diff options
32 files changed, 138 insertions, 146 deletions
diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 597174ee0a..7d017f266b 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -99,7 +99,11 @@ service: - name: tcp-agent port: 61621 -podAnnotations: {} +podAnnotations: + # sidecar.istio.io/inject: "false" + traffic.sidecar.istio.io/excludeInboundPorts: "7000,7001" + traffic.sidecar.istio.io/includeInboundPorts: '*' + traffic.sidecar.istio.io/excludeOutboundPorts: "7000,7001" podManagementPolicy: OrderedReady updateStrategy: type: RollingUpdate diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl index eefd00d7bf..11d7501256 100644 --- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl +++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl @@ -1,6 +1,7 @@ {{/* ################################################################################ # Copyright (C) 2021 Nordix Foundation. # +# Copyright (c) 2022 J. F. Lucas. All rights reserved. # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # @@ -18,14 +19,14 @@ {{/* This template generates a Kubernetes init containers common template to enable applications to provision - DMaaP topics (on Message Router) and feeds (on Data Router), with associated authorization (on AAF). + DMaaP feeds (on Data Router), with associated authorization. DMaap Bus Controller endpoints are used to provision: - - Authorized topic on MR, and to create and grant permission for publishers and subscribers. + - Feed on DR, with associated user authentication. common.dmaap.provisioning.initContainer: This template make use of Dmaap Bus Controller docker image to create resources on Dmaap Data Router - microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feed, Topics. + microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feeds. If the resource creation is successful via script response is logged back at particular location with appropriate naming convention. @@ -57,20 +58,7 @@ privilegedSubscriber: True deliveryURL: https://dcae-pm-mapper:8443/delivery - # MessageRouter Topic, Publisher Configuration - mrTopicsConfig: - - topicName: PERFORMANCE_MEASUREMENTS - topicDescription: Description about Topic - owner: dcaecm - tnxEnabled: false - clients: - - dcaeLocationName: san-francisco - clientRole: org.onap.dcae.pmPublisher - action: - - pub - - view - - # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber, MR Topics + # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber volumes: - name: feeds-config path: /opt/app/config/feeds @@ -78,8 +66,6 @@ path: /opt/app/config/dr_pubs - name: drsub-config path: /opt/app/config/dr_subs - - name: topics-config - path: /opt/app/config/topics In deployments/jobs/stateful include: initContainers: @@ -113,8 +99,7 @@ {{- define "common.dmaap.provisioning.initContainer" -}} {{- $dot := default . .dot -}} {{- $drFeedConfig := default $dot.Values.drFeedConfig .drFeedConfig -}} -{{- $mrTopicsConfig := default $dot.Values.mrTopicsConfig .mrTopicsConfig -}} -{{- if or $drFeedConfig $mrTopicsConfig -}} +{{- if $drFeedConfig -}} - name: {{ include "common.name" $dot }}-init-dmaap-provisioning image: {{ include "repositoryGenerator.image.dbcClient" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl index f76be4c190..afd3c38f31 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl @@ -1,7 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2019 AT&T -# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. # Copyright (c) 2021 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -30,14 +30,21 @@ use of templates from the ONAP "common" collection) references data in .Release. The template always produces a configMap containing the microservice's -initial configuration data. This configMap is used by an initContainer -that loads the configuration into Consul. (See the documentation for +initial configuration data. (See the documentation for dcaegen2-services-common.microserviceDeployment for more details.) -If the microservice is using a logging sidecar (again, see the documentation -for dcaegen2-services-common.microserviceDeployment for more details), the -template generates an additiona configMap that supplies configuration -information for the logging sidecar. +If the microservice is using one or more Data Router (DR) feeds, the +template produces a configMap containing the information needed to +provision the feed(s). An init container performs the provisioning. + +If the microservice acts as a DR publisher for one or more feeds, the +template produces a configMap containing the information needed to +provision the publisher(s). An init container performs the provisioning. + +If the microservice acts as a DR subscriber for one or more feeds, the +template produces a configMap containing the information needed to +provision the subscribeer(s). An init container performs the provisioning. + */}} {{- define "dcaegen2-services-common.configMap" -}} @@ -96,19 +103,4 @@ data: {{ $drsub | toJson | indent 2 }} {{- end }} {{- end }} - -{{- if .Values.mrTopicsConfig }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-topics-config - namespace: {{ include "common.namespace" . }} - labels: {{ include "common.labels" . | nindent 6 }} -data: - {{- range $i, $topics := .Values.mrTopicsConfig }} - topicsConfig-{{$i}}.json: |- - {{ $topics | toJson | indent 2 }} - {{- end }} -{{- end }} {{- end }} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 9781e33f1f..6c742c07de 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -33,7 +33,7 @@ provided to all microservices. The template expects a single argument, pointing to the caller's global context. Microservice-specific environment variables can be specified in two ways: - 1. As literal string values. + 1. As literal string values. (The values can also be Helm template fragments.) 2. As values that are sourced from a secret, identified by the secret's uid and the key within the secret that provides the value. @@ -180,21 +180,6 @@ The sidecar is included if .Values.log.path is set. The logging sidecar and the DCAE microservice container share a volume where the microservice logs are written. -The Deployment includes an initContainer that checks for the -readiness of other components that the microservice relies on. -This container is generated by the "common.readinessCheck.waitfor" -template. - -If the microservice acts as a TLS client or server, the Deployment will -include an initContainer that retrieves certificate information from -the AAF certificate manager. The information is mounted at the -mount point specified in .Values.certDirectory. If the microservice is -a TLS server (indicated by setting .Values.tlsServer to true), the -certificate information will include a server cert and key, in various -formats. It will also include the AAF CA cert. If the microservice is -a TLS client only (indicated by setting .Values.tlsServer to false), the -certificate information includes only the AAF CA cert. - Deployed POD may also include a Policy-sync sidecar container. The sidecar is included if .Values.policies is set. The Policy-sync sidecar polls PolicyEngine (PDP) periodically based @@ -212,6 +197,35 @@ policies: policyRelease: "onap" policyID: | '["onap.vfirewall.tca","onap.vdns.tca"]' + +The Deployment includes an initContainer that checks for the +readiness of other components that the microservice relies on. +This container is generated by the "common.readinessCheck.waitfor" +template. See the documentation for this template +(oom/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl). + +If the microservice uses a DMaaP Data Router (DR) feed, the Deployment +includes an initContainer that makes provisioning requests to the DMaaP +bus controller (dmaap-bc) to create the feed and to set up a publisher +and/or subscriber to the feed. The Deployment also includes a second +initContainer that merges the information returned by the provisioning +process into the microservice's configuration. See the documentation for +the common DMaaP provisioning template +(oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl). + +If the microservice acts as a TLS client or server, the Deployment will +include an initContainer that retrieves certificate information from +the AAF certificate manager. The information is mounted at the +mount point specified in .Values.certDirectory. If the microservice is +a TLS server (indicated by setting .Values.tlsServer to true), the +certificate information will include a server cert and key, in various +formats. It will also include the AAF CA cert. If the microservice is +a TLS client only (indicated by setting .Values.tlsServer to false), the +certificate information includes only the AAF CA cert. + +If the microservice uses certificates from an external CMPv2 provider, +the Deployment will include an initContainer that performs certificate +post-processing. */}} {{- define "dcaegen2-services-common.microserviceDeployment" -}} @@ -236,30 +250,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - {{- if not $drFeedConfig }} - - command: - - sh - args: - - -c - - | - {{- range $var := .Values.customEnvVars }} - export {{ $var.name }}="{{ $var.value }}"; - {{- end }} - cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done - env: - {{- range $cred := .Values.credentials }} - - name: {{ $cred.name }} - {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }} - {{- end }} - volumeMounts: - - mountPath: /config-input - name: app-config-input - - mountPath: /config - name: app-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - {{- end }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }} {{- if $certDir }} @@ -331,7 +321,7 @@ spec: resources: {{ include "common.resources" . | nindent 2 }} volumeMounts: - mountPath: /app-config - name: app-config + name: {{ ternary "app-config-input" "app-config" (not $drFeedConfig) }} - mountPath: /app-config-input name: app-config-input {{- if $logDir }} diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index 14dd89a186..3fffb9c79b 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -52,7 +52,7 @@ certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice- # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.7.1 +image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.8.0 pullPolicy: Always # Log directory where logging sidecar should look for log files @@ -139,6 +139,7 @@ applicationConfig: dmaap.certificateConfig.keyPasswordPath: /opt/app/datafile/etc/cert/p12.pass dmaap.certificateConfig.trustedCa: /opt/app/datafile/etc/cert/trust.jks dmaap.certificateConfig.trustedCaPasswordPath: /opt/app/datafile/etc/cert/trust.pass + dmaap.certificateConfig.enableCertAuth: true dmaap.dmaapConsumerConfiguration.consumerGroup: OpenDcae-c12 dmaap.dmaapConsumerConfiguration.consumerId: C12 dmaap.dmaapConsumerConfiguration.timeoutMs: -1 diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index e023d819b8..eaa961c53a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -178,27 +178,12 @@ drSubConfig: privilegedSubscriber: true deliveryURL: http://dcae-pm-mapper:8081/delivery -# MessageRouter Topic, Publisher Configuration -mrTopicsConfig: - - topicName: PERFORMANCE_MEASUREMENTS - topicDescription: PM Mapper publishes perf3gpp VES PM Events to authenticated MR topic - owner: dcaecm - tnxEnabled: false - clients: - - dcaeLocationName: san-francisco - clientRole: org.onap.dcae.pmPublisher - action: - - pub - - view - # ConfigMap Configuration for Dr Feed, Subscriber, MR Topics volumes: - name: feeds-config path: /opt/app/config/feeds - name: drsub-config path: /opt/app/config/dr_subs - - name: topics-config - path: /opt/app/config/topics # Resource Limit Flavor -By Default Using Small flavor: small diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml index cac362a3a8..ddb0b08833 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -99,10 +99,6 @@ credentials: uid: *aaiCredsUID key: password -customEnvVars: -- name: AUTH_HDR - value: "Basic `echo -n ${AAI_USER}:${AAI_PASSWORD} | base64`" - # initial application configuration applicationConfig: dmaap.dmaapConsumerConfiguration.dmaapContentType: "application/json" @@ -127,7 +123,7 @@ applicationConfig: X-TransactionId: "9999" Accept: "application/json" Real-Time: "true" - Authorization: $AUTH_HDR + Authorization: ${AUTH_HDR} security.trustStorePath: "/opt/app/prh/etc/cert/trust.jks" security.trustStorePasswordPath: "/opt/app/prh/etc/cert/trust.pass" security.keyStorePath: "/opt/app/prh/etc/cert/cert.jks" @@ -151,6 +147,7 @@ applicationConfig: applicationEnv: CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' + AUTH_HDR: '{{ printf "Basic %s" (print .Values.aaiCreds.user ":" .Values.aaiCreds.password | b64enc) }}' # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index 41b671d66d..ecbfb72661 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -139,7 +139,10 @@ applicationConfig: topic_url: http://message-router:3904/events/unauthenticated.DCAE_RCC_OUTPUT type: message_router #rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"${CONTROLLER_IP}:{CONTROLLER_PORT}","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]' - rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]' + # Workaround while DCAEGEN2-3234 is being resolved--hardcording the ${CONTROLLER_USERNAME} and ${CONTROLLER_PASSWORD} until the restconf-collector uses the latest CBS client SDK that can handle multiple substitutions in a string. + # The line immediately below this one should be used once DCAEGEN-3234 is resolved. + #rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]' + rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"access","controller_restapiPassword":"Huawei@123","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]' #applicationEnv: # CONTROLLER_IP: "172.30.0.55" diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml index d5a043d533..b5ab1fb93c 100644 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml @@ -59,9 +59,14 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" + value: "true" + {{- else }} + - name: SSL_ENABLED + value: "false" + {{- end }} - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml index df7fe3149a..85498aeca8 100644 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml @@ -43,11 +43,11 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml index b1d1aa3ef3..6a4a802028 100644 --- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml +++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml @@ -60,7 +60,7 @@ readiness: service: type: ClusterIP name: vfc-generic-vnfm-driver - portName: vfc-generic-vnfm-driver + portName: http externalPort: 8484 internalPort: 8484 # nodePort: 30484 diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml index dd763b4f1e..f96d4d664b 100644 --- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml @@ -60,9 +60,14 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" + value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}" + {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" + value: "true" + {{- else }} + - name: SSL_ENABLED + value: "false" + {{- end }} - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: REG_TO_MSB_WHEN_START diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml index 95a84cff02..def3fa2a54 100644 --- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml @@ -44,7 +44,7 @@ spec: port: {{ .Values.service.internalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - - name: {{ .Values.service.portName }}2 + - name: {{ .Values.service.portName }}s port: {{ .Values.service.internalPort2 }} targetPort: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} @@ -54,7 +54,7 @@ spec: name: {{ .Values.service.portName }} - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}2 + name: {{ .Values.service.portName }}s {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml index 596a1cf36d..32221692e3 100644 --- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml +++ b/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml @@ -60,7 +60,7 @@ readiness: service: type: ClusterIP name: vfc-huawei-vnfm-driver - portName: vfc-huawei-vnfm-driver + portName: http externalPort: 8482 internalPort: 8482 externalPort2: 8483 diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml index 13c17059f4..f9faa7e845 100644 --- a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml @@ -79,9 +79,14 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" + value: "true" + {{- else }} + - name: SSL_ENABLED + value: "false" + {{- end }} - name: MYSQL_ADDR value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: MYSQL_ROOT_USER diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml index f46530ded9..4ca1cb891c 100644 --- a/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml @@ -52,11 +52,11 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/vfc/components/vfc-nslcm/values.yaml b/kubernetes/vfc/components/vfc-nslcm/values.yaml index 5ffe4c122e..0cd3ce178a 100644 --- a/kubernetes/vfc/components/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/components/vfc-nslcm/values.yaml @@ -78,7 +78,7 @@ readiness: service: type: ClusterIP name: vfc-nslcm - portName: vfc-nslcm + portName: http externalPort: 8403 internalPort: 8403 # nodePort: 30403 diff --git a/kubernetes/vfc/components/vfc-redis/templates/service.yaml b/kubernetes/vfc/components/vfc-redis/templates/service.yaml index b20f3f8880..23518e95f1 100644 --- a/kubernetes/vfc/components/vfc-redis/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-redis/templates/service.yaml @@ -31,11 +31,11 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/vfc/components/vfc-redis/values.yaml b/kubernetes/vfc/components/vfc-redis/values.yaml index 0bbb395938..1c6c4b4cce 100644 --- a/kubernetes/vfc/components/vfc-redis/values.yaml +++ b/kubernetes/vfc/components/vfc-redis/values.yaml @@ -55,7 +55,7 @@ readiness: service: type: ClusterIP name: vfc-redis - portName: vfc-redis + portName: http externalPort: 6379 internalPort: 6379 diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml index 69de15c171..8c414ffc59 100644 --- a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml @@ -79,9 +79,14 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" + value: "true" + {{- else }} + - name: SSL_ENABLED + value: "false" + {{- end }} - name: MYSQL_ADDR value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: MYSQL_ROOT_USER diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml index b64740bbe2..7970e8a9b1 100644 --- a/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml @@ -43,11 +43,11 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/vfc/components/vfc-vnflcm/values.yaml b/kubernetes/vfc/components/vfc-vnflcm/values.yaml index f29169268e..fcad261817 100644 --- a/kubernetes/vfc/components/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/components/vfc-vnflcm/values.yaml @@ -78,7 +78,7 @@ readiness: service: type: ClusterIP name: vfc-vnflcm - portName: vfc-vnflcm + portName: http externalPort: 8801 internalPort: 8801 # nodePort: 30801 diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml index 0ee0b931b2..9fcf9b923d 100644 --- a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml @@ -79,9 +79,14 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" + value: "true" + {{- else }} + - name: SSL_ENABLED + value: "false" + {{- end }} - name: MYSQL_ADDR value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: REDIS_HOST diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml index 97ef463977..9daf4e0e26 100644 --- a/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml @@ -43,11 +43,11 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml index cc2becc576..528bbe0c01 100644 --- a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml +++ b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml @@ -78,7 +78,7 @@ readiness: service: type: ClusterIP name: vfc-vnfmgr - portName: vfc-vnfmgr + portName: http externalPort: 8803 internalPort: 8803 # nodePort: 30803 diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml index a0178151d4..5723b0f322 100644 --- a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml @@ -79,9 +79,14 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" + value: "true" + {{- else }} + - name: SSL_ENABLED + value: "false" + {{- end }} - name: MYSQL_ADDR value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}' - name: REDIS_HOST diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml index c043913b70..4f583f2181 100644 --- a/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml @@ -43,11 +43,11 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/vfc/components/vfc-vnfres/values.yaml b/kubernetes/vfc/components/vfc-vnfres/values.yaml index 8230144443..c2954d5517 100644 --- a/kubernetes/vfc/components/vfc-vnfres/values.yaml +++ b/kubernetes/vfc/components/vfc-vnfres/values.yaml @@ -78,7 +78,7 @@ readiness: service: type: ClusterIP name: vfc-vnfres - portName: vfc-vnfres + portName: http externalPort: 8802 internalPort: 8802 # nodePort: 30802 diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml index 9dcba3bf9b..855532ddf3 100644 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml @@ -59,9 +59,14 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MSB_HOST - value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + value: "{{ .Values.global.config.msbprotocol }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + {{- if and (include "common.needTLS" .) (eq .Values.global.config.ssl_enabled true) }} - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" + value: "true" + {{- else }} + - name: SSL_ENABLED + value: "false" + {{- end }} - name: REG_TO_MSB_WHEN_START value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml index 826b6904f9..8a80a87062 100644 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml @@ -43,11 +43,11 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml index c6db92a7a4..258407b6ba 100644 --- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml +++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml @@ -60,7 +60,7 @@ readiness: service: type: ClusterIP name: vfc-zte-vnfm-driver - portName: vfc-zte-vnfm-driver + portName: http externalPort: 8410 internalPort: 8410 diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml index 01d9eefd67..a0b69e0c94 100644 --- a/kubernetes/vfc/values.yaml +++ b/kubernetes/vfc/values.yaml @@ -15,7 +15,7 @@ global: config: ssl_enabled: false - msbprotocol: https + msbprotocol: http msbServiceName: msb-iag msbPort: 443 redisServiceName: vfc-redis |