summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/Makefile7
-rw-r--r--kubernetes/a1policymanagement/values.yaml2
-rw-r--r--kubernetes/common/cassandra/templates/statefulset.yaml9
-rw-r--r--kubernetes/common/cassandra/values.yaml16
-rwxr-xr-xkubernetes/contrib/tools/check-for-staging-images.sh46
-rw-r--r--kubernetes/onap/resources/environments/public-cloud.yaml2
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml2
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml2
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/values.yaml26
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/templates/deployment.yaml12
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/values.yaml3
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml12
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/values.yaml3
-rwxr-xr-x[-rw-r--r--]kubernetes/so/components/so-cnf-adapter/Chart.yaml (renamed from kubernetes/so/components/so-db-secrets/values.yaml)15
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/requirements.yaml (renamed from kubernetes/so/components/so-secrets/requirements.yaml)3
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml50
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/configmap.yaml29
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/deployment.yaml130
-rw-r--r--kubernetes/so/components/so-cnf-adapter/templates/secret.yaml (renamed from kubernetes/so/components/so-secrets/Chart.yaml)10
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/service.yaml (renamed from kubernetes/so/components/so-db-secrets/Chart.yaml)10
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/values.yaml178
-rwxr-xr-xkubernetes/so/components/so-db-secrets/requirements.yaml20
-rwxr-xr-xkubernetes/so/components/so-db-secrets/templates/secrets.yaml33
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml2
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml19
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml5
-rw-r--r--kubernetes/so/components/so-mariadb/templates/job.yaml10
-rw-r--r--kubernetes/so/components/so-monitoring/templates/deployment.yaml10
-rw-r--r--kubernetes/so/components/so-monitoring/values.yaml3
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml18
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/values.yaml3
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/templates/deployment.yaml10
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/values.yaml4
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/templates/deployment.yaml12
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/values.yaml3
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/templates/deployment.yaml12
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/values.yaml3
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/templates/deployment.yaml12
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/values.yaml3
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml12
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/values.yaml3
-rw-r--r--kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jksbin4641 -> 0 bytes
-rw-r--r--kubernetes/so/components/so-secrets/templates/secrets.yaml42
-rw-r--r--kubernetes/so/components/so-secrets/values.yaml20
-rwxr-xr-xkubernetes/so/components/so-vfc-adapter/templates/deployment.yaml12
-rwxr-xr-xkubernetes/so/components/so-vfc-adapter/values.yaml3
-rwxr-xr-xkubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml10
-rwxr-xr-xkubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml11
-rw-r--r--kubernetes/so/components/soHelpers/templates/_certificates.tpl2
-rwxr-xr-xkubernetes/so/requirements.yaml41
-rwxr-xr-xkubernetes/so/resources/config/overrides/override.yaml2
-rwxr-xr-xkubernetes/so/templates/deployment.yaml12
-rwxr-xr-xkubernetes/so/values.yaml120
-rw-r--r--kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml9
-rw-r--r--kubernetes/vfc/charts/vfc-nslcm/values.yaml2
-rw-r--r--kubernetes/vnfsdk/values.yaml2
56 files changed, 690 insertions, 362 deletions
diff --git a/kubernetes/Makefile b/kubernetes/Makefile
index db361fb5be..ca46ad8fe0 100644
--- a/kubernetes/Makefile
+++ b/kubernetes/Makefile
@@ -32,7 +32,7 @@ SUBMODS := robot aai
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART)
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+.PHONY: $(EXCLUDES) $(HELM_CHARTS) check-for-staging-images
all: $(COMMON_CHARTS_DIR) $(SUBMODS) $(HELM_CHARTS) plugins
@@ -96,5 +96,10 @@ repo:
repo-stop:
@pkill $(HELM_BIN)
@$(HELM_BIN) repo remove local
+
+check-for-staging-images:
+ $(ROOT_DIR)/contrib/tools/check-for-staging-images.sh
+
%:
@:
+
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index ac26f9b575..21a86a0fe1 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -30,7 +30,7 @@ secrets:
passwordPolicy: required
repository: nexus3.onap.org:10001
-image: onap/ccsdk-oran-a1policymanagementservice:1.1.0
+image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
pullPolicy: IfNotPresent
replicaCount: 1
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index 2bcafd9ade..8c49b697e6 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -112,15 +112,12 @@ spec:
{{- else }}
command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"]
{{- end }}
- resources:
-{{ toYaml .Values.resources | indent 10 }}
+ resources: {{ toYaml .Values.resources | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml
index 959e243638..d0ada59061 100644
--- a/kubernetes/common/cassandra/values.yaml
+++ b/kubernetes/common/cassandra/values.yaml
@@ -131,7 +131,7 @@ persistence:
configOverrides: {}
-resources: {}
+# resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -142,13 +142,13 @@ resources: {}
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+resources:
+ limits:
+ cpu: 0.8
+ memory: 4Gi
+ requests:
+ cpu: 0.2
+ memory: 2.5Gi
backup:
enabled: false
cron: "00 00 * * *"
diff --git a/kubernetes/contrib/tools/check-for-staging-images.sh b/kubernetes/contrib/tools/check-for-staging-images.sh
new file mode 100755
index 0000000000..ce51b30b58
--- /dev/null
+++ b/kubernetes/contrib/tools/check-for-staging-images.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+BASE_URL="https://nexus3.onap.org/repository/docker.release"
+
+if [ "$GERRIT_BRANCH" == "staging" ]; then
+ exit 0
+fi
+
+USED_IMAGES=$(grep -r -E -o -h ':\s*onap/.*:.*' | sed -e 's/^: //' -e 's/^ //' | sort | uniq)
+REPO_IMAGES=$(curl -s $BASE_URL/v2/_catalog | jq -r '.repositories[]')
+NOT_AVAILABLE_IMAGES=$(echo "$USED_IMAGES" | grep -vE "$(echo "$REPO_IMAGES" | tr "\n" "|" | sed 's/|$//')")
+USED_IMAGES=$(echo "$USED_IMAGES" | grep -E "$(echo "$REPO_IMAGES" | tr "\n" "|" | sed 's/|$//')")
+for i in $USED_IMAGES; do
+ TMP_IMG=$(echo "$i" | cut -d ":" -f1)
+ TMP_TAG=$(echo "$i" | cut -d ":" -f2)
+ if [ "$LAST_IMG" != "$TMP_IMG" ]; then
+ AVAILABLE_TAGS=$(curl -s $BASE_URL/v2/$TMP_IMG/tags/list | jq -r '.tags[]')
+ fi
+ if ! echo "$AVAILABLE_TAGS" | grep "$TMP_TAG" > /dev/null; then
+ NOT_AVAILABLE_IMAGES="$NOT_AVAILABLE_IMAGES\n$i"
+ fi
+ LAST_IMG="$TMP_IMG"
+ printf "."
+done
+printf "\n"
+if [ -n "$NOT_AVAILABLE_IMAGES" ]; then
+ echo "[ERROR] Only release images are allowed in helm charts."
+ echo "[ERROR] Images not found in release repo:"
+ echo -e "$NOT_AVAILABLE_IMAGES"
+ exit 1
+fi
+exit 0 \ No newline at end of file
diff --git a/kubernetes/onap/resources/environments/public-cloud.yaml b/kubernetes/onap/resources/environments/public-cloud.yaml
index 12950fbfb5..4a910987a9 100644
--- a/kubernetes/onap/resources/environments/public-cloud.yaml
+++ b/kubernetes/onap/resources/environments/public-cloud.yaml
@@ -1,4 +1,3 @@
-{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Copyright (c) 2020 Nordix Foundation, Modifications
#
@@ -13,7 +12,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
#################################################################
# Global configuration overrides.
diff --git a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml
index 661ed64b0e..69178fd6c7 100644
--- a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml
@@ -22,7 +22,7 @@ server:
mso:
logPath: ./logs/soappcorch
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
- msoKey: {{ .Values.global.app.msoKey }}
+ msoKey: {{ .Values.mso.msoKey }}
config:
{{ if .Values.global.security.aaf.enabled }}
cadi: {{ include "so.cadi.keys" . | nindent 8}}
diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
index 50d42ca44d..24592ba50a 100644
--- a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
@@ -58,7 +58,7 @@ spec:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- end }}
/app/start-app.sh
diff --git a/kubernetes/so/components/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-appc-orchestrator/values.yaml
index 7570116fd5..e63838d3b1 100644
--- a/kubernetes/so/components/so-appc-orchestrator/values.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/values.yaml
@@ -30,8 +30,7 @@ global:
security:
aaf:
enabled: false
- app:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+
#################################################################
# Secrets metaconfig
#################################################################
@@ -74,6 +73,7 @@ db:
adminName: so_admin
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
+
server:
actuator:
username: mso_admin
@@ -87,8 +87,8 @@ service:
name: so-appc-orchestrator
type: ClusterIP
ports:
- - port: *containerPort
- name: http
+ - port: *containerPort
+ name: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
@@ -96,7 +96,6 @@ updateStrategy:
# Resource Limit flavor -By Default using small
flavor: small
-
#################################################################
# soHelper part
#################################################################
@@ -128,14 +127,14 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8083
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8083
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
@@ -149,6 +148,7 @@ auth:
mso:
auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
basicUser: poBpmn
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
appc:
client:
diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
index e7cb3aa782..60745b108b 100755
--- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
@@ -67,21 +67,15 @@ spec:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index 034e269d6a..dd8b04b09d 100755
--- a/kubernetes/so/components/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml
@@ -32,6 +32,9 @@ global:
aaf:
auth:
encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
index d58fd86194..25a6842bb9 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
@@ -67,21 +67,15 @@ spec:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
index 2fadf41e01..3e98595cbe 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
@@ -31,6 +31,9 @@ global:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/so/components/so-db-secrets/values.yaml b/kubernetes/so/components/so-cnf-adapter/Chart.yaml
index 7e51e3ce5d..f2ccd6a707 100644..100755
--- a/kubernetes/so/components/so-db-secrets/values.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/Chart.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,11 +11,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-global:
- mariadbGalera:
- serviceName: mariadb-galera
- servicePort: "3306"
-db_admin_username: so_admin
-db_admin_password: so_Admin123
-db_username: so_user
-db_password: so_User123
+apiVersion: v1
+appVersion: "1.7.1"
+description: A Helm chart for Kubernetes
+name: so-cnf-adapter
+version: 6.0.0
diff --git a/kubernetes/so/components/so-secrets/requirements.yaml b/kubernetes/so/components/so-cnf-adapter/requirements.yaml
index 2eb32d00ed..1feea23842 100755
--- a/kubernetes/so/components/so-secrets/requirements.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/requirements.yaml
@@ -18,3 +18,6 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
new file mode 100755
index 0000000000..37024d4d4d
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
@@ -0,0 +1,50 @@
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+logging:
+ path: logs
+spring:
+ security:
+ usercredentials:
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/cnf
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml
new file mode 100755
index 0000000000..fcdd381e72
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml
@@ -0,0 +1,29 @@
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
new file mode 100755
index 0000000000..8c894ad49a
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
@@ -0,0 +1,130 @@
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-encrypter
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ java Crypto "${AAI_USERNAME}:${AAI_PASSWORD}" "${MSO_KEY}" > /output/.aai_creds
+ env:
+ - name: AAI_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "login") | indent 14 }}
+ - name: AAI_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "password") | indent 14 }}
+ - name: MSO_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnf-adapter-mso-key" "key" "password") | indent 14 }}
+ image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.soCryptoImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: encoder
+ mountPath: /output
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-so-mariadb-config-job
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64)
+ export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
+ export AAI_AUTH=$(cat /input/.aai_creds)
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ {{- end }}
+ ./start-app.sh
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ env:
+ - name: AAF_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }}
+ - name: AAF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }}
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
+ - name: ACTUATOR_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
+ {{ include "so.certificates.env" . | indent 12 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-env
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: encoder
+ mountPath: /input
+ livenessProbe:
+ httpGet:
+ path: {{ index .Values.livenessProbe.path}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{ index .Values.livenessProbe.scheme}}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: encoder
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-secrets/Chart.yaml b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml
index d96245d752..cc40499c76 100644
--- a/kubernetes/so/components/so-secrets/Chart.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2018 AT&T USA
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,7 +12,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-description: A Helm chart for so secrets
-name: so-secrets
-version: 6.0.0
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-db-secrets/Chart.yaml b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml
index 1739d1fe36..665601d832 100755
--- a/kubernetes/so/components/so-db-secrets/Chart.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2018 AT&T USA
+{{/*
+# Copyright © 2020 Huawei Technologies Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -11,7 +12,6 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-description: A Helm chart for DB secrets
-name: so-db-secrets
-version: 6.0.0 \ No newline at end of file
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml
new file mode 100755
index 0000000000..195d62d4b7
--- /dev/null
+++ b/kubernetes/so/components/so-cnf-adapter/values.yaml
@@ -0,0 +1,178 @@
+# Copyright © 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessImage: oomk8s/readiness-check:2.2.2
+ soCryptoImage: sdesbure/so_crypto:latest
+ dockerHubRepository: docker.io
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: ${AAF_AUTH}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-cnf-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+ - uid: so-aaf-creds
+ name: '{{ include "common.release" . }}-so-cnf-aaf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aaf.username }}'
+ password: '{{ .Values.server.aaf.password }}'
+ passwordPolicy: required
+ - uid: so-aai-creds
+ name: '{{ include "common.release" . }}-so-cnf-aai-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aai.username }}'
+ password: '{{ .Values.server.aai.password }}'
+ passwordPolicy: required
+ - uid: cnf-adapter-mso-key
+ name: '{{ include "common.release" . }}-so-cnf-mso-key'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+ password: '{{ .Values.mso.msoKey }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/mso-cnf-adapter:1.7.1
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
+server:
+ aaf:
+ username: so@so.onap.org
+ password: demo123456
+ # aafCredsExternalSecret: some secret
+ aai:
+ username: aai@aai.onap.org
+ password: demo123456!
+ auth: ${AAI_AUTH}
+ # aaiCredsExternalSecret: some secret
+ actuator:
+ username: mso_admin
+ password: password1$
+ # actuatorCredsExternalSecret: some secret
+
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ # msoKeySecret: some secret
+ adapters:
+ requestDb:
+ auth: ${REQUEST_AUTH}
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 8090
+logPath: ./logs/cnf/
+app: cnf-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: http-api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+soHelpers:
+ nameOverride: so-cnf-cert-init
+ certInitializer:
+ nameOverride: so-cnf-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+
+livenessProbe:
+ path: /manage/health
+ port: 8090
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ingress:
+ enabled: false
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/kubernetes/so/components/so-db-secrets/requirements.yaml b/kubernetes/so/components/so-db-secrets/requirements.yaml
deleted file mode 100755
index 2eb32d00ed..0000000000
--- a/kubernetes/so/components/so-db-secrets/requirements.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-dependencies:
- - name: common
- version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
diff --git a/kubernetes/so/components/so-db-secrets/templates/secrets.yaml b/kubernetes/so/components/so-db-secrets/templates/secrets.yaml
deleted file mode 100755
index 0ada38595e..0000000000
--- a/kubernetes/so/components/so-db-secrets/templates/secrets.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-{{/*
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.release" . }}-so-db-secrets
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- mariadb.readwrite.host : {{ .Values.global.mariadbGalera.serviceName | b64enc | quote }}
- mariadb.readwrite.port : {{ .Values.global.mariadbGalera.servicePort | b64enc | quote }}
- mariadb.readwrite.rolename: {{ .Values.db_username | b64enc | quote }}
- mariadb.readwrite.password: {{ .Values.db_password | b64enc | quote }}
- mariadb.admin.rolename: {{ .Values.db_admin_username| b64enc | quote }}
- mariadb.admin.password: {{ .Values.db_admin_password | b64enc | quote }}
-type: Opaque
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
index c9aa5823bf..7b85b445a2 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
@@ -58,7 +58,7 @@ etsi-catalog-manager:
http:
client:
ssl:
- trust-store: ${TRUSTSTORE}
+ trust-store: file:${TRUSTSTORE}
trust-store-password: ${TRUSTSTORE_PASSWORD}
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
index 9408c1f556..fa5f42d5ab 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
@@ -41,9 +41,8 @@ spec:
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
- export TRUSTSTORE="file:/${TRUSTSTORE}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- end }}
./start-app.sh
@@ -55,15 +54,9 @@ spec:
- name: ETSI_NFVO_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }}
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
- name: DB_PASSWORD
@@ -83,9 +76,6 @@ spec:
- name: config
mountPath: /app/config
readOnly: true
- - name: {{ include "common.fullname" . }}-truststore
- mountPath: /app/client
- readOnly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
@@ -100,8 +90,5 @@ spec:
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
- - name: {{ include "common.fullname" . }}-truststore
- secret:
- secretName: {{ include "common.release" . }}-so-truststore-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
index 6af61820db..82ba0844e8 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
@@ -29,6 +29,9 @@ global:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
@@ -57,7 +60,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-etsi-nfvo-ns-lcm:1.7.4
+image: onap/so/so-etsi-nfvo-ns-lcm:1.7.7
pullPolicy: Always
aai:
diff --git a/kubernetes/so/components/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml
index 36481d461f..cb7fcb352a 100644
--- a/kubernetes/so/components/so-mariadb/templates/job.yaml
+++ b/kubernetes/so/components/so-mariadb/templates/job.yaml
@@ -127,15 +127,9 @@ spec:
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
- name: DB_USER
diff --git a/kubernetes/so/components/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
index 7875893dc8..03eccc2d02 100644
--- a/kubernetes/so/components/so-monitoring/templates/deployment.yaml
+++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
@@ -75,15 +75,9 @@ spec:
/app/start-app.sh
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
diff --git a/kubernetes/so/components/so-monitoring/values.yaml b/kubernetes/so/components/so-monitoring/values.yaml
index 9ba1d7b7d8..31ad9d072c 100644
--- a/kubernetes/so/components/so-monitoring/values.yaml
+++ b/kubernetes/so/components/so-monitoring/values.yaml
@@ -37,6 +37,9 @@ global:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
index f1ec31adf1..c213319714 100755
--- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
@@ -57,7 +57,7 @@ spec:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
{{- end }}
./start-app.sh
@@ -66,15 +66,9 @@ spec:
ports: {{- include "common.containerPorts" . | nindent 12 }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
- name: DB_PASSWORD
@@ -102,9 +96,6 @@ spec:
- name: config
mountPath: /app/config
readOnly: true
- - name: {{ include "common.fullname" . }}-truststore
- mountPath: /app/client
- readOnly: true
livenessProbe:
httpGet:
path: {{ index .Values.livenessProbe.path}}
@@ -121,8 +112,5 @@ spec:
- name: config
configMap:
name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-truststore
- secret:
- secretName: {{ include "common.release" . }}-so-truststore-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml
index 3bfe1b212f..da36e9a3a7 100755
--- a/kubernetes/so/components/so-nssmf-adapter/values.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml
@@ -29,6 +29,9 @@ global:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
index f2eae394e7..72799d1f5f 100755
--- a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
@@ -37,15 +37,9 @@ spec:
{{ include "common.resources" . | indent 10 }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml
index 4431ca5513..6bddf29032 100755
--- a/kubernetes/so/components/so-oof-adapter/values.yaml
+++ b/kubernetes/so/components/so-oof-adapter/values.yaml
@@ -31,6 +31,10 @@ global:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
# Secrets metaconfig
#################################################################
db:
diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
index e7cb3aa782..60745b108b 100755
--- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
@@ -67,21 +67,15 @@ spec:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml
index 16bbac2afd..41ccb955eb 100755
--- a/kubernetes/so/components/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/values.yaml
@@ -29,6 +29,9 @@ global:
aaf:
auth:
encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
index d58fd86194..25a6842bb9 100755
--- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
@@ -67,21 +67,15 @@ spec:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml
index 5a3721abbe..02b382fe72 100755
--- a/kubernetes/so/components/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/values.yaml
@@ -29,6 +29,9 @@ global:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
index e7cb3aa782..60745b108b 100755
--- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
@@ -67,21 +67,15 @@ spec:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index 24de2c6862..9f858aa271 100755
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -29,6 +29,9 @@ global:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
index 5797007243..5186523ba1 100755
--- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
@@ -53,21 +53,15 @@ spec:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml
index 4b36815d3d..1c41e4a5a0 100755
--- a/kubernetes/so/components/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml
@@ -32,6 +32,9 @@ global:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks
deleted file mode 100644
index 31ea6ba650..0000000000
--- a/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/so/components/so-secrets/templates/secrets.yaml b/kubernetes/so/components/so-secrets/templates/secrets.yaml
deleted file mode 100644
index 9388ecbf38..0000000000
--- a/kubernetes/so/components/so-secrets/templates/secrets.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-{{/*
-# Copyright © 2018 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Release.Name }}-so-client-certs-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
- trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
- keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
-type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.release" . }}-so-truststore-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/so/components/so-secrets/values.yaml b/kubernetes/so/components/so-secrets/values.yaml
deleted file mode 100644
index 602ea79084..0000000000
--- a/kubernetes/so/components/so-secrets/values.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Copyright (c) 2020 Orange
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- client:
- certs:
- trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
diff --git a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
index a85ce0cded..35ed9de20c 100755
--- a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
@@ -67,21 +67,15 @@ spec:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
diff --git a/kubernetes/so/components/so-vfc-adapter/values.yaml b/kubernetes/so/components/so-vfc-adapter/values.yaml
index d0e1d20e75..c46f118b6f 100755
--- a/kubernetes/so/components/so-vfc-adapter/values.yaml
+++ b/kubernetes/so/components/so-vfc-adapter/values.yaml
@@ -28,6 +28,9 @@ global:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml
index 7fc4b95b27..9d98803c8e 100755
--- a/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml
@@ -30,14 +30,14 @@ server:
port: {{ index .Values.containerPort }}
ssl:
key-alias: so@so.onap.org
- key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
- key-store: classpath:so-vnfm-adapter.p12
+ key-store-password: ${KEYSTORE_PASSWORD}
+ key-store: file:${KEYSTORE}
key-store-type: PKCS12
http:
client:
ssl:
- trust-store: classpath:org.onap.so.trust.jks
- trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
+ trust-store: file:${TRUSTSTORE}
+ trust-store-password: ${TRUSTSTORE_PASSWORD}
mso:
key: {{ .Values.mso.key }}
site-name: localSite
@@ -60,7 +60,7 @@ etsi-catalog-manager:
http:
client:
ssl:
- trust-store: ${TRUSTSTORE}
+ trust-store: file:${TRUSTSTORE}
trust-store-password: ${TRUSTSTORE_PASSWORD}
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1
diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
index 4f73fb39e7..24dd3d6d21 100755
--- a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
@@ -52,9 +52,8 @@ spec:
- |
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
- {{- end }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
+ export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
/app/start-app.sh
{{- end }}
env:
@@ -69,9 +68,6 @@ spec:
- name: config
mountPath: /app/config
readOnly: true
- - name: {{ include "common.fullname" . }}-truststore
- mountPath: /app/client
- readOnly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
@@ -89,8 +85,5 @@ spec:
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
- - name: {{ include "common.fullname" . }}-truststore
- secret:
- secretName: {{ include "common.release" . }}-so-truststore-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
index ef3b0768f5..98876e3cea 100644
--- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
@@ -56,7 +56,7 @@
value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
{{- if $dot.Values.global.security.aaf.enabled }}
- name: KEYSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.jks
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12
{{- end }}
{{- end }}
{{- end -}}
diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml
index 82cf3e927f..41a781ba6e 100755
--- a/kubernetes/so/requirements.yaml
+++ b/kubernetes/so/requirements.yaml
@@ -17,43 +17,43 @@ dependencies:
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
- repository: '@local'
+ repository: "@local"
- name: mariadb-galera
version: ~6.x-0
- repository: '@local'
+ repository: "@local"
condition: global.mariadbGalera.localCluster
- name: soHelpers
version: ~6.x-0
- repository: 'file://components/soHelpers'
+ repository: "file://components/soHelpers"
- name: so-appc-orchestrator
version: ~6.x-0
- repository: 'file://components/so-appc-orchestrator'
+ repository: "file://components/so-appc-orchestrator"
condition: so-appc-orchestrator.enabled
- name: so-bpmn-infra
version: ~6.x-0
- repository: 'file://components/so-bpmn-infra'
+ repository: "file://components/so-bpmn-infra"
- name: so-catalog-db-adapter
version: ~6.x-0
- repository: 'file://components/so-catalog-db-adapter'
+ repository: "file://components/so-catalog-db-adapter"
condition: so-catalog-db-adapter.enabled
- - name: so-db-secrets
+ - name: so-cnf-adapter
version: ~6.x-0
- repository: 'file://components/so-db-secrets'
- condition: so-etsi-nfvo-ns-lcm.enabled
+ repository: "file://components/so-cnf-adapter"
+ condition: so-cnf-adapter.enabled
- name: so-etsi-nfvo-ns-lcm
version: ~6.x-0
repository: 'file://components/so-etsi-nfvo-ns-lcm'
condition: so-etsi-nfvo-ns-lcm.enabled
- name: so-mariadb
version: ~6.x-0
- repository: 'file://components/so-mariadb'
+ repository: "file://components/so-mariadb"
- name: so-monitoring
version: ~6.x-0
- repository: 'file://components/so-monitoring'
+ repository: "file://components/so-monitoring"
condition: so-monitoring.enabled
- name: so-nssmf-adapter
version: ~6.x-0
- repository: 'file://components/so-nssmf-adapter'
+ repository: "file://components/so-nssmf-adapter"
condition: so-nssmf-adapter.enabled
- name: so-oof-adapter
version: ~6.x-0
@@ -61,30 +61,27 @@ dependencies:
condition: so-oof-adapter.enabled
- name: so-openstack-adapter
version: ~6.x-0
- repository: 'file://components/so-openstack-adapter'
+ repository: "file://components/so-openstack-adapter"
condition: so-openstack-adapter.enabled
- name: so-request-db-adapter
version: ~6.x-0
- repository: 'file://components/so-request-db-adapter'
+ repository: "file://components/so-request-db-adapter"
- name: so-sdc-controller
version: ~6.x-0
- repository: 'file://components/so-sdc-controller'
+ repository: "file://components/so-sdc-controller"
- name: so-sdnc-adapter
version: ~6.x-0
- repository: 'file://components/so-sdnc-adapter'
+ repository: "file://components/so-sdnc-adapter"
condition: so-sdnc-adapter.enabled
- - name: so-secrets
- version: ~6.x-0
- repository: 'file://components/so-secrets'
- name: so-ve-vnfm-adapter
version: ~6.x-0
- repository: 'file://components/so-ve-vnfm-adapter'
+ repository: "file://components/so-ve-vnfm-adapter"
condition: so-ve-vnfm-adapter.enabled
- name: so-vfc-adapter
version: ~6.x-0
- repository: 'file://components/so-vfc-adapter'
+ repository: "file://components/so-vfc-adapter"
condition: so-vfc-adapter.enabled
- name: so-vnfm-adapter
version: ~6.x-0
- repository: 'file://components/so-vnfm-adapter'
+ repository: "file://components/so-vnfm-adapter"
condition: so-vnfm-adapter.enabled
diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml
index efcf029fbc..8ed9fd6401 100755
--- a/kubernetes/so/resources/config/overrides/override.yaml
+++ b/kubernetes/so/resources/config/overrides/override.yaml
@@ -124,4 +124,4 @@ org:
cloud-owner: CloudOwner
adapters:
network:
- encryptionKey: {{ .Values.global.app.msoKey }}
+ encryptionKey: {{ .Values.mso.msoKey }}
diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml
index 1ff897e051..f846a03370 100755
--- a/kubernetes/so/templates/deployment.yaml
+++ b/kubernetes/so/templates/deployment.yaml
@@ -68,21 +68,15 @@ spec:
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
{{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
/app/start-app.sh
{{- end }}
env:
- name: DB_HOST
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.host
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.port
+ value: {{ include "common.mariadbPort" . | quote }}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 0a9dbf4f4e..464801570b 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -27,6 +27,8 @@ global:
nameOverride: mariadb-galera
serviceName: mariadb-galera
servicePort: '3306'
+ service: mariadb-galera
+ internalPort: '3306'
# mariadbRootPassword: secretpassword
# rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
@@ -58,7 +60,6 @@ global:
siteName: onapheat
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
client:
certs:
truststore: /app/client/org.onap.so.trust.jks
@@ -109,16 +110,44 @@ secrets:
type: generic
filePaths:
- resources/config/certificates/msb-ca.crt
- - uid: "mso-key"
+ - uid: 'mso-key'
name: &mso-key '{{ include "common.release" . }}-mso-key'
type: password
- password: '{{ .Values.global.app.msoKey }}'
+ password: '{{ .Values.mso.msoKey }}'
- uid: mso-oof-auth
name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
type: basicAuth
login: '{{ .Values.mso.oof.login }}'
password: '{{ .Values.mso.oof.password }}'
passwordPolicy: required
+ - uid: server-actuator-creds
+ name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+ - uid: server-bpel-creds
+ name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}'
+ login: '{{ .Values.server.bpel.username }}'
+ password: '{{ .Values.server.bpel.password }}'
+ passwordPolicy: required
+ - uid: so-aaf-creds
+ name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aaf.username }}'
+ password: '{{ .Values.server.aaf.password }}'
+ passwordPolicy: required
+ - uid: so-aai-creds
+ name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}'
+ login: '{{ .Values.server.aai.username }}'
+ password: '{{ .Values.server.aai.password }}'
+ passwordPolicy: required
aafConfig:
permission_user: 1000
@@ -140,20 +169,44 @@ dbCreds:
userName: so_user
adminName: so_admin
+server:
+ aaf:
+ username: so@so.onap.org
+ password: demo123456
+ # aafCredsExternalSecret: some secret
+ aai:
+ username: aai@aai.onap.org
+ password: demo123456!
+ # aaiCredsExternalSecret: some secret
+ actuator:
+ username: mso_admin
+ password: password1$
+ # actuatorCredsExternalSecret: some secret
+ bpel:
+ username: bpel
+ password: password1$
+ # bpelCredsExternalSecret: some secret
+
repository: nexus3.onap.org:10001
image: onap/so/api-handler-infra:1.6.4
pullPolicy: Always
+
replicaCount: 1
minReadySeconds: 10
+
containerPort: &containerPort 8080
+
logPath: ./logs/apih/
+
app: api-handler-infra
+
service:
type: NodePort
nodePort: 77
internalPort: *containerPort
externalPort: *containerPort
portName: so-apih-port
+
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
@@ -230,6 +283,7 @@ mso:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
sdc:
client:
auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
@@ -247,6 +301,8 @@ mso:
so-appc-orchestrator:
enabled: true
+ server:
+ actuatorCredsExternalSecret: *actuator-secrets
db:
<<: *dbSecrets
@@ -259,16 +315,51 @@ so-catalog-db-adapter:
db:
<<: *dbSecrets
+so-cnf-adapter:
+ enabled: true
+ server:
+ aafCredsExternalSecret: *aaf-secrets
+ aaiCredsExternalSecret: *aai-secrets
+ actuatorCredsExternalSecret: *actuator-secrets
+ mso:
+ msoKeySecret: *mso-key
+
so-etsi-nfvo-ns-lcm:
enabled: true
db:
<<: *dbSecrets
+so-mariadb:
+ db:
+ rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+ rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+ backupCredsExternalSecret: *dbBackupCredsSecretName
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
+
so-monitoring:
enabled: true
db:
<<: *dbSecrets
+so-nssmf-adapter:
+ enabled: true
+ server:
+ actuatorCredsExternalSecret: *actuator-secrets
+ bpelCredsExternalSecret: *bpel-secrets
+ db:
+ <<: *dbSecrets
+
+so-oof-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
+ mso:
+ msoKeySecret: *mso-key
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ oof:
+ authSecret: *mso-oof-auth
+
so-openstack-adapter:
enabled: true
db:
@@ -295,28 +386,5 @@ so-vfc-adapter:
db:
<<: *dbSecrets
-so-nssmf-adapter:
- enabled: true
- db:
- <<: *dbSecrets
-
-so-oof-adapter:
- enabled: true
- db:
- <<: *dbSecrets
- mso:
- msoKeySecret: *mso-key
- camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
- oof:
- authSecret: *mso-oof-auth
-
so-vnfm-adapter:
enabled: true
-
-so-mariadb:
- db:
- rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
- rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
- backupCredsExternalSecret: *dbBackupCredsSecretName
- userCredsExternalSecret: *dbUserCredsSecretName
- adminCredsExternalSecret: *dbAdminCredsSecretName
diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml
index 6a79d8fcd8..f46530ded9 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml
+++ b/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml
@@ -34,6 +34,15 @@ metadata:
"port": "{{.Values.service.externalPort}}",
"enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
+ },
+ {
+ "serviceName": "nslcm",
+ "version": "v2",
+ "url": "/api/nslcm/v2",
+ "protocol": "REST",
+ "port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+ "visualRange":"1"
}
]'
spec:
diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml
index 7d37810020..14a216079b 100644
--- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml
+++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml
@@ -38,7 +38,7 @@ secrets:
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.4.0
+image: onap/vfc/nslcm:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index 3e0e235717..2cdc1e9a32 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -43,7 +43,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.6.0
+image: onap/vnfsdk/refrepo:1.6.2
postgresRepository: crunchydata
postgresImage: crunchy-postgres:centos7-10.3-1.8.2
pullPolicy: Always