diff options
| -rw-r--r-- | docs/oom_hardcoded_certificates.rst | 2 | ||||
| m--------- | kubernetes/aai | 0 | ||||
| -rwxr-xr-x | kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties | 4 | ||||
| -rwxr-xr-x | kubernetes/cds/charts/cds-blueprints-processor/values.yaml | 4 | ||||
| -rw-r--r-- | kubernetes/clamp/charts/clamp-backend/values.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/clamp/values.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks | bin | 0 -> 963 bytes | |||
| -rw-r--r-- | kubernetes/so/charts/so-secrets/templates/secrets.yaml | 13 | ||||
| -rwxr-xr-x | kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml | 12 | ||||
| -rwxr-xr-x | kubernetes/so/values.yaml | 8 |
10 files changed, 37 insertions, 10 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index 0745ec0df4..b5f3c075f8 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -48,5 +48,7 @@ Here's the list of these certificates: +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/VNFM | No | Yes? | Yes | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | VID | No | Yes | No | kubernetes/vid/resources/cert | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ diff --git a/kubernetes/aai b/kubernetes/aai -Subproject ab137ca81f5d4f9eb3d442f37f8e7ea52d7757f +Subproject eb70b3f12b30d4d7ea010723707db8c3e2ef235 diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index d36f0bce85..eee61e7e90 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -72,7 +72,7 @@ error.catalog.errorDefinitionFileDirectory=/opt/app/onap/config # SDN-C's ODL Restconf Connection Details blueprintsprocessor.restconfEnabled=true blueprintsprocessor.restclient.sdncodl.type=basic-auth -blueprintsprocessor.restclient.sdncodl.url=http://sdnc:8282/ +blueprintsprocessor.restclient.sdncodl.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}/ blueprintsprocessor.restclient.sdncodl.username=admin blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U @@ -92,7 +92,7 @@ blueprintsprocessor.grpcclient.py-executor.trustCertCollection=/opt/app/onap/con blueprintsprocessor.grpcclient.py-executor.type=tls-auth # Config Data REST client settings blueprintsprocessor.restclient.sdnc.type=basic-auth -blueprintsprocessor.restclient.sdnc.url=http://sdnc:8282 +blueprintsprocessor.restclient.sdnc.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }} blueprintsprocessor.restclient.sdnc.username=admin blueprintsprocessor.restclient.sdnc.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 29047a7404..6cd3c2b554 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -37,6 +37,10 @@ global: # envsusbt envsubstImage: dibi/envsubst + #This configuration specifies Service and port for SDNC OAM interface + sdncOamService: sdnc-oam + sdncOamPort: 8282 + ################################################################# # Secrets metaconfig ################################################################# diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml index ce86ec2104..18888547c3 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -27,7 +27,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.2 +image: onap/clamp-backend:5.0.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index cf6c572cc9..47eca67f91 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.2 +image: onap/clamp-frontend:5.0.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks Binary files differnew file mode 100644 index 0000000000..96931ce168 --- /dev/null +++ b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-secrets/templates/secrets.yaml index 9a749638f0..5be2cc7c41 100644 --- a/kubernetes/so/charts/so-secrets/templates/secrets.yaml +++ b/kubernetes/so/charts/so-secrets/templates/secrets.yaml @@ -25,3 +25,16 @@ data: trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }} keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}} type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.release" . }}-so-truststore-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml index 00b36a838e..a720753f47 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml @@ -40,17 +40,17 @@ spec: image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | indent 12 }} - {{- if eq .Values.global.security.aaf.enabled true }} env: - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks + value: {{ .Values.global.client.certs.truststore }} - name: TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ .Release.Name}}-so-client-certs-secret key: trustStorePassword + {{ if eq .Values.global.security.aaf.enabled true }} - name: KEYSTORE - value: /app/org.onap.so.jks + value: {{ .Values.global.client.certs.keystore }} - name: KEYSTORE_PASSWORD valueFrom: secretKeyRef: @@ -67,6 +67,9 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-truststore + mountPath: /app/client + readonly: true livenessProbe: tcpSocket: port: {{ index .Values.livenessProbe.port }} @@ -84,5 +87,8 @@ spec: - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-truststore + secret: + secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 4cf991ea60..e9c5637eef 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -60,8 +60,8 @@ global: defaultCloudOwner: onap cadi: cadiLoglevel: DEBUG - cadiKeyFile: /app/org.onap.so.keyfile - cadiTrustStore: /app/org.onap.so.trust.jks + cadiKeyFile: /app/client/org.onap.so.keyfile + cadiTrustStore: /app/client/org.onap.so.trust.jks cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC cadiLatitude: 38.4329 cadiLongitude: -90.43248 @@ -73,7 +73,9 @@ global: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 client: certs: - trustStorePassword: b25hcDRzbw== + truststore: /app/client/org.onap.so.trust.jks + keystore: /app/client/org.onap.so.jks + trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI keyStorePassword: c280b25hcA== certificates: path: /etc/ssl/certs |