diff options
40 files changed, 331 insertions, 47 deletions
diff --git a/docs/index.rst b/docs/index.rst index 68b38de9aa..639e069e6d 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -1,7 +1,7 @@ .. This work is licensed under a Creative Commons Attribution 4.0 .. International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung +.. Copyright 2018-2021 Amdocs, Bell Canada, Orange, Samsung, Nokia .. _master_index: @@ -15,6 +15,7 @@ OOM Documentation Repository oom_quickstart_guide_helm3.rst oom_user_guide.rst oom_user_guide_helm3.rst + oom_setup_paas.rst oom_developer_guide.rst oom_cloud_setup_guide.rst release-notes.rst diff --git a/docs/oom_setup_paas.rst b/docs/oom_setup_paas.rst new file mode 100644 index 0000000000..9d90558250 --- /dev/null +++ b/docs/oom_setup_paas.rst @@ -0,0 +1,103 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 +.. International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2021 Nokia + +.. Links +.. _Cert-Manager Installation documentation: https://cert-manager.io/docs/installation/kubernetes/ +.. _Cert-Manager kubectl plugin documentation: https://cert-manager.io/docs/usage/kubectl-plugin/ + +.. _oom_setup_paas: + +ONAP PaaS set-up (optional) +########################### + +Starting from Honolulu release, Cert-Manager and Prometheus Stack are a part +of k8s PaaS for ONAP operations and can be optionally installed to provide +additional functionality for ONAP engineers. + +The versions of PaaS compoents that are supported by OOM are as follows: + +.. table:: ONAP PaaS components + + ============== ============= ================= + Release Cert-Manager Prometheus Stack + ============== ============= ================= + honolulu 1.2.0 13.x + ============== ============= ================= + +This guide provides instructions on how to install the following PaaS +components for ONAP: + +- Cert-Manager +- Prometheus Stack + +Cert-Manager +============ + +Cert-Manager is a native Kubernetes certificate management controller. +It can help with issuing certificates from a variety of sources, such as +Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing key pair, self +signed or external issuers. It ensures certificates are valid and up to +date, and attempt to renew certificates at a configured time before expiry. + +Installation steps +------------------ + +The recommended version of Cert-Manager for Kubernetes 1.19 is v1.2.0. +Cert-Manager is deployed using regular YAML manifests which include all +the needed resources (the CustomResourceDefinitions, cert-manager, +namespace, and the webhook component). + +Full installation instructions, including details on how to configure extra +functionality in Cert-Manager can be found in the +`Cert-Manager Installation documentation`_. + +There is also a kubectl plugin (kubectl cert-manager) that can help you +to manage cert-manager resources inside your cluster. For installation +steps, please refer to `Cert-Manager kubectl plugin documentation`_. + +Installation can be as simple as:: + + > kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml + +Prometheus Stack +================ + +Prometheus is an open-source systems monitoring and alerting toolkit with +an active ecosystem. + +Kube Prometheus Stack is a collection of Kubernetes manifests, Grafana +dashboards, and Prometheus rules combined with documentation and scripts to +provide easy to operate end-to-end Kubernetes cluster monitoring with +Prometheus using the Prometheus Operator. As it includes both Prometheus +Operator and Grafana dashboards, there is no need to set up them separately. + +Installation steps +------------------ + +The recommended version of kube-prometheus-stack chart for +Kubernetes 1.19 is 13.x (which is currently the latest major chart version), +for example 13.3.1. + +In order to install Prometheus Stack, you must follow these steps: + +- Create the namespace for Prometheus Stack:: + + > kubectl create namespace prometheus + +- Add the prometheus-community Helm repository:: + + > helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + +- Update your local Helm chart repository cache:: + + > helm repo update + +- To install the kube-prometheus-stack Helm chart in latest version:: + + > helm install prometheus prometheus-community/kube-prometheus-stack --namespace=prometheus + + To install the kube-prometheus-stack Helm chart in specific version, for example 13.3.1:: + + > helm install prometheus prometheus-community/kube-prometheus-stack --namespace=prometheus --version=13.3.1 diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/has.json b/kubernetes/aaf/components/aaf-sms/resources/config/has.json index 679b5189de..ef42ce98d3 100644 --- a/kubernetes/aaf/components/aaf-sms/resources/config/has.json +++ b/kubernetes/aaf/components/aaf-sms/resources/config/has.json @@ -38,6 +38,13 @@ "password": "${AAF_PASS}", "aaf_conductor_user": "oof@oof.onap.org" } + }, + { + "name": "sdc", + "values": { + "username": "${SDC_USER}", + "password": "${SDC_PASS}" + } } ] } diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index 1341889af3..6e50620a99 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -51,6 +51,7 @@ spec: export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN}; export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; export SO_PASS=${SO_PASS_PLAIN}; + export SDC_PASS=${SDC_PASS_PLAIN}; cd /config-input; for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; @@ -131,6 +132,11 @@ spec: - name: SO_PASS_PLAIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "password") | indent 10 }} + - name: SDC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "login") | indent 10 }} + - name: SDC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }} + volumeMounts: - mountPath: /config-input name: {{ include "common.name" . }}-preload-input diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index 3b777c64f6..ab7d8fb71b 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -192,7 +192,11 @@ secrets: login: '{{ .Values.oofCreds.soUsername }}' password: '{{ .Values.oofCreds.soPassword }}' passwordPolicy: required - + - uid: sdc-creds + type: basicAuth + login: '{{ .Values.oofCreds.sdcUsername }}' + password: '{{ .Values.oofCreds.sdcPassword }}' + passwordPolicy: required oofCreds: aaiUsername: oof@oof.onap.org aaiPassword: demo123456! @@ -239,6 +243,9 @@ oofCreds: soUsername: apihBpmn soPassword: password1$ + sdcUsername: aai + sdcPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + # Configure resource requests and limits resources: small: diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index db1a2eb86b..7560efde26 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -24,7 +24,7 @@ global: {} ################################################################# # application image -image: onap/babel:1.7.1 +image: onap/babel:1.8.0 flavor: small flavorOverride: small diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 0d8acf83a5..b235ba171c 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -21,7 +21,7 @@ global: # global defaults # application image -image: onap/model-loader:1.7.0 +image: onap/model-loader:1.8.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index ed21030dc8..f8de79d31a 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -28,7 +28,7 @@ global: # global defaults serviceName: aai-search-data # application image -image: onap/sparky-be:2.0.2 +image: onap/sparky-be:2.0.3 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/contrib/components/awx/templates/configmap.yaml b/kubernetes/contrib/components/awx/templates/configmap.yaml index 9bc62b0856..59900f1c64 100644 --- a/kubernetes/contrib/components/awx/templates/configmap.yaml +++ b/kubernetes/contrib/components/awx/templates/configmap.yaml @@ -144,3 +144,95 @@ data: {"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}} ] } +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-nginx-conf + namespace: {{ include "common.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "common.name" . }} + helm.sh/chart: {{ include "common.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + nginx.conf: | + worker_processes 1; + pid /tmp/nginx.pid; + events { + worker_connections 1024; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + server_tokens off; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /dev/stdout main; + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + sendfile on; + #tcp_nopush on; + #gzip on; + upstream uwsgi { + server 127.0.0.1:8050; + } + upstream daphne { + server 127.0.0.1:8051; + } + server { + listen 8052 default_server; + # If you have a domain name, this is where to add it + server_name _; + keepalive_timeout 65; + # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) + add_header Strict-Transport-Security max-age=15768000; + add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/"; + add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/"; + # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009) + add_header X-Frame-Options "DENY"; + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + location /static/ { + alias /var/lib/awx/public/static/; + } + location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; } + location /websocket { + # Pass request to the upstream alias + proxy_pass http://daphne; + # Require http version 1.1 to allow for upgrade requests + proxy_http_version 1.1; + # We want proxy_buffering off for proxying to websockets. + proxy_buffering off; + # http://en.wikipedia.org/wiki/X-Forwarded-For + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # enable this if you use HTTPS: + proxy_set_header X-Forwarded-Proto https; + # pass the Host: header from the client for the sake of redirects + proxy_set_header Host $http_host; + # We've set the Host header, so we don't need Nginx to muddle + # about with redirects + proxy_redirect off; + # Depending on the request value, set the Upgrade and + # connection headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + location / { + # Add trailing / if missing + rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent; + uwsgi_read_timeout 120s; + uwsgi_pass uwsgi; + include /etc/nginx/uwsgi_params; + proxy_set_header X-Forwarded-Port 443; + } + } + } diff --git a/kubernetes/contrib/components/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/templates/statefulset.yaml index 46747cd85f..1f2c093742 100644 --- a/kubernetes/contrib/components/awx/templates/statefulset.yaml +++ b/kubernetes/contrib/components/awx/templates/statefulset.yaml @@ -82,6 +82,10 @@ spec: name: awx-secret-key readOnly: true subPath: SECRET_KEY + - mountPath: /etc/nginx/nginx.conf + name: awx-nginx-conf + subPath: "nginx.conf" + - command: ["/bin/sh","-c"] args: ["/usr/bin/launch_awx_task.sh"] env: @@ -109,6 +113,9 @@ spec: name: awx-secret-key readOnly: true subPath: SECRET_KEY + - mountPath: /etc/nginx/nginx.conf + name: awx-nginx-conf + subPath: "nginx.conf" - env: - name: MY_POD_IP valueFrom: @@ -209,5 +216,12 @@ spec: path: rabbitmq_definitions.json name: {{ include "common.fullname" . }}-rabbitmq name: rabbitmq-config + - configMap: + defaultMode: 420 + items: + - key: nginx.conf + path: nginx.conf + name: {{ include "common.fullname" . }}-nginx-conf + name: awx-nginx-conf imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml index a29866da9a..02642fd3fd 100755 --- a/kubernetes/contrib/components/awx/values.yaml +++ b/kubernetes/contrib/components/awx/values.yaml @@ -95,7 +95,7 @@ service: type: NodePort portName: web internalPort: 8052 - externalPort: 80 + externalPort: 8052 nodePort: 78 rabbitmq: type: ClusterIP diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 458ec101dc..1ac3671833 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -104,7 +104,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.2 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.3 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -113,11 +113,11 @@ componentImages: holmes_rules: onap/holmes/rule-management:1.2.9 holmes_engine: onap/holmes/engine-management:1.2.9 tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9 - snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.5 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.8.0 + snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.4 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6 hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0 - datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.0 + datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.4 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 8f6432d031..50c59c8ae8 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -44,7 +44,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0 +image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.1 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml index 356149c0dd..3366b00f20 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml @@ -41,7 +41,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml index 735b0281be..42f596db1e 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml @@ -67,6 +67,10 @@ spec: value: {{ .Values.config.importDMaaP }} - name: ONAP_USEDMAAPPLUGIN value: {{ .Values.config.useDmaapPlugin | quote }} + - name: BP_RESOURCES_CPU_LIMIT + value: {{ .Values.config.bpResourcesCpuLimit }} + - name: BP_RESOURCES_MEMORY_LIMIT + value: {{ .Values.config.bpResourcesMemoryLimit }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 2482748e4c..521fac06a2 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -33,11 +33,13 @@ config: #dashboardPassword: doesntmatter mrTopicURL: http://message-router:3904/events importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml - importK8S: plugin:k8splugin?version=>=3.4.3,<4.0.0 + importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0 importPostgres: plugin:pgaas?version=1.3.0 importClamp: plugin:clamppolicyplugin?version=1.1.0 importDMaaP: plugin:dmaap?version=1.5.0 useDmaapPlugin: false + bpResourcesCpuLimit: 250m + bpResourcesMemoryLimit: 128Mi secrets: - uid: "dashsecret" @@ -69,7 +71,7 @@ readiness: # Should have a proper readiness endpoint or script # application image -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.2 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.3 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties index 4bf8f74666..04a5714a8e 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties @@ -52,8 +52,8 @@ cmso.minizinc.command.solver=OSICBC cmso.minizinc.command.timelimit=60000 cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn -mechid.user=oof@oof.onap.org -mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== +mechid.user=${AAF_USER} +mechid.pass=${AAF_PASSWORD} aaf.urls=https://aaf-locate:8095 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml index c1d2602713..1f96183dd5 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml @@ -116,6 +116,10 @@ spec: value: {{ .Values.global.truststorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}} + - name: AAF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}} command: - /bin/sh args: diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml index aa6ae1941c..d50995a615 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml @@ -24,12 +24,12 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-optimizer:2.3.1 +image: onap/optf-cmso-optimizer:2.3.2 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.3.1 + image: onap/optf-cmso-dbinit:2.3.2 # flag to enable debugging - application support required debugEnabled: false @@ -45,6 +45,12 @@ secrets: login: '{{ .Values.config.db.user }}' password: '{{ .Values.config.db.password }}' passwordPolicy: required + - uid: cmso-aaf-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.aaf.user }}' + password: '{{ .Values.config.aaf.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -81,6 +87,10 @@ service: config: + aaf: + user: user + password: pass +# userCredentialsExternalSecret: some-secret db: port: 3306 # rootPassword: pass diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties index 6525a4ee9c..363aecbc03 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties @@ -94,11 +94,11 @@ so.polling.interval.ms=10000 ## loopback settings so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7 -so.user=oof@oof.onap.org -so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== +so.user=${AAF_USER} +so.pass=${AAF_USER} -mechid.user=oof@oof.onap.org -mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== +mechid.user=${AAF_USER} +mechid.pass=${AAF_PASSWORD} cmso.dispatch.url=http://localhost:8089 diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml index 27d52a24ba..d9f2bd0734 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml @@ -140,6 +140,10 @@ spec: value: {{ .Values.global.truststorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}} + - name: AAF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}} command: - /bin/sh args: diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml index f0e62e458d..06dd478b0e 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml @@ -23,13 +23,13 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-service:2.3.1 -robotimage: onap/optf-cmso-robot:2.3.1 +image: onap/optf-cmso-service:2.3.2 +robotimage: onap/optf-cmso-robot:2.3.2 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.3.1 + image: onap/optf-cmso-dbinit:2.3.2 # flag to enable debugging - application support required debugEnabled: false @@ -44,6 +44,12 @@ secrets: login: '{{ .Values.config.db.user }}' password: '{{ .Values.config.db.password }}' passwordPolicy: required + - uid: cmso-aaf-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.aaf.user }}' + password: '{{ .Values.config.aaf.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -80,6 +86,10 @@ service: config: + aaf: + user: user + password: pass +# userCredentialsExternalSecret: some-secret db: port: 3306 # rootPassword: pass @@ -93,6 +103,7 @@ config: optimizer_host: oof-cmso-optimizer optimizer_port: 7997 + ingress: enabled: false diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml index d88e1b22c2..4f6976ed28 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml @@ -23,7 +23,7 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-ticketmgt:2.3.1 +image: onap/optf-cmso-ticketmgt:2.3.2 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml index 56d9c7c12a..b3adb5c69c 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml @@ -22,7 +22,7 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-topology:2.3.1 +image: onap/optf-cmso-topology:2.3.2 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml index c574a86136..c46fd0a33a 100644 --- a/kubernetes/oof/components/oof-cmso/values.yaml +++ b/kubernetes/oof/components/oof-cmso/values.yaml @@ -36,6 +36,11 @@ secrets: login: '{{ .Values.config.db.optimizer.userName }}' password: '{{ .Values.config.db.optimizer.userPassword }}' passwordPolicy: generate + - uid: cmso-aaf-creds + name: &aafCreds '{{ include "common.release" . }}-cmso-aaf-creds' + type: basicAuth + login: '{{ .Values.config.aaf.user }}' + password: '{{ .Values.config.aaf.password }}' mariadb-galera: replicaCount: 1 @@ -75,6 +80,9 @@ mariadb-init: flavor: small config: + aaf: + user: oof@oof.onap.org + password: demo123456! log: logstashServiceName: log-ls logstashPort: 5044 @@ -115,6 +123,8 @@ oof-cmso-service: host: *dbName container: *dbName mysqlDatabase: cmso + aaf: + userCredentialsExternalSecret: *aafCreds oof-cmso-optimizer: enabled: true @@ -128,6 +138,8 @@ oof-cmso-optimizer: host: *dbName container: *dbName mysqlDatabase: optimizer + aaf: + userCredentialsExternalSecret: *aafCreds oof-cmso-topology: enabled: true diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index 0f2e01f5c7..d6743cdfda 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,7 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index df50561d51..3cbf96adc1 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # Secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index b069be6d9c..0940a9db39 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index b069be6d9c..0940a9db39 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index b069be6d9c..0940a9db39 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 2891f806c3..3615a3bd33 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -19,7 +19,7 @@ global: commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 persistence: enabled: true diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 87e6536c35..7362ec70a6 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/optf-osdf:3.0.3 +image: onap/optf-osdf:3.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index 807f070aa0..674a416dc2 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -25,6 +25,7 @@ GLOBAL_INJECTED_CLI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . GLOBAL_INJECTED_CLOUD_ENV = 'openstack' GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}" GLOBAL_INJECTED_DCAE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-healthcheck") }}' +GLOBAL_INJECTED_DCAE_MS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ms-healthcheck") }}' GLOBAL_INJECTED_DCAE_VES_HOST = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ves-collector") }}' GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}' GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}' @@ -165,6 +166,12 @@ GLOBAL_DCAE_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . GLOBAL_DCAE_USERNAME = '{{ .Values.dcaeUsername }}' GLOBAL_DCAE_PASSWORD = '{{ .Values.dcaePassword}}' GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD] +# dcae microservice info - everything is from the private oam network (also called onap private network) +GLOBAL_DCAE_MS_SERVER_PROTOCOL = "http" +GLOBAL_DCAE_MS_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-healthcheck" "port" 8080) }}' +GLOBAL_DCAE_MS_USERNAME = '{{ .Values.dcaeMsUsername }}' +GLOBAL_DCAE_MS_PASSWORD = '{{ .Values.dcaeMsPassword}}' +GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD] # dcae hv-ves info GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}' GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}' diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index f8120973e2..6f54c6b340 100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -325,6 +325,8 @@ appcPassword: "demo123456!" # DCAE dcaeUsername: "dcae@dcae.onap.org" dcaePassword: "demo123456!" +dcaeMsUsername: "dcae@dcae.onap.org" +dcaeMsPassword: "demo123456!" # DROOLS droolsUsername: "demo@people.osaaf.org" droolsPassword: "demo123456!" diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index e9f83b6978..77577d6ee3 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.7.3 -backendInitImage: onap/sdc-backend-init:1.7.3 +image: onap/sdc-backend-all-plugins:1.8.4 +backendInitImage: onap/sdc-backend-init:1.8.4 pullPolicy: Always diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index efe6dcddea..33e32ddfbe 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -38,9 +38,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.7.3 -cassandraInitImage: onap/sdc-cassandra-init:1.7.3 - +image: onap/sdc-cassandra:1.8.4 +cassandraInitImage: onap/sdc-cassandra-init:1.8.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 0db5a390c8..079d7ad462 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,8 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.7.3 - +image: onap/sdc-frontend:1.8.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 553ec72260..e34d5c5cfb 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.7.3 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.3 +image: onap/sdc-onboard-backend:1.8.4 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.8.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh index 11ed7f45bf..42abf54444 100755 --- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh +++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh @@ -37,8 +37,8 @@ SDNC_DB_DATABASE=${SDNC_DB_DATABASE} # Create tablespace and user account mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} mysql <<-END CREATE DATABASE IF NOT EXISTS ${SDNC_DB_DATABASE}; -CREATE USER '${SDNC_DB_USER}'@'localhost' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; -CREATE USER '${SDNC_DB_USER}'@'%' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; +CREATE USER IF NOT EXISTS '${SDNC_DB_USER}'@'localhost' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; +CREATE USER IF NOT EXISTS '${SDNC_DB_USER}'@'%' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; GRANT ALL PRIVILEGES ON ${SDNC_DB_DATABASE}.* TO '${SDNC_DB_USER}'@'localhost' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON ${SDNC_DB_DATABASE}.* TO '${SDNC_DB_USER}'@'%' WITH GRANT OPTION; flush privileges; diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 5e4a0ecc78..6b323a4a17 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -88,7 +88,7 @@ subChartsOnly: enabled: true # application image -image: onap/vid:7.0.0 +image: onap/vid:8.0.2 pullPolicy: Always # application configuration |