aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/oom_hardcoded_certificates.rst2
m---------kubernetes/aai0
-rw-r--r--kubernetes/appc/charts/appc-cdt/values.yaml2
-rw-r--r--kubernetes/appc/values.yaml2
-rwxr-xr-xkubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties4
-rwxr-xr-xkubernetes/cds/charts/cds-blueprints-processor/values.yaml4
-rw-r--r--kubernetes/clamp/charts/clamp-backend/values.yaml2
-rw-r--r--kubernetes/clamp/values.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json5
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json2
-rw-r--r--kubernetes/nbi/templates/configmap-aaf-add-config.yaml28
-rw-r--r--kubernetes/nbi/templates/deployment.yaml42
-rw-r--r--kubernetes/nbi/values.yaml44
-rw-r--r--kubernetes/policy/charts/pap/resources/config/config.json4
-rw-r--r--kubernetes/policy/charts/pap/templates/deployment.yaml24
-rw-r--r--kubernetes/policy/charts/pap/templates/secrets.yaml15
-rw-r--r--kubernetes/policy/charts/pap/values.yaml16
-rw-r--r--kubernetes/policy/charts/policy-api/resources/config/config.json4
-rw-r--r--kubernetes/policy/charts/policy-api/templates/deployment.yaml25
-rw-r--r--kubernetes/policy/charts/policy-api/templates/secrets.yaml15
-rw-r--r--kubernetes/policy/charts/policy-api/values.yaml15
-rwxr-xr-xkubernetes/sdnc/resources/config/bin/startODL.sh9
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml4
-rw-r--r--kubernetes/sdnc/values.yaml2
-rw-r--r--kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jksbin0 -> 963 bytes
-rw-r--r--kubernetes/so/charts/so-secrets/templates/secrets.yaml13
-rwxr-xr-xkubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml12
-rwxr-xr-xkubernetes/so/resources/config/overrides/override.yaml3
-rwxr-xr-xkubernetes/so/values.yaml8
-rw-r--r--kubernetes/vnfsdk/values.yaml2
30 files changed, 267 insertions, 43 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index d5f8672dc3..5aeee2e07f 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -48,6 +48,8 @@ Here's the list of these certificates:
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VNFM | No | Yes? | Yes | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| VID | No | Yes | No | kubernetes/vid/resources/cert |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| OOF/OOF-CMSO | Yes | No | No | kubernetes/oof/charts/oof-cmso/resources/certs |
diff --git a/kubernetes/aai b/kubernetes/aai
-Subproject ab137ca81f5d4f9eb3d442f37f8e7ea52d7757f
+Subproject eb70b3f12b30d4d7ea010723707db8c3e2ef235
diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/charts/appc-cdt/values.yaml
index 377041a615..118d19c1b3 100644
--- a/kubernetes/appc/charts/appc-cdt/values.yaml
+++ b/kubernetes/appc/charts/appc-cdt/values.yaml
@@ -26,7 +26,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-cdt-image:1.7.0
+image: onap/appc-cdt-image:1.7.1
pullPolicy: Always
# application configuration
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 8e8c4219ac..fb8230b128 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -56,7 +56,7 @@ secrets:
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-image:1.7.0
+image: onap/appc-image:1.7.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties
index d36f0bce85..eee61e7e90 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties
+++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties
@@ -72,7 +72,7 @@ error.catalog.errorDefinitionFileDirectory=/opt/app/onap/config
# SDN-C's ODL Restconf Connection Details
blueprintsprocessor.restconfEnabled=true
blueprintsprocessor.restclient.sdncodl.type=basic-auth
-blueprintsprocessor.restclient.sdncodl.url=http://sdnc:8282/
+blueprintsprocessor.restclient.sdncodl.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}/
blueprintsprocessor.restclient.sdncodl.username=admin
blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
@@ -92,7 +92,7 @@ blueprintsprocessor.grpcclient.py-executor.trustCertCollection=/opt/app/onap/con
blueprintsprocessor.grpcclient.py-executor.type=tls-auth
# Config Data REST client settings
blueprintsprocessor.restclient.sdnc.type=basic-auth
-blueprintsprocessor.restclient.sdnc.url=http://sdnc:8282
+blueprintsprocessor.restclient.sdnc.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}
blueprintsprocessor.restclient.sdnc.username=admin
blueprintsprocessor.restclient.sdnc.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
index 29047a7404..6cd3c2b554 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
@@ -37,6 +37,10 @@ global:
# envsusbt
envsubstImage: dibi/envsubst
+ #This configuration specifies Service and port for SDNC OAM interface
+ sdncOamService: sdnc-oam
+ sdncOamPort: 8282
+
#################################################################
# Secrets metaconfig
#################################################################
diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml
index ce86ec2104..18888547c3 100644
--- a/kubernetes/clamp/charts/clamp-backend/values.yaml
+++ b/kubernetes/clamp/charts/clamp-backend/values.yaml
@@ -27,7 +27,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.2
+image: onap/clamp-backend:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml
index cf6c572cc9..47eca67f91 100644
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -30,7 +30,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.2
+image: onap/clamp-frontend:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json
index 41404b0199..c52a0a8606 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json
@@ -2,7 +2,6 @@
"dmaap": {
"username": "notused",
"password": "doesnotmatter",
- "owner": "dcaecm",
- "protocol": "http"
- }
+ "owner": "dcaecm"
+ }
} \ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json
index b459a989d7..2e47c9e118 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json
@@ -24,7 +24,7 @@
"timeout_in_secs": 60
},
"dmaap_mr" : {
- "url" : "https://message-router:3904/events/unauthenticated.POLICY-NOTIFICATION/policy-handler/ph1",
+ "url" : "https://message-router:3905/events/POLICY-NOTIFICATION/policy-handler/ph1",
"query": {
"timeout": 15000
},
diff --git a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml b/kubernetes/nbi/templates/configmap-aaf-add-config.yaml
new file mode 100644
index 0000000000..fe099b140d
--- /dev/null
+++ b/kubernetes/nbi/templates/configmap-aaf-add-config.yaml
@@ -0,0 +1,28 @@
+{{ if .Values.global.aafEnabled }}
+{{/*
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.aafConfig.addconfig -}}
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml
index 528a3f7e76..3283239100 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -32,6 +32,9 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.fullname" . }}
spec:
+{{- if .Values.global.aafEnabled }}
+ initContainers: {{ include "common.aaf-config" . | nindent 6 }}
+{{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -40,16 +43,39 @@ spec:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - bash
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0)
+ export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
+ -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \
+ -Dserver.ssl.key-store-type=PKCS12 \
+ -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \
+ -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \
+ -Djavax.net.ssl.trustStoreType=jks\
+ -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
+ {{- if eq "DEBUG" .Values.config.loglevel }}
+ export JAVA_DEBUG="-Djavax.net.debug=all"
+ {{- end }}
+ exec java -XX:+UseContainerSupport $JAVA_DEBUG $JAVA_OPTS -jar /opt/onap/app.jar
+ {{- end }}
{{ if .Values.liveness.enabled }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ scheme: HTTPS
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ scheme: HTTPS
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
@@ -72,7 +98,7 @@ spec:
- name: ONAP_CLOUDOWNER
value: {{ .Values.config.cloudOwner }}
- name: NBI_URL
- value: "http://nbi.{{ include "common.namespace" . }}:8080/nbi/api/v4"
+ value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4"
- name: SDC_HOST
value: "https://sdc-be.{{ include "common.namespace" . }}:8443"
- name: SDC_HEADER_ECOMPINSTANCEID
@@ -90,7 +116,7 @@ spec:
value: {{ .Values.so_authorization }}
{{- end }}
- name: DMAAP_HOST
- value: "https://message-router.{{ include "common.namespace" . }}:3905"
+ value: "http://message-router.{{ include "common.namespace" . }}:3904"
- name: LOGGING_LEVEL_ORG_ONAP_NBI
value: {{ .Values.config.loglevel }}
- name: MSB_ENABLED
@@ -99,7 +125,7 @@ spec:
value: "msb-discovery.{{ include "common.namespace" . }}"
- name: MSB_DISCOVERY_PORT
value: "10081"
- volumeMounts:
+ volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -125,7 +151,7 @@ spec:
# name: esr-server-logs
# - mountPath: /usr/share/filebeat/data
# name: esr-server-filebeat
- volumes:
+ volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index 4e22af6494..ceab7fad2a 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -28,6 +28,30 @@ global:
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ aafEnabled: true
+ busyBoxImage: busybox:1.30
+ busyBoxRepository: docker.io
+
+#################################################################
+# AAF part
+#################################################################
+aafConfig:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: nbi
+ fqi: nbi@nbi.onap.org
+ public_fqdn: nbi.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds
+
#################################################################
# Secrets metaconfig
@@ -39,13 +63,19 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
password: '{{ .Values.config.db.userPassword }}'
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:6.0.0
+image: onap/externalapi/nbi:6.0.1
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
@@ -109,9 +139,8 @@ affinity: {}
# probe configuration parameters
liveness:
- httpGet:
- path: /nbi/api/v4/status
- port: 8080
+ path: /nbi/api/v4/status
+ port: 8443
initialDelaySeconds: 180
periodSeconds: 30
# necessary to disable liveness probe when setting breakpoints
@@ -119,9 +148,8 @@ liveness:
enabled: true
readiness:
- httpGet:
- path: /nbi/api/v4/status
- port: 8080
+ path: /nbi/api/v4/status
+ port: 8443
initialDelaySeconds: 185
periodSeconds: 30
@@ -130,7 +158,7 @@ service:
portName: api
name: nbi
nodePort: 74
- internalPort: 8080
+ internalPort: 8443
ingress:
enabled: false
diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json
index e4517c7a5d..544ecdfc32 100644
--- a/kubernetes/policy/charts/pap/resources/config/config.json
+++ b/kubernetes/policy/charts/pap/resources/config/config.json
@@ -41,8 +41,8 @@
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
"databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}",
- "databaseUser": "{{ .Values.global.mariadb.config.userName }}",
- "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}",
+ "databaseUser": "${SQL_USER}",
+ "databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
},
"topicParameterGroup": {
diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml
index caef5218ef..85ca9c1486 100644
--- a/kubernetes/policy/charts/pap/templates/deployment.yaml
+++ b/kubernetes/policy/charts/pap/templates/deployment.yaml
@@ -31,6 +31,25 @@ spec:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+
+ - command:
+ - sh
+ args:
+ - -c
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: papconfig
+ - mountPath: /config
+ name: papconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -58,7 +77,7 @@ spec:
name: localtime
readOnly: true
- mountPath: /opt/app/policy/pap/etc/mounted
- name: papconfig
+ name: papconfig-processed
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -77,5 +96,8 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: papconfig-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/charts/pap/templates/secrets.yaml b/kubernetes/policy/charts/pap/templates/secrets.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/policy/charts/pap/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml
index 05f43d66e0..7edb3ab871 100644
--- a/kubernetes/policy/charts/pap/values.yaml
+++ b/kubernetes/policy/charts/pap/values.yaml
@@ -22,6 +22,18 @@
#################################################################
global:
persistence: {}
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -36,6 +48,10 @@ debugEnabled: false
# application configuration
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json
index ccfc07ae67..2e46ccae96 100644
--- a/kubernetes/policy/charts/policy-api/resources/config/config.json
+++ b/kubernetes/policy/charts/policy-api/resources/config/config.json
@@ -30,8 +30,8 @@
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
"databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin",
- "databaseUser": "{{ .Values.global.mariadb.config.userName }}",
- "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}",
+ "databaseUser": "${SQL_USER}",
+ "databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
},
"preloadPolicyTypes": [
diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
index 25e80d0ac3..777cc4954d 100644
--- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
@@ -31,6 +31,26 @@ spec:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+
+ - command:
+ - sh
+ args:
+ - -c
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: apiconfig
+ - mountPath: /config
+ name: apiconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -58,7 +78,7 @@ spec:
name: localtime
readOnly: true
- mountPath: /opt/app/policy/api/etc/mounted
- name: apiconfig
+ name: apiconfig-processed
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -77,5 +97,8 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: apiconfig-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/charts/policy-api/templates/secrets.yaml b/kubernetes/policy/charts/policy-api/templates/secrets.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/policy/charts/policy-api/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml
index b5e10493dc..fd66b69e4e 100644
--- a/kubernetes/policy/charts/policy-api/values.yaml
+++ b/kubernetes/policy/charts/policy-api/values.yaml
@@ -22,6 +22,18 @@
global:
nodePortPrefix: 304
persistence: {}
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -35,6 +47,9 @@ pullPolicy: Always
debugEnabled: false
# application configuration
+db:
+ user: policy_user
+ password: policy_user
# default number of instances
replicaCount: 1
diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh
index af5c36207c..6aa796a163 100755
--- a/kubernetes/sdnc/resources/config/bin/startODL.sh
+++ b/kubernetes/sdnc/resources/config/bin/startODL.sh
@@ -4,6 +4,7 @@
# ============LICENSE_START=======================================================
# SDNC
# ================================================================================
+# Copyright © 2020 Samsung Electronics
# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -133,17 +134,17 @@ echo " AAF_ENABLED=$SDNC_AAF_ENABLED"
if $SDNC_AAF_ENABLED; then
- export SDNC_STORE_DIR=/opt/app/osaaf/local
- export SDNC_CONFIG_DIR=/opt/app/osaaf/local
+ export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local
+ export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local
export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
export SDNC_KEYSTORE=org.onap.sdnc.p12
sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
- echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
+ echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
fi
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index da5d8f30d4..4511ca9125 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -1,4 +1,5 @@
{{/*
+# Copyright © 2020 Samsung Electronics
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -208,6 +209,9 @@ spec:
- mountPath: {{ .Values.config.binDir }}/installSdncDb.sh
name: bin
subPath: installSdncDb.sh
+ - mountPath: {{ .Values.config.ccsdkConfigDir }}/aaiclient.properties
+ name: properties
+ subPath: aaiclient.properties
- mountPath: {{ .Values.config.configDir }}/aaiclient.properties
name: properties
subPath: aaiclient.properties
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 8cb7c339c7..99ff4b7760 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -1,3 +1,4 @@
+# Copyright © 2020 Samsung Electronics
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -159,6 +160,7 @@ config:
peerODLCluster: 127.0.0.1
isPrimaryCluster: true
configDir: /opt/onap/sdnc/data/properties
+ ccsdkConfigDir: /opt/onap/ccsdk/data/properties
dmaapTopic: SUCCESS
dmaapPort: 3904
logstashServiceName: log-ls
diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
new file mode 100644
index 0000000000..96931ce168
--- /dev/null
+++ b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
Binary files differ
diff --git a/kubernetes/so/charts/so-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-secrets/templates/secrets.yaml
index 9a749638f0..5be2cc7c41 100644
--- a/kubernetes/so/charts/so-secrets/templates/secrets.yaml
+++ b/kubernetes/so/charts/so-secrets/templates/secrets.yaml
@@ -25,3 +25,16 @@ data:
trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.release" . }}-so-truststore-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
index 00b36a838e..a720753f47 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
@@ -40,17 +40,17 @@ spec:
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
env:
- name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
+ value: {{ .Values.global.client.certs.truststore }}
- name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name}}-so-client-certs-secret
key: trustStorePassword
+ {{ if eq .Values.global.security.aaf.enabled true }}
- name: KEYSTORE
- value: /app/org.onap.so.jks
+ value: {{ .Values.global.client.certs.keystore }}
- name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
@@ -67,6 +67,9 @@ spec:
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readonly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
@@ -84,5 +87,8 @@ spec:
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml
index c57ed023ef..6bd930d7b1 100755
--- a/kubernetes/so/resources/config/overrides/override.yaml
+++ b/kubernetes/so/resources/config/overrides/override.yaml
@@ -1,3 +1,6 @@
+aai:
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
server:
port: {{ index .Values.containerPort }}
tomcat:
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 4cf991ea60..e9c5637eef 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -60,8 +60,8 @@ global:
defaultCloudOwner: onap
cadi:
cadiLoglevel: DEBUG
- cadiKeyFile: /app/org.onap.so.keyfile
- cadiTrustStore: /app/org.onap.so.trust.jks
+ cadiKeyFile: /app/client/org.onap.so.keyfile
+ cadiTrustStore: /app/client/org.onap.so.trust.jks
cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
cadiLatitude: 38.4329
cadiLongitude: -90.43248
@@ -73,7 +73,9 @@ global:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
client:
certs:
- trustStorePassword: b25hcDRzbw==
+ truststore: /app/client/org.onap.so.trust.jks
+ keystore: /app/client/org.onap.so.jks
+ trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
keyStorePassword: c280b25hcA==
certificates:
path: /etc/ssl/certs
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index 9529e558a2..96cacfbf82 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.3.2
+image: onap/vnfsdk/refrepo:1.5.1
postgresRepository: crunchydata
postgresImage: crunchy-postgres:centos7-10.3-1.8.2
pullPolicy: Always