diff options
61 files changed, 626 insertions, 149 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index 0745ec0df4..5aeee2e07f 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -48,5 +48,13 @@ Here's the list of these certificates: +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | SO/VNFM | No | Yes? | Yes | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | VID | No | Yes | No | kubernetes/vid/resources/cert | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | OOF/OOF-CMSO | Yes | No | No | kubernetes/oof/charts/oof-cmso/resources/certs | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | OOF/OOF-HAS | Yes | No | No | kubernetes/oof/charts/oof-has/resources/config | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ diff --git a/kubernetes/aai b/kubernetes/aai -Subproject ab137ca81f5d4f9eb3d442f37f8e7ea52d7757f +Subproject eb70b3f12b30d4d7ea010723707db8c3e2ef235 diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/charts/appc-cdt/values.yaml index 377041a615..118d19c1b3 100644 --- a/kubernetes/appc/charts/appc-cdt/values.yaml +++ b/kubernetes/appc/charts/appc-cdt/values.yaml @@ -26,7 +26,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/appc-cdt-image:1.7.0 +image: onap/appc-cdt-image:1.7.1 pullPolicy: Always # application configuration diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties index e7399f6f04..2986ee9e5b 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties @@ -29,11 +29,11 @@ cadi_bath_convert=/opt/onap/appc/data/properties/bath_config.csv cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US cadi_keyfile=/opt/onap/appc/data/stores/org.onap.appc.keyfile cadi_keystore=/opt/onap/appc/data/stores/org.onap.appc.p12 -cadi_keystore_password=enc:tQTHVtbdCuzqrQY1TBRt9SkFL9tCY3OzwbsfaVyAa2dOfZlI0krFOJSBnkm1WdGr +cadi_keystore_password=enc:j5wAY4JjI6Gg8KbPRT3CK55kCaBZcrSq9XMe0vU2Hj3_TWfhln414p_og8-0u4EV #cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)> cadi_alias=appc@appc.onap.org cadi_truststore=/opt/onap/appc/data/stores/truststoreONAPall.jks -cadi_truststore_password=enc:O3Vtv5e77OQWJ_OiLC9Atj3ngyYfulRK519JYFmbKl7 +cadi_truststore_password=enc:9WJ6CRlrFmHiQrFlckhHybFXOwPW3tRetofp3AZ5nyt ## ## org.osaaf.location.props diff --git a/kubernetes/appc/resources/config/certs/org.onap.appc.keyfile b/kubernetes/appc/resources/config/certs/org.onap.appc.keyfile new file mode 100644 index 0000000000..b7dd5ff9e7 --- /dev/null +++ b/kubernetes/appc/resources/config/certs/org.onap.appc.keyfile @@ -0,0 +1,27 @@ +EVYIj42lKzRyMicebf8OOUa9CVwvaKie3N7fTGeDT-GjiR6M6AHQCwBD9Bj95VxgVWOyXGAYy7eT +SSfnkVBgcdZWXlRL7HSUocs52DneRTGYcYGIBGz24O6EpmeZQyWluCKBcVCALKClPzqBNsHa2W06 +XwAccZzYPkDV-taGqF5kP10RiYvKe5YoZEQYBfauS3lDqf47AP-Dh1wLUIpvTSAUfBgDW9FBx9Ay +8Wy2geTuAXcPduBtTGIj3law-5ePDFRqwVVkXmSaEmEn34NvJ4z6Ww7VHqzqBxKAvLErV-KCEHEa +L3L1CCqNCXjUUa_D8CReDA-LPAG_v0yrjQxrdqzcYJ76Q0uIlNmEi_85AlAUXx6KGC03TqaGqICW +nNs4ouxM6U4ekiDi9qbFh7RlTEXw6bHhJPCq-G5ID-crWDHSarQ3IUR5qOmgIFIxpkPksBSGmUI4 +OIScgb2TtqG94EAZ3qu3PmzVlJrxbHYHVFlNLEecu7tGtiQJTLUHpJ0Z8O2GOc8bBz6o6NBT72Pv +i068VkLyUyrSNnVo9rNVFWAc3HREFi85KszBdk58kPTr2AQFH9iK2hmrXTdnPMjhmQgRh4xiAn4J +v5Gsb4DL2si3ZjD2E36Fy5XlPhyFFc8gdB6-v-Et1XJTU6mwV5DgKgg5o3WdHTuHZjYgWmcATZiQ +yLOQ6ZdjTF_004yOSkUzHbArOEmS6LIPTuLibvN6CY1Q0u_ucl5iaIbcwo_sVFisnVXQBHYXblBm +MgZZFg0n5ugL-bdUSdJtU7yIU5t79n0aMxnN84QhuREMSvCUioCrBD5c5H22iqbY7UCPO9Yy7lM- +aPVDRPwHAKEVjYqf4Z4k0Jthn7wqWS2iAKVOEi4R1oniAuuIcM9xoha0-LdRe8hWTV-qXDbtCVDz +h6Rw3dqtS5mCGBMC0TCrLJzG5n3Ed_4kGl5Emb3SXHWNqI_BuIalU4uot7seCv464E3QWQgAkv8w +wTk_IEWIFZhKJIcy5Brsw7Fz-XWQWkExEU3xKButC9hFXpdszF0y8CYUI6EPt2mPqaxB6zu3s4Bv +bKrVxFPX97mOeD8TpmxElmF0vpdhJ9Ee8clvBrGtLl1UIP6B80PrAPEZMLNhLV8S-ZJMKL5PTZh0 +_HNpj1EfiXnBz02cbes5Fuq9M8Dk7f16tP8prYzJ1JbnLTNHHcW4Z1quKrN8RIoYw3qzlXuYRm6Y +8rbuPlZ1wTllIxf00omnonJw8Fx9XzArv_UvqTvAYrv22YliUSl-lcFi8cOK58bmM5rBmkWoFObK +DsCMicfyPWhKf3DEwg1Y0j0qKppFqtKcSxnIbQ-VPRCrRv2yTjauEW6iNlq3RQKSJqFjUVmSUn2w +7tYQzeNv0tYgfRtHgSy_CA9q_ANJFFlxDtqtrFTsgrEH4jOlLs2_UN96RNUhVqSu95X5hEukI574 +kQBUMc5gGQvQ2_Xug15O_-cFfhtalI7NBZkGNNPY5K8h7xYZp2aAl-pNPwKHAmrOWAvFwy64A1NT +_RrZxrtVkj-k3f8Mv_p56yChUpujZ_ZDwLgYKWraqDxyEctpXyMMgjOYRy2CZ6oZfuAygrN5Gw4k +zMKBDkz_5LO_rYU2RUa2NRDLlh2Y47Gxt90IEw_i8y7nxn7K6y3nApI11tfsiiotYq8DLk6jYh07 +mJg-D8lb0q9JRYmnJcNkIQNVJ06bmJnaJQZ7GXUz9MF8_zuTdm4D8m_Ly2Ai4KFq_lw5CBVrLM5k +pfJveSw_6_uF5pda_EZoR4bBoWdrFvLNwob3lsdgiIYGTafQx2SFfQiiEB_CwpGuj4_Dv-TkUT2O +Ui2UWI9Gr-HxSITnvUR0UHStrDb5miXEr8E_Znwc4Db2juh30L57aEtl5N0TYwKI925qLNLHbFg0 +FKEvIt-o7HmvPY6UqajwAtIAdKpxWpWD-hl-eNVNsT4mVzdegIrM2wzzKIcLOvCEEvyWei_E8mIp +nqYw9LoFrQf3dCh8XeamqYkbPE00E8p1zXPNRow5iz9NQ-BNksp1e-ghqF_xr3L4eh7BkEu2
\ No newline at end of file diff --git a/kubernetes/appc/resources/config/certs/org.onap.appc.p12 b/kubernetes/appc/resources/config/certs/org.onap.appc.p12 Binary files differnew file mode 100644 index 0000000000..352c4f562a --- /dev/null +++ b/kubernetes/appc/resources/config/certs/org.onap.appc.p12 diff --git a/kubernetes/appc/templates/secrets.yaml b/kubernetes/appc/templates/secrets.yaml index 075c24a064..c6aeb1e102 100644 --- a/kubernetes/appc/templates/secrets.yaml +++ b/kubernetes/appc/templates/secrets.yaml @@ -13,3 +13,17 @@ # limitations under the License. {{ include "common.secretFast" . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml index 68e108d9b7..5fd34ece79 100644 --- a/kubernetes/appc/templates/statefulset.yaml +++ b/kubernetes/appc/templates/statefulset.yaml @@ -190,6 +190,12 @@ spec: - mountPath: /opt/onap/appc/data/org.ops4j.pax.logging.cfg name: log-config subPath: org.ops4j.pax.logging.cfg + - mountPath: /opt/onap/appc/data/stores/org.onap.appc.p12 + name: p12-certs + subPath: org.onap.appc.p12 + - mountPath: /opt/onap/appc/data/stores/org.onap.appc.keyfile + name: keyfile-certs + subPath: org.onap.appc.keyfile resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -214,6 +220,12 @@ spec: - mountPath: /usr/share/filebeat/data name: data-filebeat volumes: + - name: keyfile-certs + secret: + secretName: {{ include "common.fullname" . }}-certs + - name: p12-certs + secret: + secretName: {{ include "common.fullname" . }}-certs - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 8e8c4219ac..fb8230b128 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -56,7 +56,7 @@ secrets: flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/appc-image:1.7.0 +image: onap/appc-image:1.7.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index d36f0bce85..eee61e7e90 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -72,7 +72,7 @@ error.catalog.errorDefinitionFileDirectory=/opt/app/onap/config # SDN-C's ODL Restconf Connection Details blueprintsprocessor.restconfEnabled=true blueprintsprocessor.restclient.sdncodl.type=basic-auth -blueprintsprocessor.restclient.sdncodl.url=http://sdnc:8282/ +blueprintsprocessor.restclient.sdncodl.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}/ blueprintsprocessor.restclient.sdncodl.username=admin blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U @@ -92,7 +92,7 @@ blueprintsprocessor.grpcclient.py-executor.trustCertCollection=/opt/app/onap/con blueprintsprocessor.grpcclient.py-executor.type=tls-auth # Config Data REST client settings blueprintsprocessor.restclient.sdnc.type=basic-auth -blueprintsprocessor.restclient.sdnc.url=http://sdnc:8282 +blueprintsprocessor.restclient.sdnc.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }} blueprintsprocessor.restclient.sdnc.username=admin blueprintsprocessor.restclient.sdnc.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 50c33c2f75..6cd3c2b554 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -37,6 +37,10 @@ global: # envsusbt envsubstImage: dibi/envsubst + #This configuration specifies Service and port for SDNC OAM interface + sdncOamService: sdnc-oam + sdncOamPort: 8282 + ################################################################# # Secrets metaconfig ################################################################# @@ -58,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.6.3 +image: onap/ccsdk-blueprintsprocessor:0.7.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 5bc0381da2..3f9fb87e13 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.6.3 +image: onap/ccsdk-commandexecutor:0.7.1 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index dc04e146f5..b9c329a124 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.6.3 +image: onap/ccsdk-sdclistener:0.7.1 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index e4a3e8acd6..5810f39672 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.6.3 +image: onap/ccsdk-cds-ui-server:0.7.1 pullPolicy: Always # application configuration diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml index ce86ec2104..18888547c3 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -27,7 +27,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.2 +image: onap/clamp-backend:5.0.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index cf6c572cc9..47eca67f91 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.2 +image: onap/clamp-frontend:5.0.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/common/templates/_storage.tpl b/kubernetes/common/common/templates/_storage.tpl index 45c8b7504a..2114d677e6 100644 --- a/kubernetes/common/common/templates/_storage.tpl +++ b/kubernetes/common/common/templates/_storage.tpl @@ -16,9 +16,20 @@ {{/* Give the root folder for ONAP when using host pathes + + The function takes up to two arguments (inside a dictionary): + - .dot : environment (.) + - .subPath: the sub path to use, default to + ".Values.persistence.mountSubPath" + + Example calls: + {{ include "common.storageClass" . }} + {{ include "common.storageClass" (dict "dot" . "subPath" "my-awesome-subPath") }} */}} {{- define "common.persistencePath" -}} -{{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- $dot := default . .dot -}} +{{- $subPath := default $dot.Values.persistence.mountSubPath .subPath -}} +{{ $dot.Values.global.persistence.mountPath | default $dot.Values.persistence.mountPath }}/{{ include "common.release" $dot }}/{{ $subPath }} {{- end -}} {{/* @@ -26,28 +37,61 @@ The value "common.fullname"-data is used by default, unless either override mechanism is used. - - .Values.global.persistence.storageClass : override default storageClass for all charts - - .Values.persistence.storageClassOverride : override global and default storage class on a per chart basis - - .Values.persistence.storageClass : override default storage class on a per chart basis + - .Values.global.persistence.storageClass : override default storageClass for + all charts + - .Values.persistence.storageClassOverride : override global and default + storage class on a per chart + basis + - .Values.persistence.storageClass : override default storage class on + per chart basis + + The function takes up to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix: suffix to name. if not set, default to "data" when no override + mechanism is used. + - .persistenceInfos: the persitence values to use, default to + `.Values.persistence`. + Need to be the dict key from `.Values` in string + format. + let's say you have: + + persistence: + logs: + enabled: true + size: 100Mi + accessMode: ReadWriteOnce + ... + + then you have to put `.Values.persitence.logs` in + order to use it. + + + Example calls: + {{ include "common.storageClass" . }} + {{ include "common.storageClass" (dict "dot" . "suffix" "my-awesome-suffix") }} + {{ include "common.storageClass" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }} */}} {{- define "common.storageClass" -}} - {{- if .Values.persistence.storageClassOverride -}} - {{- if ne "-" .Values.persistence.storageClassOverride -}} - {{- printf "%s" .Values.persistence.storageClassOverride -}} +{{- $dot := default . .dot -}} +{{- $suffix := default "data" .suffix -}} +{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} + {{- if $persistenceInfos.storageClassOverride -}} + {{- if ne "-" $persistenceInfos.storageClassOverride -}} + {{- $persistenceInfos.storageClassOverride -}} {{- else -}} {{- $storage_class := "" -}} {{- printf "%q" $storage_class -}} {{- end -}} {{- else -}} - {{- if or .Values.persistence.storageClass .Values.global.persistence.storageClass }} - {{- if ne "-" (default .Values.persistence.storageClass .Values.global.persistence.storageClass) -}} - {{- printf "%s" (default .Values.persistence.storageClass .Values.global.persistence.storageClass) -}} + {{- if or $persistenceInfos.storageClass $dot.Values.global.persistence.storageClass }} + {{- if ne "-" (default $persistenceInfos.storageClass $dot.Values.global.persistence.storageClass) -}} + {{- default $persistenceInfos.storageClass $dot.Values.global.persistence.storageClass -}} {{- else -}} {{- $storage_class := "" -}} {{- printf "%q" $storage_class -}} {{- end -}} {{- else -}} - {{- printf "%s-data" (include "common.fullname" .) -}} + {{- printf "%s-%s" (include "common.fullname" $dot) $suffix -}} {{- end -}} {{- end -}} {{- end -}} @@ -63,53 +107,104 @@ {{/* Generate a PV + + The function takes up to three arguments (inside a dictionary): + - .dot : environment (.) + - .suffix: suffix to name. if not set, default to "data". + - .persistenceInfos: the persitence values to use, default to + `.Values.persistence`. + Need to be the dict key from `.Values` in string + format. + let's say you have: + + persistence: + logs: + enabled: true + size: 100Mi + accessMode: ReadWriteOnce + ... + + then you have to put `.Values.persitence.logs` in + order to use it. + + Example calls: + {{ include "common.PV" . }} + {{ include "common.PV" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos".Values.persistenceLog ) }} + {{ include "common.PV" (dict "dot" . "subPath" "persistenceInfos" .Values.persistence.log) }} */}} {{- define "common.PV" -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if (include "common.needPV" .) -}} +{{- $dot := default . .dot -}} +{{- $suffix := default "data" .suffix -}} +{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}} +{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} +{{- if and $persistenceInfos.enabled (not $persistenceInfos.existingClaim) -}} +{{- if (include "common.needPV" $dot) -}} kind: PersistentVolume apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" . | nindent 4 }} +metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $suffix "labels" $persistenceInfos.labels) | nindent 2 }} spec: capacity: - storage: {{ .Values.persistence.size }} + storage: {{ $persistenceInfos.size }} accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + - {{ $persistenceInfos.accessMode }} + persistentVolumeReclaimPolicy: {{ $persistenceInfos.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $dot }}-{{ $suffix }}" hostPath: - path: {{ include "common.persistencePath" . }} + path: {{ include "common.persistencePath" (dict "dot" $dot "subPath" $persistenceInfos.mountSubPath) }} {{- end -}} {{- end -}} {{- end -}} {{/* Generate N PV for a statefulset + + The function takes up to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix: suffix to name. if not set, default to "data". + - .persistenceInfos: the persitence values to use, default to + `.Values.persistence`. + Need to be the dict key from `.Values` in string + format. + let's say you have: + + persistence: + logs: + enabled: true + size: 100Mi + accessMode: ReadWriteOnce + ... + + then you have to put `.Values.persitence.logs` in + order to use it. + + Example calls: + {{ include "common.replicaPV" . }} + {{ include "common.replicaPV" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }} + {{ include "common.replicaPV" (dict dot" . "subPath" "persistenceInfos" .Values.persistence.log) }} */}} {{- define "common.replicaPV" -}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} +{{- $dot := default . .dot -}} +{{- $suffix := default "data" .suffix -}} +{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}} +{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} +{{- if and $persistenceInfos.enabled (not $persistenceInfos.existingClaim) -}} +{{- if (include "common.needPV" $dot) -}} +{{/* TODO: see if we can use "common.PV" after branching F release */}} +{{- range $i := until (int $dot.Values.replicaCount) }} +{{- $range_suffix := printf "%s-%d" $metadata_suffix $i }} --- kind: PersistentVolume apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{$i}} - namespace: {{ include "common.namespace" $global }} - labels: {{- include "common.labels" $global | nindent 4 }} +metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $range_suffix "labels" $persistenceInfos.labels) | nindent 2 }} spec: capacity: - storage: {{ $global.Values.persistence.size}} + storage: {{ $persistenceInfos.size }} accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" + - {{ $persistenceInfos.accessMode }} + persistentVolumeReclaimPolicy: {{ $persistenceInfos.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $dot }}-{{ $suffix }}" hostPath: - path: {{ include "common.persistencePath" $global }}-{{$i}} + path: {{ include "common.persistencePath" (dict "dot" $dot "subPath" $persistenceInfos.mountSubPath) }}-{{ $i }} {{- end -}} {{- end -}} {{- end -}} @@ -117,22 +212,81 @@ spec: {{/* Generate a PVC + + The function takes up to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix: suffix to name. if not set, default to "data". + - .persistenceInfos: the persitence values to use, default to + `.Values.persistence`. + Need to be the dict key from `.Values` in string + format. + let's say you have: + + persistence: + logs: + enabled: true + size: 100Mi + accessMode: ReadWriteOnce + ... + + then you have to put `.Values.persitence.logs` in + order to use it. + + Example calls: + {{ include "common.PVC" . }} + {{ include "common.PVC" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }} + {{ include "common.PVC" (dict dot" . "subPath" "persistenceInfos" .Values.persistence.log) }} */}} {{- define "common.PVC" -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- $dot := default . .dot -}} +{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} +{{- $suffix := default "data" .suffix -}} +{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}} +{{- if and $persistenceInfos.enabled (not $persistenceInfos.existingClaim) -}} kind: PersistentVolumeClaim apiVersion: v1 -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} +{{ include "common.PVCTemplate" (dict "dot" $dot "suffix" $suffix "persistenceInfos" $persistenceInfos) }} +{{- end -}} +{{- end -}} + +{{/* + Generate a PVC template for a statefulset + + The function takes up to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix: suffix to name. if not set, default to "data". + - .persistenceInfos: the persitence values to use, default to + `.Values.persistence`. + Need to be the dict key from `.Values` in string + format. + let's say you have: + + persistence: + logs: + enabled: true + size: 100Mi + accessMode: ReadWriteOnce + ... + + then you have to put `.Values.persitence.logs` in + order to use it. + + Example calls: + {{ include "common.PVCTemplate" . }} + {{ include "common.PVCTemplate" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }} + {{ include "common.PVCTemplate" (dict dot" . "subPath" "persistenceInfos" .Values.persistence.log) }} +*/}} +{{- define "common.PVCTemplate" -}} +{{- $dot := default . .dot -}} +{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} +{{- $suffix := default "data" .suffix -}} +{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}} +metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $metadata_suffix "annotations" $persistenceInfos.annotations) | nindent 2 }} spec: accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} + - {{ $persistenceInfos.accessMode }} + storageClassName: {{ include "common.storageClass" (dict "dot" $dot "suffix" $suffix "persistenceInfos" $persistenceInfos ) }} resources: requests: - storage: {{ .Values.persistence.size }} -{{- end -}} + storage: {{ $persistenceInfos.size }} {{- end -}} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 96d7dffb0a..105facf2b9 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -84,7 +84,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-dgbuilder-image:0.6.3 +image: onap/ccsdk-dgbuilder-image:0.7.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json index 41404b0199..c52a0a8606 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json @@ -2,7 +2,6 @@ "dmaap": { "username": "notused", "password": "doesnotmatter", - "owner": "dcaecm", - "protocol": "http" - } + "owner": "dcaecm" + } }
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json index b459a989d7..2e47c9e118 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json @@ -24,7 +24,7 @@ "timeout_in_secs": 60 }, "dmaap_mr" : { - "url" : "https://message-router:3904/events/unauthenticated.POLICY-NOTIFICATION/policy-handler/ph1", + "url" : "https://message-router:3905/events/POLICY-NOTIFICATION/policy-handler/ph1", "query": { "timeout": 15000 }, diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 9478a762ff..9ed8a0b8e8 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.5 +image: onap/dmaap/datarouter-node:2.1.6 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 06f68e7ca9..196be0dabe 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.5 +image: onap/dmaap/datarouter-prov:2.1.6 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml b/kubernetes/nbi/templates/configmap-aaf-add-config.yaml new file mode 100644 index 0000000000..fe099b140d --- /dev/null +++ b/kubernetes/nbi/templates/configmap-aaf-add-config.yaml @@ -0,0 +1,28 @@ +{{ if .Values.global.aafEnabled }} +{{/* +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.aafConfig.addconfig -}} +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "aaf-add-config" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: |- + /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop +{{- end -}} +{{- end -}} diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 528a3f7e76..3283239100 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -32,6 +32,9 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.fullname" . }} spec: +{{- if .Values.global.aafEnabled }} + initContainers: {{ include "common.aaf-config" . | nindent 6 }} +{{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -40,16 +43,39 @@ spec: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container + {{- if .Values.global.aafEnabled }} + command: + - bash + args: + - -c + - | + export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0) + export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ + -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \ + -Dserver.ssl.key-store-type=PKCS12 \ + -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \ + -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \ + -Djavax.net.ssl.trustStoreType=jks\ + -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443" + {{- if eq "DEBUG" .Values.config.loglevel }} + export JAVA_DEBUG="-Djavax.net.debug=all" + {{- end }} + exec java -XX:+UseContainerSupport $JAVA_DEBUG $JAVA_OPTS -jar /opt/onap/app.jar + {{- end }} {{ if .Values.liveness.enabled }} livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + httpGet: + port: {{ .Values.liveness.port }} + path: {{ .Values.liveness.path }} + scheme: HTTPS initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + httpGet: + port: {{ .Values.readiness.port }} + path: {{ .Values.readiness.path }} + scheme: HTTPS initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -72,7 +98,7 @@ spec: - name: ONAP_CLOUDOWNER value: {{ .Values.config.cloudOwner }} - name: NBI_URL - value: "http://nbi.{{ include "common.namespace" . }}:8080/nbi/api/v4" + value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4" - name: SDC_HOST value: "https://sdc-be.{{ include "common.namespace" . }}:8443" - name: SDC_HEADER_ECOMPINSTANCEID @@ -90,7 +116,7 @@ spec: value: {{ .Values.so_authorization }} {{- end }} - name: DMAAP_HOST - value: "https://message-router.{{ include "common.namespace" . }}:3905" + value: "http://message-router.{{ include "common.namespace" . }}:3904" - name: LOGGING_LEVEL_ORG_ONAP_NBI value: {{ .Values.config.loglevel }} - name: MSB_ENABLED @@ -99,7 +125,7 @@ spec: value: "msb-discovery.{{ include "common.namespace" . }}" - name: MSB_DISCOVERY_PORT value: "10081" - volumeMounts: + volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -125,7 +151,7 @@ spec: # name: esr-server-logs # - mountPath: /usr/share/filebeat/data # name: esr-server-filebeat - volumes: + volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 4e22af6494..ceab7fad2a 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -28,6 +28,30 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera + aafAgentImage: onap/aaf/aaf_agent:2.1.15 + aafEnabled: true + busyBoxImage: busybox:1.30 + busyBoxRepository: docker.io + +################################################################# +# AAF part +################################################################# +aafConfig: + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: nbi + fqi: nbi@nbi.onap.org + public_fqdn: nbi.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + permission_user: 1000 + permission_group: 999 + addconfig: true + secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds + ################################################################# # Secrets metaconfig @@ -39,13 +63,19 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.db.userName }}' password: '{{ .Values.config.db.userPassword }}' + - uid: *aaf_secret_uid + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required subChartsOnly: enabled: true # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:6.0.0 +image: onap/externalapi/nbi:6.0.1 pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== @@ -109,9 +139,8 @@ affinity: {} # probe configuration parameters liveness: - httpGet: - path: /nbi/api/v4/status - port: 8080 + path: /nbi/api/v4/status + port: 8443 initialDelaySeconds: 180 periodSeconds: 30 # necessary to disable liveness probe when setting breakpoints @@ -119,9 +148,8 @@ liveness: enabled: true readiness: - httpGet: - path: /nbi/api/v4/status - port: 8080 + path: /nbi/api/v4/status + port: 8443 initialDelaySeconds: 185 periodSeconds: 30 @@ -130,7 +158,7 @@ service: portName: api name: nbi nodePort: 74 - internalPort: 8080 + internalPort: 8443 ingress: enabled: false diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml index c2d6f8c7ef..67808472b6 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml @@ -45,6 +45,13 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-chown + command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-logs + mountPath: /share/logs - name: db-init image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml index a9a89ddd72..f3f176fded 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml @@ -25,12 +25,12 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-optimizer:2.1.1 +image: onap/optf-cmso-optimizer:2.2.0 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.1.1 + image: onap/optf-cmso-dbinit:2.2.0 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index b41b840fde..ca45d7ee12 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -45,6 +45,13 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-chown + command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-logs + mountPath: /share/logs - name: db-init image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml index 345f03d4d3..90a74bd3ed 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml @@ -25,13 +25,13 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-service:2.1.1 -robotimage: onap/optf-cmso-robot:2.1.1 +image: onap/optf-cmso-service:2.2.0 +robotimage: onap/optf-cmso-robot:2.2.0 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.1.1 + image: onap/optf-cmso-dbinit:2.2.0 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml index 53d1b26755..0b0b7e0890 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml @@ -30,6 +30,14 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: + - name: {{ include "common.name" . }}-chown + command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-logs + mountPath: /share/logs containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml index 300a72cbae..846245a42c 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml @@ -20,13 +20,12 @@ global: # global defaults readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 authentication: proprietary-auth - subChartsOnly: enabled: true # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-ticketmgt:2.1.1 +image: onap/optf-cmso-ticketmgt:2.2.0 pullPolicy: Always diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml index 8cc4a986c5..a23ac430c9 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml @@ -30,6 +30,14 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: + - name: {{ include "common.name" . }}-chown + command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"] + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-logs + mountPath: /share/logs containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml index c8ac5d7880..775da43928 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/values.yaml @@ -25,7 +25,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/optf-cmso-topology:2.1.1 +image: onap/optf-cmso-topology:2.2.0 pullPolicy: Always diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks Binary files differindex 535abaa92b..f1e01085f9 100644 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile index f85a567981..78a6afba63 100644 --- a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile @@ -1,27 +1,27 @@ -liD-IR8Y1MHqPDTUqq3AaTtqnWn5jCpfIRBlyi6xY4A0fbQz8ZPlTZPHkshRt0dHdST3R7TIvTyQ -JpTCeBNBu2df3vBbUzsN0rIpPG9TGjzmE7cRu4V4kfefSqsIj-S7OTAaWaWpwGWJYLLCB2sQALkS -f68VWdupUEw3g9jqCU1QzjKOnLGvhlp6Qrc1xG4Z5Ar8WERw-C3DqTWUKANoEvjWkvH2rAywzj93 -pmspvd5fQfH1rp1ACNvnPrRb_oYNfwPrNpE7Sb4LvM1muoiKMDF64IDO0TkxhjHZ9wpJgVsnowby -qmokqf39dMRRk3S1IEpOiBGyLS_885JDj_XJKYRQsjvkTzjpFJ7wE2-HDZEVWCITvtS9-Xorm5TI -3iU4rjMDew5fkBnjoKuSOS7Lksva4ouZOCiUkDos1jAJ5XMDEQm4BcPHtcW6PpC602-qRcgnNjjP -wOPdF7hCm27ZTai3lAtNGByR7oBr9r5Uma-soORFvg8drV8Rgh0lax-poFVhoEH7RhKPIzYpSco9 -jnpURzi_epTjAhjjup-erTv2GAIllKsSEHZLbfsFWlNUZTOx58PSB0jBN5m_8HxTyNm0zsm0Cb7U -KsjPduQ5ZblsfRIJwqpOBXoof7WerKReMZSOdgjZUNueiuEImVH9_SYOdKZhkluSi4yfEtme7CCP -kZ2JhdiT5km3SeonalhU2MUsx60krxyQ1mnjI4jS9QagUME4mujdvM_L7mtjcPZVSfXUn49whakE -J-NQV6q2iZgN2IxsT_uCnlZYwnE5i-IbQkQAEu13m6ETsMmf0cwPnKaSwRhb8G48EkJhTL-GP9Z0 --EsIKT7lQt7kfX-mmNoEirTg9gQAaN3uxLmdHvXpeJdlETnnaLYYJJ3h-SL0e_5Yz2SpdsEwZ3Bk -PtR-QvlYKDhG1nhPOna65ctCzn81PZOUP3lsO6MSTOK6D6Taxfh1TYEBAvzCP0BfFBodw4lSglFP -I5IfdiJmomTGARa36nC_O5YzH_jBWLQrgd2gxI5H5bB-5zqzu79SGX9o2_LRVY_LVV0BmI3xSYOI -vziYYC1XyTY6blfdiOM5a5KjraErxSTEFZVFrsx4OQ_dLA0woVtixawrIy1rgfQr49U1oIRe8BgN -j3eis_UQAbPbmdbEe1qtXnvi6T7trHskzt6K-vTgo5ITJkr-F2Sds_QgNdaFBGuES6X5RwRGlbHT -Tl_M8Ja_1K-RMNKJRssoRTKstpwnrhk9IcoSwYcLykbDLgeC0mhSMHOOuWv1RGRaZdzObc5YA1eB -idQmzy5xAHzNxPHHrB-fpjFJRYv_QZY9qZcGvP58d6bHO0upxbj-BBt9zfc7Qt0JLU6EAdYbW5TI -2v4JImikrx6KvtoK8vcjJMTDAanTVB31J65tat0rq9wYKxUdjBJLzkT3psYs_DRtYQc0i02YTD7t -dWya0-3p1Yrt0em3XGb8JAh2PA3BsQKmvKAOc054wf_B8n8saxSFw1WQL30vU5c4-Z_p53HfaUYd -Qg7DZskzgwBRy48sLJNCrn81RtxXfQP1XtPEZs-AAlTUslHoUdoQ1cwrYEgkNT1cjk6sLI_oKSK- -dDICBnlYLrZRBS3sH8K38WaIh1WRY6vbGVDs1tUectUpng_-Khavd0Crw7D_CE6T7Rnfcn0pnTV- -HW1PIXejFsONQn-2c3a9HZ-v6Hg4JL6UWm-qgBPC5118ymO0LfmrviAFAC6Wt3WFiNzrvx9Jggus -lE0qvLVfkQVZXAy-hSPHlYZmtxk5voVsf60qPoDN2-NdpWz62M9PrXd_A03YGxzt0G6J4VXExRES -xqLeGNGB496AfX_vEub97sR8xcbbUXsyt12uVnygifGyND60coikaKrMktv2OLOLEl8AudLp0ZNA -oOoYJZqfUnQqaLt0dNmNa5OtzYjf7f6bYX0V8XLTHlFqZ6QzqYGFMPNhDYjqtet6d--Q8t7_5S5C -RfXP8Wh8CjbEh2_rsr9rvy1nhM_Cptxc0BFXcS5Dt_R4vjd2G4B_LEC4Hy1s_rZThzUVxRCl
\ No newline at end of file +dX1X5XcwStbiOmKV2k-px6nukVP3Ucg3mB6Rx3IyAyAQOZx8nU-TBK9kOV635VI5559pLF6z7jGR +BcBfEgQtiO93vGKsSfkiVjorFz5UDqqXvoW6kFz4yQHBYR8cfFIRQ4L6mitfrs6gsM0d7CBqBz29 +I5lyzeSzmaPmJDP92jw--y3cvGRYYNLGvl3U3IIeCFX9IkDY29OZazaQaihAZx2trjLZKEeuzLN1 +6JQGbKEqCCRzZ46TXnH1DKRPxxV2aNzb_3I8402XUmlGBPf0Ucyj2wlBWrSApVVaxKKIEgIjf7vs +x2fEMD-ye--2MkalDZ6Tm_x75GFKiia7Uc2fBBb4xHGZZEmKTh4php1Gu3v1bVY8hjXXVTpF-WXm +cm9T4uczm_CgnKE4PtqLnYQg87LI8ONbWIE5jkgu1D4lhWkzO8nMrQlnFT0HlB-CRGu_xRsIWvnc +bTA8K4iKJMHm7IhRfrBFNRBSq8AH_9LoUfTQ62C-Nt8g6Wu7ox6fO_dus1S9H9ndNzos31IVrn1h +5QHxuBCUORISWjGoEQSM6spz3pyvbNMgKpkkg2izwXzDwc3RbqOgiSY8WtpKXuWceU-Ltl_npFpO +O1suykGF6fnuql87ERJ7mcEiNd8L2_GuxTr-0YbbWgCK2IBDyfNc6ayTcjN0huoF72umE0ODQ0aK +0HUAWAV4W6cWXEj7iOpMx1jkDURbWEdPetlz-LZKv7aN3s65Cl4Nib7ltWrs9ilP5J-KUKTkUPpM +poBWXVZf4IjNx3H2KFzdLeGSXO3kG46tQDeeloFuY2yk1FWeyS9xLS60H2komdIW6qRVVBzeJHRN +7dYMK5AhAgOghhe5XBhH1yHVdjLJuOMXPRrXe8dTyNU6fD1rHuvGukwSLW9lXsQkJBENfsIxY-At +-j6Gm54G_Dz5k7tu7ThpCREVxNoBDMOBC_RemS0P-pqHSEpxEc0OjLQbVSPBQRa3eaRiqLMz_dop +FGJt56UE73Qn0HWQw16lSdKSDtuSlByEwbQ8fRFN6e2f6DCHwW81kPpfJBcoPgO4RcoazNfbLXGI +c3q9SSpOy6r33lPT8ZigURWiNqgO2NgWswAhaN1lllbXooQxhmTnokTxi8lbQ45ZMI0n5TKFJVAB +TtEpi4VESECsda-Rlt2w-SE9QMSSxbdYcoMutupHoj2EuRcEDAW9ghLcfBqBkGapS_Vk-E7VYBqT +mCzuKx5WdvNj9RFCIHq7U6axpddRd7XGgKhQwyLo075DLlpULcXjHegh2Dv_U-CgwMc7J4NfCNYL +atLIkKAhxiaHt7nkhSVKsJK89-7_NQd-OubYnUNMREoEBJautCFfyiL5fooEb2Vdu1S-27fAYk3f +9Zv4j_lwldSGBkNZg8vKGsSLgl9acdXld_zyUI9iGe-cj5eibI7LLpaxRL9UyBJWvElyDdTQvTZL +DdpWmy3QF9GUGx0AwZixPixXdIHmmu2yOu1kFqNAjHqfVfoyNETlGrQRM5IPQ6RmBhWC3Iv5mSNA +FZ0J95bvy9_HS718wAhlEiw4B6FGnTR8KZozfOtr2ihh8QybBgvvJrs-68RIB56gWyavbn-aAnXi +zTI1YYCVzBDVv4XPzqK4itVl5gPb3KCHPUSlrVhkPLXAUix3b4-nu4pk8veAE1CYZCIy_GqPNUOT +LqLl4-WMHodF7SLNzvPSqgolCC1TjnuO1ysOHlK86W7nZPyrpnideiLbGs6G51cG0pIcDIyWNm6d +9TXQTiRx87cZxRxEEFz57ftjqy3qhg_sw2ziFWOeItEO6OaOgwfH2OtMToeBWiJepyfG1eB4n7jH +OsTQLSvCt2gHI1zXyCtYBZKeZI2dxO6cOdh5ljIuS0rABHe1BP2ZkKmJIXoEPFstJlAz4GPaghL4 +8rCndhdyoW7CayzBAAe5balYq63qjqUD_eOIp-pHcEe0Mfbmzu4CDSK8-40Qia6ApskFsRCkzu1V +Pf1fH6-3rvQZFqt6irr_7HWUFhGRcXw9kBOy8h24nTawv-L6eydW5iX0pwRMz_QfHo_Krm6O
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml index 2b8ad9487d..b1c3561538 100644 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/values.yaml @@ -56,9 +56,11 @@ global: keystoreFile: "org.onap.oof.jks" loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - keystorePassword: N{$tSp*U)RQzjqE;)%4z;Pv[ + keystorePassword: OA7*y0PEGTma?$be2z#0$:L] truststorePassword: authentication: aaf-auth + busyBoxImage: busybox:1.30 + busyBoxRepository: docker.io flavor: small diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json index e4517c7a5d..544ecdfc32 100644 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/charts/pap/resources/config/config.json @@ -41,8 +41,8 @@ "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", "databaseDriver": "org.mariadb.jdbc.Driver", "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}", - "databaseUser": "{{ .Values.global.mariadb.config.userName }}", - "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}", + "databaseUser": "${SQL_USER}", + "databasePassword": "${SQL_PASSWORD_BASE64}", "persistenceUnit": "PolicyMariaDb" }, "topicParameterGroup": { diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml index caef5218ef..85ca9c1486 100644 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/pap/templates/deployment.yaml @@ -31,6 +31,25 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + + - command: + - sh + args: + - -c + - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: papconfig + - mountPath: /config + name: papconfig-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -58,7 +77,7 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/policy/pap/etc/mounted - name: papconfig + name: papconfig-processed resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -77,5 +96,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: papconfig-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/pap/templates/secrets.yaml b/kubernetes/policy/charts/pap/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/pap/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index 05f43d66e0..7edb3ab871 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -22,6 +22,18 @@ ################################################################# global: persistence: {} + envsubstImage: dibi/envsubst + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -36,6 +48,10 @@ debugEnabled: false # application configuration +db: + user: policy_user + password: policy_user + # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json index ccfc07ae67..2e46ccae96 100644 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/charts/policy-api/resources/config/config.json @@ -30,8 +30,8 @@ "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", "databaseDriver": "org.mariadb.jdbc.Driver", "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin", - "databaseUser": "{{ .Values.global.mariadb.config.userName }}", - "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}", + "databaseUser": "${SQL_USER}", + "databasePassword": "${SQL_PASSWORD_BASE64}", "persistenceUnit": "PolicyMariaDb" }, "preloadPolicyTypes": [ diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml index 25e80d0ac3..777cc4954d 100644 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml @@ -31,6 +31,26 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + + - command: + - sh + args: + - -c + - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: apiconfig + - mountPath: /config + name: apiconfig-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -58,7 +78,7 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/policy/api/etc/mounted - name: apiconfig + name: apiconfig-processed resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -77,5 +97,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: apiconfig-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-api/templates/secrets.yaml b/kubernetes/policy/charts/policy-api/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/policy-api/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index b5e10493dc..fd66b69e4e 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -22,6 +22,18 @@ global: nodePortPrefix: 304 persistence: {} + envsubstImage: dibi/envsubst + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -35,6 +47,9 @@ pullPolicy: Always debugEnabled: false # application configuration +db: + user: policy_user + password: policy_user # default number of instances replicaCount: 1 diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index bec4d1cac1..f5077cb53c 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.7.6 +image: onap/sdnc-dmaap-listener-image:1.8.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index 4ee7c6f25d..621048a9d7 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.7.6 +image: onap/sdnc-ansible-server-image:1.8.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 8165af23ae..faa9e6bde8 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -73,7 +73,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.7.6 +image: onap/admportal-sdnc-image:1.8.0 config: dbFabricDB: mysql dbFabricUser: admin diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index 254d76a05e..1f6c9de627 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.7.6 +image: onap/sdnc-ueb-listener-image:1.8.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh index af5c36207c..6aa796a163 100755 --- a/kubernetes/sdnc/resources/config/bin/startODL.sh +++ b/kubernetes/sdnc/resources/config/bin/startODL.sh @@ -4,6 +4,7 @@ # ============LICENSE_START======================================================= # SDNC # ================================================================================ +# Copyright © 2020 Samsung Electronics # Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -133,17 +134,17 @@ echo " AAF_ENABLED=$SDNC_AAF_ENABLED" if $SDNC_AAF_ENABLED; then - export SDNC_STORE_DIR=/opt/app/osaaf/local - export SDNC_CONFIG_DIR=/opt/app/osaaf/local + export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local + export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass` export SDNC_KEYSTORE=org.onap.sdnc.p12 sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties - echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties + echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties - echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties + echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties fi diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index da5d8f30d4..4511ca9125 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -1,4 +1,5 @@ {{/* +# Copyright © 2020 Samsung Electronics # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -208,6 +209,9 @@ spec: - mountPath: {{ .Values.config.binDir }}/installSdncDb.sh name: bin subPath: installSdncDb.sh + - mountPath: {{ .Values.config.ccsdkConfigDir }}/aaiclient.properties + name: properties + subPath: aaiclient.properties - mountPath: {{ .Values.config.configDir }}/aaiclient.properties name: properties subPath: aaiclient.properties diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 6cf671ac2d..99ff4b7760 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -1,3 +1,4 @@ +# Copyright © 2020 Samsung Electronics # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -117,7 +118,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.7.6 +image: onap/sdnc-image:1.8.0 # flag to enable debugging - application support required @@ -159,6 +160,7 @@ config: peerODLCluster: 127.0.0.1 isPrimaryCluster: true configDir: /opt/onap/sdnc/data/properties + ccsdkConfigDir: /opt/onap/ccsdk/data/properties dmaapTopic: SUCCESS dmaapPort: 3904 logstashServiceName: log-ls diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index 02947c6643..aa1189dcba 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -284,7 +284,7 @@ policy: environment: TEST sdnc: auth: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== - host: http://sdnc.{{ include "common.namespace" . }}:8282 + host: http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }} path: /restconf/operations/GENERIC-RESOURCE-API si: svc: diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index 1d2c5f17b1..b04343feef 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -22,6 +22,9 @@ global: readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + #This configuration specifies Service and port for SDNC OAM interface + sdncOamService: sdnc-oam + sdncOamPort: 8282 ################################################################# # Secrets metaconfig diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml index 7a1358cc88..d363122a33 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -148,16 +148,16 @@ org: bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} sdncconnecttime: 5000 - sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:' - sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:' - sdncurl12: 'http://sdnc.{{ include "common.namespace" . }}:8282/' - sdncurl13: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/opticalservice:' - sdncurl5: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config' - sdncurl6: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:' - sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:' - sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:' - sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation' - sdncurl20: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/LCM:' + sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:' + sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:' + sdncurl12: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/' + sdncurl13: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/opticalservice:' + sdncurl5: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/config' + sdncurl6: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNF-API:' + sdncurl7: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/L3UCPE-API:' + sdncurl8: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NBNC-API:' + sdncurl9: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NORTHBOUND-API:service-topology-operation' + sdncurl20: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/LCM:' service: infra: service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1 diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index a4b2496662..42c5d4ddb3 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -22,6 +22,9 @@ global: readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + #This configuration specifies Service and port for SDNC OAM interface + sdncOamService: sdnc-oam + sdncOamPort: 8282 ################################################################# # Secrets metaconfig diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks Binary files differnew file mode 100644 index 0000000000..96931ce168 --- /dev/null +++ b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-secrets/templates/secrets.yaml index 9a749638f0..5be2cc7c41 100644 --- a/kubernetes/so/charts/so-secrets/templates/secrets.yaml +++ b/kubernetes/so/charts/so-secrets/templates/secrets.yaml @@ -25,3 +25,16 @@ data: trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }} keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}} type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.release" . }}-so-truststore-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml index 00b36a838e..a720753f47 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml @@ -40,17 +40,17 @@ spec: image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | indent 12 }} - {{- if eq .Values.global.security.aaf.enabled true }} env: - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks + value: {{ .Values.global.client.certs.truststore }} - name: TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ .Release.Name}}-so-client-certs-secret key: trustStorePassword + {{ if eq .Values.global.security.aaf.enabled true }} - name: KEYSTORE - value: /app/org.onap.so.jks + value: {{ .Values.global.client.certs.keystore }} - name: KEYSTORE_PASSWORD valueFrom: secretKeyRef: @@ -67,6 +67,9 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-truststore + mountPath: /app/client + readonly: true livenessProbe: tcpSocket: port: {{ index .Values.livenessProbe.port }} @@ -84,5 +87,8 @@ spec: - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-truststore + secret: + secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index c57ed023ef..6bd930d7b1 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -1,3 +1,6 @@ +aai: + endpoint: https://aai.{{ include "common.namespace" . }}:8443 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} server: port: {{ index .Values.containerPort }} tomcat: diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 8a83427c4b..e9c5637eef 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -34,6 +34,9 @@ global: localCluster: false persistence: mountPath: /dockerdata-nfs + #This configuration specifies Service and port for SDNC OAM interface + sdncOamService: sdnc-oam + sdncOamPort: 8282 #This configuration will run the migration. The configurations are for backing up the data #from DB and then restoring it to the present versions preferred DB. migration: @@ -57,8 +60,8 @@ global: defaultCloudOwner: onap cadi: cadiLoglevel: DEBUG - cadiKeyFile: /app/org.onap.so.keyfile - cadiTrustStore: /app/org.onap.so.trust.jks + cadiKeyFile: /app/client/org.onap.so.keyfile + cadiTrustStore: /app/client/org.onap.so.trust.jks cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC cadiLatitude: 38.4329 cadiLongitude: -90.43248 @@ -70,7 +73,9 @@ global: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 client: certs: - trustStorePassword: b25hcDRzbw== + truststore: /app/client/org.onap.so.trust.jks + keystore: /app/client/org.onap.so.jks + trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI keyStorePassword: c280b25hcA== certificates: path: /etc/ssl/certs diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 9529e558a2..96cacfbf82 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/vnfsdk/refrepo:1.3.2 +image: onap/vnfsdk/refrepo:1.5.1 postgresRepository: crunchydata postgresImage: crunchy-postgres:centos7-10.3-1.8.2 pullPolicy: Always |