1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
|
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 1c20977..4b47c63 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -29,7 +29,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-image:1.4.0-SNAPSHOT-latest
+image: onap/appc-image:1.3.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -37,10 +37,7 @@ debugEnabled: false
# application configuration
config:
- aafExtIP: 127.0.0.1
- aafExtFQDN: aaf-onap-beijing-test.osaaf.org
dbRootPassword: openECOMP1.0
- enableAAF: false
enableClustering: true
configDir: /opt/onap/appc/data/properties
dmaapTopic: SUCCESS
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index 328e058..b359526 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -35,8 +35,14 @@ spec:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
+ command:
+ - /bin/bash
+ - -c
+ - >
+ UPDATE_HOSTS_FILE >> /etc/hosts;
+ UPDATE_NPM_REGISTRY;
+ cd /opt/onap/ccsdk/dgbuilder/;
+ ./start.sh sdnc1.0 && wait
ports:
- containerPort: {{ .Values.service.internalPort }}
readinessProbe:
@@ -94,3 +100,4 @@ spec:
defaultMode: 0755
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
index acda520..8fa35f9 100644
--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
@@ -68,6 +68,8 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /etc/pki/ca-trust/source/anchors
+ name: root-ca
securityContext:
privileged: True
lifecycle:
@@ -80,6 +82,8 @@ spec:
set -ex
mkdir -p /var/run/secrets/kubernetes.io/
ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
+ echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice
+ update-ca-trust extract
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
@@ -93,5 +97,8 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
+ - name: root-ca
+ hostPath:
+ path: CERT_PATH
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
index 379fc24..4802f8b 100644
--- a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
+++ b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
@@ -48,6 +48,12 @@ spec:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - /bin/sh
+ - -c
+ - >
+ UPDATE_HOSTS_FILE >> /etc/hosts;
+ ./startup.sh
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index b8f15e1..fadb56e 100644
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -39,7 +39,8 @@ global:
loggingRepository: docker.elastic.co
# image pull policy
- pullPolicy: Always
+ #pullPolicy: Always
+ pullPolicy: IfNotPresent
# default mount path root directory referenced
# by persistent volumes and log files
@@ -66,11 +67,11 @@ appc:
config:
openStackType: OpenStackProvider
openStackName: OpenStack
- openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
- openStackServiceTenantName: default
- openStackDomain: default
- openStackUserName: admin
- openStackEncryptedPassword: admin
+ openStackKeyStoneUrl: FILL-ME
+ openStackServiceTenantName: FILL-ME
+ openStackDomain: FILL-ME
+ openStackUserName: FILL-ME
+ openStackEncryptedPassword: FILL-ME
clamp:
enabled: true
cli:
@@ -97,8 +98,11 @@ nbi:
enabled: true
config:
# openstack configuration
- openStackRegion: "Yolo"
- openStackVNFTenantId: "1234"
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
policy:
enabled: true
portal:
@@ -112,7 +116,11 @@ sdnc:
replicaCount: 1
+ config:
+ enableClustering: false
+
mysql:
+ disableNfsProvisioner: true
replicaCount: 1
so:
enabled: true
@@ -129,11 +137,11 @@ so:
# message router configuration
dmaapTopic: "AUTO"
# openstack configuration
- openStackUserName: "vnf_user"
- openStackRegion: "RegionOne"
- openStackKeyStoneUrl: "http://1.2.3.4:5000"
- openStackServiceTenantName: "service"
- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+ openStackUserName: "FILL-ME"
+ openStackRegion: "FILL-ME"
+ openStackKeyStoneUrl: "FILL-ME"
+ openStackServiceTenantName: "FILL-ME"
+ openStackEncryptedPasswordHere: "FILL-ME"
# configure embedded mariadb
mariadb:
diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
index 72f7a74..f6b3478 100644
--- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
+++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
@@ -114,7 +114,7 @@ else
url_release
fi
-wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip
+wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip --no-check-certificate
if [[ $? != 0 ]]; then
echo "ERROR: cannot download ${DOWNLOAD_DIR}/apps-${APP_NAME}.zip"
exit 1
diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
index a6c054d..9e48d55 100644
--- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
+++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
@@ -84,8 +84,8 @@ echo "Restarting PDP-D .."
echo
echo
-POD=$(kubectl --namespace onap-policy get pods | sed 's/ .*//'| grep drools)
-kubectl --namespace onap-policy exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start"
+POD=$(kubectl --namespace onap get pods | sed 's/ .*//'| grep drools)
+kubectl --namespace onap exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 1 && policy start"
sleep 20
diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh
index dcd3afb..21b3171 100644
--- a/kubernetes/policy/resources/config/pe/push-policies.sh
+++ b/kubernetes/policy/resources/config/pe/push-policies.sh
@@ -22,7 +22,7 @@ echo "Upload BRMS Param Template"
sleep 2
-wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing
+wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing --no-check-certificate
sleep 2
diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
index aea67c8..06dc17b 100644
--- a/kubernetes/robot/values.yaml
+++ b/kubernetes/robot/values.yaml
@@ -39,49 +39,49 @@ config:
# Password of the lighthttpd server. Used for HTML auth for webpage access
lightHttpdPassword: robot
# gerrit branch where the latest heat code is checked in
- gerritBranch: 2.0.0-ONAP
+ gerritBranch: master
# gerrit project where the latest heat code is checked in
gerritProject: http://gerrit.onap.org/r/demo.git
# Demo configuration
# Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION
-demoArtifactsVersion: "1.2.0-SNAPSHOT"
+demoArtifactsVersion: "1.3.0"
# Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR
openStackFlavourMedium: "m1.medium"
# Openstack keystone URL. Maps to GLOBAL_INJECTED_KEYSTONE
-openStackKeyStoneUrl: "http://1.2.3.4:5000"
+openStackKeyStoneUrl: "FILL-ME"
# UUID of the Openstack network that can assign floating ips. Maps to GLOBAL_INJECTED_PUBLIC_NET_ID
-openStackPublicNetId: "e8f51958045716781ffc"
+openStackPublicNetId: "FILL-ME"
# password for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PASSWORD
-openStackPassword: "tenantPassword"
+openStackPassword: "FILL-ME"
# Openstack region. Maps to GLOBAL_INJECTED_REGION
openStackRegion: "RegionOne"
# Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID
-openStackTenantId: "47899782ed714295b1151681fdfd51f5"
+openStackTenantId: "FILL-ME"
# username for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME
-openStackUserName: "tenantUsername"
+openStackUserName: "FILL-ME"
# Openstack glance image name for Ubuntu 14. Maps to GLOBAL_INJECTED_UBUNTU_1404_IMAGE
-ubuntu14Image: "Ubuntu_14_trusty"
+ubuntu14Image: "FILL-ME"
# Openstack glance image name for Ubuntu 16. Maps to GLOBAL_INJECTED_UBUNTU_1604_IMAGE
-ubuntu16Image: "Ubuntu_16_xenial"
+ubuntu16Image: "FILL-ME"
# GLOBAL_INJECTED_SCRIPT_VERSION. Maps to GLOBAL_INJECTED_SCRIPT_VERSION
-scriptVersion: "1.2.0-SNAPSHOT"
+scriptVersion: "1.2.1"
# Openstack network to which VNFs will bind their primary (first) interface. Maps to GLOBAL_INJECTED_NETWORK
-openStackPrivateNetId: "e8f51956-00dd-4425-af36-045716781ffc"
+openStackPrivateNetId: "FILL-ME"
# SDNC Preload configuration
# Openstack subnet UUID for the network defined by openStackPrivateNetId. Maps to onap_private_subnet_id
-openStackPrivateSubnetId: "e8f51956-00dd-4425-af36-045716781ffc"
+openStackPrivateSubnetId: "FILL-ME"
# CIDR notation for the Openstack private network where VNFs will be spawned. Maps to onap_private_net_cidr
-openStackPrivateNetCidr: "10.0.0.0/8"
+openStackPrivateNetCidr: "FILL-ME"
# The first 2 octets of the private Openstack subnet where VNFs will be spawned.
# Needed because sdnc preload templates hardcodes things like this 10.0.${ecompnet}.X
openStackOamNetworkCidrPrefix: "10.0"
# Override with Pub Key for access to VNF
-vnfPubKey: "FILL_IN_WITH_PUB_KEY"
-# Override with DCAE VES Collector external IP
-dcaeCollectorIp: "FILL_IN_WITH_DCAE_VES_COLLECTOR_IP"
+vnfPubKey: "FILL-ME"
+# Override with DCAE VES Collector external IP
+dcaeCollectorIp: "FILL-ME"
# default number of instances
replicaCount: 1
@@ -156,4 +156,4 @@ persistence:
accessMode: ReadWriteMany
size: 2Gi
mountPath: /dockerdata-nfs
- mountSubPath: robot/logs
\ No newline at end of file
+ mountSubPath: robot/logs
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
index a19c33a..b49e2c4 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
+++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
@@ -47,8 +47,17 @@ spec:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/sdnc && ./startAnsibleServer.sh"]
+ command:
+ - bash
+ - "-c"
+ - |
+ pip install /root/ansible_pkg/*.whl
+ dpkg -i /root/ansible_pkg/*.deb
+ cp /etc/ansible/ansible.cfg /etc/ansible/ansible.cfg.orig
+ cat /etc/ansible/ansible.cfg.orig | sed -e 's/#host_key_checking/host_key_checking/' > /etc/ansible/ansible.cfg
+ touch /tmp/.ansible-server-installed
+ cd /opt/onap/sdnc
+ ./startAnsibleServer.sh
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
@@ -74,6 +83,8 @@ spec:
- mountPath: {{ .Values.config.configDir }}/RestServer_config
name: config
subPath: RestServer_config
+ - mountPath: /root/ansible_pkg
+ name: ansible-pkg
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -92,5 +103,9 @@ spec:
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: ansible-pkg
+ hostPath:
+ path: /root/ansible_pkg
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
index 87ed6aa..5da236d 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
+++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
@@ -49,8 +49,13 @@ spec:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"]
+ command:
+ - /bin/bash
+ - -c
+ - >
+ UPDATE_HOSTS_FILE >> /etc/hosts;
+ UPDATE_NPM_REGISTRY;
+ cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
diff --git a/kubernetes/uui/charts/uui-server/templates/deployment.yaml b/kubernetes/uui/charts/uui-server/templates/deployment.yaml
index accdff9..fa83daf 100644
--- a/kubernetes/uui/charts/uui-server/templates/deployment.yaml
+++ b/kubernetes/uui/charts/uui-server/templates/deployment.yaml
@@ -34,6 +34,12 @@ spec:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ - >
+ chown -R mysql:mysql /var/lib/mysql /var/run/mysqld;
+ /home/uui/bin/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
--- oom/kubernetes/common/common/templates/_cacert.tpl 1970-01-01 00:00:00.000000000 +0000
+++ onap-dev/install/onap-offline/resources/oom/kubernetes/common/common/templates/_cacert.tpl 2018-11-02 15:09:31.781688957 +0000
@@ -0,0 +1,62 @@
+#This template adds volume for access to ca certificate.
+#Template is ignored when cacert not set.
+{{- define "common.cacert-volume" }}
+{{- if .Values.global.cacert }}
+- name: cacert
+ configMap:
+ name: {{ include "common.namespace" . }}-root-ca-cert
+{{- end }}
+{{- end }}
+
+#This template mounts the CA certificate in an ubuntu compatible way.
+#It is mounted to /usr/local/share/ca-certificates/cacert.crt.
+#Template is ignored if cacert not set.
+{{- define "common.cacert-mount-ubuntu" }}
+{{- if .Values.global.cacert }}
+- mountPath: "/usr/local/share/ca-certificates/cacert.crt"
+ name: cacert
+ subPath: certificate
+{{- end }}
+{{- end }}
+
+#This template creates an empty volume used to store system certificates (includes java keystore).
+{{- define "common.system-ca-store-volume" }}
+{{- if .Values.global.cacert }}
+- name: system-ca-store
+ emptyDir:
+{{- end }}
+{{- end }}
+
+#This template mounts system ca store volume to /etc/ssl/certs (ubuntu specific).
+#Template is ignored in case cacert is not given.
+{{- define "common.system-ca-store-mount-ubuntu" }}
+{{- if .Values.global.cacert }}
+- mountPath: "/etc/ssl/certs"
+ name: system-ca-store
+{{- end }}
+{{- end }}
+
+#This template is a template for an init container.
+#This init container can be declared to update system's ca store for ubuntu containers.
+#It runs as root using the same image as the main one.
+#It expects /etc/ssl/certs to be mounted as a volume.
+#It has to be shared with the main container.
+#This template is ignored if cacert is not given as helm value.
+{{- define "common.update-system-ca-store-ubuntu" }}
+{{- if .Values.global.cacert }}
+- command:
+ - "/bin/bash"
+ - "-c"
+ - |
+ mkdir -p /etc/ssl/certs/java
+ update-ca-certificates
+ name: update-system-ca-store
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+{{ include "common.cacert-mount-ubuntu" . | indent 2 }}
+{{ include "common.system-ca-store-mount-ubuntu" . | indent 2 }}
+{{- end }}
+{{- end }}
--- oom/kubernetes/onap/templates/configmap.yaml 1970-01-01 00:00:00.000000000 +0000
+++ onap-dev/install/onap-offline/resources/oom/kubernetes/onap/templates/configmap.yaml 2018-11-02 15:09:31.804689107 +0000
@@ -0,0 +1,15 @@
+{{ if .Values.global.cacert -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.namespace" . }}-root-ca-cert
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ certificate: |
+{{ .Values.global.cacert | indent 4 }}
+{{- end }}
--- oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml 2018-11-06 07:38:46.341849402 +0000
+++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml 2018-11-02 15:09:31.808689133 +0000
@@ -45,6 +45,7 @@
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
containers:
- command:
- /bin/bash
@@ -68,6 +69,8 @@
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.cacert-mount-ubuntu" . | indent 8 }}
+{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -94,6 +97,8 @@
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.cacert-volume" . | indent 8 }}
+{{ include "common.system-ca-store-volume" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
--- oom/kubernetes/policy/charts/drools/templates/statefulset.yaml 2018-11-06 07:38:46.343849404 +0000
+++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/drools/templates/statefulset.yaml 2018-11-02 15:09:31.810689146 +0000
@@ -51,6 +51,8 @@
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
+{{ include "policy.update-policy-keystore" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -78,6 +80,9 @@
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
volumeMounts:
+{{ include "common.cacert-mount-ubuntu" . | indent 10 }}
+{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }}
+{{ include "policy.keystore-mount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -136,6 +141,9 @@
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.cacert-volume" . | indent 8 }}
+{{ include "common.system-ca-store-volume" . | indent 8 }}
+{{ include "policy.keystore-storage-volume" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
--- oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-06 07:38:46.345849405 +0000
+++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-02 15:09:31.812689159 +0000
@@ -49,6 +49,7 @@
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
containers:
- command:
- /bin/bash
@@ -72,6 +73,8 @@
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+{{ include "common.cacert-mount-ubuntu" . | indent 8 }}
+{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -121,6 +124,8 @@
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.cacert-volume" . | indent 6 }}
+{{ include "common.system-ca-store-volume" . | indent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
--- oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl 1970-01-01 00:00:00.000000000 +0000
+++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl 2018-11-02 15:09:31.812689159 +0000
@@ -0,0 +1,43 @@
+#This template creates a volume for storing policy-keystore with imported ca.
+#It is ignored if cacert was not given.
+{{- define "policy.keystore-storage-volume" }}
+{{- if .Values.global.cacert }}
+- name: keystore-storage
+ emptyDir:
+{{- end }}
+{{- end }}
+
+#This template mounts policy-keystore in appropriate place for policy components to take it.
+#It is ignored if cacert is not given.
+{{- define "policy.keystore-mount" }}
+{{- if .Values.global.cacert }}
+- mountPath: "/tmp/policy-install/config/policy-keystore"
+ name: keystore-storage
+ subPath: policy-keystore
+{{- end }}
+{{- end }}
+
+#This will extract a policy keystore and then import
+#the root cacert of offline nexus into it.
+#This template expects a volume named keystore-storage where policy-keystore will be put.
+#It also expects volume named cacert where the file "certificate" will contain the cert to import.
+#Template is ignored if ca certificate not given.
+{{- define "policy.update-policy-keystore" }}
+{{- if .Values.global.cacert }}
+- command:
+ - "/bin/bash"
+ - "-c"
+ - |
+ set -e
+ tar -xzf base-*.tar.gz etc/ssl/policy-keystore
+ cp etc/ssl/policy-keystore keystore-storage/
+ keytool -import -keystore keystore-storage/policy-keystore -storepass "Pol1cy_0nap" -noprompt -file /usr/local/share/ca-certificates/cacert.crt
+ name: update-policy-keystore
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ volumeMounts:
+ - mountPath: "/tmp/policy-install/keystore-storage"
+ name: keystore-storage
+{{ include "common.cacert-mount-ubuntu" . | indent 2 }}
+{{- end }}
+{{- end }}
--- oom/kubernetes/policy/templates/deployment.yaml 2018-11-06 07:38:46.346849406 +0000
+++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/templates/deployment.yaml 2018-11-02 15:09:31.813689166 +0000
@@ -45,6 +45,7 @@
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
containers:
- command:
- /bin/bash
@@ -72,6 +73,8 @@
- name: PRELOAD_POLICIES
value: "{{ .Values.config.preloadPolicies }}"
volumeMounts:
+{{ include "common.cacert-mount-ubuntu" . | indent 10 }}
+{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -136,6 +139,8 @@
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.cacert-volume" . | indent 8 }}
+{{ include "common.system-ca-store-volume" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
|
