summaryrefslogtreecommitdiffstats
path: root/kubernetes/oof/resources
diff options
context:
space:
mode:
authorvrvarma <vv8305@att.com>2019-04-25 23:08:01 -0400
committerAlexis de Talhouƫt <adetalhouet89@gmail.com>2019-05-13 15:30:31 +0000
commit8f5004939a58a7a3d7c2398678a449a1767debe9 (patch)
tree311d40ad717766134c6292dbb49333e44c2cffec /kubernetes/oof/resources
parent4f897651438c1f8a199f471dd16b150585353116 (diff)
Configuration changes to make osdf ssl enabled
Add common_config.yaml file to enable SSL Add the cert and key files Modify the deployment to mount the cert files Increment the docker image version Securing HAS api with https Modifying the health check protocol to https and credentials Updating certs to add has hostnames Change-Id: I860a0c436234b31d675ca0447fa92d511be0b140 Signed-off-by: vrvarma <vv8305@att.com> Issue-ID: OPTFRA-293
Diffstat (limited to 'kubernetes/oof/resources')
-rw-r--r--kubernetes/oof/resources/config/common_config.yaml82
-rw-r--r--kubernetes/oof/resources/config/org.onap.oof.crt86
-rw-r--r--kubernetes/oof/resources/config/org.onap.oof.key29
-rwxr-xr-xkubernetes/oof/resources/config/osdf_config.yaml2
4 files changed, 198 insertions, 1 deletions
diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/common_config.yaml
new file mode 100644
index 0000000000..03972a7e1f
--- /dev/null
+++ b/kubernetes/oof/resources/config/common_config.yaml
@@ -0,0 +1,82 @@
+osdf_system:
+ libpath: /opt/app/osdf/libs
+ osdf_ports:
+ internal: 8699 # inside the Docker container, the app listens to this port
+ external: 8698 # clients use this port on DockerHost
+ osdf_ip_default: 0.0.0.0
+# # Important Note: At deployment time, we need to ensure the port mapping is done
+ ssl_context: ['/opt/app/ssl_cert/org.onap.oof.crt', '/opt/app/ssl_cert/org.onap.oof.key']
+
+osdf_temp: # special configuration required for "workarounds" or testing
+ local_policies:
+ global_disabled: True
+ local_placement_policies_enabled: True
+ placement_policy_dir_vcpe: "./test/policy-local-files/"
+ placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components)
+ - Affinity_vCPE_1.json
+ #- Capacity_vGMuxInfra.json
+ #- Capacity_vG_1.json
+ - Distance_vG_1.json
+ - Distance_vGMuxInfra_1.json
+ - hpa_policy_vG_1.json
+ - hpa_policy_vGMuxInfra_1.json
+ - Placement_Optimization_1.json
+ - QueryPolicy_vCPE.json
+ - vnfPolicy_vG.json
+ - vnfPolicy_vGMuxInfra.json
+ placement_policy_dir_vfw: "./test/policy-local-files/"
+ placement_policy_files_vfw: # workaroud for policy platform glitches (or "work-arounds" for other components)
+ #- Capacity_vFW_1.json
+ - Distance_vFW_1.json
+ - hpa_policy_vFW_1.json
+ - Placement_Optimization_1.json
+ - QueryPolicy_vFW.json
+ - vnfPolicy_vFW.json
+ placement_policy_dir_vfw_td: "./test/policy-local-files/"
+ placement_policy_files_vfw_td:
+ - vnfPolicy_vFW_TD.json
+ - vnfPolicy_vPGN_TD.json
+ - affinity_vFW_TD.json
+ - QueryPolicy_vFW_TD.json
+service_info:
+ vCPE:
+ vcpeHostName: requestParameters.vcpeHostName
+ e2eVpnKey: requestParameters.e2eVpnKey
+ vFW:
+ vcpeHostName: requestParameters.vcpeHostName
+ e2eVpnKey: requestParameters.e2eVpnKey
+
+references:
+ service_name:
+ source: request
+ value: serviceInfo.serviceName
+ subscriber_role:
+ source: SubscriberPolicy
+ value: content.properties.subscriberRole
+
+policy_info:
+ prioritization_attributes:
+ policy_type:
+ - content.policyType
+ resources:
+ - content.resources
+ - content.objectiveParameter.parameterAttributes.resources
+ service_name:
+ - content.serviceName
+
+ placement:
+ policy_fetch: by_scope
+ policy_scope:
+ default_scope: OSDF_CASABLANCA
+ vcpe_scope: OSDF_CASABLANCA
+ vfw_scope: OSDF_DUBLIN
+ secondary_scopes:
+ -
+ - get_param: service_name
+ - US
+ # -
+ # - get_param: service_name
+ # - get_param: subscriber_role
+ default: # if no explicit service related information is needed
+ policy_fetch: by_name
+ policy_scope: none
diff --git a/kubernetes/oof/resources/config/org.onap.oof.crt b/kubernetes/oof/resources/config/org.onap.oof.crt
new file mode 100644
index 0000000000..224d39375b
--- /dev/null
+++ b/kubernetes/oof/resources/config/org.onap.oof.crt
@@ -0,0 +1,86 @@
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIIfDQFJU4qiGIwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
+bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUwOTAzMzYxN1oXDTIwMDUwOTAzMzYxN1ow
+fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI
+hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T
+QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAIVFAR2i+qXd4hYeiXiTgoTyHeZQt0ndSq1aJ/tsiPEz
+cH3/egq2nYGzC9zccDip8Vyd8uP54hw6OD8ulgssuxrRUppR0TcNp7TPzNIYbnOI
+hjxU4XHCUQbhH4lt8+KVZDGCeWuDOTKXMZ2ZDj/WUcHXJA+2XDpUY6Gdg4K8+Mgu
+CIOzqTkLl0Nz1a0FopZkSjf8nF0R1hf7XtbQorywLz7RL++nEh1a+vDkmVcSmLyW
+fhI2uteuRFg3v9Y+Ebkp37QZ4oTpAjSyUKbvKuE0dhRvoTSRmjIxKFxiGrQBrMyJ
+S3eQJR6USuRhxk2fZx9jTTPiVS5QotoTOO0C2xw9sBsCAwEAAaOCAUgwggFEMAkG
+A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w
+LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH
+MB0GA1UdDgQWBBSaLxp34n5RCgXcMF4JKn+Z+HqMRTCBjwYDVR0RBIGHMIGEghtv
+b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku
+c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m
+LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi5vbmFwMA0GCSqGSIb3DQEBCwUA
+A4IBAQBarLs2rX/Av0CevlVcvGi73CsvBCtS18jz4Bj/cxuIDZzEHXtOoUmJ8FrI
+9sG2cyZlqCBcND67VJfXsd34amhORnAwzzOjZGWgqvNfP9ayT/Ai1IAeBC0q33vu
+h7v7wgV/cbZ+uNeU6ubN47JaW0pw6q7IBIhbTtnmBC+JmM0MLXt/zdU+/mbHEq7N
+X+1AHDfM7VTzGrDTLt9DEX2tpBlj7l46Xp6UXWlbXUk2cHVzhNrhdgGDPHVs1MRT
+ts3PvNAKyo1zHBRRS0asLVSes0Fge1O6x4RD5vbvFQxhawZsrvS2RRrLiCJNoMP3
+BiU0GD9vLvQy2SB+xBER57WuBsas
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
+-----END CERTIFICATE-----
+
+
diff --git a/kubernetes/oof/resources/config/org.onap.oof.key b/kubernetes/oof/resources/config/org.onap.oof.key
new file mode 100644
index 0000000000..a261fda9ed
--- /dev/null
+++ b/kubernetes/oof/resources/config/org.onap.oof.key
@@ -0,0 +1,29 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCFRQEdovql3eIW
+Hol4k4KE8h3mULdJ3UqtWif7bIjxM3B9/3oKtp2Bswvc3HA4qfFcnfLj+eIcOjg/
+LpYLLLsa0VKaUdE3Dae0z8zSGG5ziIY8VOFxwlEG4R+JbfPilWQxgnlrgzkylzGd
+mQ4/1lHB1yQPtlw6VGOhnYOCvPjILgiDs6k5C5dDc9WtBaKWZEo3/JxdEdYX+17W
+0KK8sC8+0S/vpxIdWvrw5JlXEpi8ln4SNrrXrkRYN7/WPhG5Kd+0GeKE6QI0slCm
+7yrhNHYUb6E0kZoyMShcYhq0AazMiUt3kCUelErkYcZNn2cfY00z4lUuUKLaEzjt
+AtscPbAbAgMBAAECggEAUSSNpFzaXel2Qd9/9kFiQ84jNFtK7hdl45y0IVqZGrsm
+MCFATouX5SN+ApDZZzbZ9XlaLUK1UFiGbLnRs6Ydmht/PuS4DNwsk2O+ouErRv8G
+NG++AIS+zwB9MjEXQIuTQK3fff2c8tep5voM+gNlLi/vDf4Ls5w0OW/tZcnndAHp
+qpepSMd29gIwi9nViCD11k32UdQ7oAb7pB+RXleol1181945reuuvzIqfGamvfhl
+TXdGO3GT7bSiy0q2iFGiAeEBfCNqYs3ptJrDrUSiPD7CZOybUFxGfI8lnrW/yvya
+FrwIZuOkLdnCDssXsFzWz08NJ8sr2/HZZBgl9nbFoQKBgQDHVwq244eyUtNalRvZ
+HPiRewSwp4A1pYBzk5DmcYLgKrXUlukYy7pKr8VoH899iWVPzWKqNkHavV2KvcSr
+4dyNnEytAKiBqcb4piAzajgWG+m27WvITDF2zJhzx+91E1tngtyjKNzAHWG57A/W
+S3H4Cm2eidXe6lKURL0RJ4QLcQKBgQCrJlnyPCf3qfcHkXW/EYlzmJMDSasgLEBl
+/dthVZ8QRshooyzJTCckN2PXO+mbuarwmnjtb8ZS/PzPSZ7cAKfZOHgzWOPM5I45
+n0axJmrSZ+dUz270q8R1sVfqd0/jH4LjwuCQMKZmN+UpTijA2hKVWUCxcML7KtXT
+QP3TQSy2SwKBgDlPgxsVy3uvaGiQmhMPyz84WR7Y6XmC/a087dnzJKeCYAig4p9o
+Y0T5yA2pp6P2DpSk/grl0oUrEGvFJ3grVZe5KipLGCc/Qp9WU8e0cC+bEtSu6eAK
+V+ZJ6ELRZr0INa1K6FhYdS8ew2wKvHrl8fxYMy/zfPO79sX+BUWbUNFhAoGAK5FQ
+tkw/9FjM7J1HtwLU1ZtSWTTongEFx7DOpsFwA2mxXImlPfznvd1nygOTXTPvYt4/
+yFl6x+dkx7O6/9Ae6jnox1Fqc97+oYZ9LV1VNgiDJ+DCIwCSu08QzTvgFzYPUMFr
+/uiTg1PZPyGJWEZrEp+syz6kM+HcmrFhq+RcaG8CgYEAtgHnJWL3v9r1jTP1YLRm
+C7tXJ5a/xs3+KuM6vmSpAwkDvV50RK07ypGZqWsG2ewjUqxpAOeoiMn0dRRGP324
+yNCXUWjTVFbzdtzOQuOZVnEeje3K8xHUS3kv9zm1TgMbCRJgvc1THXhderiBShOK
+ATP2Y7+WNByxs+TXGI//cFQ=
+-----END PRIVATE KEY-----
+
diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml
index fea3d908cf..4dd3097918 100755
--- a/kubernetes/oof/resources/config/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/osdf_config.yaml
@@ -60,7 +60,7 @@ osdfCMSchedulerUsername: {{ .Values.config.osdfCMSchedulerUsername }}
osdfCMSchedulerPassword: {{ .Values.config.osdfCMSchedulerPassword }}
is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
-aaf_cache_expiry_hrs: {{ .Values.config.aaf_cache_expiry_hrs }}
+aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
aaf_url: {{ .Values.config.aaf_url }}
aaf_user_roles:
{{- range .Values.config.aaf_user_roles }}