summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml8
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml10
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/values.yaml2
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/values.yaml2
-rw-r--r--kubernetes/modeling/components/modeling-etsicatalog/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/default.conf32
-rw-r--r--kubernetes/policy/components/policy-gui/templates/deployment.yaml22
-rw-r--r--kubernetes/policy/components/policy-gui/values.yaml58
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/values.yaml2
11 files changed, 55 insertions, 91 deletions
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
index 72c6a4bcce..ad8ca9fb2e 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
@@ -123,15 +123,11 @@ applicationConfig:
cid: kpi-cid
streams_subscribes:
performance_management_topic:
- aafUsername: ${AAF_IDENTITY}
- aafPassword: ${AAF_PASSWORD}
type: message-router
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
streams_publishes:
kpi_topic:
- aafUsername: ${AAF_IDENTITY}
- aafPassword: ${AAF_PASSWORD}
type: message-router
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_KPI_OUTPUT
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index 9261b8ebe0..869472e2d8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -147,27 +147,19 @@ applicationConfig:
streams_publishes:
CL_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT
streams_subscribes:
performance_management_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
intelligent_slicing_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.ML_RESPONSE_TOPIC
dcae_cl_response_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/DCAE_CL_RSP
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index 88ceac0e8d..5e487e27a9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
@@ -186,33 +186,23 @@ applicationConfig:
streams_publishes:
CL_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT
streams_subscribes:
performance_management_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT
fault_management_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.SEC_FAULT_OUTPUT
nbr_list_change_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/PCI-NOTIF-TOPIC-NGHBR-LIST-CHANGE-INFO
dcae_cl_response_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/DCAE_CL_RSP
service_calls:
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
index c8ec225545..5781dabb85 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
@@ -28,7 +28,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/engine-management:10.0.2
+image: onap/holmes/engine-management:10.0.3
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
index 94076194e0..fbe873b184 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
@@ -28,7 +28,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/rule-management:10.0.2
+image: onap/holmes/rule-management:10.0.3
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
index 1b1bb387b9..61df057fdb 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
@@ -102,7 +102,7 @@ config:
# application image
flavor: small
-image: onap/modeling/etsicatalog:1.0.13
+image: onap/modeling/etsicatalog:1.0.14
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf
deleted file mode 100644
index 98417cd822..0000000000
--- a/kubernetes/policy/components/policy-gui/resources/config/default.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-server {
-
- listen 2443 default ssl;
- ssl_protocols TLSv1.2;
- {{ if .Values.global.aafEnabled }}
- ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
- ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
- {{ else }}
- ssl_certificate /etc/ssl/clamp.pem;
- ssl_certificate_key /etc/ssl/clamp.key;
- {{ end }}
-
- ssl_verify_client optional_no_ca;
- absolute_redirect off;
-
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- try_files $uri $uri/ =404;
- }
-
- location /clamp/restservices/clds/ {
- proxy_pass https://policy-clamp-be:8443/restservices/clds/;
- proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
- }
-
- location = /50x.html {
- root /var/lib/nginx/html;
- }
- error_page 500 502 503 504 /50x.html;
- error_log /var/log/nginx/error.log warn;
-}
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
index b67fa273de..a155715580 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -62,6 +62,20 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+{{- else }}
+ command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ - name: CLAMP_URL
+ value: https://policy-clamp-be:8443
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -81,9 +95,6 @@ spec:
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
- - mountPath: /etc/nginx/conf.d/default.conf
- name: {{ include "common.fullname" . }}-config
- subPath: default.conf
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -99,9 +110,6 @@ spec:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- items:
- - key: default.conf
- path: default.conf
- name: logs
emptyDir: {}
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 6ee7715678..aa2b9d3122 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,36 +26,46 @@ global: # global defaults
aafEnabled: true
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+#################################################################
# AAF part
#################################################################
certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "clamp.key"
- clamp_pem: "clamp.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
nameOverride: policy-gui-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
+ cadi_longitude: "0.0"
credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
aaf_add_config: >
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
subChartsOnly:
enabled: true
@@ -63,7 +73,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/policy-gui:2.2.0
+image: onap/policy-gui:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -71,7 +81,7 @@ debugEnabled: false
# log configuration
log:
- path: /var/log/nginx/
+ path: /var/log/onap/policy/gui
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
index 6b18f47d66..828283ec76 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
@@ -59,8 +59,8 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-workflow-backend:1.7.0
-configInitImage: onap/sdc-workflow-init:1.7.0
+image: onap/sdc-workflow-backend:1.11.1
+configInitImage: onap/sdc-workflow-init:1.11.1
pullPolicy: Always
initJob:
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
index c7e680a745..fd6f713655 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
@@ -47,7 +47,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-workflow-frontend:1.7.0
+image: onap/sdc-workflow-frontend:1.11.1
pullPolicy: Always
# flag to enable debugging - application support required