summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/oom_hardcoded_certificates.rst52
-rw-r--r--kubernetes/common/common/templates/_secret.tpl14
-rw-r--r--kubernetes/dmaap/values.yaml2
-rw-r--r--kubernetes/policy/charts/pdp/templates/secrets.yaml15
-rw-r--r--kubernetes/policy/charts/pdp/templates/statefulset.yaml5
-rw-r--r--kubernetes/policy/charts/pdp/values.yaml16
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties4
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml5
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml15
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/values.yaml15
m---------kubernetes/robot0
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml5
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml6
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-dt/values.yaml7
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml5
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml6
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-fe/values.yaml10
-rwxr-xr-xkubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml6
-rwxr-xr-xkubernetes/so/charts/so-bpmn-infra/values.yaml7
-rwxr-xr-xkubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml6
-rwxr-xr-xkubernetes/so/charts/so-catalog-db-adapter/values.yaml8
-rw-r--r--kubernetes/so/charts/so-monitoring/templates/deployment.yaml6
-rw-r--r--kubernetes/so/charts/so-monitoring/values.yaml8
-rwxr-xr-xkubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml6
-rwxr-xr-xkubernetes/so/charts/so-openstack-adapter/values.yaml8
-rwxr-xr-xkubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml6
-rwxr-xr-xkubernetes/so/charts/so-request-db-adapter/values.yaml8
-rwxr-xr-xkubernetes/so/charts/so-sdc-controller/templates/deployment.yaml6
-rwxr-xr-xkubernetes/so/charts/so-sdc-controller/values.yaml8
-rwxr-xr-xkubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml5
-rwxr-xr-xkubernetes/so/charts/so-sdnc-adapter/values.yaml8
-rwxr-xr-xkubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml6
-rw-r--r--kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml15
-rwxr-xr-xkubernetes/so/charts/so-ve-vnfm-adapter/values.yaml21
-rwxr-xr-xkubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml6
-rwxr-xr-xkubernetes/so/charts/so-vfc-adapter/values.yaml8
-rwxr-xr-xkubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml7
-rw-r--r--kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml15
-rwxr-xr-xkubernetes/so/charts/so-vnfm-adapter/values.yaml16
-rw-r--r--kubernetes/so/resources/config/certificates/msb-ca.crt22
-rwxr-xr-xkubernetes/so/resources/config/certificates/onap-ca.crt (renamed from kubernetes/so/resources/config/mso/onap-ca-new.crt)0
-rwxr-xr-xkubernetes/so/resources/config/mso/onap-ca.crt100
-rw-r--r--kubernetes/so/templates/_certificates.tpl32
-rwxr-xr-xkubernetes/so/templates/deployment.yaml9
-rw-r--r--kubernetes/so/templates/secret.yaml3
-rwxr-xr-xkubernetes/so/values.yaml37
46 files changed, 384 insertions, 191 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index eb53a2d848..74a292cef4 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -11,18 +11,40 @@ ONAP Hardcoded certificates
ONAP current installation have hardcoded certificates.
Here's the list of these certificates:
- +-----------------------------------------------------------------------------------------------------------------------------+
- | Project | ONAP Certificate | Own Certificate | Path |
- +============+==================+==================+==========================================================================+
- | VID | No | Yes | kubernetes/vid/resources/cert |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI | Yes | No | aai/oom/resources/config/haproxy/aai.pem |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI | Yes | No | aai/oom/resources/config/aai/aai_keystore |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI | Yes | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI | No | Yes | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI | Yes | Yes | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
+ +-----------------------------------------------------------------------------------------------------------------------------------------------------+
+ | Project | ONAP Certificate | Own Certificate | MSB Certificate | Path |
+ +==================+==================+==================+============================================================================================+
+ | AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/BPMN | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/Catalog | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/Monitoring | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/OpenStack | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/RequestDb | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/SDC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/SDNC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VE/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VFC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | VID | No | Yes | No | kubernetes/vid/resources/cert |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl
index 78e94eab91..064b0c16af 100644
--- a/kubernetes/common/common/templates/_secret.tpl
+++ b/kubernetes/common/common/templates/_secret.tpl
@@ -196,7 +196,18 @@ type: Opaque
{{- $_ := set $entry "annotations" $secret.annotations }}
{{- end }}
{{- if $secret.filePaths }}
- {{- $_ := set $entry "filePaths" $secret.filePaths }}
+ {{- if kindIs "string" $secret.filePaths }}
+ {{- $evaluated := tpl (default "" $secret.filePaths) $global }}
+ {{- if and $evaluated (ne $evaluated "\"\"") }}
+ {{- $fstr := printf "val:\n%s" ($evaluated | indent 2) }}
+ {{- $flist := (index (tpl $fstr $global | fromYaml) "val") }}
+ {{- $_ := set $entry "filePaths" $flist }}
+ {{- else }}
+ {{- $_ := set $entry "filePaths" (list) }}
+ {{- end }}
+ {{- else }}
+ {{- $_ := set $entry "filePaths" $secret.filePaths }}
+ {{- end }}
{{- end }}
{{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }}
{{- $_ := set $entry "realName" $realName }}
@@ -465,6 +476,7 @@ stringData:
{{- if eq $type "generic" }}
data:
{{- range $curFilePath := $secret.filePaths }}
+ {{- fail (printf "%s" $curFilePath) }}
{{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }}
{{- end }}
{{- if $secret.filePath }}
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index ecc5689668..f9f20a3665 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -42,7 +42,7 @@ global:
#AAF global config overrides
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafAppNs: org.osaaf.aaf
aafLocatorContainer: oom
diff --git a/kubernetes/policy/charts/pdp/templates/secrets.yaml b/kubernetes/policy/charts/pdp/templates/secrets.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/policy/charts/pdp/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
index 127c400c12..16d5fb5cec 100644
--- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
@@ -58,6 +58,11 @@ spec:
name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
resources:
{{ include "common.resources" . | indent 12 }}
ports:
diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml
index 8b3b9d4a3b..7b9c561a61 100644
--- a/kubernetes/policy/charts/pdp/values.yaml
+++ b/kubernetes/policy/charts/pdp/values.yaml
@@ -24,6 +24,17 @@ global:
loggingImage: beats/filebeat:5.5.0
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -35,6 +46,11 @@ pullPolicy: Always
debugEnabled: false
# application configuration
+
+db:
+ user: policy_user
+ password: policy_user
+
config:
papPort: 9091
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
index 29feeb6e24..f2c2cd7765 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties
@@ -49,5 +49,5 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome
#
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user={{ .Values.global.mariadb.config.userName }}
-javax.persistence.jdbc.password={{ .Values.global.mariadb.config.userPassword | b64enc }}
+javax.persistence.jdbc.user=${SQL_USER}
+javax.persistence.jdbc.password=${SQL_PASSWORD}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
index 57e7c78218..5b02c177b5 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
@@ -37,6 +37,11 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
index 5c062a0e7a..dc7266e9a1 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
@@ -23,6 +23,17 @@ global:
persistence: {}
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -35,6 +46,10 @@ debugEnabled: false
# application configuration
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
diff --git a/kubernetes/robot b/kubernetes/robot
-Subproject 6032bc4ef9224b37df3b9d1e9b2f3ef51902aaf
+Subproject 60271b7510ea9d57ed56cd9958d1c07f5ceaf3c
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
index 20a6194e99..f3c44f0e54 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
@@ -65,18 +65,17 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
path: /dcae/healthCheckOld
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
scheme: HTTPS
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml
index f30ef43e0e..88445c1d56 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/service.yaml
@@ -40,16 +40,10 @@ spec:
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
index 26e1cacdd0..c3a2159d2e 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
@@ -53,11 +53,8 @@ service:
type: NodePort
name: sdc-dcae-dt
portName: dcae-dt
- nodePort: "65"
- internalPort: 8186
- portName2: dcae-dt2
- nodePort2: "66"
- internalPort2: 9446
+ nodePort: "66"
+ internalPort: 9446
ingress:
enabled: false
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
index e99d65b43b..a70f485153 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
@@ -65,18 +65,17 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
path: /dcaed/healthCheck
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
scheme: HTTPS
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml
index 1df4022eb3..e1f541b6b1 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/service.yaml
@@ -40,16 +40,10 @@ spec:
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
index 46024d57ca..28181d1c6a 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
@@ -58,20 +58,14 @@ service:
type: NodePort
name: sdc-dcae-fe
portName: dcae-fe
- nodePort: "63"
- internalPort: 8183
- portName2: dcae-fe2
- nodePort2: "64"
- internalPort2: 9444
+ nodePort: "64"
+ internalPort: 9444
ingress:
enabled: false
service:
- baseaddr: "dcaedt"
name: "sdc-dcae-fe"
- port: 8183
- - baseaddr: "dcaedt2"
- name: "sdc-dcae-fe"
port: 9444
config:
ssl: "none"
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
index 6a74c0bd24..dcb80c65b3 100755
--- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
@@ -93,7 +93,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -120,7 +120,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml
index 4c64caf304..f1e35fe13a 100755
--- a/kubernetes/so/charts/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml
@@ -41,7 +41,14 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml
index d8b50adf7c..7edd53cf94 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
@@ -93,7 +93,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -104,7 +104,7 @@ spec:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml
index c276649a02..a3d5e2f363 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml
@@ -41,6 +41,14 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml
index 93b0efb801..aebd249c29 100644
--- a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml
@@ -39,7 +39,7 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- name: so-chown
image: alpine:3.6
volumeMounts:
@@ -76,7 +76,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -99,7 +99,7 @@ spec:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml
index 357c61cc45..f096d99637 100644
--- a/kubernetes/so/charts/so-monitoring/values.yaml
+++ b/kubernetes/so/charts/so-monitoring/values.yaml
@@ -44,6 +44,14 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml
index ca6be72273..e1c2069a44 100755
--- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
@@ -93,7 +93,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -120,7 +120,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml
index 6a0b04b4d1..1ab46561d6 100755
--- a/kubernetes/so/charts/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml
@@ -39,6 +39,14 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml
index d8b50adf7c..7edd53cf94 100755
--- a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
@@ -93,7 +93,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -104,7 +104,7 @@ spec:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml
index 6324cab35a..7215ddcee9 100755
--- a/kubernetes/so/charts/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml
@@ -39,6 +39,14 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml
index ca6be72273..e1c2069a44 100755
--- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
@@ -93,7 +93,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -120,7 +120,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml
index 6d8adf7338..1f978dec03 100755
--- a/kubernetes/so/charts/so-sdc-controller/values.yaml
+++ b/kubernetes/so/charts/so-sdc-controller/values.yaml
@@ -39,6 +39,14 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml
index c5336cff3f..401e803cc0 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml
@@ -34,6 +34,7 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
@@ -78,7 +79,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -105,7 +106,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml
index b736253f56..1d82321238 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml
@@ -39,6 +39,14 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml
index 03b3441c93..380b52fda0 100755
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml
@@ -22,7 +22,7 @@ spec:
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
@@ -47,7 +47,7 @@ spec:
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -61,7 +61,7 @@ spec:
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
ports: {{- include "common.containerPorts" . | nindent 10 }}
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml
index 53106004a9..1d9854c191 100755
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml
+++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml
@@ -11,13 +11,32 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+#################################################################
+# Global configuration defaults.
+#################################################################
global:
repository: nexus3.onap.org:10001
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
persistence:
mountPath: /dockerdata-nfs
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
image: onap/so/ve-vnfm-adapter:1.6.0
pullPolicy: Always
replicaCount: 1
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
index ce0bc0704a..2addd7b184 100755
--- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
@@ -93,7 +93,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -113,7 +113,7 @@ spec:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml
index f442860ab3..c907b4e1d0 100755
--- a/kubernetes/so/charts/so-vfc-adapter/values.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml
@@ -39,6 +39,14 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
index c297ac3ce8..00b36a838e 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
@@ -34,13 +34,14 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- env:
+ env:
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- name: TRUSTSTORE_PASSWORD
@@ -60,7 +61,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -77,7 +78,7 @@ spec:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml
index 78333767f6..1e4ecbc33a 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml
@@ -23,6 +23,20 @@ global:
mountPath: /dockerdata-nfs
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+
+#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
@@ -80,4 +94,4 @@ ingress:
ssl: "redirect"
nodeSelector: {}
tolerations: []
-affinity: {} \ No newline at end of file
+affinity: {}
diff --git a/kubernetes/so/resources/config/certificates/msb-ca.crt b/kubernetes/so/resources/config/certificates/msb-ca.crt
new file mode 100644
index 0000000000..62da777a58
--- /dev/null
+++ b/kubernetes/so/resources/config/certificates/msb-ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
+Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
+DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
+Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
+bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
+YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
+dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
+Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
+mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
+2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
+6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
+7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
+p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
+5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
+bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
+wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
+ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
+FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
+3lR7lW/J
+-----END CERTIFICATE-----
diff --git a/kubernetes/so/resources/config/mso/onap-ca-new.crt b/kubernetes/so/resources/config/certificates/onap-ca.crt
index e9a50d7ea0..e9a50d7ea0 100755
--- a/kubernetes/so/resources/config/mso/onap-ca-new.crt
+++ b/kubernetes/so/resources/config/certificates/onap-ca.crt
diff --git a/kubernetes/so/resources/config/mso/onap-ca.crt b/kubernetes/so/resources/config/mso/onap-ca.crt
deleted file mode 100755
index 51e19b56a6..0000000000
--- a/kubernetes/so/resources/config/mso/onap-ca.crt
+++ /dev/null
@@ -1,100 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFpTCCA42gAwIBAgIJAJqx8dKnCZZoMA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV
-BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3Bl
-bkVDT01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEn
-MCUGCSqGSIb3DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEy
-ODIxMTQyNloXDTIxMTEyNzIxMTQyNlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMw
-EQYDVQQLDApzaW1wbGVkZW1vMSowKAYDVQQDDCFPcGVuRUNPTVAgc2ltcGxlZGVt
-byBTZXJ2ZXIgQ0EgWDExJzAlBgkqhkiG9w0BCQEWGHNpbXBsZWRlbW9Ab3BlbmVj
-b21wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr4rivKQuRk
-YNf5Ig40e1nqj6s6LB1vgMOYbKfRziOFpPcUpsHPOhusHowiUsrU1vdFSzPz6Ej7
-PjlmNSg2Qka8YCn9kd6QgM7U0KcPJvIucBp+qjifH3EvP0jgDPhDeVRYxzV454dv
-5kQ9uCpswJP7YAnX51dkWeH8nwPUoagt31bOl9LXENSrgxEThxdLYMJnQJWk2CmV
-otXM4tT1dxyJxFUrZ6uJCEAYw5VtlplqihHf8lHy+sWQavtsLz/4dc+sGeXSTfoI
-voKvoh3uZ5gEhGV8yfJxk1veX5y5/AxP80vQ+smWYjTnQL5QQ57y4bciez4XVBmQ
-SWimWtOi4e8CAwEAAaOBtTCBsjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBhjAdBgNVHQ4EFgQUTqdsYgGNGubdJHq9tsaJhM9HE5wwcAYDVR0gBGkwZzBl
-BgRVHSAAMF0wWwYIKwYBBQUHAgIwTxpNSWYgeW91IHRydXN0IHRoaXMgY2VydCB0
-aGVuIHdlIGhhdmUgYSBicmlkZ2UgdGhhdCB5b3UgbWlnaHQgYmUgaW50ZXJlc3Rl
-ZCBpbi4wDQYJKoZIhvcNAQELBQADggIBAKNNlRqFuE/JgV1BHyYK0xoSXH4aZP/7
-IoHtDVcSaZAOOuFOUrwVMUbzRBebbb6RpFwt/X+NLFUGysd+XNLF7W7lzxKtmFNX
-n4OpNkBe0y5O7yurus8rERHzu3jiOSgVo+WzDlGpYSRnG3hI2qPWqD+Puzx/WwI8
-XUTuzEQQ3gUSyVFfXHpay3VpYmLZiLJ9WKY5SDw7Ie6Sxrju4Qm1HwnFY8wHZGcs
-2KMQzorJ1ZNQf523yUTghbT0rKaSFaD8zugPtI2ONfFG/QgrkQXo78opzPsHnHwa
-SxGSiAgeLbwAUCvPNl27zr6k6+7TcNjV0VUivAs0OG3VEAdgi7UWYB+30KfWwHwE
-zGmvd4IAGqIqlqLcSVArN5z8JK1B5nfjQn5UrclU1vK+dnuiKE2X4rKuBTRYRFR/
-km+mj4koYFPKFHndmJl1uv2OCJK9l5CSIuKWeI1qv8BASKqgNdoT/SKBXqxgYlCb
-o+j4IDjxrxChRO+e5vl9lA7INfRrbljCkUjfLRa+v2q9tWQ3+EQUwwnSrSfihh2T
-j0Tksr6b8dDsvMlCdOKG1B+JPcEXORSFKNXVTEfjqpJG8s16kFAocWt3S6xO0k1t
-qbQp+3tWQgW2TGnX0rMZzB6NGRNfWhlYmq2zHgXkiCIZ26Ztgt/LNbwEvN3+VlLo
-z/Rd+SKtlrfb
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGQTCCBCmgAwIBAgIJANSi/bsXEOI5MA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV
-BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3Bl
-bkVDT01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEn
-MCUGCSqGSIb3DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEy
-ODIxMTQyNVoXDTI2MTEyNjIxMTQyNVowgb0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMw
-EQYDVQQLDApzaW1wbGVkZW1vMTowOAYDVQQDDDFPcGVuRUNPTVAgc2ltcGxlZGVt
-byBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MScwJQYJKoZIhvcNAQkBFhhz
-aW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
-ggIKAoICAQDLgdDTCZX5xlMFIo+tjj5DItAwbutQE3NMchx/CRIuYwRCBOEO0yOs
-AdnZAuheYrjv/Dw4wKNzcvtIlYbfiPsGWVvx5j6+xoGBLLwIOnDyzD2B62uCvMs9
-47MAuiqpPojPwDDb9fF5EIhlC+cBzSYKm7D5ihYxmUCnh9yHIPEMq0IoVj2illlK
-eCTLW+bZKeaKoWdkFxyyzykOoMFgZTUm01EhDIt1DHTve675Qq80UgzrZdSK6Zjv
-3wLV7tkJSGmCkbUELpxsTLKYuaGUkE0m5n3SMUcvBDa6WNQpWlUbZlTwWotOrxfN
-Gib3nGiqyCmQXrVvuuBDzmZifZaJpBGiiGiOxp0j79E/OZkfk/9V3Hvfy78Ss9H5
-uhf/ACGKsUq9nN25u+Wpz7EzAQm/OBubBrBCMP/8pm+y1jCfQ6Bwd0Nm48KrJkTe
-ySkferISNmpQZ2dyZXQVXMarbRfagQ6XdJw6EVnDwydVzb5LAqam3JUXjsHIj7Gv
-2DmXwJtwV+cnKB/OxRsP/JWwlyC9pFGy17HWc7EwPqXm1UNdDM36UaoBDzsh3DcI
-vg5+BOOtYPmiZ2+CMD2JxAXmtCMAmQA1mSsW7beTuHKy+7EdCAWcregE60PE3w2l
-G8n50YSXb0WZ2IaQUsBhhpZmu6VVTEcoi5eMglI6QyO21y0oKPYWPQIDAQABo0Iw
-QDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmmQF
-QD3oWZUOVE81Qc9WSfcyqwwwDQYJKoZIhvcNAQELBQADggIBAE1ArwZwMVVJe1Pj
-p1R9+Q766Qhzh4EN9RFCsktCcf4pB23lPtFhMhIZJP5eZKLB4MUIvtmleU+DmOWf
-jcEcgauMrc9Ihacra+IRJsr4JQjQSDHoEgl/yR6VUd9vbGH66ElIg9nP7XWAE6h5
-DTAxA8X1qyUOVGsKAps2uhBwNtl8RdX6GrZahkSOUMOq3H4wyEEPQlpU2AewZqOU
-p0vdbQ/is6cbJh6dgxFrSzBti/MKj/EPM6yJwlO+RfGlJmEI7J7bLEYIeNssLnv6
-FGiOgyWQ+gmwVK827F4Jwoght2BCcNsG/oPkAPbdw4yRIyi92QSWMEBKibECypQE
-a1DYvfHWGQLQifGzFuJTOca9vgu2B/BQ+0Ii4DqMS8hc2rw1CAD5zHAT/BIgAKM6
-ygL5Oyvrj8AQLgOkjhFh0HFKneh4j7wBtibpmDnBoSv227PAtdytCoRgivjhmF5B
-Ryx7BswcTEtZHWHxD/i2wlMEGNqGbcRmCCy9hhCxitAz70aq3Y/pC46n7w5bOmvJ
-Ap9D+WmTJ9PdpDjiwCXCkMD3QaTuUV1W3Zr4mLLj6gRLb6ycgDrsqXnY6/JB/AOd
-gxFK9q1vjhm02FAABIa+kL10CKPuRdlE/GsWl03WKMeT5bY3MTO3odsNXhKWA19h
-wUAp0gnljuFHPX7jWwruZ1eD8mQv
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
diff --git a/kubernetes/so/templates/_certificates.tpl b/kubernetes/so/templates/_certificates.tpl
new file mode 100644
index 0000000000..8bd25d27a1
--- /dev/null
+++ b/kubernetes/so/templates/_certificates.tpl
@@ -0,0 +1,32 @@
+{{- define "so.certificate.container_importer" -}}
+- name: {{ include "common.name" . }}-certs-importer
+ image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - "/bin/sh"
+ args:
+ - "-c"
+ - "update-ca-certificates --fresh && \
+ cp -r {{ .Values.global.certificates.path }}/* /certificates"
+ volumeMounts:
+ - name: {{ include "common.name" . }}-certificates
+ mountPath: /certificates
+ - name: {{ include "common.name" . }}-onap-certificates
+ mountPath: {{ .Values.global.certificates.share_path }}
+{{- end -}}
+
+{{- define "so.certificate.volume-mounts" -}}
+- name: {{ include "common.name" . }}-certificates
+ mountPath: {{ .Values.global.certificates.path }}
+- name: {{ include "common.name" . }}-onap-certificates
+ mountPath: {{ .Values.global.certificates.share_path }}
+{{- end -}}
+
+{{- define "so.certificate.volumes" -}}
+- name: {{ include "common.name" . }}-certificates
+ emptyDir:
+ medium: Memory
+- name: {{ include "common.name" . }}-onap-certificates
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }}
+{{- end -}}
diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml
index ca6be72273..07390097e7 100755
--- a/kubernetes/so/templates/deployment.yaml
+++ b/kubernetes/so/templates/deployment.yaml
@@ -34,8 +34,9 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
- - command:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/job_complete.py
args:
- --job-name
@@ -93,7 +94,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -120,7 +121,7 @@ spec:
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/templates/secret.yaml b/kubernetes/so/templates/secret.yaml
index bd7eb8ea40..bdcecddfa3 100644
--- a/kubernetes/so/templates/secret.yaml
+++ b/kubernetes/so/templates/secret.yaml
@@ -1,4 +1,5 @@
# Copyright © 2020 Samsung Electronics
+# Modifications Copyright © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,4 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secretFast" . }}
+{{ include "common.secret" . }}
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index b2a8b681b3..90c27da2ad 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -22,6 +22,7 @@ global:
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ soBaseImage: onap/so/base-image:1.0
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
@@ -71,6 +72,9 @@ global:
certs:
trustStorePassword: b25hcDRzbw==
keyStorePassword: c280b25hcA==
+ certificates:
+ path: /etc/ssl/certs
+ share_path: /usr/local/share/ca-certificates/
#################################################################
# Secrets metaconfig
@@ -106,6 +110,13 @@ secrets:
login: '{{ .Values.dbCreds.adminName }}'
password: '{{ .Values.dbCreds.adminPassword }}'
passwordPolicy: generate
+ - uid: "so-onap-certs"
+ name: &so-certs '{{ include "common.release" . }}-so-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certificates/onap-ca.crt
+ - resources/config/certificates/msb-ca.crt
#################################################################
# Application configuration defaults.
@@ -122,6 +133,7 @@ dbCreds:
repository: nexus3.onap.org:10001
image: onap/so/api-handler-infra:1.5.3
+
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
@@ -141,6 +153,8 @@ updateStrategy:
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
+persistence:
+ certificatesPath: /certificates
resources:
small:
limits:
@@ -174,7 +188,6 @@ config:
logstashServiceName: log-ls
logstashPort: 5044
-
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
# --set so.global.mariadbGalera.localCluster=true \
@@ -224,6 +237,7 @@ mso:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
so-bpmn-infra:
+ certSecret: *so-certs
db:
<<: *dbSecrets
cds:
@@ -259,6 +273,7 @@ so-bpmn-infra:
auth: Basic dm5mbTpwYXNzd29yZDEk
so-catalog-db-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
mso:
@@ -272,7 +287,13 @@ so-catalog-db-adapter:
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
+so-monitoring:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+
so-openstack-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
aaf:
@@ -301,6 +322,7 @@ so-openstack-adapter:
auth: Basic YnBlbDpwYXNzd29yZDEk
so-request-db-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
mso:
@@ -315,6 +337,7 @@ so-request-db-adapter:
auth: Basic YnBlbDpwYXNzd29yZDEk
so-sdc-controller:
+ certSecret: *so-certs
db:
<<: *dbSecrets
aai:
@@ -335,7 +358,9 @@ so-sdc-controller:
asdc-connections:
asdc-controller1:
password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+
so-sdnc-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
org:
@@ -360,7 +385,11 @@ so-sdnc-adapter:
rest:
aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+so-ve-vnfm-adapter:
+ certSecret: *so-certs
+
so-vfc-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
mso:
@@ -373,7 +402,9 @@ so-vfc-adapter:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-vnfm-adapter:
+ certSecret: *so-certs
aaf:
auth:
username: so@so.onap.org
@@ -393,10 +424,6 @@ so-vnfm-adapter:
apiEnforcement: org.onap.so.vnfmAdapterPerm
noAuthn: /manage/health
-so-monitoring:
- db:
- <<: *dbSecrets
-
so-mariadb:
db:
rootPasswordExternalSecretLocalDb: *dbRootPassSecretName