summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml2
-rw-r--r--kubernetes/common/cmpv2Certificate/Chart.yaml18
-rw-r--r--kubernetes/common/cmpv2Certificate/requirements.yaml21
-rw-r--r--kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl174
-rw-r--r--kubernetes/common/cmpv2Certificate/values.yaml48
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml6
-rw-r--r--kubernetes/common/mariadb-galera/templates/statefulset.yaml6
-rw-r--r--kubernetes/common/repositoryGenerator/templates/_repository.tpl4
-rw-r--r--kubernetes/common/repositoryGenerator/values.yaml3
-rw-r--r--kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml2
-rw-r--r--kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml2
-rw-r--r--kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml2
-rw-r--r--kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml6
-rwxr-xr-xkubernetes/onap/values.yaml5
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml4
-rwxr-xr-xkubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties2
-rw-r--r--kubernetes/sdnc/requirements.yaml4
-rw-r--r--kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties14
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml70
-rw-r--r--kubernetes/sdnc/values.yaml48
20 files changed, 344 insertions, 97 deletions
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 84d3df3927..09e9607de7 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -1234,6 +1234,8 @@ spec:
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
+ - name: POST_JAVA_OPTS
+ value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword=changeit'
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/common/cmpv2Certificate/Chart.yaml b/kubernetes/common/cmpv2Certificate/Chart.yaml
new file mode 100644
index 0000000000..e50de72605
--- /dev/null
+++ b/kubernetes/common/cmpv2Certificate/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Template used to add cmpv2 certificates to components
+name: cmpv2Certificate
+version: 7.0.0
diff --git a/kubernetes/common/cmpv2Certificate/requirements.yaml b/kubernetes/common/cmpv2Certificate/requirements.yaml
new file mode 100644
index 0000000000..367d879450
--- /dev/null
+++ b/kubernetes/common/cmpv2Certificate/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~7.x-0
+ repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
new file mode 100644
index 0000000000..57e6c69b1f
--- /dev/null
+++ b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
@@ -0,0 +1,174 @@
+{{/*
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each
+certificate will be requested from separate init container
+
+Minimum example of array in target component values.yaml:
+certificates:
+ - mountPath: /var/custom-certs
+ commonName: common-name
+
+Full example (other fields are ignored):
+certificates:
+ - mountPath: /var/custom-certs
+ caName: RA
+ outputType: JKS
+ commonName: common-name
+ dnsNames:
+ - dns-name-1
+ - dns-name-2
+ ipAddresses:
+ - 192.168.0.1
+ - 192.168.0.2
+ emailAddresses:
+ - email-1@onap.org
+ - email-2@onap.org
+ uris:
+ - http://uri-1.onap.org
+ - http://uri-2.onap.org
+ subject:
+ organization: Linux-Foundation
+ country: US
+ locality: San Francisco
+ province: California
+ organizationalUnit: ONAP
+
+There also need to be some includes used in a target component deployment (indent values may need to be adjusted):
+ 1. In initContainers section:
+ {{ include "common.certServiceClient.initContainer" . | indent 6 }}
+ 2. In volumeMounts section of container using certificates:
+ {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
+ 3. In volumes section:
+ {{ include "common.certServiceClient.volumes" . | indent 8 }}
+
+*/}}
+
+{{- define "common.certServiceClient.initContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
+{{- range $index, $certificate := $dot.Values.certificates -}}
+{{/*# General certifiacate attributes #*/}}
+{{- $commonName := $certificate.commonName -}}
+{{/*# SAN's #*/}}
+{{- $dnsNames := default (list) $certificate.dnsNames -}}
+{{- $ipAddresses := default (list) $certificate.ipAddresses -}}
+{{- $uris := default (list) $certificate.uris -}}
+{{- $emailAddresses := default (list) $certificate.emailAddresses -}}
+{{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses -}}
+{{- $sans := join "," $sansList }}
+{{/*# Subject #*/}}
+{{- $organization := $subchartGlobal.certificate.default.subject.organization -}}
+{{- $country := $subchartGlobal.certificate.default.subject.country -}}
+{{- $locality := $subchartGlobal.certificate.default.subject.locality -}}
+{{- $province := $subchartGlobal.certificate.default.subject.province -}}
+{{- $orgUnit := $subchartGlobal.certificate.default.subject.organizationalUnit -}}
+{{- if $certificate.subject -}}
+{{- $organization := $certificate.subject.organization -}}
+{{- $country := $certificate.subject.country -}}
+{{- $locality := $certificate.subject.locality -}}
+{{- $province := $certificate.subject.province -}}
+{{- $orgUnit := $certificate.subject.organizationalUnit -}}
+{{- end -}}
+{{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}}
+{{- $outputType := default $subchartGlobal.platform.certServiceClient.envVariables.outputType $certificate.outputType -}}
+{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
+{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
+{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
+{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.secret.mountPath -}}
+{{- $keystorePath := $subchartGlobal.platform.certServiceClient.envVariables.keystorePath -}}
+{{- $keystorePassword := $subchartGlobal.platform.certServiceClient.envVariables.keystorePassword -}}
+{{- $truststorePath := $subchartGlobal.platform.certServiceClient.envVariables.truststorePath -}}
+{{- $truststorePassword := $subchartGlobal.platform.certServiceClient.envVariables.truststorePassword -}}
+- name: certs-init-{{ $index }}
+ image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ env:
+ - name: REQUEST_URL
+ value: {{ $requestUrl | quote }}
+ - name: REQUEST_TIMEOUT
+ value: {{ $requestTimeout | quote }}
+ - name: OUTPUT_PATH
+ value: {{ $certPath | quote }}
+ - name: OUTPUT_TYPE
+ value: {{ $outputType | quote }}
+ - name: CA_NAME
+ value: {{ $caName | quote }}
+ - name: COMMON_NAME
+ value: {{ $commonName | quote }}
+ - name: SANS
+ value: {{ $sans | quote }}
+ - name: ORGANIZATION
+ value: {{ $organization | quote }}
+ - name: ORGANIZATION_UNIT
+ value: {{ $orgUnit | quote }}
+ - name: LOCATION
+ value: {{ $locality | quote }}
+ - name: STATE
+ value: {{ $province | quote }}
+ - name: COUNTRY
+ value: {{ $country | quote }}
+ - name: KEYSTORE_PATH
+ value: {{ $keystorePath | quote }}
+ - name: KEYSTORE_PASSWORD
+ value: {{ $keystorePassword | quote }}
+ - name: TRUSTSTORE_PATH
+ value: {{ $truststorePath | quote }}
+ - name: TRUSTSTORE_PASSWORD
+ value: {{ $truststorePassword | quote }}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ volumeMounts:
+ - mountPath: {{ $certPath }}
+ name: cmpv2-certs-volume-{{ $index }}
+ - mountPath: {{ $certificatesSecretMountPath }}
+ name: certservice-tls-volume
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "common.certServiceClient.volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
+{{- $certificatesSecretName := $subchartGlobal.platform.certServiceClient.secret.name -}}
+- name: certservice-tls-volume
+ secret:
+ secretName: {{ $certificatesSecretName }}
+{{ range $index, $certificate := $dot.Values.certificates -}}
+- name: cmpv2-certs-volume-{{ $index }}
+ emptyDir:
+ medium: Memory
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "common.certServiceClient.volumeMounts" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
+{{- range $index, $certificate := $dot.Values.certificates -}}
+{{- $mountPath := $certificate.mountPath -}}
+- mountPath: {{ $mountPath }}
+ name: cmpv2-certs-volume-{{ $index }}
+{{ end -}}
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/cmpv2Certificate/values.yaml b/kubernetes/common/cmpv2Certificate/values.yaml
new file mode 100644
index 0000000000..b7531431c4
--- /dev/null
+++ b/kubernetes/common/cmpv2Certificate/values.yaml
@@ -0,0 +1,48 @@
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration default values that can be inherited by
+# all subcharts.
+#################################################################
+global:
+ # Enabling CMPv2
+ cmpv2Enabled: true
+ CMPv2CertManagerIntegration: false
+
+ certificate:
+ default:
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+
+ platform:
+ certServiceClient:
+ secret:
+ name: oom-cert-service-client-tls-secret
+ mountPath: /etc/onap/oom/certservice/certs/
+ envVariables:
+ certPath: "/var/custom-certs"
+ # Client configuration related
+ caName: "RA"
+ requestURL: "https://oom-cert-service:8443/v1/certificate/"
+ requestTimeout: "30000"
+ keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+ outputType: "P12"
+ keystorePassword: "secret"
+ truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
+ truststorePassword: "secret"
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index 19b87b1afa..b6ee064302 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Nokia
+# Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@
global:
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
secretName: oom-cert-service-client-tls-secret
envVariables:
# Certificate related
@@ -29,5 +29,5 @@ global:
keystorePassword: "secret"
truststorePassword: "secret"
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.2
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index caa506225d..bde971ffe7 100644
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -100,6 +100,12 @@ spec:
value: {{ .Values.galera.name | quote }}
- name: MARIADB_GALERA_CLUSTER_ADDRESS
value: "gcomm://{{ template "common.name" . }}-headless.{{ include "common.namespace" . }}.svc.{{ .Values.global.clusterDomain }}"
+ # Bitnami init script don't behave well in dual stack env.
+ # set it here as long as https://github.com/bitnami/charts/issues/4077 is not solved.
+ - name: MARIADB_GALERA_NODE_ADDRESS
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
- name: MARIADB_ROOT_USER
value: {{ .Values.rootUser.user | quote }}
- name: MARIADB_ROOT_PASSWORD
diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
index ba22bfbd60..a6b434f43a 100644
--- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl
+++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
@@ -82,6 +82,10 @@
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }}
{{- end -}}
+{{- define "repositoryGenerator.image.certserviceclient" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "certServiceClientImage") .) }}
+{{- end -}}
+
{{- define "repositoryGenerator.image.envsubst" -}}
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "envsubstImage") .) }}
{{- end -}}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index def7381e46..559675689f 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -1,4 +1,5 @@
# Copyright © 2020 Orange
+# Copyright © 2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,6 +23,7 @@ global:
# common global images
busyboxImage: busybox:1.32
curlImage: curlimages/curl:7.69.1
+ certServiceClientImage: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
envsubstImage: dibi/envsubst:1
# there's only latest image for htpasswd
htpasswdImage: xmartlabs/htpasswd:latest
@@ -53,6 +55,7 @@ global:
imageRepoMapping:
busyboxImage: dockerHubRepository
curlImage: dockerHubRepository
+ certServiceClientImage: repository
envsubstImage: dockerHubRepository
htpasswdImage: dockerHubRepository
jreImage: repository
diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml
index b9472444a3..88c83981bb 100644
--- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/templates/service.yaml
@@ -32,7 +32,7 @@ spec:
type: {{ $root.Values.service.type }}
externalTrafficPolicy: Local
selector:
- statefulset.kubernetes.io/pod-name: {{ include "common.release" $root }}-{{ $root.Values.service.name }}-{{ $i }}
+ statefulset.kubernetes.io/pod-name: {{ include "common.release" $root }}-{{ $root.Values.service.name }}-{{ $i }}
ports:
- port: {{ $root.Values.service.externalPort }}
targetPort: {{ $root.Values.service.externalPort }}
diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml
index 03f8afa182..6c3cbc385a 100644
--- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml
@@ -159,7 +159,7 @@ persistence:
service:
type: NodePort
name: message-router-kafka
- portName: message-router-kafka
+ portName: tcp-message-router-kafka
internalPort: 9092
internalSSLPort: 9093
externalPort: 9091
diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml
index 52eff32242..5ea5bc53b7 100644
--- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/templates/statefulset.yaml
@@ -163,6 +163,8 @@ spec:
value: "{{ .Values.zkConfig.clientPort }}"
- name: KAFKA_OPTS
value: "{{ .Values.zkConfig.kafkaOpts }}"
+ - name: ZOOKEEPER_QUORUM_LISTEN_ON_ALL_IPS
+ value: "true"
- name: ZOOKEEPER_SERVER_ID
valueFrom:
fieldRef:
diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml
index 2da42a4604..64c29db935 100644
--- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml
+++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml
@@ -122,11 +122,11 @@ service:
type: ClusterIP
name: message-router-zookeeper
portName: message-router-zookeeper
- clientPortName: client
+ clientPortName: tcp-client
clientPort: 2181
- serverPortName: server
+ serverPortName: tcp-server
serverPort: 2888
- leaderElectionPortName: leader-election
+ leaderElectionPortName: tcp-leader
leaderElectionPort: 3888
ingress:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 5376940938..b401d66c3a 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -1,6 +1,6 @@
# Copyright © 2019 Amdocs, Bell Canada
# Copyright (c) 2020 Nordix Foundation, Modifications
-# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -202,11 +202,12 @@ global:
CMPv2CertManagerIntegration: false
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
envVariables:
+ certPath: "/var/custom-certs"
# Certificate related
cmpv2Organization: "Linux-Foundation"
cmpv2OrganizationalUnit: "ONAP"
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index 8f31124e41..537b025fb0 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+# Copyright © 2020-2021, Nokia
# Modifications Copyright © 2020, Nordix Foundation, Orange
# Modifications Copyright © 2020 Nokia
#
@@ -38,7 +38,7 @@ certificateGenerationImage: onap/integration-java11:7.2.0
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.2
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3
pullPolicy: Always
replicaCount: 1
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties
index 004a1172a0..3dbf434322 100755
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/fusion.properties
@@ -21,7 +21,7 @@
# validator settings
#default_error_message = Default error message
-login_url_no_ret_val = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/login.htm
+login_url_no_ret_val = https://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/login.htm
user_attribute_name = user
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index 57c165c4c0..f58ecb16be 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada,
# Copyright © 2020 highstreet technologies GmbH
+# Copyright © 2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,6 +21,9 @@ dependencies:
- name: certInitializer
version: ~7.x-0
repository: '@local'
+ - name: cmpv2Certificate
+ version: ~7.x-0
+ repository: '@local'
- name: logConfiguration
version: ~7.x-0
repository: '@local'
diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
index a21ac0441c..57a16bd488 100644
--- a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
+++ b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
@@ -12,6 +12,13 @@ sdnrPasswd=${ODL_ADMIN_PASSWORD}
faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer
TransportType=HTTPNOAUTH
host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+{{- if .Values.config.sdnr.dmaapProxy.enabled }}
+{{- if .Values.config.sdnr.dmaapProxy.usepwd }}
+jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME}
+jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD}
+{{- end }}
+jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }}
+{{- end }}
topic=unauthenticated.SEC_FAULT_OUTPUT
contenttype=application/json
group=myG
@@ -23,6 +30,13 @@ limit=10000
pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer
TransportType=HTTPNOAUTH
host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
+{{- if .Values.config.sdnr.dmaapProxy.enabled }}
+{{- if .Values.config.sdnr.dmaapProxy.usepwd }}
+jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME}
+jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD}
+{{- end }}
+jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }}
+{{- end }}
topic=unauthenticated.VES_PNFREG_OUTPUT
contenttype=application/json
group=myG
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 63b56f87a9..2158fefe19 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2020 Samsung Electronics
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -66,6 +67,13 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- name: ODL_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ {{ if and .Values.config.sdnr.dmaapProxy.enabled .Values.config.sdnr.dmaapProxy.usepwd }}
+ - name: DMAAP_HTTP_PROXY_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "login") | indent 10 }}
+ - name: DMAAP_HTTP_PROXY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }}
+ {{- end }}
+
volumeMounts:
- mountPath: /config-input
@@ -98,50 +106,8 @@ spec:
name: {{ include "common.name" . }}-readiness
{{ end -}}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
-
- {{ if .Values.global.cmpv2Enabled }}
- - name: certs-init
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.platform.certServiceClient.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: REQUEST_URL
- value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }}
- - name: REQUEST_TIMEOUT
- value: "30000"
- - name: OUTPUT_PATH
- value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
- - name: CA_NAME
- value: {{ .Values.global.platform.certServiceClient.envVariables.caName }}
- - name: COMMON_NAME
- value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }}
- - name: ORGANIZATION
- value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }}
- - name: ORGANIZATION_UNIT
- value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}
- - name: LOCATION
- value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }}
- - name: STATE
- value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }}
- - name: COUNTRY
- value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }}
- - name: KEYSTORE_PATH
- value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }}
- - name: KEYSTORE_PASSWORD
- value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }}
- - name: TRUSTSTORE_PATH
- value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }}
- - name: TRUSTSTORE_PASSWORD
- value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- volumeMounts:
- - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
- name: certs
- - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }}
- name: certservice-tls-volume
- {{ end }}
-
- - name: {{ include "common.name" . }}-init-files
+{{ include "common.certServiceClient.initContainer" . | indent 6 }}
+ - name: {{ include "common.name" . }}-chown
image: {{ include "repositoryGenerator.image.busybox" . }}
command:
- sh
@@ -150,7 +116,7 @@ spec:
- |
mkdir {{ .Values.persistence.mdsalPath }}/daexim
mkdir {{ .Values.persistence.mdsalPath }}/journal
- mkdir {{ .Values.persistence.mdsalPath }}/snapshots
+ mkdir {{ .Values.persistence.mdsalPath }}/snapshots
chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
{{- if .Values.global.aafEnabled }}
chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}
@@ -236,6 +202,7 @@ spec:
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -294,10 +261,6 @@ spec:
- mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties
name: properties
subPath: mountpoint-state-provider.properties
- {{ if .Values.global.cmpv2Enabled }}
- - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }}
- name: certs
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -348,19 +311,12 @@ spec:
- name: properties
emptyDir:
medium: Memory
- {{ if .Values.global.cmpv2Enabled }}
- - name: certs
- emptyDir:
- medium: Memory
- - name: certservice-tls-volume
- secret:
- secretName: {{ .Values.global.platform.certServiceClient.secret.name }}
- {{- end }}
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
{{ else }}
{{ include "common.certInitializer.volumes" . | nindent 8 }}
+{{ include "common.certServiceClient.volumes" . | nindent 8 }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index faf6594e2a..c02d5592e6 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -1,5 +1,6 @@
# Copyright © 2020 Samsung Electronics, highstreet technologies GmbH
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -29,33 +30,8 @@ global:
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
- service: mariadb-galera
- # Enabling CMPv2
- cmpv2Enabled: true
+ # Enabling CMPv2 with CertManager
CMPv2CertManagerIntegration: false
- platform:
- certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
- secret:
- name: oom-cert-service-client-tls-secret
- mountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- # Certificate related
- cert_path: /var/custom-certs
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2Country: "US"
- # Client configuration related
- caName: "RA"
- common_name: "sdnc.simpledemo.onap.org"
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
- outputType: "P12"
- keystorePassword: "secret"
- truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
- truststorePassword: "secret"
#################################################################
# Secrets metaconfig
@@ -97,6 +73,14 @@ secrets:
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
+ - uid: dmaap-proxy-creds
+ name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}'
+ login: '{{ .Values.config.sdnr.dmaapProxy.user }}'
+ password: '{{ .Values.config.sdnr.dmaapProxy.password }}'
+ # For now this is left hardcoded but should be revisited in a future
+ passwordPolicy: required
- uid: netbox-apikey
type: password
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
@@ -141,7 +125,8 @@ secrets:
# Certificates
#################################################################
certificates:
- - commonName: sdnc.simpledemo.onap.org
+ - mountPath: /var/custom-certs
+ commonName: sdnc.simpledemo.onap.org
dnsNames:
- sdnc.simpledemo.onap.org
p12Keystore:
@@ -250,6 +235,15 @@ config:
sdnrdbTrustAllCerts: true
mountpointRegistrarEnabled: false
mountpointStateProviderEnabled: false
+ # enable and set dmaap-proxy for mountpointRegistrar
+ dmaapProxy:
+ enabled: false
+ usepwd: true
+ user: addUserHere
+ password: addPasswordHere
+ url: addProxyUrlHere
+
+