diff options
| m--------- | kubernetes/aai | 0 | ||||
| -rw-r--r-- | kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json | 6 | ||||
| -rw-r--r-- | kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml | 1 | ||||
| -rw-r--r-- | kubernetes/dmaap/components/dmaap-bc/values.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/dmaap/values.yaml | 2 | ||||
| -rwxr-xr-x | kubernetes/robot/ete-k8s.sh | 67 | ||||
| -rwxr-xr-x | kubernetes/robot/eteHelm-k8s.sh | 8 | ||||
| -rw-r--r-- | kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml | 38 | ||||
| -rw-r--r-- | kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml | 6 | ||||
| -rw-r--r-- | kubernetes/sdc/charts/sdc-wfd-fe/values.yaml | 15 |
11 files changed, 103 insertions, 44 deletions
diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 1b28e45136d5096ef4c07f4142c76b45224b3cf +Subproject e67a94e6be333271c8237d6ebd5fb0f48940135 diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml index 0dc99193eb..6c5bb9a3bd 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml @@ -90,7 +90,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.15 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.16 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json index 74abbb0664..1db11ad476 100644 --- a/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json @@ -11,15 +11,15 @@ "interval": 600 }, "policy_engine": { - "url": "https://{{ .Values.config.address.policy_pdp }}.{{include "common.namespace" . }}:8081", - "path_decision": "/decision/v1", + "url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969", + "path_decision": "/policy/pdpx/v1/decision" "path_notifications": "/pdp/notifications", "path_api": "/pdp/api/", "headers": { "Accept": "application/json", "Content-Type": "application/json", "ClientAuth": "cHl0aG9uOnRlc3Q=", - "Authorization": "Basic dGVzdHBkcDphbHBoYTEyMw==", + "Authorization": "Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0", "Environment": "TEST" }, "target_entity": "policy_engine", diff --git a/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml index fa52f6f784..3b15c55118 100644 --- a/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml @@ -40,6 +40,7 @@ config: consul: host: consul-server port: 8500 + policy_xacml_pdp: policy-xacml-pdp ################################################################# # Application configuration defaults. diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 5406ade930..6b974141d0 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -30,7 +30,7 @@ pullPolicy: Always # application images repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-bc:1.1.4-STAGING-latest +image: onap/dmaap/dmaap-bc:1.1.5 # application configuration diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index 1c18bb2673..aa5165d443 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -22,7 +22,7 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - clientImage: onap/dmaap/dbc-client:1.0.8-STAGING-latest + clientImage: onap/dmaap/dbc-client:1.0.9 # application configuration config: logstashServiceName: log-ls diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh index a59e3b6a33..897628cda0 100755 --- a/kubernetes/robot/ete-k8s.sh +++ b/kubernetes/robot/ete-k8s.sh @@ -15,44 +15,44 @@ #!/bin/bash # -# Run the testsuite for the passed tag. Valid tags are ete, health, closedloop, instantiate +# Run the testsuite for the passed tag. Valid tags are listed in usage help # Please clean up logs when you are done... -# Note: Do not run multiple concurrent ete.sh as the --display is not parameterized and tests will collide +# Note: Do not run multiple concurrent ete-k8s.sh as the --display is not parameterized and tests will collide # if [ "$1" == "" ] || [ "$2" == "" ]; then - echo "Usage: ete-k8s.sh [namespace] [ health | healthdist | distribute | instantiate | instantiateVFWCL | instantiateDemoVFWCL | | portal ]" + echo "Usage: ete-k8s.sh [namespace] [tag]" + echo "" + echo " List of test case tags (filename for intent: tag)" + echo "" + echo " cds.robot: cds" + echo "" + echo " clamp.robot: clamp" + echo "" + echo " demo.robot: InitDemo, InitCustomer, APPCCDTPreloadDemo, APPCMountPointDemo, DistributeDemoVFWDT, DistributeVFWNG," + echo " InitDistribution, PreloadDemo, deleteVNF, heatbridge, instantiateDemoVFWCL, instantiateVFW, instantiateVFWCL, instantiateVFWDT" + echo "" + echo " health-check.robot: health, core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai, health-appc," + echo " health-clamp, health-cli, health-dcae, health-dmaap, health-log, health-modeling, health-msb," + echo " health-multicloud, health-oof, health-policy, health-pomba, health-portal, health-sdc, health-sdnc," + echo " health-so, health-uui, health-vfc, health-vid, health-vnfsdk, healthdist, healthlogin, healthmr," + echo " healthportalapp, multicloud, oom" + echo "" + echo " hvves.robot: HVVES, ete" + echo "" + echo " model-distribution-vcpe.robot: distributevCPEResCust" + echo "" + echo " model-distribution.robot: distribute, distributeVFWDT, distributeVLB" + echo "" + echo " oof-*.robot: cmso, has, homing" + echo "" + echo " pnf-registration.robot: ete, pnf_registrate" echo "" - echo " List of test case tags (filename for intent: tag) " - echo " " - echo " cds.robot: cds " - echo " " - echo " clamp.robot: clamp " - echo " " - echo " demo.robot: InitDemo, InitCustomer , APPCCDTPreloadDemo, APPCMountPointDemo, DistributeDemoVFWDT, DistributeVFWNG, " - echo " InitDistribution, PreloadDemo, deleteVNF, heatbridge, instantiateDemoVFWCL, instantiateVFW, instantiateVFWCL, instantiateVFWDT " - echo " " - echo " health-check.robot: health , core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai, health-appc, " - echo " health-clamp, health-cli, health-dcae, health-dmaap, health-log, health-modeling, health-msb, " - echo " health-multicloud, health-oof, health-policy, health-pomba, health-portal, health-sdc, health-sdnc, " - echo " health-so, health-uui, health-vfc, health-vid, health-vnfsdk, healthdist, healthlogin, healthmr, " - echo " healthportalapp, multicloud, oom " - echo " " - echo " hvves.robot: :HVVES, ete " - echo " " - echo " model-distribution-vcpe.robot: distributevCPEResCust " - echo " " - echo " model-distribution.robot: distribute, distributeVFWDT, distributeVLB " - echo " " - echo " oof-*.robot: cmso , has, homing " - echo " " - echo " pnf-registration.robot: ete, pnf_registrate " - echo " " echo " post-install-tests.robot dmaapacl, postinstall" - echo " " - echo " update_onap_page.robot: UpdateWebPage " - echo " " - echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso " - echo " " + echo "" + echo " update_onap_page.robot: UpdateWebPage" + echo "" + echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso" + echo "" echo " vnf-orchestration.robot: instantiate, instantiateNoDelete, stability72hr" exit fi @@ -63,7 +63,6 @@ export NAMESPACE="$1" POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot) - TAGS="-i $2" ETEHOME=/var/opt/ONAP diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh index 02b79f35d6..6fcf984c3f 100755 --- a/kubernetes/robot/eteHelm-k8s.sh +++ b/kubernetes/robot/eteHelm-k8s.sh @@ -15,13 +15,13 @@ #!/bin/bash # -# Run the testsuite for the passed tag. Valid tags are ete, health, closedloop, instantiate +# Run the health-check testsuites for the tags discovered by helm list # Please clean up logs when you are done... -# Note: Do not run multiple concurrent ete.sh as the --display is not parameterized and tests will collide +# Note: Do not run multiple concurrent eteHelm-k8s.sh as the --display is not parameterized and tests will collide # if [ "$1" == "" ] ; then - echo "Usage: eteHelm-k8s.sh namespace " - echo " list projects via helm list and runs health-check with those tags except dev and dev-consul " + echo "Usage: eteHelm-k8s.sh namespace" + echo " list projects via helm list and runs health-check with those tags except dev and dev-consul" exit fi diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml index c284f2dfd0..c1babf3063 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml @@ -70,7 +70,45 @@ spec: value: {{ .Values.config.javaOptions }} - name: BACKEND value: {{ .Values.config.backendServerURL }} + - name: IS_HTTPS + value: "{{ .Values.config.isHttpsEnabled}}" + {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + - name: KEYSTORE_PASS + {{- if .Values.global.security.keysFromCa }} + valueFrom: + secretKeyRef: + name: mft-sdc + key: keystore-password.txt + {{ else }} + value: {{ .Values.global.security.keyStorePass}} + {{- end }} + - name: TRUSTSTORE_PASS + {{- if .Values.global.security.keysFromCa }} + valueFrom: + secretKeyRef: + name: mft-catruststore + key: keystore-password.txt + {{ else }} + value: {{ .Values.global.security.trustStorePass}} + {{- end }} + - name: TRUSTSTORE_PATH + value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}" + - name: KEYSTORE_PATH + value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}" + - name: TRUSTSTORE_TYPE + value: {{ .Values.security.truststore.type }} + - name: KEYSTORE_TYPE + value: {{ .Values.security.keystore.type }} + {{ end }} volumeMounts: + {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + - name: {{ include "common.fullname" . }}-jetty-https-truststore + mountPath: /var/lib/jetty/{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }} + subPath: {{ .Values.security.truststoreFilename }} + - name: {{ include "common.fullname" . }}-jetty-https-keystore + mountPath: /var/lib/jetty/etc/{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }} + subPath: {{ .Values.security.keystoreFilename }} + {{ end }} - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml index 2990de3f1a..87ca3607d7 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml @@ -40,10 +40,16 @@ spec: - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName | default "http" }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 | default "https" }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName | default "http" }} + - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 | default "https" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index d0ff53718e..a217de5e4b 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -17,6 +17,7 @@ ################################################################# global: nodePortPrefix: 302 + nodePortPrefixExt: 304 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co @@ -36,6 +37,16 @@ debugEnabled: false config: javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7000,server=y,suspend=n -Xmx256m -Xms256m" backendServerURL: "http://sdc-wfd-be:8080" + isHttpsEnabled: false + +# https relevant settings. Change in case you have other trust files then default ones. +security: + isDefaultStore: true + truststoreType: "JKS" + keystoreType: "JKS" + truststoreFilename: "truststore" + keystoreFilename: "keystore" + storePath: "etc" # default number of instances replicaCount: 1 @@ -62,6 +73,10 @@ service: externalPort: 8080 portName: sdc-wfd-fe nodePort: "56" + portName2: sdc-wfd-fe2 + internalPort2: 8443 + externalPort2: 8443 + nodePort2: "31" ingress: enabled: false |