249318de2ae832c54b90ae0a (diff) | |
[DCAE] Remove references to AAF
Remove chart elements that deploy an AAF init container and
set up volumes that hold AAF-certificates.
Remove AAF values.yaml entries that are no longer needed.
Issue-ID: OOM-3068
Signed-off-by: Jack Lucas <jflos@sonoris.net>
Change-Id: I8e6659cf6aa4c214d485b9e78c28f55622e3a864
18 files changed, 21 insertions, 427 deletions
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 6713031d9a..e7f9627a3d 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -1,7 +1,7 @@ {{/* #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2021 Nokia. All rights reserved. # Copyright (c) 2021 Nordix Foundation. @@ -228,16 +228,6 @@ process into the microservice's configuration. See the documentation for the common DMaaP provisioning template (oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl). -If the microservice acts as a TLS client or server, the Deployment will -include an initContainer that retrieves certificate information from -the AAF certificate manager. The information is mounted at the -mount point specified in .Values.certDirectory. If the microservice is -a TLS server (indicated by setting .Values.tlsServer to true), the -certificate information will include a server cert and key, in various -formats. It will also include the AAF CA cert. If the microservice is -a TLS client only (indicated by setting .Values.tlsServer to false), the -certificate information includes only the AAF CA cert. - If the microservice uses certificates from an external CMPv2 provider, the Deployment will include an initContainer that performs certificate post-processing. @@ -247,7 +237,6 @@ post-processing. {{- $log := default dict .Values.log -}} {{- $logDir := default "" $log.path -}} {{- $certDir := (eq "true" (include "common.needTLS" .)) | ternary (default "" .Values.certDirectory . ) "" -}} -{{- $tlsServer := default "" .Values.tlsServer -}} {{- $commonRelease := print (include "common.release" .) -}} {{- $policy := default dict .Values.policies -}} {{- $policyRls := default $commonRelease $policy.policyRelease -}} @@ -269,44 +258,6 @@ spec: {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} {{- end }} {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }} - {{- if $certDir }} - - name: {{ include "common.name" . }}-aaf-init-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --container-name - - aaf-cm - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi - - name: init-tls - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: TLS_SERVER - value: {{ $tlsServer | quote }} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - resources: {{ include "common.resources" . | nindent 10 }} - volumeMounts: - - mountPath: /opt/app/osaaf - name: tls-info - {{- end }} {{ include "dcaegen2-services-common._certPostProcessor" . | nindent 4 }} containers: - image: {{ default ( include "repositoryGenerator.repository" . ) .Values.imageRepositoryOverride }}/{{ .Values.image }} @@ -423,10 +374,6 @@ spec: volumeMounts: - mountPath: /etc/policies name: policy-shared - {{- if $certDir }} - - mountPath: /opt/ca-certificates/ - name: tls-info - {{- end }} {{- end }} hostname: {{ include "common.name" . }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index cd9be3b30d..1cc450d936 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -2,7 +2,7 @@ # ========================================================================= # Copyright (c) 2021 Nordix Foundation. # Copyright (c) 2022 Nokia. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ========================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,7 +45,6 @@ secrets: ################################################################# # InitContainer Images. ################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 ################################################################# @@ -66,11 +65,6 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # if absent, no certs will be retrieved and stored certDirectory: /opt/app/datafile/etc/cert -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # CMPv2 certificate # It is used only when: # - certDirectory is set diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml index e18ea04ee1..06ff279207 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml @@ -1,7 +1,7 @@ # ============= LICENSE_START ================================================ # ============================================================================ # Copyright (C) 2021 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,21 +32,6 @@ filebeatConfig: logstashPort: 5044 ################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - -################################aafcreds################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -59,15 +44,6 @@ log: path: /var/log/ONAP/dcaegen2/services/datalake-admin-ui logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/datalake-admin-ui/etc/cert/ - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -91,11 +67,6 @@ service: port: 8088 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - # Initial Application Configuration applicationConfig: FEEDER_ADDR: dl-feeder diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml index cab2a953ec..9049e0a03c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml @@ -1,7 +1,7 @@ # ============= LICENSE_START ================================================ # ============================================================================ # Copyright (C) 2021 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,22 +36,12 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds externalSecret: '{{ include "common.release" . }}-datalake-pg-user-creds' type: basicAuth login: '{{ .Values.postgres.config.pgUserName }}' passwordPolicy: required -################################aafcreds################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - ################################################################# # Application Configuration Defaults. ################################################################# @@ -65,15 +55,6 @@ log: path: /var/log/ONAP/dcaegen2/services/datalake logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/datalake/etc/cert/ - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -97,11 +78,6 @@ service: port: 1681 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - #postgres configuration postgres: config: diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml index 25b74d7502..552e00cfbd 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (C) 2021 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,11 +35,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-datalake-pg-user-creds' type: basicAuth @@ -49,11 +44,6 @@ secrets: passwordPolicy: generate ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -67,15 +57,6 @@ log: path: /var/log/ONAP/dcaegen2/services/datalake logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/datalake/etc/certs - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -99,11 +80,6 @@ service: port: 1680 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - credentials: - name: PG_USER uid: *pgUserCredsSecretUid diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml index 83acd545c8..115bd257c6 100644 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (c) 2021-2023 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,11 +35,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-heartbeat-pg-user-creds' type: basicAuth @@ -49,11 +44,6 @@ secrets: passwordPolicy: generate ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -67,15 +57,6 @@ log: path: /var/log/ONAP/dcaegen2/services/heartbeat logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/heartbeat/etc/certs - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -100,18 +81,7 @@ service: port: 10002 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - name: HEARTBEAT_PG_USERNAME uid: *pgUserCredsSecretUid key: login diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 482d88e883..ab6d3f247c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2021-2022 Nokia. All rights reserved. # Modifications Copyright (C) 2022-2023 Nordix Foundation. # ================================================================================ @@ -35,7 +35,6 @@ filebeatConfig: ################################################################# # initContainer images. ################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 ################################################################# @@ -59,11 +58,6 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # if absent, no certs will be retrieved and stored certDirectory: /etc/ves-hv/ssl -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # CMPv2 certificate # It is used only when: # - certDirectory is set diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml index 19ff61fa96..db85cfd045 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml @@ -1,7 +1,7 @@ # ============= LICENSE_START ================================================ # ============================================================================ # Copyright (C) 2021-2022 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,21 +32,6 @@ filebeatConfig: logstashPort: 5044 ################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - -################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -60,16 +45,6 @@ log: path: /var/log/ONAP/dcaegen2/services/kpims logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/kpims/etc/cert/ - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false -enable_tls: false - # Optional Policy configuration properties # if present, policy-sync side car will be deployed #dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 @@ -100,19 +75,6 @@ service: port: 8080 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - -credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - # Initial Application Configuration applicationConfig: trust_store_path: '/opt/app/kpims/etc/cert/trust.jks' diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index 5cdd5db7b9..f3a7ae3977 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -2,7 +2,7 @@ # ========================================================================= # Copyright (C) 2021 Nordix Foundation. # Copyright (c) 2022 Nokia. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ========================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,11 +36,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &drSubCredsUID drsubcreds type: basicAuth login: '{{ .Values.drSubscriberCreds.username }}' @@ -48,11 +43,6 @@ secrets: passwordPolicy: required ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -66,15 +56,6 @@ log: path: /var/log/ONAP/dcaegen2/services/pm-mapper logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/pm-mapper/etc/cert - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -104,23 +85,12 @@ service: plain_port: 8081 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - # Data Router Subscriber Credentials drSubscriberCreds: username: username password: password credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - name: DR_USERNAME uid: *drSubCredsUID key: login diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml index 7f306542b4..f6782db6c6 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (C) 2021 Nordix Foundation. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,11 +35,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-pmsh-pg-user-creds' type: basicAuth @@ -49,11 +44,6 @@ secrets: passwordPolicy: generate ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -67,15 +57,6 @@ log: path: /var/log/ONAP/dcaegen2/services/pmsh logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/pmsh/etc/certs - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -101,24 +82,11 @@ service: plain_port: 8080 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - -credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - # Initial Application Configuration applicationConfig: enable_tls: false - aaf_identity: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} + aaf_identity: dummy_value + aaf_password: dummy_value key_path: /opt/app/pmsh/etc/certs/key.pem cert_path: /opt/app/pmsh/etc/certs/cert.pem ca_cert_path: /opt/app/pmsh/etc/certs/cacert.pem diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml index 80154c781f..da48074303 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2022 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,11 +32,6 @@ filebeatConfig: logstashPort: 5044 ################################################################# -# initContainer images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application configuration defaults. ################################################################# # application image @@ -50,15 +45,6 @@ log: path: /opt/app/prh/logs logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/prh/etc/cert - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - secrets: - uid: &aaiCredsUID aaicreds type: basicAuth diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index dcbedf4b2f..92467f4a7c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -41,12 +41,6 @@ secrets: password: '{{ .Values.controllerCreds.password }}' passwordPolicy: required - -################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - ################################################################# # Application Configuration Defaults. ################################################################# @@ -61,15 +55,6 @@ log: path: null # /opt/app/restconfcollector/logs logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/dcae-certificate - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml index 3fdd251110..e57c781ed5 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -1,7 +1,7 @@ # ============= LICENSE_START ================================================ # ============================================================================ # Copyright (C) 2021-2022 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # Copyright (C) 2022 Huawei Canada Limited. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,11 +36,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-sliceanalysisms-pg-user-creds' type: basicAuth @@ -49,11 +44,6 @@ secrets: password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate -################################aafcreds################################# -# InitContainer Image -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - ################################################################# # Application Configuration Defaults. ################################################################# @@ -85,15 +75,6 @@ log: path: /var/log/ONAP/dcaegen2/services/sliceanalysisms logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/sliceanalysisms/etc/cert/ - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -118,18 +99,7 @@ service: port: 8080 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - name: PG_USERNAME uid: *pgUserCredsSecretUid key: login diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml index 5340f35770..5c888db790 100644 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,12 +31,6 @@ filebeatConfig: logstashServiceName: log-ls logstashPort: 5044 - -################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - ################################################################# # Application Configuration Defaults. ################################################################# @@ -51,13 +45,6 @@ log: path: /opt/app/snmptrap/logs logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - - # Dependencies readinessCheck: wait_for: diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index bd684e3db5..6b007a330b 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -1,7 +1,7 @@ # ============= LICENSE_START ================================================ # ============================================================================ # Copyright (C) 2021-2022 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,11 +35,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &cpsCredsUID cpscreds type: basicAuth login: '{{ .Values.cpsCreds.identity }}' @@ -54,11 +49,6 @@ secrets: passwordPolicy: generate ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -72,15 +62,6 @@ log: path: /var/log/ONAP/dcaegen2/services/sonhms logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/sonhms/etc/certs - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Optional Policy configuration properties # if present, policy-sync side car will be deployed #dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 @@ -112,21 +93,12 @@ service: port: 8080 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! +# Credentials cpsCreds: identity: cps password: cpsr0cks! credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - name: CPS_IDENTITY uid: *cpsCredsUID key: login diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index 08ca865aff..40a7c13dca 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,11 +32,6 @@ filebeatConfig: logstashPort: 5044 ################################################################# -# initContainer images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application configuration defaults. ################################################################# # application image @@ -50,15 +45,6 @@ log: path: /opt/logs/dcae-analytics-tca logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /etc/tca-gen2/ssl - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - secrets: - uid: &aaiCredsUID aaicreds type: basicAuth diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 9e9750a56f..2ee3eb2ee4 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -1,7 +1,7 @@ #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2021-2022 Nokia. All rights reserved. -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2022 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -35,7 +35,6 @@ filebeatConfig: ################################################################# # initContainer images. ################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 ################################################################# @@ -56,11 +55,6 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # if absent, no certs will be retrieved and stored certDirectory: /opt/app/dcae-certificate -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # CMPv2 certificate # It is used only when: # - certDirectory is set diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml index 47eb5f1f20..4ee6ee72f4 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,11 +32,6 @@ filebeatConfig: logstashPort: 5044 ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -50,15 +45,6 @@ log: path: /opt/app/VESAdapter/logs logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -#certDirectory: /opt/app/ves-mapper/etc/certs - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -#tlsServer: false - # Dependencies readinessCheck: wait_for: |