diff options
11 files changed, 55 insertions, 91 deletions
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml index 72c6a4bcce..ad8ca9fb2e 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml @@ -123,15 +123,11 @@ applicationConfig: cid: kpi-cid streams_subscribes: performance_management_topic: - aafUsername: ${AAF_IDENTITY} - aafPassword: ${AAF_PASSWORD} type: message-router dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS streams_publishes: kpi_topic: - aafUsername: ${AAF_IDENTITY} - aafPassword: ${AAF_PASSWORD} type: message-router dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.DCAE_KPI_OUTPUT diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml index 9261b8ebe0..869472e2d8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -147,27 +147,19 @@ applicationConfig: streams_publishes: CL_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT streams_subscribes: performance_management_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS intelligent_slicing_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.ML_RESPONSE_TOPIC dcae_cl_response_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/DCAE_CL_RSP diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 88ceac0e8d..5e487e27a9 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -186,33 +186,23 @@ applicationConfig: streams_publishes: CL_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT streams_subscribes: performance_management_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT fault_management_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.SEC_FAULT_OUTPUT nbr_list_change_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/PCI-NOTIF-TOPIC-NGHBR-LIST-CHANGE-INFO dcae_cl_response_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/DCAE_CL_RSP service_calls: diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml index c8ec225545..5781dabb85 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml @@ -28,7 +28,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/holmes/engine-management:10.0.2 +image: onap/holmes/engine-management:10.0.3 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 ################################################################# diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml index 94076194e0..fbe873b184 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml @@ -28,7 +28,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/holmes/rule-management:10.0.2 +image: onap/holmes/rule-management:10.0.3 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 ################################################################# diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml index 1b1bb387b9..61df057fdb 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml @@ -102,7 +102,7 @@ config: # application image flavor: small -image: onap/modeling/etsicatalog:1.0.13 +image: onap/modeling/etsicatalog:1.0.14 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf deleted file mode 100644 index 98417cd822..0000000000 --- a/kubernetes/policy/components/policy-gui/resources/config/default.conf +++ /dev/null @@ -1,32 +0,0 @@ -server { - - listen 2443 default ssl; - ssl_protocols TLSv1.2; - {{ if .Values.global.aafEnabled }} - ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; - ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; - {{ else }} - ssl_certificate /etc/ssl/clamp.pem; - ssl_certificate_key /etc/ssl/clamp.key; - {{ end }} - - ssl_verify_client optional_no_ca; - absolute_redirect off; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - try_files $uri $uri/ =404; - } - - location /clamp/restservices/clds/ { - proxy_pass https://policy-clamp-be:8443/restservices/clds/; - proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; - } - - location = /50x.html { - root /var/lib/nginx/html; - } - error_page 500 502 503 504 /50x.html; - error_log /var/log/nginx/error.log warn; -} diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml index b67fa273de..a155715580 100644 --- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -62,6 +62,20 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"] + env: +{{- else }} + command: ["/opt/app/policy/gui/bin/policy-gui.sh"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + - name: CLAMP_URL + value: https://policy-clamp-be:8443 ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -81,9 +95,6 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - - mountPath: /etc/nginx/conf.d/default.conf - name: {{ include "common.fullname" . }}-config - subPath: default.conf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -99,9 +110,6 @@ spec: - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} - items: - - key: default.conf - path: default.conf - name: logs emptyDir: {} {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index 6ee7715678..aa2b9d3122 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,36 +26,46 @@ global: # global defaults aafEnabled: true ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +################################################################# # AAF part ################################################################# certInitializer: - permission_user: 1000 - permission_group: 999 - addconfig: true - keystoreFile: "org.onap.clamp.p12" - truststoreFile: "org.onap.clamp.trust.jks" - keyFile: "org.onap.clamp.keyfile" - truststoreFileONAP: "truststoreONAPall.jks" - clamp_key: "clamp.key" - clamp_pem: "clamp.pem" - clamp_ca_certs_pem: "clamp-ca-certs.pem" nameOverride: policy-gui-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: "0.0" + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org cadi_latitude: "0.0" - app_ns: org.osaaf.aaf + cadi_longitude: "0.0" credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 aaf_add_config: > - cd {{ .Values.credsPath }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; - chmod a+rx *; + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); subChartsOnly: enabled: true @@ -63,7 +73,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-gui:2.2.0 +image: onap/policy-gui:2.2.2 pullPolicy: Always # flag to enable debugging - application support required @@ -71,7 +81,7 @@ debugEnabled: false # log configuration log: - path: /var/log/nginx/ + path: /var/log/onap/policy/gui ################################################################# # Application configuration defaults. diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index 6b18f47d66..828283ec76 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-workflow-backend:1.7.0 -configInitImage: onap/sdc-workflow-init:1.7.0 +image: onap/sdc-workflow-backend:1.11.1 +configInitImage: onap/sdc-workflow-init:1.11.1 pullPolicy: Always initJob: diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index c7e680a745..fd6f713655 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-workflow-frontend:1.7.0 +image: onap/sdc-workflow-frontend:1.11.1 pullPolicy: Always # flag to enable debugging - application support required |