diff options
96 files changed, 1041 insertions, 2091 deletions
diff --git a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json index 4a08322634..54b2b0e12b 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json +++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json @@ -44,8 +44,10 @@ "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT", "HELM" ], - "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}", - "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}", + {{- with (first .Values.kafkaUser.acls) }} + "consumerGroup": "{{ .name }}", + "consumerId": "{{ .name }}-k8s", + {{- end }} "environmentName": "AUTO", "keystorePath": "null", "keystorePassword": "null", diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml index 571360da1c..ed6b64c198 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml @@ -86,12 +86,11 @@ spec: - mountPath: /data name: artifact-data env: - - name: SECURITY_PROTOCOL - value: {{ .Values.config.kafka.securityProtocol }} - - name: SASL_MECHANISM - value: {{ .Values.config.kafka.saslMechanism }} - name: SASL_JAAS_CONFIG - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "multicloud-k8s-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }} + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml new file mode 100644 index 0000000000..324a068cf0 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2022-23 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.kafkauser" . }} diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml deleted file mode 100644 index 7600facb08..0000000000 --- a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{/* -# Copyright © 2022 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: kafka.strimzi.io/v1beta2 -kind: KafkaUser -metadata: - name: {{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }} - labels: - strimzi.io/cluster: {{ include "common.release" . }}-strimzi -spec: - authentication: - type: {{ .Values.config.kafka.saslMechanism | lower }} - authorization: - type: {{ .Values.config.kafka.authType }} - acls: - - resource: - type: group - name: {{ .Values.config.kafka.sdcTopic.consumerGroup }} - operation: All - - resource: - type: topic - patternType: prefix - name: {{ .Values.config.kafka.sdcTopic.pattern }} - operation: All diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index cae151ae58..aea6915883 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -19,19 +19,6 @@ global: nodePortPrefixExt: 304 persistence: {} artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 - multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: multicloud-k8s-sdc-kafka-secret - externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' - type: genericKV - envs: - - name: sasl.jaas.config - value: '{{ .Values.config.someConfig }}' - policy: generate ################################################################# # Application configuration defaults. @@ -40,16 +27,16 @@ secrets: image: onap/multicloud/k8s:0.10.1 pullPolicy: Always -config: - someConfig: blah - kafka: - securityProtocol: SASL_PLAINTEXT - saslMechanism: SCRAM-SHA-512 - authType: simple - sdcTopic: - pattern: SDC-DIST - consumerGroup: multicloud - clientId: multicloud-k8s +# Strimzi KafkaUser config +kafkaUser: + acls: + - name: multicloud + type: group + operations: [Read] + - name: SDC-DISTR + type: topic + patternType: prefix + operations: [Read, Write] # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index 21e6a61cf5..ee9efc9070 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -23,7 +23,6 @@ global: enabled: false persistence: {} centralizedLoggingEnabled: true - multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user ################################################################# # Application configuration defaults. @@ -40,8 +39,6 @@ multicloud-fcaps: logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' multicloud-k8s: enabled: true - config: - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}' multicloud-pike: enabled: true logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' diff --git a/kubernetes/so/Chart.yaml b/kubernetes/so/Chart.yaml index b9c54d47ef..3f1f871b7e 100755 --- a/kubernetes/so/Chart.yaml +++ b/kubernetes/so/Chart.yaml @@ -1,6 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,10 +25,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - condition: global.aafEnabled - name: readinessCheck version: ~12.x-0 repository: '@local' @@ -46,10 +42,6 @@ dependencies: version: ~12.x-0 repository: 'file://components/so-admin-cockpit' condition: so-admin-cockpit.enabled - - name: so-appc-orchestrator - version: ~12.x-0 - repository: 'file://components/so-appc-orchestrator' - condition: so-appc-orchestrator.enabled - name: so-bpmn-infra version: ~12.x-0 repository: 'file://components/so-bpmn-infra' @@ -61,6 +53,10 @@ dependencies: version: ~12.x-0 repository: "file://components/so-cnf-adapter" condition: so-cnf-adapter.enabled + - name: so-cnfm-lcm + version: ~12.x-0 + repository: 'file://components/so-cnfm-lcm' + condition: so-cnfm-lcm.enabled - name: so-etsi-nfvo-ns-lcm version: ~12.x-0 repository: 'file://components/so-etsi-nfvo-ns-lcm' diff --git a/kubernetes/so/components/so-admin-cockpit/Chart.yaml b/kubernetes/so/components/so-admin-cockpit/Chart.yaml index 89534e746c..31974724ae 100644 --- a/kubernetes/so/components/so-admin-cockpit/Chart.yaml +++ b/kubernetes/so/components/so-admin-cockpit/Chart.yaml @@ -33,9 +33,6 @@ dependencies: - name: repositoryGenerator version: ~12.x-0 repository: '@local' - - name: soHelpers - version: ~12.x-0 - repository: 'file://../soHelpers' - name: serviceAccount version: ~12.x-0 repository: '@local' diff --git a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml index dc9a4f2dad..7657415f98 100644 --- a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml @@ -3,21 +3,11 @@ server: forward-headers-strategy: none {{- end }} port: {{ index .Values.containerPort }} - {{- if .Values.global.aafEnabled }} - ssl: - keyStore: ${KEYSTORE} - keyStorePassword: ${KEYSTORE_PASSWORD} - trustStore: ${TRUSTSTORE} - trustStorePassword: ${TRUSTSTORE_PASSWORD} - {{- else }} ssl: enabled: false - {{- end }} tomcat: max-threads: 50 - {{- if not .Values.global.aafEnabled }} ssl-enable: false - {{- end }} camunda: rest: api: diff --git a/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml b/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml index da9efff02a..f5fa5ce6b3 100644 --- a/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml +++ b/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml @@ -21,18 +21,10 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ index .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} minReadySeconds: {{ index .Values.minReadySeconds }} strategy: type: {{ index .Values.updateStrategy.type }} @@ -40,12 +32,9 @@ spec: maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} maxSurge: {{ index .Values.updateStrategy.maxSurge }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + initContainers: - name: so-chown image: {{ include "repositoryGenerator.image.busybox" . }} volumeMounts: @@ -64,14 +53,6 @@ spec: - -c - | export SO_COCKPIT_PASSWORD=`htpasswd -bnBC 10 "" $SO_COCKPIT_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'` - {{- if .Values.global.aafEnabled }} - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0) - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export KEYSTORE=file://$cadi_keystore - export KEYSTORE_PASSWORD=$cadi_keystore_password_p12 - export TRUSTSTORE=file://$cadi_truststore - export TRUSTSTORE_PASSWORD=$cadi_truststore_password - {{- end }} /app/start-app.sh env: - name: DB_HOST @@ -95,7 +76,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -114,12 +95,9 @@ spec: successThreshold: {{ index .Values.livenessProbe.successThreshold}} failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} - ports: - - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - protocol: TCP + ports: {{ include "common.containerPorts" . | nindent 10 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-admin-cockpit/templates/ingress.yaml b/kubernetes/so/components/so-admin-cockpit/templates/ingress.yaml index 8f87c68f1e..65f46c48c1 100644 --- a/kubernetes/so/components/so-admin-cockpit/templates/ingress.yaml +++ b/kubernetes/so/components/so-admin-cockpit/templates/ingress.yaml @@ -1 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/so/components/so-admin-cockpit/templates/service.yaml b/kubernetes/so/components/so-admin-cockpit/templates/service.yaml index b23e5ab99e..03b8df3e10 100644 --- a/kubernetes/so/components/so-admin-cockpit/templates/service.yaml +++ b/kubernetes/so/components/so-admin-cockpit/templates/service.yaml @@ -19,32 +19,5 @@ # ============LICENSE_END========================================================= # @author: gareth.roper@ericsson.com */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - {{if .Values.global.aafEnabled -}} - type: {{ .Values.service.type }} - {{- else -}} - type: ClusterIP - {{- end }} - ports: - {{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + +{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-admin-cockpit/values.yaml b/kubernetes/so/components/so-admin-cockpit/values.yaml index 7e4a654acb..a825e16d49 100644 --- a/kubernetes/so/components/so-admin-cockpit/values.yaml +++ b/kubernetes/so/components/so-admin-cockpit/values.yaml @@ -27,17 +27,9 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 - aafAgentImage: onap/aaf/aaf_agent:2.1.20 envsubstImage: dibi/envsubst - aafEnabled: true persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: true - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= mariadbGalera: serviceName: mariadb-galera servicePort: '3306' @@ -93,12 +85,6 @@ app: so-admin-cockpit # soHelpers part ################################################################# soHelpers: - nameOverride: so-cockpit-cert-init - certInitializer: - nameOverride: so-cockpit-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.monitoringPerm containerPort: *containerPort server: @@ -108,54 +94,55 @@ server: # soMonitoringCredsExternalSecret: some secret service: -#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis... - type: NodePort - nodePort: 24 - internalPort: *containerPort - externalPort: *containerPort - portName: http + type: NodePort + ports: + - port: *containerPort + name: http + nodePort: 24 + updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 # Resource Limit flavor -By Default using small flavor: small #Segregation for different environment (Small or large) resources: - small: - requests: - memory: 1Gi - cpu: 10m - limits: - memory: 4Gi - cpu: 1 - large: - requests: - memory: 2Gi - cpu: 20m - limits: - memory: 8Gi - cpu: 2 + small: + requests: + memory: 1Gi + cpu: 10m + limits: + memory: 4Gi + cpu: 1 + large: + requests: + memory: 2Gi + cpu: 20m + limits: + memory: 8Gi + cpu: 2 + unlimited: {} readinessProbe: - port: 9091 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 10 + port: 9091 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 10 livenessProbe: - port: 9091 - initialDelaySeconds: 40 - periodSeconds: 10 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + port: 9091 + initialDelaySeconds: 40 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: - enabled: false - service: - - baseaddr: "so-admin-cockpit-ui" - name: "so-admin-cockpit" - port: 9091 - config: - ssl: "none" + enabled: false + service: + - baseaddr: "so-admin-cockpit-ui" + name: "so-admin-cockpit" + port: 9091 + config: + ssl: "none" nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml deleted file mode 100644 index 061d8f0847..0000000000 --- a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -# Copyright © 2020 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -server: - {{- if include "common.onServiceMesh" . }} - forward-headers-strategy: none - {{- end }} - port: {{ index .Values.containerPort }} - tomcat: - max-threads: 50 - ssl-enable: false -mso: - logPath: ./logs/soappcorch - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}} - msoKey: {{ .Values.global.app.msoKey }} - config: - {{ if .Values.global.security.aaf.enabled }} - cadi: {{ include "so.cadi.keys" . | nindent 8}} - {{- else }} - cadi: - aafId: {{ .Values.mso.basicUser }} - {{- end }} - workflow: - endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine - topics: - retryMultiplier: 1000 -appc: - client: - topic: - read: - name: {{ .Values.appc.client.topic.read.name }} - timeout: {{ .Values.appc.client.topic.read.timeout }} - write: {{ .Values.appc.client.topic.write }} - sdnc: - read: {{ .Values.appc.client.topic.sdnc.read }} - write: {{ .Values.appc.client.topic.sdnc.write }} - response: - timeout: {{ .Values.appc.client.response.timeout }} - key: {{ .Values.appc.client.key }} - secret: {{ .Values.appc.client.secret }} - service: ueb - poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904 -spring: - security: - usercredentials: - - - username: ${ACTUATOR_USERNAME} - password: ${ACTUATOR_PASSWORD} - role: ACTUATOR diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml deleted file mode 100644 index 232bd6aaa8..0000000000 --- a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{/* -# Copyright © 2020 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ index .Values.replicaCount }} - minReadySeconds: {{ index .Values.minReadySeconds }} - strategy: - type: {{ index .Values.updateStrategy.type }} - rollingUpdate: - maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} - maxSurge: {{ index .Values.updateStrategy.maxSurge }} - template: - metadata: - labels: {{- include "common.labels" . | nindent 8 }} - spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - name: {{ include "common.name" . }}-pass-encoder - command: - - sh - args: - {{/* bcrypt plain text and convert to OpenBSD variant using sed */}} - - -c - - htpasswd -bnBC 10 "" "${ACTUATOR_PASSWORD}" | tr -d ':\n' | sed 's/\$2y/\$2a/' 1>/tmp/app/encoded; - env: - - name: ACTUATOR_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }} - image: {{ include "repositoryGenerator.image.htpasswd" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: encoder - mountPath: /tmp/app - containers: - - name: {{ include "common.name" . }} - command: - - sh - args: - - -c - - | - export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)" - {{- if .Values.global.aafEnabled }} - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - {{- end }} - /app/start-app.sh - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - resources: {{ include "common.resources" . | nindent 10 }} - env: - - name: ACTUATOR_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }} - {{ include "so.certificates.env" . | indent 8 | trim }} - envFrom: - - configMapRef: - name: {{ include "common.fullname" . }}-configmap - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{- include "common.containerPorts" . | nindent 10 }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - - name: logs - mountPath: /app/logs - - name: encoder - mountPath: /tmp/app - - name: config - mountPath: /app/config - readOnly: true -{{ include "so.helpers.livenessProbe" .| indent 8 }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - - name: logs - emptyDir: {} - - name: encoder - emptyDir: - medium: Memory - - name: config - configMap: - name: {{ include "common.fullname" . }}-app-configmap - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index 77e553bd67..8e002e14a5 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -14,14 +14,10 @@ # limitations under the License. */}} aai: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} + auth: {{ .Values.aai.auth }} dme2: timeout: '30000' - {{ if (include "common.needTLS" .) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 - {{ else }} endpoint: http://aai.{{ include "common.namespace" . }}:80 - {{ end }} workflowAaiDistributionDelay: PT30S pnfEntryNotificationTimeout: P14D cds: @@ -65,8 +61,6 @@ mso: correlation: timeout: 60 logPath: logs - config: - cadi: {{ include "so.cadi.keys" . | nindent 8}} async: core-pool-size: 50 max-pool-size: 50 @@ -79,7 +73,7 @@ mso: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ .Values.mso.adapters.requestDb.auth }} db: auth: {{ .Values.mso.adapters.db.auth }} password: {{ .Values.mso.adapters.db.password }} @@ -131,7 +125,7 @@ mso: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ .Values.mso.adapters.requestDb.auth }} default: adapter: namespace: http://org.onap.mso @@ -165,11 +159,7 @@ mso: oof: auth: {{ .Values.mso.oof.auth }} callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage - {{ if (include "common.needTLS" .) }} - endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698 - {{ else }} endpoint: http://oof-osdf.{{ include "common.namespace" . }}:8698 - {{ end }} timeout: PT30M workflow: CreateGenericVNFV1: diff --git a/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml index 58ac6d9ab8..954f8e8b0f 100755 --- a/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml @@ -14,10 +14,6 @@ # limitations under the License. */}} apiVersion: v1 -data: - LOG_PATH: {{ index .Values.logPath }} - APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap @@ -27,6 +23,10 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: "basic" --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml index 8e0066bf6d..5937e39678 100755 --- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml @@ -15,18 +15,10 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ index .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} minReadySeconds: {{ index .Values.minReadySeconds }} strategy: type: {{ index .Values.updateStrategy.type }} @@ -34,30 +26,14 @@ spec: maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} maxSurge: {{ index .Values.updateStrategy.maxSurge }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - {{ include "so.certificate.container_importer" . | indent 6 | trim }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - /app/start-app.sh - {{- end }} env: - name: DB_HOST value: {{ include "common.mariadbService" . }} @@ -71,12 +47,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -85,14 +60,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: {{ .Values.log.path }} {{ include "so.helpers.livenessProbe" .| indent 8 }} - ports: - - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - protocol: TCP + ports: {{ include "common.containerPorts" . | nindent 10 }} # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-bpmn-infra/templates/service.yaml b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml index 5b8dee0774..739cb279c1 100755 --- a/kubernetes/so/components/so-bpmn-infra/templates/service.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml @@ -13,28 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index b120d0c23f..2fc9646c1d 100755 --- a/kubernetes/so/components/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -22,12 +22,6 @@ global: #This configuration specifies Service and port for SDNC OAM interface sdncOamService: sdnc-oam sdncOamPort: 8282 - security: - aaf: - enabled: false - aaf: - auth: - encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 mariadbGalera: serviceName: mariadb-galera servicePort: '3306' @@ -121,24 +115,18 @@ logPath: ./logs/bpmn/ app: so-bpmn-infra service: type: ClusterIP - internalPort: *containerPort - externalPort: 8081 - portName: http + ports: + - port: *containerPort + name: http updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 ################################################################# -# soHelper part +# soHelpers part ################################################################# soHelpers: - nameOverride: so-bpmn-cert-init - certInitializer: - nameOverride: so-bpmn-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.bpmnPerm containerPort: *containerPort # Resource Limit flavor -By Default using small diff --git a/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml index c82a0d29d4..d5a3aeff44 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml @@ -24,14 +24,12 @@ ssl-enable: false mso: logPath: logs site-name: onapheat - config: - cadi: {{ include "so.cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}} + auth: {{ .Values.mso.adapters.db.auth }} spring: datasource: hikari: diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml index 6331656fce..c334fd7699 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml @@ -17,7 +17,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: "basic" kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml index b05e87e1e6..887efd2cf2 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml @@ -15,18 +15,10 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ index .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} minReadySeconds: {{ index .Values.minReadySeconds }} strategy: type: {{ index .Values.updateStrategy.type }} @@ -34,30 +26,14 @@ spec: maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} maxSurge: {{ index .Values.updateStrategy.maxSurge }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - {{ include "so.certificate.container_importer" . | indent 6 | trim }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - /app/start-app.sh - {{- end }} env: - name: DB_HOST value: {{ include "common.mariadbService" . }} @@ -71,24 +47,20 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true {{ include "so.helpers.livenessProbe" .| indent 8 }} - ports: - - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - protocol: TCP + ports: {{ include "common.containerPorts" . | nindent 10 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml index 5b8dee0774..739cb279c1 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml @@ -13,28 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml index 060ac7f82f..83e23d0e84 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml @@ -19,12 +19,6 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= app: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 mariadbGalera: @@ -84,25 +78,19 @@ containerPort: &containerPort 8082 logPath: ./logs/catdb/ app: catalog-db-adapter service: - type: ClusterIP - internalPort: *containerPort - externalPort: *containerPort - portName: http + type: ClusterIP + ports: + - port: *containerPort + name: http updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 ################################################################# -# soHelper part +# soHelpers part ################################################################# soHelpers: - nameOverride: so-catalogdb-cert-init - certInitializer: - nameOverride: so-catalogdb-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.catalogDbAdapterPerm containerPort: *containerPort # Resource Limit flavor -By Default using small @@ -125,14 +113,14 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - port: 8082 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + port: 8082 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false config: @@ -154,4 +142,3 @@ serviceAccount: nameOverride: so-catalog-db-adapter roles: - read - diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml index d667cb5c60..a1a25be146 100755 --- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml @@ -15,12 +15,8 @@ */}} aai: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }} - {{ if (include "common.needTLS" .) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 - {{ else }} + auth: {{ .Values.server.aai.auth }} endpoint: http://aai.{{ include "common.namespace" . }}:80 - {{ end }} enabled: {{ .Values.global.aai.enabled }} logging: path: logs diff --git a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml index c5ebec0b15..786dd83f59 100755 --- a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml @@ -20,7 +20,7 @@ metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: "basic" --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml index 340571a59b..6ce459a95d 100755 --- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml @@ -30,7 +30,7 @@ spec: metadata: labels: {{- include "common.labels" . | nindent 8 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + initContainers: - name: {{ include "common.name" . }}-encrypter command: - sh @@ -59,33 +59,20 @@ spec: args: - -c - | - export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64) - export AAF_AUTH=$(echo "Basic ${AAF_BASE64}") export AAI_AUTH=$(cat /input/.aai_creds) - {{- if .Values.global.aafEnabled }} - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" - {{- end }} - {{- end }} ./start-app.sh resources: {{ include "common.resources" . | nindent 12 }} ports: {{- include "common.containerPorts" . | nindent 12 }} env: - - name: AAF_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }} - - name: AAF_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }} - name: ACTUATOR_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} - name: ACTUATOR_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} - {{ include "so.certificates.env" . | indent 12 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-env imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -105,7 +92,7 @@ spec: successThreshold: {{ index .Values.livenessProbe.successThreshold}} failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml index 6d7eec4a64..509925e17b 100755 --- a/kubernetes/so/components/so-cnf-adapter/values.yaml +++ b/kubernetes/so/components/so-cnf-adapter/values.yaml @@ -20,12 +20,6 @@ global: soCryptoImage: sdesbure/so_crypto:latest persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - header: ${AAF_AUTH} aai: enabled: true ################################################################# @@ -51,13 +45,6 @@ secrets: login: '{{ .Values.server.actuator.username }}' password: '{{ .Values.server.actuator.password }}' passwordPolicy: required - - uid: so-aaf-creds - name: '{{ include "common.release" . }}-so-cnf-aaf-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}' - login: '{{ .Values.server.aaf.username }}' - password: '{{ .Values.server.aaf.password }}' - passwordPolicy: required - uid: so-aai-creds name: '{{ include "common.release" . }}-so-cnf-aai-creds' type: basicAuth @@ -92,10 +79,6 @@ db: adminPassword: so_Admin123 # adminCredsExternalSecret: some secret server: - aaf: - username: so@so.onap.org - password: demo123456 - # aafCredsExternalSecret: some secret aai: username: aai@aai.onap.org password: demo123456! @@ -125,14 +108,13 @@ updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# soHelpers: - nameOverride: so-cnf-cert-init - certInitializer: - nameOverride: so-cnf-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.openStackAdapterPerm containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/components/so-appc-orchestrator/Chart.yaml b/kubernetes/so/components/so-cnfm-lcm/Chart.yaml index 51a80959d0..ad0a799f93 100644 --- a/kubernetes/so/components/so-appc-orchestrator/Chart.yaml +++ b/kubernetes/so/components/so-cnfm-lcm/Chart.yaml @@ -1,6 +1,4 @@ -# Copyright © 2020 AT&T USA -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,8 +13,8 @@ # limitations under the License. apiVersion: v2 -description: A Helm chart for so appc orchestrator -name: so-appc-orchestrator +name: so-cnfm-lcm +description: ONAP SO CNFM LCM version: 12.0.0 dependencies: diff --git a/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml new file mode 100644 index 0000000000..411b75f0a3 --- /dev/null +++ b/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml @@ -0,0 +1,53 @@ +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +aai: + auth: {{ .Values.aai.auth }} + version: v24 + endpoint: http://aai.{{ include "common.namespace" . }}:80 +spring: + datasource: + hikari: + camunda: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: bpmn-pool + registerMbeans: true + cnfm: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/cnfm + username: ${DB_ADMIN_USERNAME} + password: ${DB_ADMIN_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: cnfm-pool + registerMbeans: true +server: + port: {{ .Values.containerPort }} + tomcat: + max-threads: 50 +mso: + key: {{ .Values.mso.key }} +sdc: + username: {{ .Values.sdc.username }} + password: {{ .Values.sdc.password }} + key: {{ .Values.sdc.key }} + endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080 +camunda: + bpm: + history-level: full + job-execution: + max-pool-size: 30 + core-pool-size: 3 + deployment-aware: true diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml index 6abb1673d5..2d8cb1e5f5 100644 --- a/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml +++ b/kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml @@ -1,24 +1,20 @@ {{/* -# Copyright © 2020 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} + # Copyright © 2023 Nordix Foundation + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + */}} apiVersion: v1 -data: - LOG_PATH: {{ index .Values.logPath }} - APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap @@ -28,6 +24,10 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: "basic" --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml new file mode 100644 index 0000000000..42d5fcfdc0 --- /dev/null +++ b/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml @@ -0,0 +1,74 @@ +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + command: [ "./start-app.sh" ] + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: DB_HOST + value: {{ include "common.mariadbService" . }} + - name: DB_PORT + value: {{ include "common.mariadbPort" . | quote }} + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: {{ include "common.containerPorts" . | nindent 12 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml new file mode 100644 index 0000000000..30c7b6e674 --- /dev/null +++ b/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml index 34932b713d..e361015b5c 100644 --- a/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml +++ b/kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright © 2020 Samsung Electronics +# Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +11,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/service.yaml index 7f004cc050..72b8e4be89 100644 --- a/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml +++ b/kubernetes/so/components/so-cnfm-lcm/templates/service.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright © 2020 AT&T USA +# Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +11,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} {{ include "common.service" . }} diff --git a/kubernetes/so/components/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-cnfm-lcm/values.yaml index 724fcbd032..9cb7483819 100644 --- a/kubernetes/so/components/so-appc-orchestrator/values.yaml +++ b/kubernetes/so/components/so-cnfm-lcm/values.yaml @@ -1,5 +1,4 @@ -# Copyright © 2020 AT&T USA -# Copyright © 2020 Huawei +# Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,20 +11,17 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + ################################################################# # Global configuration defaults. ################################################################# - global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - app: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + ################################################################# # Secrets metaconfig ################################################################# @@ -42,24 +38,15 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: server-actuator-creds - name: '{{ include "common.release" . }}-so-appc-actuator-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' - login: '{{ .Values.server.actuator.username }}' - password: '{{ .Values.server.actuator.password }}' - passwordPolicy: required - -#secretsFilePaths: | -# - 'my file 1' -# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/so-appc-orchestrator:1.6.4 +image: onap/so/so-cnfm-as-lcm:1.12.0 pullPolicy: Always +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 db: userName: so_user userPassword: so_User123 @@ -67,42 +54,36 @@ db: adminName: so_admin adminPassword: so_Admin123 # adminCredsExternalSecret: some secret -server: - actuator: - username: mso_admin - password: password1$ +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 +sdc: + username: mso + password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + key: 566B754875657232314F5548556D3665 + replicaCount: 1 minReadySeconds: 10 -containerPort: &containerPort 8080 -logPath: ./logs/soappcorch -app: appc-orchestrator +containerPort: &containerPort 9888 +logPath: ./logs/so-cnfm-lcm/ +app: so-cnfm-lcm service: - name: so-appc-orchestrator type: ClusterIP ports: - - port: *containerPort - name: http + - name: http + port: *containerPort updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 -# Resource Limit flavor -By Default using small -flavor: small - ################################################################# -# soHelper part +# soHelpers part ################################################################# - soHelpers: - nameOverride: so-appc-cert-init - certInitializer: - nameOverride: so-appc-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.openStackAdapterPerm containerPort: *containerPort +# Resource Limit flavor -By Default using small +flavor: small # Segregation for Different environment (Small and Large) resources: small: @@ -120,47 +101,33 @@ resources: memory: 2Gi cpu: 1000m unlimited: {} + livenessProbe: - path: /manage/health - port: 8083 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + port: *containerPort + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + ingress: enabled: false -nodeSelector: {} -tolerations: [] -affinity: {} + service: + - baseaddr: 'so-cnfm-lcm-api' + name: 'so-cnfms-lcm' + port: *containerPort + config: + ssl: 'redirect' -auth: - rest: - encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 +nodeSelector: {} -mso: - auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 - basicUser: poBpmn +tolerations: [] -appc: - client: - topic: - read: - name: APPC-LCM-WRITE - timeout: 360000 - write: APPC-LCM-READ - sdnc: - read: SDNC-LCM-WRITE - write: SDNC-LCM-READ - response: - timeout: 3600000 - key: VIlbtVl6YLhNUrtU - secret: 64AG2hF4pYeG2pq7CT6XwUOT - service: ueb +affinity: {} #Pods Service Account serviceAccount: - nameOverride: so-appc-orchestrator + nameOverride: so-cnfm-lcm roles: - read + diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml index cc668fbd70..40f97ad69f 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -15,13 +15,9 @@ */}} aai: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + auth: {{ .Values.aai.auth }} version: v19 - {{ if (include "common.needTLS" .) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 - {{ else }} endpoint: http://aai.{{ include "common.namespace" . }}:80 - {{ end }} spring: datasource: hikari: @@ -61,16 +57,7 @@ so: etsi-catalog-manager: base: {{- if .Values.global.msbEnabled }} - {{ if (include "common.needTLS" .) }} - endpoint: https://msb-iag:443/api - http: - client: - ssl: - trust-store: file:${TRUSTSTORE} - trust-store-password: ${TRUSTSTORE_PASSWORD} - {{ else }} endpoint: http://msb-iag:80/api - {{ end }} {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api {{- end }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml index add9a02cf6..6bf005c051 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml @@ -27,7 +27,7 @@ metadata: data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: "basic" --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml index 6465af4e4a..e2925f6b61 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -29,7 +29,6 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} containers: - name: {{ include "common.name" . }} command: @@ -38,12 +37,6 @@ spec: - -c - | export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` - {{- if .Values.global.aafEnabled }} - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - {{- end }} ./start-app.sh image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} @@ -64,12 +57,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }} - {{ include "so.certificates.env" . | indent 12 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -84,7 +76,7 @@ spec: failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} ports: {{ include "common.containerPorts" . | nindent 12 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml index 6aaa367310..8790877492 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml @@ -19,12 +19,6 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= mariadbGalera: serviceName: mariadb-galera servicePort: '3306' @@ -85,7 +79,6 @@ logPath: ./logs/so-etsi-nfvo-ns-lcm/ app: so-etsi-nfvo-ns-lcm service: type: ClusterIP - name: so-etsi-nfvo-ns-lcm annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' msb.onap.org/service-info: | @@ -111,12 +104,6 @@ updateStrategy: # soHelpers part ################################################################# soHelpers: - nameOverride: so-nfvo-cert-init - certInitializer: - nameOverride: so-nfvo-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.nfvoAdapterPerm containerPort: *containerPort # Resource Limit flavor -By Default using small diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml index e6a3d7c8ac..04d973a6fc 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml @@ -14,13 +14,9 @@ # limitations under the License. */}} aai: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + auth: {{ .Values.aai.auth }} version: v15 - {{ if (include "common.needTLS" .) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 - {{ else }} endpoint: http://aai.{{ include "common.namespace" . }}:80 - {{ end }} spring: security: usercredentials: @@ -41,34 +37,19 @@ mso: key: {{ .Values.mso.key }} site-name: localSite logPath: ./logs/etsi-sol003-adapter - config: - cadi: {{ include "so.cadi.keys" . | nindent 8}} msb-ip: msb-iag msb-port: 80 sdc: - username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}} - password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}} + username: {{ .Values.sdc.username }} + password: {{ .Values.sdc.password }} key: {{ .Values.sdc.key }} - {{ if (include "common.needTLS" .) }} - endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 - {{ else }} endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080 - {{ end }} vnfmadapter: endpoint: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092 etsi-catalog-manager: vnfpkgm: {{- if .Values.global.msbEnabled }} - {{ if (include "common.needTLS" .) }} - endpoint: https://msb-iag:443/api/vnfpkgm/v1 - http: - client: - ssl: - trust-store: file:${TRUSTSTORE} - trust-store-password: ${TRUSTSTORE_PASSWORD} - {{ else }} endpoint: http://msb-iag:80/api - {{ end }} {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1 {{- end }} diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/configmap.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/configmap.yaml index 6331656fce..c334fd7699 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/configmap.yaml @@ -17,7 +17,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: "basic" kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml index 5d6100446e..785416517a 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml @@ -15,18 +15,10 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} minReadySeconds: {{ .Values.minReadySeconds }} strategy: type: {{ .Values.updateStrategy.type }} @@ -34,34 +26,17 @@ spec: maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} maxSurge: {{ .Values.updateStrategy.maxSurge }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12" - /app/start-app.sh - {{- end }} - env: - {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -74,12 +49,9 @@ spec: periodSeconds: {{ .Values.livenessProbe.periodSeconds}} successThreshold: {{ .Values.livenessProbe.successThreshold}} failureThreshold: {{ .Values.livenessProbe.failureThreshold}} - ports: - - containerPort: {{ .Values.containerPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - protocol: TCP + ports: {{ include "common.containerPorts" . | nindent 10 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/ingress.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/ingress.yaml index 8f87c68f1e..f298193924 100644 --- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/ingress.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/ingress.yaml @@ -1 +1,17 @@ +{{/* +# Copyright © 2019 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml index 96a2acd3a6..3da38759a8 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml @@ -13,39 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "{{ include "common.servicename" . }}", - "version": "v1", - "url": "/so/vnfm-adapter/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml index 170cfdd0d7..98edcebb29 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml @@ -50,26 +50,34 @@ containerPort: &containerPort 9092 logPath: ./logs/etsi-sol003-adapter/ app: etsi-sol003-adapter service: - type: NodePort - internalPort: *containerPort - externalPort: *containerPort - nodePort: "06" - portName: http + type: NodePort + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' + msb.onap.org/service-info: | + {{ if .Values.global.msbEnabled -}}[ + { + "serviceName": "{{ include "common.servicename" . }}", + "version": "v1", + "url": "/so/vnfm-adapter/v1", + "protocol": "REST", + "port": "{{.Values.containerPort}}", + "visualRange":"1" + } + ]{{ end }} + ports: + - name: http + port: *containerPort + nodePort: "06" + updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 ################################################################# # soHelpers part ################################################################# soHelpers: - nameOverride: so-etsi-sol003-cert-init - certInitializer: - nameOverride: so-etsi-sol003-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.vnfmAdapterPerm containerPort: *containerPort # Resource Limit flavor -By Default using small @@ -92,18 +100,18 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - port: 9092 - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + port: 9092 + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false service: - - baseaddr: "so-etsi-sol003-adapter-api" - name: "so-etsi-sol003-adapter" - port: 9092 + - baseaddr: "so-etsi-sol003-adapter-api" + name: "so-etsi-sol003-adapter" + port: 9092 config: ssl: "redirect" nodeSelector: {} diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml index 189a02bf73..c4d28c4ce9 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml @@ -42,18 +42,12 @@ server: mso: site-name: localSite logPath: ./logs/etsi-sol005-adapter - config: - cadi: {{ include "so.cadi.keys" . | nindent 8}} msb-ip: msb-iag msb-port: 80 adapters: requestDb: - {{ if (include "common.needTLS" .) }} - endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - {{ else }} endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - {{ end }} - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ .Values.mso.adapters.requestDb.auth }} #Actuator management: security: diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml index 6331656fce..c334fd7699 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml @@ -17,7 +17,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: "basic" kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml index 6dab82f5c4..3e63b45408 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml @@ -15,18 +15,10 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} minReadySeconds: {{ .Values.minReadySeconds }} strategy: type: {{ .Values.updateStrategy.type }} @@ -34,30 +26,14 @@ spec: maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} maxSurge: {{ .Values.updateStrategy.maxSurge }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - {{ include "so.certificate.container_importer" . | indent 6 | trim }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - /app/start-app.sh - {{- end }} env: - name: DB_HOST value: {{ include "common.mariadbService" . }} @@ -71,12 +47,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -92,12 +67,9 @@ spec: timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds}} successThreshold: {{ .Values.livenessProbe.successThreshold}} failureThreshold: {{ .Values.livenessProbe.failureThreshold}} - ports: - - containerPort: {{ .Values.containerPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - protocol: TCP + ports: {{ include "common.containerPorts" . | nindent 10 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml index 5b8dee0774..21a6a77e27 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml @@ -13,28 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + +{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml index b20f318658..c571029de7 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml @@ -19,12 +19,6 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= mariadbGalera: serviceName: mariadb-galera servicePort: '3306' @@ -80,26 +74,19 @@ containerPort: &containerPort 8084 logPath: ./logs/etsi-sol005-adapter/ app: etsi-sol005-adapter service: - type: ClusterIP - internalPort: *containerPort - externalPort: *containerPort - portName: http + type: ClusterIP + ports: + - port: *containerPort + name: http updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 - + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 ################################################################# # soHelpers part ################################################################# soHelpers: - nameOverride: so-etsi-sol005-cert-init - certInitializer: - nameOverride: so-etsi-sol005-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.vfcAdapterPerm containerPort: *containerPort # Resource Limit flavor -By Default using small @@ -122,14 +109,14 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - port: 8084 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + port: 8084 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} diff --git a/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml index 016b3f534f..633ac7dcc1 100755 --- a/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml @@ -14,12 +14,8 @@ # limitations under the License. */}} aai: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} - {{ if (include "common.needTLS" .) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 - {{ else }} + auth: {{ .Values.aai.auth }} endpoint: http://aai.{{ include "common.namespace" . }}:80 - {{ end }} logging: path: logs spring: @@ -58,12 +54,8 @@ mso: msb-port: 80 adapters: requestDb: - {{ if (include "common.needTLS" .) }} - endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - {{ else }} endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - {{ end }} - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ .Values.mso.adapters.requestDb.auth }} #Actuator management: endpoints: diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml index 03a3df4163..35baef1759 100755 --- a/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml @@ -19,7 +19,7 @@ metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: "basic" --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml index f41352e63f..32a9eff67d 100755 --- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml @@ -26,11 +26,9 @@ spec: maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} maxSurge: {{ index .Values.updateStrategy.maxSurge }} template: - metadata: - labels: {{- include "common.labels" . | nindent 8 }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - {{ include "so.certificate.container_importer" . | indent 6 | trim }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} @@ -41,12 +39,6 @@ spec: - | export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` - {{- if .Values.global.aafEnabled }} - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - {{- end }} ./start-app.sh image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} @@ -72,12 +64,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} - name: ACTUATOR_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} - {{ include "so.certificates.env" . | nindent 12 }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-env imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -94,7 +85,7 @@ spec: successThreshold: {{ index .Values.livenessProbe.successThreshold}} failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml index 29f9f4e24d..ecf9b04dc9 100755 --- a/kubernetes/so/components/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -19,12 +19,6 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= mariadbGalera: serviceName: mariadb-galera servicePort: '3306' @@ -110,17 +104,14 @@ service: - name: http port: *containerPort updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +################################################################# +# soHelpers part +################################################################# soHelpers: - nameOverride: so-nssmf-cert-init - certInitializer: - nameOverride: so-nssmf-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.nssmfAdapterPerm containerPort: *containerPort # Resource Limit flavor -By Default using small @@ -143,14 +134,14 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - port: 8088 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + port: 8088 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} diff --git a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml index 2d645bebf2..c58ba9196f 100755 --- a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml @@ -39,17 +39,13 @@ mso: msb-port: 80 msoKey: ${MSO_KEY} camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081 - camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}} + camundaAuth: {{ .Values.mso.camundaAuth }} workflow: message: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage oof: auth: ${OOF_LOGIN}:${OOF_PASSWORD} - {{ if (include "common.needTLS" .) }} - endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698 - {{ else }} endpoint: http://oof-osdf.{{ include "common.namespace" . }}:8698 - {{ end }} #Actuator management: endpoints: diff --git a/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml index da5fda9c42..62ad76709f 100755 --- a/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml @@ -26,7 +26,7 @@ metadata: data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: "basic" --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml index e1a77c02bb..100371b9c1 100755 --- a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml @@ -26,10 +26,8 @@ spec: maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} maxSurge: {{ index .Values.updateStrategy.maxSurge }} template: - metadata: - labels: {{- include "common.labels" . | nindent 8 }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -53,12 +51,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }} - name: OOF_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }} - {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -67,11 +64,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap {{ include "so.helpers.livenessProbe" .| indent 8 }} - ports: {{- include "common.containerPorts" . | nindent 12 }} + ports: {{- include "common.containerPorts" . | nindent 10 }} # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml index 530c35afdd..c8a12690d0 100755 --- a/kubernetes/so/components/so-oof-adapter/values.yaml +++ b/kubernetes/so/components/so-oof-adapter/values.yaml @@ -20,12 +20,6 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= mariadbGalera: serviceName: mariadb-galera servicePort: '3306' @@ -87,23 +81,19 @@ containerPort: *containerPort logPath: ./logs/oof-adapter/ app: so-oof-adapter service: - type: ClusterIP - ports: - - name: http - port: *containerPort + type: ClusterIP + ports: + - name: http + port: *containerPort updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 - + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +################################################################# +# soHelpers part +################################################################# soHelpers: - nameOverride: so-oof-adapter-cert-init - certInitializer: - nameOverride: so-oof-adapter-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.oofadapterPerm containerPort: *containerPort # Resource Limit flavor -By Default using small @@ -126,14 +116,14 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - port: *containerPort - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + port: *containerPort + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} diff --git a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml index 7dc22c3536..55d9ca2b1d 100755 --- a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml @@ -14,12 +14,8 @@ # limitations under the License. */}} aai: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} - {{ if (include "common.needTLS" .) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 - {{ else }} + auth: {{ .Values.aai.auth }} endpoint: http://aai.{{ include "common.namespace" . }}:80 - {{ end }} server: {{- if include "common.onServiceMesh" . }} forward-headers-strategy: none @@ -72,7 +68,7 @@ org: {{- end }} default_keystone_reg_ex: "/[vV][0-9]" vnf: - bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} + bpelauth: {{ .Values.org.onap.so.adapters.bpelauth }} checkRequiredParameters: true addGetFilesOnVolumeReq: false sockettimeout: 30 @@ -83,7 +79,7 @@ org: valet_enabled: false fail_requests_on_valet_failure: false network: - bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} + bpelauth: {{ .Values.org.onap.so.adapters.bpelauth }} sockettimeout: 5 connecttimeout: 5 retrycount: 5 @@ -117,8 +113,8 @@ mso: adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} + auth: {{ .Values.mso.db.auth }} + auth: {{ .Values.mso.auth }} logPath: ./logs/openstack msb-ip: msb-iag msb-port: 80 @@ -127,18 +123,14 @@ mso: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine msoKey: {{ .Values.mso.msoKey }} config: - {{ if eq .Values.global.security.aaf.enabled true }} - cadi: {{ include "so.cadi.keys" . | nindent 8}} - {{- else }} cadi: aafId: {{ .Values.mso.basicUser }} - {{- end }} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} + auth: {{ .Values.mso.db.auth }} site-name: localDevEnv async: core-pool-size: 50 diff --git a/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml index 050aab9732..eeab0f72cd 100755 --- a/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml @@ -17,7 +17,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: "basic" kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml index dd6d1f0098..c2db839bd7 100755 --- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml @@ -15,17 +15,9 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ index .Values.replicaCount }} minReadySeconds: {{ index .Values.minReadySeconds }} strategy: @@ -34,30 +26,14 @@ spec: maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} maxSurge: {{ index .Values.updateStrategy.maxSurge }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - {{ include "so.certificate.container_importer" . | indent 6 | trim }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - /app/start-app.sh - {{- end }} env: - name: DB_HOST value: {{ include "common.mariadbService" . }} @@ -71,12 +47,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -85,14 +60,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap {{ include "so.helpers.livenessProbe" .| indent 8 }} - ports: - - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - protocol: TCP + ports: {{- include "common.containerPorts" . | nindent 10 }} # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-openstack-adapter/templates/service.yaml b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml index 5b8dee0774..495f828bfb 100755 --- a/kubernetes/so/components/so-openstack-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml @@ -13,28 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml index e25f4b3498..205bc9a342 100755 --- a/kubernetes/so/components/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -19,12 +19,6 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 mariadbGalera: serviceName: mariadb-galera servicePort: '3306' @@ -71,9 +65,6 @@ db: aai: auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 -aaf: - auth: - encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F org: onap: so: @@ -92,25 +83,19 @@ containerPort: &containerPort 8087 logPath: ./logs/openstack/ app: openstack-adapter service: - type: ClusterIP - internalPort: *containerPort - externalPort: *containerPort - portName: http + type: ClusterIP + ports: + - name: http + port: *containerPort updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 ################################################################# -# soHelper part +# soHelpers part ################################################################# soHelpers: - nameOverride: so-openstack-cert-init - certInitializer: - nameOverride: so-openstack-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.openStackAdapterPerm containerPort: *containerPort # Resource Limit flavor -By Default using small @@ -133,14 +118,14 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - port: 8087 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + port: 8087 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false config: diff --git a/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml index 86e02d638a..7ea77493d7 100755 --- a/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml @@ -25,11 +25,9 @@ ssl-enable: false mso: logPath: logs site-name: localSite - config: - cadi: {{- include "so.cadi.keys" . | nindent 8}} adapters: requestDb: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ .Values.mso.adapters.requestDb.auth }} endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 spring: datasource: diff --git a/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml index 6331656fce..3be605edf2 100755 --- a/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml @@ -14,10 +14,6 @@ # limitations under the License. */}} apiVersion: v1 -data: - LOG_PATH: {{ index .Values.logPath }} - APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap @@ -27,6 +23,10 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: "basic" --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml index b05e87e1e6..f6678a416d 100755 --- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml @@ -15,17 +15,9 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ index .Values.replicaCount }} minReadySeconds: {{ index .Values.minReadySeconds }} strategy: @@ -34,30 +26,14 @@ spec: maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} maxSurge: {{ index .Values.updateStrategy.maxSurge }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - {{ include "so.certificate.container_importer" . | indent 6 | trim }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - /app/start-app.sh - {{- end }} env: - name: DB_HOST value: {{ include "common.mariadbService" . }} @@ -71,28 +47,24 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true {{ include "so.helpers.livenessProbe" .| indent 8 }} - ports: - - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - protocol: TCP + ports: {{- include "common.containerPorts" . | nindent 10 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config configMap: - name: {{ include "common.fullname" . }}-app-configmap + name: {{ include "common.fullname" . }}-app-configmap imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-request-db-adapter/templates/service.yaml b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml index 5b8dee0774..495f828bfb 100755 --- a/kubernetes/so/components/so-request-db-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml @@ -13,28 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml index 6d24563dcf..5e49316a36 100755 --- a/kubernetes/so/components/so-request-db-adapter/values.yaml +++ b/kubernetes/so/components/so-request-db-adapter/values.yaml @@ -19,12 +19,6 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= mariadbGalera: serviceName: mariadb-galera servicePort: '3306' @@ -80,25 +74,19 @@ containerPort: &containerPort 8083 logPath: ./logs/reqdb/ app: request-db-adapter service: - type: ClusterIP - internalPort: *containerPort - externalPort: *containerPort - portName: http + type: ClusterIP + ports: + - name: http + port: *containerPort updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 ################################################################# # soHelpers part ################################################################# soHelpers: - nameOverride: so-requestdb-cert-init - certInitializer: - nameOverride: so-requestdb-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.requestDbAdapterPerm containerPort: *containerPort # Resource Limit flavor -By Default using small @@ -121,14 +109,14 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - port: 8083 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + port: 8083 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} diff --git a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml index 50cf231a20..0630497bdb 100755 --- a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml @@ -51,42 +51,32 @@ request: mso: msoKey: {{ index .Values.mso.msoKey }} logPath: ./logs/sdc - config: - cadi: {{ include "so.cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} + auth: {{ .Values.mso.requestDb.auth }} site-name: onapheat camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} + auth: {{ .Values.mso.requestDb.auth }} aai: - {{ if (include "common.needTLS" .) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 - {{ else }} endpoint: http://aai.{{ include "common.namespace" . }}:80 - {{ end }} asdc-connections: asdc-controller1: user: mso consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }} consumerId: {{ .Values.config.kafka.sdcTopic.clientId }} environmentName: AUTO - {{ if (include "common.needTLS" .) }} - sdcAddress: sdc-be.{{ include "common.namespace" . }}:8443 - {{ else }} sdcAddress: sdc-be.{{ include "common.namespace" . }}:8080 - {{ end }} password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }} pollingInterval: 60 pollingTimeout: 60 relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL - useHttpsWithSdc: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + useHttpsWithSdc: false activateServerTLSAuth: false keyStorePassword: keyStorePath: diff --git a/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml index 050aab9732..cb40c08f77 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml @@ -14,10 +14,6 @@ # limitations under the License. */}} apiVersion: v1 -data: - LOG_PATH: {{ index .Values.logPath }} - APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap @@ -27,6 +23,10 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: "basic" --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index 6ee0b25cbd..4becf41897 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -15,17 +15,9 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ index .Values.replicaCount }} minReadySeconds: {{ index .Values.minReadySeconds }} strategy: @@ -34,30 +26,14 @@ spec: maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} maxSurge: {{ index .Values.updateStrategy.maxSurge }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - {{ include "so.certificate.container_importer" . | indent 6 | trim }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - /app/start-app.sh - {{- end }} env: - name: DB_HOST value: {{ include "common.mariadbService" . }} @@ -77,12 +53,11 @@ spec: value: {{ .Values.config.kafka.saslMechanism }} - name: SASL_JAAS_CONFIG {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }} - {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -91,14 +66,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap {{ include "so.helpers.livenessProbe" .| indent 8 }} - ports: - - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - protocol: TCP + ports: {{- include "common.containerPorts" . | nindent 10 }} # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-sdc-controller/templates/service.yaml b/kubernetes/so/components/so-sdc-controller/templates/service.yaml index 5b8dee0774..495f828bfb 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/service.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/service.yaml @@ -13,28 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index 63a641c359..dbde74808b 100755 --- a/kubernetes/so/components/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -19,12 +19,6 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= mariadbGalera: serviceName: mariadb-galera servicePort: '3306' @@ -106,25 +100,19 @@ containerPort: &containerPort 8085 logPath: ./logs/sdc/ app: sdc-controller service: - type: ClusterIP - internalPort: *containerPort - externalPort: *containerPort - portName: http + type: ClusterIP + ports: + - name: http + port: *containerPort updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 ################################################################# # soHelpers part ################################################################# soHelpers: - nameOverride: so-sdc-cert-init - certInitializer: - nameOverride: so-sdc-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.sdcControllerPerm containerPort: *containerPort # Resource Limit flavor -By Default using small @@ -147,14 +135,14 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - port: 8085 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + port: 8085 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} diff --git a/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml index 119236b1b2..55dc11526d 100755 --- a/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -20,20 +20,21 @@ server: port: {{ index .Values.containerPort }} mso: msoKey: ${MSO_KEY} - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "${AAF_AUTH}" "value2" "${MSO_AUTH}" )}} + auth: ${MSO_AUTH} async: core-pool-size: 50 max-pool-size: 50 queue-capacity: 500 logPath: ./logs/sdnc config: - cadi: {{ include "so.cadi.keys" . | nindent 14}} + cadi: + aafId: so@so.onap.org catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ .Values.mso.adapters.requestDb.auth }} site-name: onapheat #needs to be confirmed TODO workflow: @@ -112,7 +113,7 @@ org: changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf - bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}} + bpelauth: {{ .Values.org.onap.so.adapters.sdnc.bpelauth }} bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService opticalservice: optical-service-create: @@ -157,7 +158,7 @@ org: myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify rest: bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage - sdncauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} + sdncauth: {{ .Values.org.onap.so.adapters.sdnc.sdncauth }} sdncconnecttime: 5000 sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:' sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:' diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml index 050aab9732..eeab0f72cd 100755 --- a/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml @@ -17,7 +17,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: "basic" kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml index 1b94083d5e..141b5ab1c9 100755 --- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml @@ -15,17 +15,9 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ index .Values.replicaCount }} minReadySeconds: {{ index .Values.minReadySeconds }} strategy: @@ -34,28 +26,12 @@ spec: maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} maxSurge: {{ index .Values.updateStrategy.maxSurge }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - /app/start-app.sh - {{- end }} env: - name: DB_HOST value: {{ include "common.mariadbService" . }} @@ -73,14 +49,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-mso-key" "key" "password") | indent 10 }} - name: MSO_AUTH {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-mso-auth" "key" "password") | indent 10 }} - - name: AAF_AUTH - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-aaf-auth" "key" "password") | indent 10 }} - {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -89,14 +62,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap {{ include "so.helpers.livenessProbe" .| indent 8 }} - ports: - - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - protocol: TCP + ports: {{- include "common.containerPorts" . | nindent 10 }} # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml index 5b8dee0774..495f828bfb 100755 --- a/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml @@ -13,28 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml index 1562a37ddd..60c1f9b285 100755 --- a/kubernetes/so/components/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -22,14 +22,6 @@ global: #This configuration specifies Service and port for SDNC OAM interface sdncOamService: sdnc-oam sdncOamPort: 8282 - security: - aaf: - enabled: false - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= - encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 - #encryptedSecret: some secret mariadbGalera: serviceName: mariadb-galera servicePort: '3306' @@ -55,11 +47,6 @@ secrets: type: password externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}' password: '{{ .Values.mso.msoKey }}' - - uid: sdnc-adapter-aaf-auth - name: '{{ include "common.release" . }}-so-sdnc-aaf-auth' - type: password - externalSecret: '{{ tpl (default "" .Values.global.aaf.auth.encryptedSecret) . }}' - password: '{{ .Values.global.aaf.auth.encrypted }}' - uid: sdnc-adapter-mso-auth name: '{{ include "common.release" . }}-so-sdnc-mso-auth' type: password @@ -107,26 +94,19 @@ containerPort: &containerPort 8086 logPath: ./logs/sdnc/ app: sdnc-adapter service: - type: ClusterIP - internalPort: *containerPort - externalPort: *containerPort - portName: http + type: ClusterIP + ports: + - name: http + port: *containerPort updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 - + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 ################################################################# # soHelpers part ################################################################# soHelpers: - nameOverride: so-sdnc-cert-init - certInitializer: - nameOverride: so-sdnc-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.sdncAdapterPerm containerPort: *containerPort # Resource Limit flavor -By Default using small @@ -149,14 +129,14 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - port: 8086 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + port: 8086 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml index 1b4294af2f..387303b4fb 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml @@ -32,9 +32,6 @@ dependencies: - name: repositoryGenerator version: ~12.x-0 repository: '@local' - - name: soHelpers - version: ~12.x-0 - repository: 'file://../soHelpers' - name: serviceAccount version: ~12.x-0 repository: '@local' diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml index 1a96abf9cb..606ceb4fcc 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -21,18 +21,10 @@ server: port: {{ include "common.getPort" (dict "global" . "name" "http") }} vevnfmadapter: - {{ if (include "common.needTLS" .) }} - endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 - {{ else }} - endpoint: http://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 - {{ end }} + endpoint: http://msb-iag:80/api/{{ include "common.servicename" . }}/v1 aai: - {{ if (include "common.needTLS" .) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 - {{ else }} endpoint: http://aai.{{ include "common.namespace" . }}:80 - {{ end }} dmaap: endpoint: http://message-router.{{ include "common.namespace" . }}:3904 diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml index 9a6b79c440..e322b60e48 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml @@ -24,7 +24,7 @@ spec: metadata: labels: {{- include "common.labels" . | nindent 8 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + initContainers: {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} @@ -34,7 +34,7 @@ spec: image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -47,9 +47,9 @@ spec: periodSeconds: {{ .Values.livenessProbe.periodSeconds}} successThreshold: {{ .Values.livenessProbe.successThreshold}} failureThreshold: {{ .Values.livenessProbe.failureThreshold}} - ports: {{- include "common.containerPorts" . | nindent 10 }} + ports: {{- include "common.containerPorts" . | nindent 12 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml index 8e8236cfb4..08911aae76 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml @@ -48,15 +48,6 @@ service: - name: http port: 9098 -################################################################# -# soHelpers part -################################################################# -soHelpers: - nameOverride: so-vevnfm-cert-init - certInitializer: - nameOverride: so-vevnfm-cert-init - credsPath: /opt/app/osaaf/local - flavor: small resources: small: diff --git a/kubernetes/so/components/soHelpers/Chart.yaml b/kubernetes/so/components/soHelpers/Chart.yaml index bf300e3f3b..caada54b79 100755 --- a/kubernetes/so/components/soHelpers/Chart.yaml +++ b/kubernetes/so/components/soHelpers/Chart.yaml @@ -25,6 +25,3 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl deleted file mode 100644 index 7e04706d4a..0000000000 --- a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{- define "so.cadi.keys" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} -cadiLoglevel: {{ $initRoot.cadi.logLevel }} -cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.certInitializer.fqi_namespace }}.keyfile -cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/truststoreONAPall.jks -cadiTruststorePassword: ${TRUSTSTORE_PASSWORD} -cadiLatitude: {{ $initRoot.cadi.latitude }} -cadiLongitude: {{ $initRoot.cadi.longitude }} -aafEnv: {{ $initRoot.cadi.aafEnv }} -aafApiVersion: {{ $initRoot.cadi.aafApiVersion }} -aafRootNs: {{ $initRoot.cadi.aafRootNs }} -aafId: {{ $initRoot.cadi.aafId }} -aafPassword: {{ $initRoot.cadi.aafPassword }} -aafLocateUrl: {{ $initRoot.cadi.aafLocateUrl }} -aafUrl: {{ $initRoot.cadi.aafUrl }} -apiEnforcement: {{ $initRoot.cadi.apiEnforcement }} -{{- if ($initRoot.cadi.noAuthn) }} -noAuthn: {{ $initRoot.cadi.noAuthn }} -{{- end }} -{{- end }} diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl deleted file mode 100644 index cda61b2cfa..0000000000 --- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl +++ /dev/null @@ -1,34 +0,0 @@ -{{- define "so.certificate.container_importer" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} -{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} -{{ include "common.certInitializer.initContainer" $subchartDot }} -{{- end -}} - -{{- define "so.certificate.volumes" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} -{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} -{{ include "common.certInitializer.volumes" $subchartDot }} -{{- end -}} - -{{- define "so.certificate.volumeMount" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} -{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} -{{ include "common.certInitializer.volumeMount" $subchartDot }} -{{- end -}} - -{{- define "so.certificates.env" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} -{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} -{{- if $dot.Values.global.aafEnabled }} -- name: TRUSTSTORE - value: {{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks -{{- if $dot.Values.global.security.aaf.enabled }} -- name: KEYSTORE - value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.certInitializer.fqi_namespace }}.p12 -{{- end }} -{{- end }} -{{- end -}} diff --git a/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl index cde94742c6..e596b806ed 100644 --- a/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl +++ b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl @@ -7,11 +7,6 @@ livenessProbe: path: {{ $subchartDot.Values.livenessProbe.path }} port: {{ $subchartDot.Values.containerPort }} scheme: {{ $subchartDot.Values.livenessProbe.scheme }} - {{- if $subchartDot.Values.global.security.aaf.enabled }} - httpHeaders: - - name: Authorization - value: {{ $subchartDot.Values.global.aaf.auth.header }} - {{- end }} initialDelaySeconds: {{ $subchartDot.Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ $subchartDot.Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ $subchartDot.Values.livenessProbe.timeoutSeconds }} diff --git a/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl deleted file mode 100644 index 56910ebebd..0000000000 --- a/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "so.helpers.profileProperty" -}} - {{ if .condition }}{{ .value1 }}{{ else }}{{ .value2 }}{{ end }} -{{- end -}} diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml index 2417d2553c..ec3fef2d81 100755 --- a/kubernetes/so/components/soHelpers/values.yaml +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -16,39 +16,11 @@ # Global configuration defaults. ################################################################# global: - aafAgentImage: onap/aaf/aaf_agent:2.1.20 msbEnabled: true - security: - aaf: - enabled: false app: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 ################################################################# -# AAF part -################################################################# -certInitializer: - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: so - fqi: so@so.onap.org - public_fqdn: so.onap.org - fqi_namespace: org.onap.so - cadi_longitude: '0.0' - cadi_latitude: '0.0' - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop - echo "TRUSTSTORE_PASSWORD={{ .Values.truststorePassword }}" >> {{ .Values.credsPath }}/mycreds.prop - -aafConfig: - permission_user: 1000 - permission_group: 999 - -################################################################# # Application configuration defaults. ################################################################# @@ -60,17 +32,3 @@ livenessProbe: timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 - -cadi: - logLevel: DEBUG - latitude: 38.4329 - longitude: -90.43248 - aafEnv: IST - aafApiVersion: 2.1 - aafRootNs: org.onap.so - aafLocateUrl: https://aaf-locate.onap:8095 - aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1 - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.apihPerm - noAuthn: /manage/health diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index 48b75c72e9..47fc6d3d5d 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -1,10 +1,6 @@ aai: - {{ if (include "common.needTLS" .) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 - {{ else }} endpoint: http://aai.{{ include "common.namespace" . }}:80 - {{ end }} - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} + auth: {{ .Values.mso.aai.auth }} server: port: {{ index .Values.containerPort }} tomcat: @@ -17,16 +13,15 @@ mso: adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ .Values.mso.adapters.requestDb.auth }} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ .Values.mso.adapters.requestDb.auth }} config: path: /src/main/resources/ - cadi: {{ include "so.cadi.keys" . | nindent 10}} infra: default: alacarte: @@ -38,33 +33,25 @@ mso: default: testApi: GR_API camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ - camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}} + camundaAuth: {{ .Values.mso.camundaAuth }} async: core-pool-size: 50 max-pool-size: 50 queue-capacity: 500 sdc: client: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}} + auth: {{ .Values.mso.sdc.client.auth }} activate: instanceid: test userid: cs0008 - {{ if (include "common.needTLS" .) }} - endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 - {{ else }} endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080 - {{ end }} tenant: isolation: retry: count: 3 aai: - {{ if (include "common.needTLS" .) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 - {{ else }} endpoint: http://aai.{{ include "common.namespace" . }}:80 - {{ end }} - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} + auth: {{ .Values.mso.aai.auth }} extApi: endpoint: http://nbi.onap:8080/nbi/api/v3 @@ -74,11 +61,11 @@ mso: username: testuser password: VjR5NDcxSzA= host: http://dmaap-bc.{{ include "common.namespace" . }}:8080 - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}} + auth: {{ .Values.mso.so.operationalEnv.dmaap.auth }} publisher: topic: com.att.ecomp.mso.operationalEnvironmentEvent health: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}} + auth: {{ .Values.mso.health.auth }} endpoints: - subsystem: apih uri: http://so-bpmn-infra:8081 diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml index c55bf573f1..052a985387 100755 --- a/kubernetes/so/templates/configmap.yaml +++ b/kubernetes/so/templates/configmap.yaml @@ -14,10 +14,6 @@ # limitations under the License. */}} apiVersion: v1 -data: - LOG_PATH: {{ index .Values.logPath }} - APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap @@ -27,6 +23,10 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: "basic" --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 56faa934ae..3110802fa0 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -15,18 +15,10 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ index .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} minReadySeconds: {{ index .Values.minReadySeconds }} strategy: type: {{ index .Values.updateStrategy.type }} @@ -34,30 +26,14 @@ spec: maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} maxSurge: {{ index .Values.updateStrategy.maxSurge }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - {{ include "so.certificate.container_importer" . | indent 6 | trim }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 10 }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" - {{- end }} - /app/start-app.sh - {{- end }} env: - name: DB_HOST value: {{ include "common.mariadbService" . }} @@ -71,12 +47,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -85,19 +60,16 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: {{ .Values.log.path }} {{ include "so.helpers.livenessProbe" .| indent 8 }} - ports: - - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - protocol: TCP + ports: {{ include "common.containerPorts" . | nindent 10 }} # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config configMap: - name: {{ include "common.fullname" . }}-app-configmap + name: {{ include "common.fullname" . }}-app-configmap - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log diff --git a/kubernetes/so/templates/ingress.yaml b/kubernetes/so/templates/ingress.yaml index 8f87c68f1e..9bef773eda 100644 --- a/kubernetes/so/templates/ingress.yaml +++ b/kubernetes/so/templates/ingress.yaml @@ -1 +1,17 @@ +{{/* +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/so/templates/service.yaml b/kubernetes/so/templates/service.yaml index 5a83d566ac..21a6a77e27 100755 --- a/kubernetes/so/templates/service.yaml +++ b/kubernetes/so/templates/service.yaml @@ -13,391 +13,5 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/activate", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/deactivate", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}/{requestId}/unlock", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}/unlock", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/activate", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/deactivate", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][7]}/serviceInstances/assign", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/unassign", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/enablePort", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/disablePort", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/activate", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/deactivate", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/addRelationships", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/removeRelationships", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/replace", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/applyUpdatedConfig", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/replace", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/inPlaceSoftwareUpdate", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/deactivateAndCloudDelete", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/scaleOut", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - }, - { - "serviceName": "so", - "version": "v1", - "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}", - "protocol": "REST", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0", - "lb_policy":"ip_hash" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + +{{ include "common.service" . }} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 32e6e4776d..014cbadbab 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2018 AT&T USA # Copyright © 2020 Huawei # Copyright © 2021 Orange +# Modifications Copyright © 2023 Nordix Foundation # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -18,7 +19,6 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - aafAgentImage: onap/aaf/aaf_agent:2.1.20 centralizedLoggingEnabled: true mariadbGalera: nameOverride: mariadb-galera @@ -46,22 +46,11 @@ global: dbPassword: secretpassword # dbCredsExternalSecret: some secret msbEnabled: true - security: - aaf: - enabled: false - aaf: - auth: - header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= - encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 app: siteName: onapheat auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 defaultCloudOwner: onap - certificates: - path: /etc/ssl/certs - share_path: /usr/local/share/ca-certificates/ - soSdcListenerKafkaUser: so-sdc-list-user readinessCheck: @@ -131,13 +120,6 @@ secrets: login: '{{ .Values.server.bpel.username }}' password: '{{ .Values.server.bpel.password }}' passwordPolicy: required - - uid: so-aaf-creds - name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}' - login: '{{ .Values.server.aaf.username }}' - password: '{{ .Values.server.aaf.password }}' - passwordPolicy: required - uid: so-aai-creds name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds' type: basicAuth @@ -146,32 +128,7 @@ secrets: password: '{{ .Values.server.aai.password }}' passwordPolicy: required -aafConfig: - permission_user: 1000 - permission_group: 999 - -aaf: - trustore: org.onap.so.trust.jks - -################################################################# -# AAF part for Ingress -################################################################# -certInitializer: - nameOverride: so-tls-cert - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: so - fqi: so@so.onap.org - public_fqdn: so.onap.org - fqi_namespace: org.onap.so - cadi_longitude: '0.0' - cadi_latitude: '0.0' - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - ingressTlsSecret: '{{ include "common.release" . }}-so-ingress-certs' - -################################################################# +################################################################## # Application configuration defaults. ################################################################# @@ -187,10 +144,6 @@ dbCreds: image: onap/so/api-handler-infra:1.11.0 server: - aaf: - username: so@so.onap.org - password: demo123456 - # aafCredsExternalSecret: some secret aai: username: aai@aai.onap.org password: demo123456! @@ -212,30 +165,390 @@ logPath: ./logs/apih/ app: api-handler-infra service: type: NodePort - nodePort: 77 internalPort: *containerPort - externalPort: *containerPort - portName: http + ports: + - name: http + port: *containerPort + nodePort: '77' + annotations: + msb.onap.org/service-info: | + {{ if .Values.global.msbEnabled -}}[ + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/activate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/deactivate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}/{requestId}/unlock", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}/unlock", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/activate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/deactivate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][7]}/serviceInstances/assign", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/unassign", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/enablePort", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/disablePort", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/activate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/deactivate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/addRelationships", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/removeRelationships", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/replace", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/applyUpdatedConfig", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/replace", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/inPlaceSoftwareUpdate", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/deactivateAndCloudDelete", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/scaleOut", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + }, + { + "serviceName": "so", + "version": "v1", + "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}", + "protocol": "REST", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0", + "lb_policy":"ip_hash" + } + ]{{ end }} + updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 -################################################################# +################################################################ # soHelpers part ################################################################# soHelpers: - nameOverride: so-apih-cert-init - certInitializer: - nameOverride: so-apih-cert-init - credsPath: /opt/app/osaaf/local containerPort: *containerPort # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) -persistence: - certificatesPath: /certificates resources: small: limits: @@ -285,9 +598,6 @@ ingress: - baseaddr: 'so-api' name: 'so' port: 8080 - config: - tls: - secret: '{{ include "common.release" . }}-so-ingress-certs' mso: adapters: @@ -310,13 +620,6 @@ mso: health: auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ= -so-appc-orchestrator: - enabled: false - server: - actuatorCredsExternalSecret: *actuator-secrets - db: - <<: *dbSecrets - so-bpmn-infra: db: <<: *dbSecrets @@ -332,12 +635,16 @@ so-cnf-adapter: db: <<: *dbSecrets server: - aafCredsExternalSecret: *aaf-secrets aaiCredsExternalSecret: *aai-secrets actuatorCredsExternalSecret: *actuator-secrets mso: msoKeySecret: *mso-key +so-cnfm-lcm: + enabled: true + db: + <<: *dbSecrets + so-etsi-nfvo-ns-lcm: enabled: true db: |