diff options
11 files changed, 553 insertions, 27 deletions
diff --git a/kubernetes/so/components/so-cnf-adapter/Chart.yaml b/kubernetes/so/components/so-cnf-adapter/Chart.yaml new file mode 100755 index 0000000000..4b507c105a --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: "1.7.1" +description: A Helm chart for Kubernetes +name: so-cnf-adapter +version: 6.0.0 + diff --git a/kubernetes/so/components/so-cnf-adapter/requirements.yaml b/kubernetes/so/components/so-cnf-adapter/requirements.yaml new file mode 100755 index 0000000000..ecba826c68 --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/requirements.yaml @@ -0,0 +1,28 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~6.x-0 + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' + diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..c513589100 --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,50 @@ +{{/* +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +aai: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }} + endpoint: https://aai.{{ include "common.namespace" . }}:8443 +logging: + path: logs +spring: + security: + usercredentials: + - username: ${ACTUATOR_USERNAME} + password: ${ACTUATOR_PASSWORD} + role: ACTUATOR +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 +mso: + site-name: localSite + logPath: ./logs/cnf + msb-ip: msb-iag.{{ include "common.namespace" . }} + msb-port: 80 +#Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: "*" + metrics: + se-global-registry: false + export: + prometheus: + enabled: true # Whether exporting of metrics to Prometheus is enabled. + step: 1m # Step size (i.e. reporting frequency) to use. + diff --git a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..c5ebec0b15 --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml @@ -0,0 +1,30 @@ +{{/* +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} + diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..3c131321f3 --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml @@ -0,0 +1,132 @@ +{{/* +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + - name: {{ include "common.name" . }}-encrypter + command: + - sh + args: + - -c + - | + java Crypto "${AAI_USERNAME}:${AAI_PASSWORD}" "${MSO_KEY}" > /output/.aai_creds + env: + - name: AAI_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "login") | indent 14 }} + - name: AAI_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "password") | indent 14 }} + - name: MSO_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnf-adapter-mso-key" "key" "password") | indent 14 }} + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.global.soCryptoImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: encoder + mountPath: /output + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + command: + - sh + args: + - -c + - | + export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64) + export AAF_AUTH=$(echo "Basic ${AAF_BASE64}") + export AAI_AUTH=$(cat /input/.aai_creds) + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + {{- end }} + ./start-app.sh + resources: {{ include "common.resources" . | nindent 12 }} + ports: {{- include "common.containerPorts" . | nindent 12 }} + env: + - name: AAF_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }} + - name: AAF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }} + - name: ACTUATOR_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} + - name: ACTUATOR_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} + {{ include "so.certificates.env" . | indent 12 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-env + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + readOnly: true + - name: encoder + mountPath: /input + livenessProbe: + httpGet: + path: {{ index .Values.livenessProbe.path}} + port: {{ index .Values.containerPort }} + scheme: {{ index .Values.livenessProbe.scheme}} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: encoder + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + diff --git a/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml new file mode 100644 index 0000000000..dfeae804be --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} + diff --git a/kubernetes/so/components/so-cnf-adapter/templates/service.yaml b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml new file mode 100755 index 0000000000..0c34660a0e --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.service" . }} + diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml new file mode 100755 index 0000000000..0fdd4f2edf --- /dev/null +++ b/kubernetes/so/components/so-cnf-adapter/values.yaml @@ -0,0 +1,161 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + soCryptoImage: sdesbure/so_crypto:latest + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: ${AAF_AUTH} +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: server-actuator-creds + name: '{{ include "common.release" . }}-so-cnf-actuator-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' + login: '{{ .Values.server.actuator.username }}' + password: '{{ .Values.server.actuator.password }}' + passwordPolicy: required + - uid: so-aaf-creds + name: '{{ include "common.release" . }}-so-cnf-aaf-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}' + login: '{{ .Values.server.aaf.username }}' + password: '{{ .Values.server.aaf.password }}' + passwordPolicy: required + - uid: so-aai-creds + name: '{{ include "common.release" . }}-so-cnf-aai-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}' + login: '{{ .Values.server.aai.username }}' + password: '{{ .Values.server.aai.password }}' + passwordPolicy: required + - uid: cnf-adapter-mso-key + name: '{{ include "common.release" . }}-so-cnf-mso-key' + type: password + externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}' + password: '{{ .Values.mso.msoKey }}' +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' +################################################################# +# Application configuration defaults. +################################################################# +image: onap/so/mso-cnf-adapter:1.7.1 +pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret +server: + aaf: + username: so@so.onap.org + password: demo123456 + # aafCredsExternalSecret: some secret + aai: + username: aai@aai.onap.org + password: demo123456! + auth: ${AAI_AUTH} + # aaiCredsExternalSecret: some secret + actuator: + username: mso_admin + password: password1$ + # actuatorCredsExternalSecret: some secret +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + # msoKeySecret: some secret + adapters: + requestDb: + auth: ${REQUEST_AUTH} +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8090 +logPath: ./logs/cnf/ +app: cnf-adapter +service: + type: ClusterIP + ports: + - name: http-api + port: *containerPort +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +soHelpers: + nameOverride: so-cnf-cert-init + certInitializer: + nameOverride: so-cnf-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.openStackAdapterPerm + containerPort: *containerPort +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8090 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} + diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml index 2e0a40610d..2b60a69589 100755 --- a/kubernetes/so/requirements.yaml +++ b/kubernetes/so/requirements.yaml @@ -42,6 +42,10 @@ dependencies: version: ~6.x-0 repository: 'file://components/so-catalog-db-adapter' condition: so-catalog-db-adapter.enabled + - name: so-cnf-adapter + version: ~6.x-0 + repository: "file://components/so-cnf-adapter" + condition: so-cnf-adapter.enabled - name: so-etsi-nfvo-ns-lcm version: ~6.x-0 repository: 'file://components/so-etsi-nfvo-ns-lcm' diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index efcf029fbc..efb3fab558 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -7,7 +7,7 @@ server: max-threads: 50 ssl-enable: false mso: - msoKey: {{ .Values.global.app.msoKey }} + msoKey: {{ .Values.mso.msoKey }} logPath: ./logs/apih site-name: {{ index .Values.global.app.siteName }} adapters: @@ -124,4 +124,4 @@ org: cloud-owner: CloudOwner adapters: network: - encryptionKey: {{ .Values.global.app.msoKey }} + encryptionKey: {{ .Values.mso.msoKey }} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index de1918b7ae..358b104367 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -55,7 +55,7 @@ global: siteName: onapheat auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 defaultCloudOwner: onap - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + client: certs: truststore: /app/client/org.onap.so.trust.jks @@ -110,16 +110,44 @@ secrets: type: generic filePaths: - resources/config/certificates/msb-ca.crt - - uid: "mso-key" + - uid: 'mso-key' name: &mso-key '{{ include "common.release" . }}-mso-key' type: password - password: '{{ .Values.global.app.msoKey }}' + password: '{{ .Values.mso.msoKey }}' - uid: mso-oof-auth name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth' type: basicAuth login: '{{ .Values.mso.oof.login }}' password: '{{ .Values.mso.oof.password }}' passwordPolicy: required + - uid: server-actuator-creds + name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' + login: '{{ .Values.server.actuator.username }}' + password: '{{ .Values.server.actuator.password }}' + passwordPolicy: required + - uid: server-bpel-creds + name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}' + login: '{{ .Values.server.bpel.username }}' + password: '{{ .Values.server.bpel.password }}' + passwordPolicy: required + - uid: so-aaf-creds + name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}' + login: '{{ .Values.server.aaf.username }}' + password: '{{ .Values.server.aaf.password }}' + passwordPolicy: required + - uid: so-aai-creds + name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}' + login: '{{ .Values.server.aai.username }}' + password: '{{ .Values.server.aai.password }}' + passwordPolicy: required aafConfig: permission_user: 1000 @@ -142,6 +170,25 @@ dbCreds: adminName: so_admin image: onap/so/api-handler-infra:1.7.10 + +server: + aaf: + username: so@so.onap.org + password: demo123456 + # aafCredsExternalSecret: some secret + aai: + username: aai@aai.onap.org + password: demo123456! + # aaiCredsExternalSecret: some secret + actuator: + username: mso_admin + password: password1$ + # actuatorCredsExternalSecret: some secret + bpel: + username: bpel + password: password1$ + # bpelCredsExternalSecret: some secret + pullPolicy: Always replicaCount: 1 minReadySeconds: 10 @@ -230,6 +277,7 @@ mso: requestDb: auth: Basic YnBlbDpwYXNzd29yZDEk camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 sdc: client: auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24 @@ -247,6 +295,8 @@ mso: so-appc-orchestrator: enabled: false + server: + actuatorCredsExternalSecret: *actuator-secrets db: <<: *dbSecrets @@ -259,16 +309,53 @@ so-catalog-db-adapter: db: <<: *dbSecrets +so-cnf-adapter: + enabled: true + db: + <<: *dbSecrets + server: + aafCredsExternalSecret: *aaf-secrets + aaiCredsExternalSecret: *aai-secrets + actuatorCredsExternalSecret: *actuator-secrets + mso: + msoKeySecret: *mso-key + so-etsi-nfvo-ns-lcm: enabled: true db: <<: *dbSecrets +so-mariadb: + db: + rootPasswordExternalSecretLocalDb: *dbRootPassSecretName + rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}' + backupCredsExternalSecret: *dbBackupCredsSecretName + userCredsExternalSecret: *dbUserCredsSecretName + adminCredsExternalSecret: *dbAdminCredsSecretName + so-monitoring: enabled: true db: <<: *dbSecrets +so-nssmf-adapter: + enabled: true + server: + actuatorCredsExternalSecret: *actuator-secrets + bpelCredsExternalSecret: *bpel-secrets + db: + <<: *dbSecrets + +so-oof-adapter: + enabled: true + db: + <<: *dbSecrets + mso: + msoKeySecret: *mso-key + camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A + oof: + authSecret: *mso-oof-auth + so-openstack-adapter: enabled: true db: @@ -295,28 +382,6 @@ so-vfc-adapter: db: <<: *dbSecrets -so-nssmf-adapter: - enabled: true - db: - <<: *dbSecrets - -so-oof-adapter: - enabled: true - db: - <<: *dbSecrets - mso: - msoKeySecret: *mso-key - camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A - oof: - authSecret: *mso-oof-auth - so-vnfm-adapter: enabled: true -so-mariadb: - db: - rootPasswordExternalSecretLocalDb: *dbRootPassSecretName - rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}' - backupCredsExternalSecret: *dbBackupCredsSecretName - userCredsExternalSecret: *dbUserCredsSecretName - adminCredsExternalSecret: *dbAdminCredsSecretName |