summaryrefslogtreecommitdiffstats
path: root/kubernetes/so/values.yaml
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-03-18 18:13:51 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-03-31 08:34:31 +0200
commitaadf545643827a440b082f4dcf6afdfd1c2012e2 (patch)
treeba293ac6337478c5ab5371286d8213fb8dec3d31 /kubernetes/so/values.yaml
parent5af320fc0c9e5f250e595cfa8daa93835016fca1 (diff)
[SO] Onboard ONAP CA during init phase
Workaround for retrieving ONAP root CA and keeping SO container being run by no root user. Issue-ID: SO-2730 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a
Diffstat (limited to 'kubernetes/so/values.yaml')
-rwxr-xr-xkubernetes/so/values.yaml37
1 files changed, 32 insertions, 5 deletions
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index b2a8b681b3..90c27da2ad 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -22,6 +22,7 @@ global:
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ soBaseImage: onap/so/base-image:1.0
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
@@ -71,6 +72,9 @@ global:
certs:
trustStorePassword: b25hcDRzbw==
keyStorePassword: c280b25hcA==
+ certificates:
+ path: /etc/ssl/certs
+ share_path: /usr/local/share/ca-certificates/
#################################################################
# Secrets metaconfig
@@ -106,6 +110,13 @@ secrets:
login: '{{ .Values.dbCreds.adminName }}'
password: '{{ .Values.dbCreds.adminPassword }}'
passwordPolicy: generate
+ - uid: "so-onap-certs"
+ name: &so-certs '{{ include "common.release" . }}-so-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certificates/onap-ca.crt
+ - resources/config/certificates/msb-ca.crt
#################################################################
# Application configuration defaults.
@@ -122,6 +133,7 @@ dbCreds:
repository: nexus3.onap.org:10001
image: onap/so/api-handler-infra:1.5.3
+
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
@@ -141,6 +153,8 @@ updateStrategy:
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
+persistence:
+ certificatesPath: /certificates
resources:
small:
limits:
@@ -174,7 +188,6 @@ config:
logstashServiceName: log-ls
logstashPort: 5044
-
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
# --set so.global.mariadbGalera.localCluster=true \
@@ -224,6 +237,7 @@ mso:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
so-bpmn-infra:
+ certSecret: *so-certs
db:
<<: *dbSecrets
cds:
@@ -259,6 +273,7 @@ so-bpmn-infra:
auth: Basic dm5mbTpwYXNzd29yZDEk
so-catalog-db-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
mso:
@@ -272,7 +287,13 @@ so-catalog-db-adapter:
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
+so-monitoring:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+
so-openstack-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
aaf:
@@ -301,6 +322,7 @@ so-openstack-adapter:
auth: Basic YnBlbDpwYXNzd29yZDEk
so-request-db-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
mso:
@@ -315,6 +337,7 @@ so-request-db-adapter:
auth: Basic YnBlbDpwYXNzd29yZDEk
so-sdc-controller:
+ certSecret: *so-certs
db:
<<: *dbSecrets
aai:
@@ -335,7 +358,9 @@ so-sdc-controller:
asdc-connections:
asdc-controller1:
password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+
so-sdnc-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
org:
@@ -360,7 +385,11 @@ so-sdnc-adapter:
rest:
aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+so-ve-vnfm-adapter:
+ certSecret: *so-certs
+
so-vfc-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
mso:
@@ -373,7 +402,9 @@ so-vfc-adapter:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-vnfm-adapter:
+ certSecret: *so-certs
aaf:
auth:
username: so@so.onap.org
@@ -393,10 +424,6 @@ so-vnfm-adapter:
apiEnforcement: org.onap.so.vnfmAdapterPerm
noAuthn: /manage/health
-so-monitoring:
- db:
- <<: *dbSecrets
-
so-mariadb:
db:
rootPasswordExternalSecretLocalDb: *dbRootPassSecretName