diff options
20 files changed, 83 insertions, 84 deletions
diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst index 8431cf794a..033ba43fe4 100644 --- a/docs/oom_cloud_setup_guide.rst +++ b/docs/oom_cloud_setup_guide.rst @@ -46,9 +46,9 @@ The versions of Kubernetes that are supported by OOM are as follows: .. table:: OOM Software Requirements - ============== =========== ======= ======== ======== - Release Kubernetes Helm kubectl Docker - ============== =========== ======= ======== ======== + ============== =========== ======= ======== ======== ============ + Release Kubernetes Helm kubectl Docker Cert-Manager + ============== =========== ======= ======== ======== ============ amsterdam 1.7.x 2.3.x 1.7.x 1.12.x beijing 1.8.10 2.8.2 1.8.10 17.03.x casablanca 1.11.5 2.9.1 1.11.5 17.03.x @@ -57,7 +57,8 @@ The versions of Kubernetes that are supported by OOM are as follows: frankfurt 1.15.9 2.16.6 1.15.11 18.09.x guilin 1.15.11 2.16.10 1.15.11 18.09.x Honolulu 1.19.9 3.5.2 1.19.9 19.03.x - ============== =========== ======= ======== ======== + Istanbul 1.2.0 + ============== =========== ======= ======== ======== ============ .. note:: Guilin version also supports Kubernetes up to version 1.19.x and should work diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 2fedc091d8..d573c94bb0 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -33,13 +33,19 @@ where <BRANCH> can be an official release tag, such as > cp -R ~/oom/kubernetes/helm/plugins/ ~/.local/share/helm/plugins > helm plugin install https://github.com/chartmuseum/helm-push.git -**Step 3** Install Chartmuseum:: +**Step 3.** Install Chartmuseum:: > curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum > chmod +x ./chartmuseum > mv ./chartmuseum /usr/local/bin -**Step 4.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or +**Step 4.** Install Cert-Manager:: + + > kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml + +More details can be found :doc:`here <oom_setup_paas>`. + +**Step 5.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file to suit your deployment with items like the OpenStack tenant information. @@ -67,12 +73,6 @@ to suit your deployment with items like the OpenStack tenant information. -.. note:: - If you want to use CMPv2 certificate onboarding, Cert-Manager must be installed. - :doc:`Click here <oom_setup_paas>` to see how to install Cert-Manager. - - - a. Enabling/Disabling Components: Here is an example of the nominal entries that need to be provided. We have different values file available for different contexts. @@ -154,7 +154,7 @@ Example Keystone v3 (required for Rocky and later releases) :language: yaml -**Step 5.** To setup a local Helm server to server up the ONAP charts:: +**Step 6.** To setup a local Helm server to server up the ONAP charts:: > chartmuseum --storage local --storage-local-rootdir ~/helm3-storage -port 8879 & @@ -163,13 +163,13 @@ follows:: > helm repo add local http://127.0.0.1:8879 -**Step 6.** Verify your Helm repository setup with:: +**Step 7.** Verify your Helm repository setup with:: > helm repo list NAME URL local http://127.0.0.1:8879 -**Step 7.** Build a local Helm repository (from the kubernetes directory):: +**Step 8.** Build a local Helm repository (from the kubernetes directory):: > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all ; make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] onap @@ -177,7 +177,7 @@ follows:: Sets the helm binary to be used. The default value use helm from PATH -**Step 8.** Display the onap charts that available to be deployed:: +**Step 9.** Display the onap charts that available to be deployed:: > helm repo update > helm search repo onap @@ -189,7 +189,7 @@ follows:: to your deployment charts or values be sure to use ``make`` to update your local Helm repository. -**Step 9.** Once the repo is setup, installation of ONAP can be done with a +**Step 10.** Once the repo is setup, installation of ONAP can be done with a single command .. note:: @@ -237,7 +237,7 @@ needs. you want to use to deploy VNFs from ONAP and/or additional parameters for the embedded tests. -**Step 10.** Verify ONAP installation +**Step 11.** Verify ONAP installation Use the following to monitor your deployment and determine when ONAP is ready for use:: @@ -251,7 +251,7 @@ for use:: > ~/oom/kubernetes/robot/ete-k8s.sh onap health -**Step 11.** Undeploy ONAP +**Step 12.** Undeploy ONAP :: > helm undeploy dev diff --git a/docs/oom_setup_paas.rst b/docs/oom_setup_paas.rst index 258a4eeadf..845fd473e0 100644 --- a/docs/oom_setup_paas.rst +++ b/docs/oom_setup_paas.rst @@ -9,11 +9,11 @@ .. _oom_setup_paas: -ONAP PaaS set-up (optional) -########################### +ONAP PaaS set-up +################ Starting from Honolulu release, Cert-Manager and Prometheus Stack are a part -of k8s PaaS for ONAP operations and can be optionally installed to provide +of k8s PaaS for ONAP operations and can be installed to provide additional functionality for ONAP engineers. The versions of PaaS compoents that are supported by OOM are as follows: @@ -63,8 +63,8 @@ Installation can be as simple as:: > kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml -Prometheus Stack -================ +Prometheus Stack (optional) +=========================== Prometheus is an open-source systems monitoring and alerting toolkit with an active ecosystem. diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 02f5c483b5..3a707e25ea 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -55,8 +55,8 @@ ONAP with a few simple commands. Pre-requisites -------------- -Your environment must have both the Kubernetes `kubectl` and Helm setup as a -one time activity. +Your environment must have the Kubernetes `kubectl` with Cert-Manager +and Helm setup as a one time activity. Install Kubectl ~~~~~~~~~~~~~~~ @@ -78,6 +78,11 @@ Verify that the Kubernetes config is correct:: At this point you should see Kubernetes pods running. +Install Cert-Manager +~~~~~~~~~~~~~~~~~~~~ +Details on how to install Cert-Manager can be found +:doc:`here <oom_setup_paas>`. + Install Helm ~~~~~~~~~~~~ Helm is used by OOM for package and configuration management. To install Helm, diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat index df2e128407..d29617a4d9 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat @@ -49,6 +49,7 @@ org.onap.clamp|clds.template|dev|*||"{'org.onap.clamp|service'}" org.onap.clamp|clds.template|dev|read|Onap Clamp Dev Read Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|clds.admin.dev'}" org.onap.clamp|clds.template|dev|update|Onap Clamp Dev Update Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|clds.admin.dev'}" org.onap.clamp|clds.tosca|dev|*||"{'org.onap.clamp|service'}" +org.onap.clamp|clds.policies|dev|*||"{'org.onap.clamp|service'}" org.onap.clampdemo|access|*|*|ClampDemo Write Access|{'org.onap.clampdemo.admin'} org.onap.clampdemo|access|*|read|ClampDemo Read Access|{'org.onap.clampdemo.owner'} org.onap.clamptest|access|*|*|Onap Write Access|{'org.onap.clamptest.admin'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat index ea15da4053..d73a09d4cd 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat @@ -40,7 +40,7 @@ org.onap.clampdemo|admin|Onap Clamp Test Admins|"{'org.onap.clampdemo.access|*| org.onap.clampdemo|owner|onap clamp Test Owners|"{'org.onap.clampdemo.access|*|read'}" org.onap.clamp|owner|AAF Namespace Owners| org.onap.clamp|seeCerts||"{'org.onap.clamp|certman|local|request,ignoreIPs,showpass'}" -org.onap.clamp|service||"{'org.onap.clamp|access|*|*', 'org.onap.clamp|clds.cl.manage|dev|*', 'org.onap.clamp|clds.cl|dev|*', 'org.onap.clamp|clds.filter.vf|dev|*', 'org.onap.clamp|clds.template|dev|*', 'org.onap.clamp|clds.tosca|dev|*'}" +org.onap.clamp|service||"{'org.onap.clamp|access|*|*', 'org.onap.clamp|clds.cl.manage|dev|*', 'org.onap.clamp|clds.cl|dev|*', 'org.onap.clamp|clds.filter.vf|dev|*', 'org.onap.clamp|clds.template|dev|*', 'org.onap.clamp|clds.tosca|dev|*', 'org.onap.clamp|clds.policies|dev|*'}" org.onap.clamptest|admin|Onap Clamp Test Admins|"{'org.onap.clamptest.access|*|*'}" org.onap.clamptest|owner|onap clamp Test Owners|"{'org.onap.clamptest.access|*|read'}" org.onap.cli|admin|AAF Namespace Administrators|"{'org.onap.cli|access|*|*'}" diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh index ec1ce944c9..cb4153e778 100755 --- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -58,7 +58,8 @@ done # Prepare truststore output file if [ "$AAF_ENABLED" = "true" ] then - mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME + echo "AAF is enabled, use 'AAF' truststore" + export TRUSTSTORE_OUTPUT_FILENAME=${ONAP_TRUSTSTORE} else echo "AAF is disabled, using JRE truststore" cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl index 6fc667429e..2b9461e50e 100644 --- a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl +++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl @@ -219,8 +219,14 @@ spec: sources: - secret: name: {{ $certificatesSecretName }} - {{- if $certificate.keystore }} items: + - key: tls.key + path: key.pem + - key: tls.crt + path: cert.pem + - key: ca.crt + path: cacert.pem + {{- if $certificate.keystore }} {{- range $outputType := $certificate.keystore.outputType }} - key: keystore.{{ $outputType }} path: keystore.{{ $outputType }} @@ -278,8 +284,14 @@ spec: sources: - secret: name: {{ $certificatesSecretName }} - {{- if $certificate.keystore }} items: + - key: tls.key + path: key.pem + - key: tls.crt + path: cert.pem + - key: ca.crt + path: cacert.pem + {{- if $certificate.keystore }} {{- range $outputType := $certificate.keystore.outputType }} - key: keystore.{{ $outputType }} path: keystore.{{ $outputType }} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index db58726893..10a63ebbcf 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -3,6 +3,7 @@ # ================================================================================ # Copyright (c) 2021 J. F. Lucas. All rights reserved. # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2021 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -295,7 +296,7 @@ spec: name: onap-policy-xacml-pdp-api-creds key: password - name: POLICY_SYNC_PDP_URL - value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969 + value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969 - name: POLICY_SYNC_OUTFILE value : "/etc/policies/policies.json" - name: POLICY_SYNC_V1_DECISION_ENDPOINT @@ -370,9 +371,9 @@ spec: {{- if $cmpv2Certificate.keystore -}} {{- $certType = (index $cmpv2Certificate.keystore.outputType 0) -}} {{- end -}} - {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "ca.crt" -}} - {{- $truststoresPasswordPaths := "" -}} - {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "tls.crt" $cmpv2CertificateDir "tls.key" -}} + {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "cacert.pem" -}} + {{- $truststoresPasswordPaths := ":" -}} + {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "cert.pem" $cmpv2CertificateDir "key.pem" -}} {{- $keystoreDestinationPaths := printf "%s/%s:%s/%s" $certDir "cert.pem" $certDir "key.pem" -}} {{- if not (eq $certType "pem") -}} {{- $truststoresPaths = printf "%s/%s:%s/%s.%s" $certDir "trust.jks" $cmpv2CertificateDir "truststore" $certType -}} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 502e3a89dc..bb65f37f73 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -65,6 +65,8 @@ secrets: passwordPolicy: required # CMPv2 certificate +# It is used only when global parameter cmpv2Enabled is true +# Disabled by default certificates: - mountPath: /etc/ves-hv/ssl/external commonName: dcae-hv-ves-collector diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 263715650e..081bcdcc1a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -58,6 +58,8 @@ certDirectory: /opt/app/dcae-certificate tlsServer: true # CMPv2 certificate +# It is used only when global parameter cmpv2Enabled is true +# Disabled by default certificates: - mountPath: /opt/app/dcae-certificate/external commonName: dcae-ves-collector diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml index c34ebad982..fd34b1ef28 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -73,7 +73,7 @@ cmpv2issuer: certEndpoint: v1/certificate caName: RA certSecretRef: - name: oom-cert-service-server-tls-secret + name: oom-cert-service-client-tls-secret certRef: tls.crt keyRef: tls.key cacertRef: ca.crt diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml deleted file mode 100644 index ba12874eb6..0000000000 --- a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* - # Copyright © 2020, Nokia - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. -*/}} - -{{- if .Values.global.offlineDeploymentBuild }} -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.certificateGenerationImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{ end -}} diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index 829d3a01d1..2e149683d7 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -22,7 +22,6 @@ global: # Standard OOM pullPolicy: "Always" repository: "nexus3.onap.org:10001" - offlineDeploymentBuild: false # Service configuration @@ -33,9 +32,6 @@ service: port: 8443 port_protocol: http -# Certificates generation configuration -certificateGenerationImage: onap/integration-java11:7.2.0 - # Deployment configuration repository: "nexus3.onap.org:10001" image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3 diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties index 17185cc4bb..a6334668b1 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties @@ -48,22 +48,22 @@ spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements #The log folder that will be used in logback.xml file -clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config.json +clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config-pass.json # # Configuration Settings for Policy Engine Components -clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969 +clamp.config.policy.api.url=https://policy-api.{{ include "common.namespace" . }}:6969 clamp.config.policy.api.userName=healthcheck clamp.config.policy.api.password=zb!XztG34 -clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969 +clamp.config.policy.pap.url=https://policy-pap.{{ include "common.namespace" . }}:6969 clamp.config.policy.pap.userName=healthcheck clamp.config.policy.pap.password=zb!XztG34 #DCAE Inventory Url Properties -clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080 -clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +clamp.config.dcae.inventory.url=https://inventory.{{ include "common.namespace" . }}:8080 +clamp.config.dcae.dispatcher.url=https://deployment-handler.{{ include "common.namespace" . }}:8443 #DCAE Deployment Url Properties -clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +clamp.config.dcae.deployment.url=https://deployment-handler.{{ include "common.namespace" . }}:8443 clamp.config.dcae.deployment.userName=none clamp.config.dcae.deployment.password=none diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json index 3adda95c11..6021b21d21 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json @@ -6,7 +6,7 @@ "consumerId": "clamp", "environmentName": "AUTO", "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", - "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", + "password": "${SDC_CLIENT_PASSWORD_ENC}", "pollingInterval":30, "pollingTimeout":30, "activateServerTLSAuth":"false", diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml index 1120f9b2b6..c243e30540 100644 --- a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml @@ -67,6 +67,8 @@ spec: - | {{- if .Values.global.aafEnabled }} export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0) + export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`; + envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json" {{- end }} java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar ports: @@ -99,6 +101,8 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - name: MYSQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} + - name: SDC_CLIENT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 12 }} {{- if ne "unlimited" (include "common.flavor" .) }} - name: JAVA_RAM_CONFIGURATION value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75 diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index ef0ea7ae4e..71d2517be1 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -44,10 +44,7 @@ certInitializer: app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local aaf_add_config: > - echo "$cadi_truststore_password" > {{ .Values.credsPath }}/cadi_truststore_password.pwd; - echo "$cadi_key_password" > {{ .Values.credsPath }}/cadi_key_password.pwd; - echo "$cadi_keystore_password" > {{ .Values.credsPath }}/cadi_keystore_password.pwd; - echo "$cadi_keystore_password_p12" > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; cd {{ .Values.credsPath }}; chmod a+rx *; @@ -58,11 +55,16 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: sdc-creds + type: password + externalSecret: '{{ tpl (default "" .Values.sdc.sdcClientExternalSecret) . }}' + password: '{{ .Values.sdc.clientPassword }}' + passwordPolicy: required flavor: small # application image -image: onap/policy-clamp-backend:6.0.2 +image: onap/policy-clamp-backend:6.1.1 pullPolicy: Always # flag to enable debugging - application support required @@ -78,6 +80,9 @@ log: #####dummy values for db user and password to pass lint!!!####### +sdc: + clientPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + db: user: policy_user password: policy_user diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml index c824965955..9712a38e10 100644 --- a/kubernetes/policy/components/policy-clamp-fe/values.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -60,7 +60,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-clamp-frontend:6.0.2 +image: onap/policy-clamp-frontend:6.1.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 5c530fea72..af53fd6708 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -93,7 +93,7 @@ spec: memory: 20Mi {{- end }} - name: volume-permissions - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh |