aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/so
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-11-03 15:52:44 +0000
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-11-05 11:17:01 +0100
commitd24825b061cc84cde2397c71c128be72500d20c7 (patch)
treec052074bac336bb6dcfc21cd184f289640c0ade1 /kubernetes/so
parent3a2483fa7d23ad0a057808a0d42d4c7956ce8aa3 (diff)
Revert "[SO] helm chart for cnf-adapter"
This reverts commit a2145f7fa5a4bfadf6782333a879e75730da4f8e. Reason for revert: it seems to have weird consequences when bumping so version Issue-ID: SO-3164 Change-Id: Ibf869be9e9dcba915a738605af6d4f823742fbea Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Diffstat (limited to 'kubernetes/so')
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml2
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/values.yaml26
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/Chart.yaml18
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/requirements.yaml26
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml50
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/configmap.yaml29
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/deployment.yaml117
-rw-r--r--kubernetes/so/components/so-cnf-adapter/templates/secret.yaml17
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/service.yaml17
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/values.yaml182
-rwxr-xr-xkubernetes/so/requirements.yaml34
-rwxr-xr-xkubernetes/so/resources/config/overrides/override.yaml2
-rwxr-xr-xkubernetes/so/values.yaml118
13 files changed, 56 insertions, 582 deletions
diff --git a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml
index 69178fd6c7..661ed64b0e 100644
--- a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml
@@ -22,7 +22,7 @@ server:
mso:
logPath: ./logs/soappcorch
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
- msoKey: {{ .Values.mso.msoKey }}
+ msoKey: {{ .Values.global.app.msoKey }}
config:
{{ if .Values.global.security.aaf.enabled }}
cadi: {{ include "so.cadi.keys" . | nindent 8}}
diff --git a/kubernetes/so/components/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-appc-orchestrator/values.yaml
index e63838d3b1..7570116fd5 100644
--- a/kubernetes/so/components/so-appc-orchestrator/values.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/values.yaml
@@ -30,7 +30,8 @@ global:
security:
aaf:
enabled: false
-
+ app:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
#################################################################
# Secrets metaconfig
#################################################################
@@ -73,7 +74,6 @@ db:
adminName: so_admin
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
-
server:
actuator:
username: mso_admin
@@ -87,8 +87,8 @@ service:
name: so-appc-orchestrator
type: ClusterIP
ports:
- - port: *containerPort
- name: http
+ - port: *containerPort
+ name: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
@@ -96,6 +96,7 @@ updateStrategy:
# Resource Limit flavor -By Default using small
flavor: small
+
#################################################################
# soHelper part
#################################################################
@@ -127,14 +128,14 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8083
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8083
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
@@ -148,7 +149,6 @@ auth:
mso:
auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
basicUser: poBpmn
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
appc:
client:
diff --git a/kubernetes/so/components/so-cnf-adapter/Chart.yaml b/kubernetes/so/components/so-cnf-adapter/Chart.yaml
deleted file mode 100755
index f2ccd6a707..0000000000
--- a/kubernetes/so/components/so-cnf-adapter/Chart.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-appVersion: "1.7.1"
-description: A Helm chart for Kubernetes
-name: so-cnf-adapter
-version: 6.0.0
diff --git a/kubernetes/so/components/so-cnf-adapter/requirements.yaml b/kubernetes/so/components/so-cnf-adapter/requirements.yaml
deleted file mode 100755
index b0bda362dd..0000000000
--- a/kubernetes/so/components/so-cnf-adapter/requirements.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: readinessCheck
- version: ~6.x-0
- repository: '@local'
- - name: soHelpers
- version: ~6.x-0
- repository: 'file://../soHelpers'
diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
deleted file mode 100755
index 37024d4d4d..0000000000
--- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-{{/*
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
-logging:
- path: logs
-spring:
- security:
- usercredentials:
- - username: ${ACTUATOR_USERNAME}
- password: ${ACTUATOR_PASSWORD}
- role: ACTUATOR
-server:
- port: {{ index .Values.containerPort }}
- tomcat:
- max-threads: 50
-
-mso:
- site-name: localSite
- logPath: ./logs/cnf
- msb-ip: msb-iag.{{ include "common.namespace" . }}
- msb-port: 80
-#Actuator
-management:
- endpoints:
- web:
- base-path: /manage
- exposure:
- include: "*"
- metrics:
- se-global-registry: false
- export:
- prometheus:
- enabled: true # Whether exporting of metrics to Prometheus is enabled.
- step: 1m # Step size (i.e. reporting frequency) to use.
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml
deleted file mode 100755
index fcdd381e72..0000000000
--- a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-{{/*
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
----
-apiVersion: v1
-kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
deleted file mode 100755
index dfff4341f5..0000000000
--- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
+++ /dev/null
@@ -1,117 +0,0 @@
-{{/*
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels: {{- include "common.labels" . | nindent 8 }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- - name: {{ include "common.name" . }}-encrypter
- command:
- - sh
- args:
- - -c
- - |
- java Crypto "${AAI_USERNAME}:${AAI_PASSWORD}" "${MSO_KEY}" > /output/.aai_creds
- env:
- - name: AAI_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "login") | indent 14 }}
- - name: AAI_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "password") | indent 14 }}
- - name: MSO_KEY
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnf-adapter-mso-key" "key" "password") | indent 14 }}
- image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.soCryptoImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: encoder
- mountPath: /output
- {{ include "common.readinessCheck.waitFor" . | indent 8 | trim }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- command:
- - sh
- args:
- - -c
- - |
- export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64)
- export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
- export AAI_AUTH=$(cat /input/.aai_creds)
- {{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
- {{- end }}
- {{- end }}
- ./start-app.sh
- resources: {{ include "common.resources" . | nindent 12 }}
- ports: {{- include "common.containerPorts" . | nindent 12 }}
- env:
- - name: AAF_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }}
- - name: AAF_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }}
- - name: ACTUATOR_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
- - name: ACTUATOR_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
- {{ include "so.certificates.env" . | indent 12 | trim }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-env
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
- - name: logs
- mountPath: /app/logs
- - name: config
- mountPath: /app/config
- readOnly: true
- - name: encoder
- mountPath: /input
- livenessProbe:
- httpGet:
- path: {{ index .Values.livenessProbe.path}}
- port: {{ index .Values.containerPort }}
- scheme: {{ index .Values.livenessProbe.scheme}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- - name: logs
- emptyDir: {}
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}
- - name: encoder
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml
deleted file mode 100644
index cc40499c76..0000000000
--- a/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{/*
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/service.yaml b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml
deleted file mode 100755
index 665601d832..0000000000
--- a/kubernetes/so/components/so-cnf-adapter/templates/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{/*
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml
deleted file mode 100755
index 66703f2597..0000000000
--- a/kubernetes/so/components/so-cnf-adapter/values.yaml
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright © 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
- readinessImage: oomk8s/readiness-check:2.2.2
- soCryptoImage: sdesbure/so_crypto:latest
- dockerHubRepository: docker.io
- persistence:
- mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: ${AAF_AUTH}
-
-readinessCheck:
- wait_for:
- - so-mariadb-config
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: server-actuator-creds
- name: '{{ include "common.release" . }}-so-cnf-actuator-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
- login: '{{ .Values.server.actuator.username }}'
- password: '{{ .Values.server.actuator.password }}'
- passwordPolicy: required
- - uid: so-aaf-creds
- name: '{{ include "common.release" . }}-so-cnf-aaf-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
- login: '{{ .Values.server.aaf.username }}'
- password: '{{ .Values.server.aaf.password }}'
- passwordPolicy: required
- - uid: so-aai-creds
- name: '{{ include "common.release" . }}-so-cnf-aai-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
- login: '{{ .Values.server.aai.username }}'
- password: '{{ .Values.server.aai.password }}'
- passwordPolicy: required
- - uid: cnf-adapter-mso-key
- name: '{{ include "common.release" . }}-so-cnf-mso-key'
- type: password
- externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
- password: '{{ .Values.mso.msoKey }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-repository: nexus3.onap.org:10001
-image: onap/so/mso-cnf-adapter:1.7.1
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-
-server:
- aaf:
- username: so@so.onap.org
- password: demo123456
- # aafCredsExternalSecret: some secret
- aai:
- username: aai@aai.onap.org
- password: demo123456!
- auth: ${AAI_AUTH}
- # aaiCredsExternalSecret: some secret
- actuator:
- username: mso_admin
- password: password1$
- # actuatorCredsExternalSecret: some secret
-
-mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- # msoKeySecret: some secret
- adapters:
- requestDb:
- auth: ${REQUEST_AUTH}
-
-replicaCount: 1
-minReadySeconds: 10
-containerPort: &containerPort 8090
-logPath: ./logs/cnf/
-app: cnf-adapter
-service:
- type: ClusterIP
- ports:
- - name: http-api
- port: *containerPort
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-
-soHelpers:
- nameOverride: so-cnf-cert-init
- certInitializer:
- nameOverride: so-cnf-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.openStackAdapterPerm
- containerPort: *containerPort
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-
-livenessProbe:
- path: /manage/health
- port: 8090
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-
-ingress:
- enabled: false
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml
index 1728705414..bbd84cfcfd 100755
--- a/kubernetes/so/requirements.yaml
+++ b/kubernetes/so/requirements.yaml
@@ -23,40 +23,36 @@ dependencies:
repository: '@local'
- name: mariadb-galera
version: ~6.x-0
- repository: "@local"
+ repository: '@local'
condition: global.mariadbGalera.localCluster
- name: soHelpers
version: ~6.x-0
- repository: "file://components/soHelpers"
+ repository: 'file://components/soHelpers'
- name: so-appc-orchestrator
version: ~6.x-0
- repository: "file://components/so-appc-orchestrator"
+ repository: 'file://components/so-appc-orchestrator'
condition: so-appc-orchestrator.enabled
- name: so-bpmn-infra
version: ~6.x-0
- repository: "file://components/so-bpmn-infra"
+ repository: 'file://components/so-bpmn-infra'
- name: so-catalog-db-adapter
version: ~6.x-0
- repository: "file://components/so-catalog-db-adapter"
+ repository: 'file://components/so-catalog-db-adapter'
condition: so-catalog-db-adapter.enabled
- - name: so-cnf-adapter
- version: ~6.x-0
- repository: "file://components/so-cnf-adapter"
- condition: so-cnf-adapter.enabled
- name: so-etsi-nfvo-ns-lcm
version: ~6.x-0
repository: 'file://components/so-etsi-nfvo-ns-lcm'
condition: so-etsi-nfvo-ns-lcm.enabled
- name: so-mariadb
version: ~6.x-0
- repository: "file://components/so-mariadb"
+ repository: 'file://components/so-mariadb'
- name: so-monitoring
version: ~6.x-0
- repository: "file://components/so-monitoring"
+ repository: 'file://components/so-monitoring'
condition: so-monitoring.enabled
- name: so-nssmf-adapter
version: ~6.x-0
- repository: "file://components/so-nssmf-adapter"
+ repository: 'file://components/so-nssmf-adapter'
condition: so-nssmf-adapter.enabled
- name: so-oof-adapter
version: ~6.x-0
@@ -64,27 +60,27 @@ dependencies:
condition: so-oof-adapter.enabled
- name: so-openstack-adapter
version: ~6.x-0
- repository: "file://components/so-openstack-adapter"
+ repository: 'file://components/so-openstack-adapter'
condition: so-openstack-adapter.enabled
- name: so-request-db-adapter
version: ~6.x-0
- repository: "file://components/so-request-db-adapter"
+ repository: 'file://components/so-request-db-adapter'
- name: so-sdc-controller
version: ~6.x-0
- repository: "file://components/so-sdc-controller"
+ repository: 'file://components/so-sdc-controller'
- name: so-sdnc-adapter
version: ~6.x-0
- repository: "file://components/so-sdnc-adapter"
+ repository: 'file://components/so-sdnc-adapter'
condition: so-sdnc-adapter.enabled
- name: so-ve-vnfm-adapter
version: ~6.x-0
- repository: "file://components/so-ve-vnfm-adapter"
+ repository: 'file://components/so-ve-vnfm-adapter'
condition: so-ve-vnfm-adapter.enabled
- name: so-vfc-adapter
version: ~6.x-0
- repository: "file://components/so-vfc-adapter"
+ repository: 'file://components/so-vfc-adapter'
condition: so-vfc-adapter.enabled
- name: so-vnfm-adapter
version: ~6.x-0
- repository: "file://components/so-vnfm-adapter"
+ repository: 'file://components/so-vnfm-adapter'
condition: so-vnfm-adapter.enabled
diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml
index 8ed9fd6401..efcf029fbc 100755
--- a/kubernetes/so/resources/config/overrides/override.yaml
+++ b/kubernetes/so/resources/config/overrides/override.yaml
@@ -124,4 +124,4 @@ org:
cloud-owner: CloudOwner
adapters:
network:
- encryptionKey: {{ .Values.mso.msoKey }}
+ encryptionKey: {{ .Values.global.app.msoKey }}
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 4f64dac032..d47d1fb429 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -60,6 +60,7 @@ global:
siteName: onapheat
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
client:
certs:
truststore: /app/client/org.onap.so.trust.jks
@@ -114,44 +115,16 @@ secrets:
type: generic
filePaths:
- resources/config/certificates/msb-ca.crt
- - uid: 'mso-key'
+ - uid: "mso-key"
name: &mso-key '{{ include "common.release" . }}-mso-key'
type: password
- password: '{{ .Values.mso.msoKey }}'
+ password: '{{ .Values.global.app.msoKey }}'
- uid: mso-oof-auth
name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
type: basicAuth
login: '{{ .Values.mso.oof.login }}'
password: '{{ .Values.mso.oof.password }}'
passwordPolicy: required
- - uid: server-actuator-creds
- name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
- login: '{{ .Values.server.actuator.username }}'
- password: '{{ .Values.server.actuator.password }}'
- passwordPolicy: required
- - uid: server-bpel-creds
- name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
- login: '{{ .Values.server.bpel.username }}'
- password: '{{ .Values.server.bpel.password }}'
- passwordPolicy: required
- - uid: so-aaf-creds
- name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
- login: '{{ .Values.server.aaf.username }}'
- password: '{{ .Values.server.aaf.password }}'
- passwordPolicy: required
- - uid: so-aai-creds
- name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
- login: '{{ .Values.server.aai.username }}'
- password: '{{ .Values.server.aai.password }}'
- passwordPolicy: required
aafConfig:
permission_user: 1000
@@ -173,44 +146,20 @@ dbCreds:
userName: so_user
adminName: so_admin
-server:
- aaf:
- username: so@so.onap.org
- password: demo123456
- # aafCredsExternalSecret: some secret
- aai:
- username: aai@aai.onap.org
- password: demo123456!
- # aaiCredsExternalSecret: some secret
- actuator:
- username: mso_admin
- password: password1$
- # actuatorCredsExternalSecret: some secret
- bpel:
- username: bpel
- password: password1$
- # bpelCredsExternalSecret: some secret
-
repository: nexus3.onap.org:10001
image: onap/so/api-handler-infra:1.6.4
pullPolicy: Always
-
replicaCount: 1
minReadySeconds: 10
-
containerPort: &containerPort 8080
-
logPath: ./logs/apih/
-
app: api-handler-infra
-
service:
type: NodePort
nodePort: 77
internalPort: *containerPort
externalPort: *containerPort
portName: so-apih-port
-
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
@@ -287,7 +236,6 @@ mso:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
sdc:
client:
auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
@@ -305,8 +253,6 @@ mso:
so-appc-orchestrator:
enabled: false
- server:
- actuatorCredsExternalSecret: *actuator-secrets
db:
<<: *dbSecrets
@@ -319,51 +265,16 @@ so-catalog-db-adapter:
db:
<<: *dbSecrets
-so-cnf-adapter:
- enabled: true
- server:
- aafCredsExternalSecret: *aaf-secrets
- aaiCredsExternalSecret: *aai-secrets
- actuatorCredsExternalSecret: *actuator-secrets
- mso:
- msoKeySecret: *mso-key
-
so-etsi-nfvo-ns-lcm:
enabled: true
db:
<<: *dbSecrets
-so-mariadb:
- db:
- rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
- rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
- backupCredsExternalSecret: *dbBackupCredsSecretName
- userCredsExternalSecret: *dbUserCredsSecretName
- adminCredsExternalSecret: *dbAdminCredsSecretName
-
so-monitoring:
enabled: true
db:
<<: *dbSecrets
-so-nssmf-adapter:
- enabled: true
- server:
- actuatorCredsExternalSecret: *actuator-secrets
- bpelCredsExternalSecret: *bpel-secrets
- db:
- <<: *dbSecrets
-
-so-oof-adapter:
- enabled: true
- db:
- <<: *dbSecrets
- mso:
- msoKeySecret: *mso-key
- camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
- oof:
- authSecret: *mso-oof-auth
-
so-openstack-adapter:
enabled: true
db:
@@ -390,5 +301,28 @@ so-vfc-adapter:
db:
<<: *dbSecrets
+so-nssmf-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
+
+so-oof-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
+ mso:
+ msoKeySecret: *mso-key
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ oof:
+ authSecret: *mso-oof-auth
+
so-vnfm-adapter:
enabled: true
+
+so-mariadb:
+ db:
+ rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+ rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+ backupCredsExternalSecret: *dbBackupCredsSecretName
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName