summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json6
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml9
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml16
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml36
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/values.yaml33
-rw-r--r--kubernetes/multicloud/values.yaml3
-rwxr-xr-xkubernetes/so/Chart.yaml14
-rw-r--r--kubernetes/so/components/so-admin-cockpit/Chart.yaml3
-rw-r--r--kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml10
-rw-r--r--kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml38
-rw-r--r--kubernetes/so/components/so-admin-cockpit/templates/ingress.yaml16
-rw-r--r--kubernetes/so/components/so-admin-cockpit/templates/service.yaml31
-rw-r--r--kubernetes/so/components/so-admin-cockpit/values.yaml95
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml62
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml95
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml16
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/templates/configmap.yaml8
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/templates/deployment.yaml42
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/templates/service.yaml27
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/values.yaml20
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml4
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml2
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml42
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/templates/service.yaml27
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/values.yaml45
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml6
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/configmap.yaml2
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/deployment.yaml19
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/values.yaml28
-rw-r--r--kubernetes/so/components/so-cnfm-lcm/Chart.yaml (renamed from kubernetes/so/components/so-appc-orchestrator/Chart.yaml)8
-rw-r--r--kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml53
-rw-r--r--kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml (renamed from kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml)36
-rw-r--r--kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml74
-rw-r--r--kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml15
-rw-r--r--kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml (renamed from kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml)4
-rw-r--r--kubernetes/so/components/so-cnfm-lcm/templates/service.yaml (renamed from kubernetes/so/components/so-appc-orchestrator/templates/service.yaml)4
-rw-r--r--kubernetes/so/components/so-cnfm-lcm/values.yaml (renamed from kubernetes/so/components/so-appc-orchestrator/values.yaml)119
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml15
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml2
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml12
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml13
-rwxr-xr-xkubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml25
-rwxr-xr-xkubernetes/so/components/so-etsi-sol003-adapter/templates/configmap.yaml2
-rwxr-xr-xkubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml42
-rw-r--r--kubernetes/so/components/so-etsi-sol003-adapter/templates/ingress.yaml16
-rwxr-xr-xkubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml38
-rwxr-xr-xkubernetes/so/components/so-etsi-sol003-adapter/values.yaml54
-rwxr-xr-xkubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml8
-rwxr-xr-xkubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml2
-rwxr-xr-xkubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml42
-rwxr-xr-xkubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml27
-rwxr-xr-xkubernetes/so/components/so-etsi-sol005-adapter/values.yaml43
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml12
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml2
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml15
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/values.yaml37
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml6
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/templates/configmap.yaml2
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/templates/deployment.yaml11
-rwxr-xr-xkubernetes/so/components/so-oof-adapter/values.yaml46
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml20
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/templates/configmap.yaml2
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/templates/deployment.yaml40
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/templates/service.yaml26
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/values.yaml47
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml4
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/templates/configmap.yaml8
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/templates/deployment.yaml42
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/templates/service.yaml26
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/values.yaml42
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml16
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/templates/configmap.yaml8
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/templates/deployment.yaml40
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/templates/service.yaml26
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/values.yaml42
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml11
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml2
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml42
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/templates/service.yaml26
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/values.yaml50
-rwxr-xr-xkubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml3
-rwxr-xr-xkubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml10
-rwxr-xr-xkubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml8
-rwxr-xr-xkubernetes/so/components/so-ve-vnfm-adapter/values.yaml9
-rwxr-xr-xkubernetes/so/components/soHelpers/Chart.yaml3
-rw-r--r--kubernetes/so/components/soHelpers/templates/_cadiValues.tpl21
-rw-r--r--kubernetes/so/components/soHelpers/templates/_certificates.tpl34
-rw-r--r--kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl5
-rw-r--r--kubernetes/so/components/soHelpers/templates/_profileProperty.tpl3
-rwxr-xr-xkubernetes/so/components/soHelpers/values.yaml42
-rwxr-xr-xkubernetes/so/resources/config/overrides/override.yaml29
-rwxr-xr-xkubernetes/so/templates/configmap.yaml8
-rwxr-xr-xkubernetes/so/templates/deployment.yaml44
-rw-r--r--kubernetes/so/templates/ingress.yaml16
-rwxr-xr-xkubernetes/so/templates/service.yaml390
-rwxr-xr-xkubernetes/so/values.yaml447
96 files changed, 1041 insertions, 2091 deletions
diff --git a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
index 4a08322634..54b2b0e12b 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
+++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
@@ -44,8 +44,10 @@
"CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT",
"HELM"
],
- "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}",
- "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}",
+ {{- with (first .Values.kafkaUser.acls) }}
+ "consumerGroup": "{{ .name }}",
+ "consumerId": "{{ .name }}-k8s",
+ {{- end }}
"environmentName": "AUTO",
"keystorePath": "null",
"keystorePassword": "null",
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
index 571360da1c..ed6b64c198 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
@@ -86,12 +86,11 @@ spec:
- mountPath: /data
name: artifact-data
env:
- - name: SECURITY_PROTOCOL
- value: {{ .Values.config.kafka.securityProtocol }}
- - name: SASL_MECHANISM
- value: {{ .Values.config.kafka.saslMechanism }}
- name: SASL_JAAS_CONFIG
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "multicloud-k8s-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml
new file mode 100644
index 0000000000..324a068cf0
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2022-23 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml
deleted file mode 100644
index 7600facb08..0000000000
--- a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: {{ .Values.config.kafka.saslMechanism | lower }}
- authorization:
- type: {{ .Values.config.kafka.authType }}
- acls:
- - resource:
- type: group
- name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
- operation: All
- - resource:
- type: topic
- patternType: prefix
- name: {{ .Values.config.kafka.sdcTopic.pattern }}
- operation: All
diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
index cae151ae58..aea6915883 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
@@ -19,19 +19,6 @@ global:
nodePortPrefixExt: 304
persistence: {}
artifactImage: onap/multicloud/framework-artifactbroker:1.9.0
- multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: multicloud-k8s-sdc-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
#################################################################
# Application configuration defaults.
@@ -40,16 +27,16 @@ secrets:
image: onap/multicloud/k8s:0.10.1
pullPolicy: Always
-config:
- someConfig: blah
- kafka:
- securityProtocol: SASL_PLAINTEXT
- saslMechanism: SCRAM-SHA-512
- authType: simple
- sdcTopic:
- pattern: SDC-DIST
- consumerGroup: multicloud
- clientId: multicloud-k8s
+# Strimzi KafkaUser config
+kafkaUser:
+ acls:
+ - name: multicloud
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml
index 21e6a61cf5..ee9efc9070 100644
--- a/kubernetes/multicloud/values.yaml
+++ b/kubernetes/multicloud/values.yaml
@@ -23,7 +23,6 @@ global:
enabled: false
persistence: {}
centralizedLoggingEnabled: true
- multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user
#################################################################
# Application configuration defaults.
@@ -40,8 +39,6 @@ multicloud-fcaps:
logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
multicloud-k8s:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}'
multicloud-pike:
enabled: true
logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
diff --git a/kubernetes/so/Chart.yaml b/kubernetes/so/Chart.yaml
index b9c54d47ef..3f1f871b7e 100755
--- a/kubernetes/so/Chart.yaml
+++ b/kubernetes/so/Chart.yaml
@@ -1,6 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,10 +25,6 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- condition: global.aafEnabled
- name: readinessCheck
version: ~12.x-0
repository: '@local'
@@ -46,10 +42,6 @@ dependencies:
version: ~12.x-0
repository: 'file://components/so-admin-cockpit'
condition: so-admin-cockpit.enabled
- - name: so-appc-orchestrator
- version: ~12.x-0
- repository: 'file://components/so-appc-orchestrator'
- condition: so-appc-orchestrator.enabled
- name: so-bpmn-infra
version: ~12.x-0
repository: 'file://components/so-bpmn-infra'
@@ -61,6 +53,10 @@ dependencies:
version: ~12.x-0
repository: "file://components/so-cnf-adapter"
condition: so-cnf-adapter.enabled
+ - name: so-cnfm-lcm
+ version: ~12.x-0
+ repository: 'file://components/so-cnfm-lcm'
+ condition: so-cnfm-lcm.enabled
- name: so-etsi-nfvo-ns-lcm
version: ~12.x-0
repository: 'file://components/so-etsi-nfvo-ns-lcm'
diff --git a/kubernetes/so/components/so-admin-cockpit/Chart.yaml b/kubernetes/so/components/so-admin-cockpit/Chart.yaml
index 89534e746c..31974724ae 100644
--- a/kubernetes/so/components/so-admin-cockpit/Chart.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/Chart.yaml
@@ -33,9 +33,6 @@ dependencies:
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: soHelpers
- version: ~12.x-0
- repository: 'file://../soHelpers'
- name: serviceAccount
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml
index dc9a4f2dad..7657415f98 100644
--- a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml
@@ -3,21 +3,11 @@ server:
forward-headers-strategy: none
{{- end }}
port: {{ index .Values.containerPort }}
- {{- if .Values.global.aafEnabled }}
- ssl:
- keyStore: ${KEYSTORE}
- keyStorePassword: ${KEYSTORE_PASSWORD}
- trustStore: ${TRUSTSTORE}
- trustStorePassword: ${TRUSTSTORE_PASSWORD}
- {{- else }}
ssl:
enabled: false
- {{- end }}
tomcat:
max-threads: 50
- {{- if not .Values.global.aafEnabled }}
ssl-enable: false
- {{- end }}
camunda:
rest:
api:
diff --git a/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml b/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml
index da9efff02a..f5fa5ce6b3 100644
--- a/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml
@@ -21,18 +21,10 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
type: {{ index .Values.updateStrategy.type }}
@@ -40,12 +32,9 @@ spec:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ initContainers:
- name: so-chown
image: {{ include "repositoryGenerator.image.busybox" . }}
volumeMounts:
@@ -64,14 +53,6 @@ spec:
- -c
- |
export SO_COCKPIT_PASSWORD=`htpasswd -bnBC 10 "" $SO_COCKPIT_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
- {{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export KEYSTORE=file://$cadi_keystore
- export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
- export TRUSTSTORE=file://$cadi_truststore
- export TRUSTSTORE_PASSWORD=$cadi_truststore_password
- {{- end }}
/app/start-app.sh
env:
- name: DB_HOST
@@ -95,7 +76,7 @@ spec:
- configMapRef:
name: {{ include "common.fullname" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -114,12 +95,9 @@ spec:
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-admin-cockpit/templates/ingress.yaml b/kubernetes/so/components/so-admin-cockpit/templates/ingress.yaml
index 8f87c68f1e..65f46c48c1 100644
--- a/kubernetes/so/components/so-admin-cockpit/templates/ingress.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/templates/ingress.yaml
@@ -1 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/so/components/so-admin-cockpit/templates/service.yaml b/kubernetes/so/components/so-admin-cockpit/templates/service.yaml
index b23e5ab99e..03b8df3e10 100644
--- a/kubernetes/so/components/so-admin-cockpit/templates/service.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/templates/service.yaml
@@ -19,32 +19,5 @@
# ============LICENSE_END=========================================================
# @author: gareth.roper@ericsson.com
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- {{if .Values.global.aafEnabled -}}
- type: {{ .Values.service.type }}
- {{- else -}}
- type: ClusterIP
- {{- end }}
- ports:
- {{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/so/components/so-admin-cockpit/values.yaml b/kubernetes/so/components/so-admin-cockpit/values.yaml
index 7e4a654acb..a825e16d49 100644
--- a/kubernetes/so/components/so-admin-cockpit/values.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/values.yaml
@@ -27,17 +27,9 @@ global:
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
- aafAgentImage: onap/aaf/aaf_agent:2.1.20
envsubstImage: dibi/envsubst
- aafEnabled: true
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: true
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
@@ -93,12 +85,6 @@ app: so-admin-cockpit
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-cockpit-cert-init
- certInitializer:
- nameOverride: so-cockpit-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.monitoringPerm
containerPort: *containerPort
server:
@@ -108,54 +94,55 @@ server:
# soMonitoringCredsExternalSecret: some secret
service:
-#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
- type: NodePort
- nodePort: 24
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: NodePort
+ ports:
+ - port: *containerPort
+ name: http
+ nodePort: 24
+
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
# Resource Limit flavor -By Default using small
flavor: small
#Segregation for different environment (Small or large)
resources:
- small:
- requests:
- memory: 1Gi
- cpu: 10m
- limits:
- memory: 4Gi
- cpu: 1
- large:
- requests:
- memory: 2Gi
- cpu: 20m
- limits:
- memory: 8Gi
- cpu: 2
+ small:
+ requests:
+ memory: 1Gi
+ cpu: 10m
+ limits:
+ memory: 4Gi
+ cpu: 1
+ large:
+ requests:
+ memory: 2Gi
+ cpu: 20m
+ limits:
+ memory: 8Gi
+ cpu: 2
+ unlimited: {}
readinessProbe:
- port: 9091
- initialDelaySeconds: 20
- periodSeconds: 10
- timeoutSeconds: 10
+ port: 9091
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ timeoutSeconds: 10
livenessProbe:
- port: 9091
- initialDelaySeconds: 40
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ port: 9091
+ initialDelaySeconds: 40
+ periodSeconds: 10
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
- enabled: false
- service:
- - baseaddr: "so-admin-cockpit-ui"
- name: "so-admin-cockpit"
- port: 9091
- config:
- ssl: "none"
+ enabled: false
+ service:
+ - baseaddr: "so-admin-cockpit-ui"
+ name: "so-admin-cockpit"
+ port: 9091
+ config:
+ ssl: "none"
nodeSelector: {}
tolerations: []
affinity: {}
diff --git a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml
deleted file mode 100644
index 061d8f0847..0000000000
--- a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml
+++ /dev/null
@@ -1,62 +0,0 @@
-{{/*
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-server:
- {{- if include "common.onServiceMesh" . }}
- forward-headers-strategy: none
- {{- end }}
- port: {{ index .Values.containerPort }}
- tomcat:
- max-threads: 50
- ssl-enable: false
-mso:
- logPath: ./logs/soappcorch
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
- msoKey: {{ .Values.global.app.msoKey }}
- config:
- {{ if .Values.global.security.aaf.enabled }}
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
- {{- else }}
- cadi:
- aafId: {{ .Values.mso.basicUser }}
- {{- end }}
- workflow:
- endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
- topics:
- retryMultiplier: 1000
-appc:
- client:
- topic:
- read:
- name: {{ .Values.appc.client.topic.read.name }}
- timeout: {{ .Values.appc.client.topic.read.timeout }}
- write: {{ .Values.appc.client.topic.write }}
- sdnc:
- read: {{ .Values.appc.client.topic.sdnc.read }}
- write: {{ .Values.appc.client.topic.sdnc.write }}
- response:
- timeout: {{ .Values.appc.client.response.timeout }}
- key: {{ .Values.appc.client.key }}
- secret: {{ .Values.appc.client.secret }}
- service: ueb
- poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904
-spring:
- security:
- usercredentials:
- -
- username: ${ACTUATOR_USERNAME}
- password: ${ACTUATOR_PASSWORD}
- role: ACTUATOR
diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
deleted file mode 100644
index 232bd6aaa8..0000000000
--- a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
+++ /dev/null
@@ -1,95 +0,0 @@
-{{/*
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels: {{- include "common.labels" . | nindent 8 }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - name: {{ include "common.name" . }}-pass-encoder
- command:
- - sh
- args:
- {{/* bcrypt plain text and convert to OpenBSD variant using sed */}}
- - -c
- - htpasswd -bnBC 10 "" "${ACTUATOR_PASSWORD}" | tr -d ':\n' | sed 's/\$2y/\$2a/' 1>/tmp/app/encoded;
- env:
- - name: ACTUATOR_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }}
- image: {{ include "repositoryGenerator.image.htpasswd" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: encoder
- mountPath: /tmp/app
- containers:
- - name: {{ include "common.name" . }}
- command:
- - sh
- args:
- - -c
- - |
- export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"
- {{- if .Values.global.aafEnabled }}
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- {{- end }}
- /app/start-app.sh
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 10 }}
- env:
- - name: ACTUATOR_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{- include "common.containerPorts" . | nindent 10 }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: encoder
- mountPath: /tmp/app
- - name: config
- mountPath: /app/config
- readOnly: true
-{{ include "so.helpers.livenessProbe" .| indent 8 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: encoder
- emptyDir:
- medium: Memory
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
index 77e553bd67..8e002e14a5 100755
--- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
@@ -14,14 +14,10 @@
# limitations under the License.
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
+ auth: {{ .Values.aai.auth }}
dme2:
timeout: '30000'
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
workflowAaiDistributionDelay: PT30S
pnfEntryNotificationTimeout: P14D
cds:
@@ -65,8 +61,6 @@ mso:
correlation:
timeout: 60
logPath: logs
- config:
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
async:
core-pool-size: 50
max-pool-size: 50
@@ -79,7 +73,7 @@ mso:
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
db:
auth: {{ .Values.mso.adapters.db.auth }}
password: {{ .Values.mso.adapters.db.password }}
@@ -131,7 +125,7 @@ mso:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
default:
adapter:
namespace: http://org.onap.mso
@@ -165,11 +159,7 @@ mso:
oof:
auth: {{ .Values.mso.oof.auth }}
callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- {{ if (include "common.needTLS" .) }}
- endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
- {{ else }}
endpoint: http://oof-osdf.{{ include "common.namespace" . }}:8698
- {{ end }}
timeout: PT30M
workflow:
CreateGenericVNFV1:
diff --git a/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml
index 58ac6d9ab8..954f8e8b0f 100755
--- a/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml
@@ -14,10 +14,6 @@
# limitations under the License.
*/}}
apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
@@ -27,6 +23,10 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
index 8e0066bf6d..5937e39678 100755
--- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
@@ -15,18 +15,10 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
type: {{ index .Values.updateStrategy.type }}
@@ -34,30 +26,14 @@ spec:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
@@ -71,12 +47,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -85,14 +60,11 @@ spec:
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-bpmn-infra/templates/service.yaml b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml
index 5b8dee0774..739cb279c1 100755
--- a/kubernetes/so/components/so-bpmn-infra/templates/service.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml
@@ -13,28 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index b120d0c23f..2fc9646c1d 100755
--- a/kubernetes/so/components/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml
@@ -22,12 +22,6 @@ global:
#This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
@@ -121,24 +115,18 @@ logPath: ./logs/bpmn/
app: so-bpmn-infra
service:
type: ClusterIP
- internalPort: *containerPort
- externalPort: 8081
- portName: http
+ ports:
+ - port: *containerPort
+ name: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
#################################################################
-# soHelper part
+# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-bpmn-cert-init
- certInitializer:
- nameOverride: so-bpmn-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.bpmnPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
diff --git a/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml
index c82a0d29d4..d5a3aeff44 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml
@@ -24,14 +24,12 @@ ssl-enable: false
mso:
logPath: logs
site-name: onapheat
- config:
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
+ auth: {{ .Values.mso.adapters.db.auth }}
spring:
datasource:
hikari:
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml
index 6331656fce..c334fd7699 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml
@@ -17,7 +17,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
index b05e87e1e6..887efd2cf2 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
@@ -15,18 +15,10 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
type: {{ index .Values.updateStrategy.type }}
@@ -34,30 +26,14 @@ spec:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
@@ -71,24 +47,20 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml
index 5b8dee0774..739cb279c1 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml
@@ -13,28 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
index 060ac7f82f..83e23d0e84 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
@@ -19,12 +19,6 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
mariadbGalera:
@@ -84,25 +78,19 @@ containerPort: &containerPort 8082
logPath: ./logs/catdb/
app: catalog-db-adapter
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - port: *containerPort
+ name: http
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
-# soHelper part
+# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-catalogdb-cert-init
- certInitializer:
- nameOverride: so-catalogdb-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.catalogDbAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
@@ -125,14 +113,14 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8082
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8082
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
config:
@@ -154,4 +142,3 @@ serviceAccount:
nameOverride: so-catalog-db-adapter
roles:
- read
-
diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
index d667cb5c60..a1a25be146 100755
--- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
@@ -15,12 +15,8 @@
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
+ auth: {{ .Values.server.aai.auth }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
enabled: {{ .Values.global.aai.enabled }}
logging:
path: logs
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml
index c5ebec0b15..786dd83f59 100755
--- a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml
@@ -20,7 +20,7 @@ metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") |
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
index 340571a59b..6ce459a95d 100755
--- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
@@ -30,7 +30,7 @@ spec:
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ initContainers:
- name: {{ include "common.name" . }}-encrypter
command:
- sh
@@ -59,33 +59,20 @@ spec:
args:
- -c
- |
- export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64)
- export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
export AAI_AUTH=$(cat /input/.aai_creds)
- {{- if .Values.global.aafEnabled }}
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
- {{- end }}
- {{- end }}
./start-app.sh
resources: {{ include "common.resources" . | nindent 12 }}
ports: {{- include "common.containerPorts" . | nindent 12 }}
env:
- - name: AAF_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }}
- - name: AAF_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }}
- name: ACTUATOR_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
- name: ACTUATOR_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
- {{ include "so.certificates.env" . | indent 12 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-env
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -105,7 +92,7 @@ spec:
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml
index 6d7eec4a64..509925e17b 100755
--- a/kubernetes/so/components/so-cnf-adapter/values.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/values.yaml
@@ -20,12 +20,6 @@ global:
soCryptoImage: sdesbure/so_crypto:latest
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: ${AAF_AUTH}
aai:
enabled: true
#################################################################
@@ -51,13 +45,6 @@ secrets:
login: '{{ .Values.server.actuator.username }}'
password: '{{ .Values.server.actuator.password }}'
passwordPolicy: required
- - uid: so-aaf-creds
- name: '{{ include "common.release" . }}-so-cnf-aaf-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
- login: '{{ .Values.server.aaf.username }}'
- password: '{{ .Values.server.aaf.password }}'
- passwordPolicy: required
- uid: so-aai-creds
name: '{{ include "common.release" . }}-so-cnf-aai-creds'
type: basicAuth
@@ -92,10 +79,6 @@ db:
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
server:
- aaf:
- username: so@so.onap.org
- password: demo123456
- # aafCredsExternalSecret: some secret
aai:
username: aai@aai.onap.org
password: demo123456!
@@ -125,14 +108,13 @@ updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
soHelpers:
- nameOverride: so-cnf-cert-init
- certInitializer:
- nameOverride: so-cnf-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.openStackAdapterPerm
containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
diff --git a/kubernetes/so/components/so-appc-orchestrator/Chart.yaml b/kubernetes/so/components/so-cnfm-lcm/Chart.yaml
index 51a80959d0..ad0a799f93 100644
--- a/kubernetes/so/components/so-appc-orchestrator/Chart.yaml
+++ b/kubernetes/so/components/so-cnfm-lcm/Chart.yaml
@@ -1,6 +1,4 @@
-# Copyright © 2020 AT&T USA
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,8 +13,8 @@
# limitations under the License.
apiVersion: v2
-description: A Helm chart for so appc orchestrator
-name: so-appc-orchestrator
+name: so-cnfm-lcm
+description: ONAP SO CNFM LCM
version: 12.0.0
dependencies:
diff --git a/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml
new file mode 100644
index 0000000000..411b75f0a3
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/resources/config/overrides/override.yaml
@@ -0,0 +1,53 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+aai:
+ auth: {{ .Values.aai.auth }}
+ version: v24
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
+spring:
+ datasource:
+ hikari:
+ camunda:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: bpmn-pool
+ registerMbeans: true
+ cnfm:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/cnfm
+ username: ${DB_ADMIN_USERNAME}
+ password: ${DB_ADMIN_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: cnfm-pool
+ registerMbeans: true
+server:
+ port: {{ .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+mso:
+ key: {{ .Values.mso.key }}
+sdc:
+ username: {{ .Values.sdc.username }}
+ password: {{ .Values.sdc.password }}
+ key: {{ .Values.sdc.key }}
+ endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080
+camunda:
+ bpm:
+ history-level: full
+ job-execution:
+ max-pool-size: 30
+ core-pool-size: 3
+ deployment-aware: true
diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml
index 6abb1673d5..2d8cb1e5f5 100644
--- a/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/configmap.yaml
@@ -1,24 +1,20 @@
{{/*
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
+ # Copyright © 2023 Nordix Foundation
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}
apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
@@ -28,6 +24,10 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml
new file mode 100644
index 0000000000..42d5fcfdc0
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/deployment.yaml
@@ -0,0 +1,74 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ command: [ "./start-app.sh" ]
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ index .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml
new file mode 100644
index 0000000000..30c7b6e674
--- /dev/null
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/ingress.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml
index 34932b713d..e361015b5c 100644
--- a/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/secret.yaml
@@ -1,5 +1,4 @@
-{{/*
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,6 +11,5 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml b/kubernetes/so/components/so-cnfm-lcm/templates/service.yaml
index 7f004cc050..72b8e4be89 100644
--- a/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml
+++ b/kubernetes/so/components/so-cnfm-lcm/templates/service.yaml
@@ -1,5 +1,4 @@
-{{/*
-# Copyright © 2020 AT&T USA
+# Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,6 +11,5 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
{{ include "common.service" . }}
diff --git a/kubernetes/so/components/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-cnfm-lcm/values.yaml
index 724fcbd032..9cb7483819 100644
--- a/kubernetes/so/components/so-appc-orchestrator/values.yaml
+++ b/kubernetes/so/components/so-cnfm-lcm/values.yaml
@@ -1,5 +1,4 @@
-# Copyright © 2020 AT&T USA
-# Copyright © 2020 Huawei
+# Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,20 +11,17 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+
#################################################################
# Global configuration defaults.
#################################################################
-
global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- app:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: '3306'
+
#################################################################
# Secrets metaconfig
#################################################################
@@ -42,24 +38,15 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: server-actuator-creds
- name: '{{ include "common.release" . }}-so-appc-actuator-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
- login: '{{ .Values.server.actuator.username }}'
- password: '{{ .Values.server.actuator.password }}'
- passwordPolicy: required
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-appc-orchestrator:1.6.4
+image: onap/so/so-cnfm-as-lcm:1.12.0
pullPolicy: Always
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
db:
userName: so_user
userPassword: so_User123
@@ -67,42 +54,36 @@ db:
adminName: so_admin
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
-server:
- actuator:
- username: mso_admin
- password: password1$
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+sdc:
+ username: mso
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ key: 566B754875657232314F5548556D3665
+
replicaCount: 1
minReadySeconds: 10
-containerPort: &containerPort 8080
-logPath: ./logs/soappcorch
-app: appc-orchestrator
+containerPort: &containerPort 9888
+logPath: ./logs/so-cnfm-lcm/
+app: so-cnfm-lcm
service:
- name: so-appc-orchestrator
type: ClusterIP
ports:
- - port: *containerPort
- name: http
+ - name: http
+ port: *containerPort
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-
#################################################################
-# soHelper part
+# soHelpers part
#################################################################
-
soHelpers:
- nameOverride: so-appc-cert-init
- certInitializer:
- nameOverride: so-appc-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.openStackAdapterPerm
containerPort: *containerPort
+# Resource Limit flavor -By Default using small
+flavor: small
# Segregation for Different environment (Small and Large)
resources:
small:
@@ -120,47 +101,33 @@ resources:
memory: 2Gi
cpu: 1000m
unlimited: {}
+
livenessProbe:
- path: /manage/health
- port: 8083
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ port: *containerPort
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
ingress:
enabled: false
-nodeSelector: {}
-tolerations: []
-affinity: {}
+ service:
+ - baseaddr: 'so-cnfm-lcm-api'
+ name: 'so-cnfms-lcm'
+ port: *containerPort
+ config:
+ ssl: 'redirect'
-auth:
- rest:
- encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+nodeSelector: {}
-mso:
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
- basicUser: poBpmn
+tolerations: []
-appc:
- client:
- topic:
- read:
- name: APPC-LCM-WRITE
- timeout: 360000
- write: APPC-LCM-READ
- sdnc:
- read: SDNC-LCM-WRITE
- write: SDNC-LCM-READ
- response:
- timeout: 3600000
- key: VIlbtVl6YLhNUrtU
- secret: 64AG2hF4pYeG2pq7CT6XwUOT
- service: ueb
+affinity: {}
#Pods Service Account
serviceAccount:
- nameOverride: so-appc-orchestrator
+ nameOverride: so-cnfm-lcm
roles:
- read
+
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
index cc668fbd70..40f97ad69f 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml
@@ -15,13 +15,9 @@
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ auth: {{ .Values.aai.auth }}
version: v19
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
spring:
datasource:
hikari:
@@ -61,16 +57,7 @@ so:
etsi-catalog-manager:
base:
{{- if .Values.global.msbEnabled }}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://msb-iag:443/api
- http:
- client:
- ssl:
- trust-store: file:${TRUSTSTORE}
- trust-store-password: ${TRUSTSTORE_PASSWORD}
- {{ else }}
endpoint: http://msb-iag:80/api
- {{ end }}
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api
{{- end }}
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml
index add9a02cf6..6bf005c051 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml
@@ -27,7 +27,7 @@ metadata:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
index 6465af4e4a..e2925f6b61 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
@@ -29,7 +29,6 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}
command:
@@ -38,12 +37,6 @@ spec:
- -c
- |
export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
- {{- if .Values.global.aafEnabled }}
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- {{- end }}
./start-app.sh
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
@@ -64,12 +57,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
- {{ include "so.certificates.env" . | indent 12 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -84,7 +76,7 @@ spec:
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
ports: {{ include "common.containerPorts" . | nindent 12 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
index 6aaa367310..8790877492 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml
@@ -19,12 +19,6 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
@@ -85,7 +79,6 @@ logPath: ./logs/so-etsi-nfvo-ns-lcm/
app: so-etsi-nfvo-ns-lcm
service:
type: ClusterIP
- name: so-etsi-nfvo-ns-lcm
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
msb.onap.org/service-info: |
@@ -111,12 +104,6 @@ updateStrategy:
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-nfvo-cert-init
- certInitializer:
- nameOverride: so-nfvo-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.nfvoAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml
index e6a3d7c8ac..04d973a6fc 100755
--- a/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml
@@ -14,13 +14,9 @@
# limitations under the License.
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ auth: {{ .Values.aai.auth }}
version: v15
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
spring:
security:
usercredentials:
@@ -41,34 +37,19 @@ mso:
key: {{ .Values.mso.key }}
site-name: localSite
logPath: ./logs/etsi-sol003-adapter
- config:
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
msb-ip: msb-iag
msb-port: 80
sdc:
- username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
- password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
+ username: {{ .Values.sdc.username }}
+ password: {{ .Values.sdc.password }}
key: {{ .Values.sdc.key }}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080
- {{ end }}
vnfmadapter:
endpoint: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092
etsi-catalog-manager:
vnfpkgm:
{{- if .Values.global.msbEnabled }}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://msb-iag:443/api/vnfpkgm/v1
- http:
- client:
- ssl:
- trust-store: file:${TRUSTSTORE}
- trust-store-password: ${TRUSTSTORE_PASSWORD}
- {{ else }}
endpoint: http://msb-iag:80/api
- {{ end }}
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1
{{- end }}
diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/configmap.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/configmap.yaml
index 6331656fce..c334fd7699 100755
--- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/configmap.yaml
@@ -17,7 +17,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml
index 5d6100446e..785416517a 100755
--- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml
@@ -15,18 +15,10 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ .Values.minReadySeconds }}
strategy:
type: {{ .Values.updateStrategy.type }}
@@ -34,34 +26,17 @@ spec:
maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
- /app/start-app.sh
- {{- end }}
- env:
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -74,12 +49,9 @@ spec:
periodSeconds: {{ .Values.livenessProbe.periodSeconds}}
successThreshold: {{ .Values.livenessProbe.successThreshold}}
failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
- ports:
- - containerPort: {{ .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/ingress.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/ingress.yaml
index 8f87c68f1e..f298193924 100644
--- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/ingress.yaml
+++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/ingress.yaml
@@ -1 +1,17 @@
+{{/*
+# Copyright © 2019 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml
index 96a2acd3a6..3da38759a8 100755
--- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml
@@ -13,39 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/so/vnfm-adapter/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml
index 170cfdd0d7..98edcebb29 100755
--- a/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml
+++ b/kubernetes/so/components/so-etsi-sol003-adapter/values.yaml
@@ -50,26 +50,34 @@ containerPort: &containerPort 9092
logPath: ./logs/etsi-sol003-adapter/
app: etsi-sol003-adapter
service:
- type: NodePort
- internalPort: *containerPort
- externalPort: *containerPort
- nodePort: "06"
- portName: http
+ type: NodePort
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "{{ include "common.servicename" . }}",
+ "version": "v1",
+ "url": "/so/vnfm-adapter/v1",
+ "protocol": "REST",
+ "port": "{{.Values.containerPort}}",
+ "visualRange":"1"
+ }
+ ]{{ end }}
+ ports:
+ - name: http
+ port: *containerPort
+ nodePort: "06"
+
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-etsi-sol003-cert-init
- certInitializer:
- nameOverride: so-etsi-sol003-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.vnfmAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
@@ -92,18 +100,18 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- port: 9092
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ port: 9092
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
service:
- - baseaddr: "so-etsi-sol003-adapter-api"
- name: "so-etsi-sol003-adapter"
- port: 9092
+ - baseaddr: "so-etsi-sol003-adapter-api"
+ name: "so-etsi-sol003-adapter"
+ port: 9092
config:
ssl: "redirect"
nodeSelector: {}
diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml
index 189a02bf73..c4d28c4ce9 100755
--- a/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml
@@ -42,18 +42,12 @@ server:
mso:
site-name: localSite
logPath: ./logs/etsi-sol005-adapter
- config:
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
msb-ip: msb-iag
msb-port: 80
adapters:
requestDb:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- {{ else }}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- {{ end }}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
#Actuator
management:
security:
diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml
index 6331656fce..c334fd7699 100755
--- a/kubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml
@@ -17,7 +17,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml
index 6dab82f5c4..3e63b45408 100755
--- a/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml
@@ -15,18 +15,10 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ .Values.minReadySeconds }}
strategy:
type: {{ .Values.updateStrategy.type }}
@@ -34,30 +26,14 @@ spec:
maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
@@ -71,12 +47,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -92,12 +67,9 @@ spec:
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds}}
successThreshold: {{ .Values.livenessProbe.successThreshold}}
failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
- ports:
- - containerPort: {{ .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml
index 5b8dee0774..21a6a77e27 100755
--- a/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml
@@ -13,28 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml
index b20f318658..c571029de7 100755
--- a/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml
+++ b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml
@@ -19,12 +19,6 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
@@ -80,26 +74,19 @@ containerPort: &containerPort 8084
logPath: ./logs/etsi-sol005-adapter/
app: etsi-sol005-adapter
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - port: *containerPort
+ name: http
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-etsi-sol005-cert-init
- certInitializer:
- nameOverride: so-etsi-sol005-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.vfcAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
@@ -122,14 +109,14 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8084
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8084
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
diff --git a/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml
index 016b3f534f..633ac7dcc1 100755
--- a/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml
@@ -14,12 +14,8 @@
# limitations under the License.
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
+ auth: {{ .Values.aai.auth }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
logging:
path: logs
spring:
@@ -58,12 +54,8 @@ mso:
msb-port: 80
adapters:
requestDb:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- {{ else }}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- {{ end }}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
#Actuator
management:
endpoints:
diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml
index 03a3df4163..35baef1759 100755
--- a/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml
@@ -19,7 +19,7 @@ metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") |
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
index f41352e63f..32a9eff67d 100755
--- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
@@ -26,11 +26,9 @@ spec:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels: {{- include "common.labels" . | nindent 8 }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
@@ -41,12 +39,6 @@ spec:
- |
export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
- {{- if .Values.global.aafEnabled }}
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- {{- end }}
./start-app.sh
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
@@ -72,12 +64,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
- name: ACTUATOR_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
- {{ include "so.certificates.env" . | nindent 12 }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-env
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -94,7 +85,7 @@ spec:
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml
index 29f9f4e24d..ecf9b04dc9 100755
--- a/kubernetes/so/components/so-nssmf-adapter/values.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml
@@ -19,12 +19,6 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
@@ -110,17 +104,14 @@ service:
- name: http
port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+#################################################################
+# soHelpers part
+#################################################################
soHelpers:
- nameOverride: so-nssmf-cert-init
- certInitializer:
- nameOverride: so-nssmf-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.nssmfAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
@@ -143,14 +134,14 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8088
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8088
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
diff --git a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml
index 2d645bebf2..c58ba9196f 100755
--- a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml
@@ -39,17 +39,13 @@ mso:
msb-port: 80
msoKey: ${MSO_KEY}
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
- camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}}
+ camundaAuth: {{ .Values.mso.camundaAuth }}
workflow:
message:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
oof:
auth: ${OOF_LOGIN}:${OOF_PASSWORD}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
- {{ else }}
endpoint: http://oof-osdf.{{ include "common.namespace" . }}:8698
- {{ end }}
#Actuator
management:
endpoints:
diff --git a/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml
index da5fda9c42..62ad76709f 100755
--- a/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml
@@ -26,7 +26,7 @@ metadata:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
index e1a77c02bb..100371b9c1 100755
--- a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml
@@ -26,10 +26,8 @@ spec:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels: {{- include "common.labels" . | nindent 8 }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -53,12 +51,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }}
- name: OOF_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -67,11 +64,11 @@ spec:
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports: {{- include "common.containerPorts" . | nindent 12 }}
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml
index 530c35afdd..c8a12690d0 100755
--- a/kubernetes/so/components/so-oof-adapter/values.yaml
+++ b/kubernetes/so/components/so-oof-adapter/values.yaml
@@ -20,12 +20,6 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
@@ -87,23 +81,19 @@ containerPort: *containerPort
logPath: ./logs/oof-adapter/
app: so-oof-adapter
service:
- type: ClusterIP
- ports:
- - name: http
- port: *containerPort
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+#################################################################
+# soHelpers part
+#################################################################
soHelpers:
- nameOverride: so-oof-adapter-cert-init
- certInitializer:
- nameOverride: so-oof-adapter-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.oofadapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
@@ -126,14 +116,14 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: *containerPort
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: *containerPort
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
diff --git a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml
index 7dc22c3536..55d9ca2b1d 100755
--- a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml
@@ -14,12 +14,8 @@
# limitations under the License.
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
+ auth: {{ .Values.aai.auth }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
server:
{{- if include "common.onServiceMesh" . }}
forward-headers-strategy: none
@@ -72,7 +68,7 @@ org:
{{- end }}
default_keystone_reg_ex: "/[vV][0-9]"
vnf:
- bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
+ bpelauth: {{ .Values.org.onap.so.adapters.bpelauth }}
checkRequiredParameters: true
addGetFilesOnVolumeReq: false
sockettimeout: 30
@@ -83,7 +79,7 @@ org:
valet_enabled: false
fail_requests_on_valet_failure: false
network:
- bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
+ bpelauth: {{ .Values.org.onap.so.adapters.bpelauth }}
sockettimeout: 5
connecttimeout: 5
retrycount: 5
@@ -117,8 +113,8 @@ mso:
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
+ auth: {{ .Values.mso.db.auth }}
+ auth: {{ .Values.mso.auth }}
logPath: ./logs/openstack
msb-ip: msb-iag
msb-port: 80
@@ -127,18 +123,14 @@ mso:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
msoKey: {{ .Values.mso.msoKey }}
config:
- {{ if eq .Values.global.security.aaf.enabled true }}
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
- {{- else }}
cadi:
aafId: {{ .Values.mso.basicUser }}
- {{- end }}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
+ auth: {{ .Values.mso.db.auth }}
site-name: localDevEnv
async:
core-pool-size: 50
diff --git a/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml
index 050aab9732..eeab0f72cd 100755
--- a/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml
@@ -17,7 +17,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
index dd6d1f0098..c2db839bd7 100755
--- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
@@ -15,17 +15,9 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
@@ -34,30 +26,14 @@ spec:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
@@ -71,12 +47,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -85,14 +60,11 @@ spec:
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-openstack-adapter/templates/service.yaml b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml
index 5b8dee0774..495f828bfb 100755
--- a/kubernetes/so/components/so-openstack-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml
@@ -13,28 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml
index e25f4b3498..205bc9a342 100755
--- a/kubernetes/so/components/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/values.yaml
@@ -19,12 +19,6 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
@@ -71,9 +65,6 @@ db:
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
-aaf:
- auth:
- encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
org:
onap:
so:
@@ -92,25 +83,19 @@ containerPort: &containerPort 8087
logPath: ./logs/openstack/
app: openstack-adapter
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
-# soHelper part
+# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-openstack-cert-init
- certInitializer:
- nameOverride: so-openstack-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.openStackAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
@@ -133,14 +118,14 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8087
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8087
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
config:
diff --git a/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml
index 86e02d638a..7ea77493d7 100755
--- a/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml
@@ -25,11 +25,9 @@ ssl-enable: false
mso:
logPath: logs
site-name: localSite
- config:
- cadi: {{- include "so.cadi.keys" . | nindent 8}}
adapters:
requestDb:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
spring:
datasource:
diff --git a/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml
index 6331656fce..3be605edf2 100755
--- a/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml
@@ -14,10 +14,6 @@
# limitations under the License.
*/}}
apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
@@ -27,6 +23,10 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
index b05e87e1e6..f6678a416d 100755
--- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
@@ -15,17 +15,9 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
@@ -34,30 +26,14 @@ spec:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
@@ -71,28 +47,24 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
- name: {{ include "common.fullname" . }}-app-configmap
+ name: {{ include "common.fullname" . }}-app-configmap
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/components/so-request-db-adapter/templates/service.yaml b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml
index 5b8dee0774..495f828bfb 100755
--- a/kubernetes/so/components/so-request-db-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml
@@ -13,28 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml
index 6d24563dcf..5e49316a36 100755
--- a/kubernetes/so/components/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/values.yaml
@@ -19,12 +19,6 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
@@ -80,25 +74,19 @@ containerPort: &containerPort 8083
logPath: ./logs/reqdb/
app: request-db-adapter
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-requestdb-cert-init
- certInitializer:
- nameOverride: so-requestdb-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.requestDbAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
@@ -121,14 +109,14 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8083
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8083
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
diff --git a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
index 50cf231a20..0630497bdb 100755
--- a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml
@@ -51,42 +51,32 @@ request:
mso:
msoKey: {{ index .Values.mso.msoKey }}
logPath: ./logs/sdc
- config:
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
+ auth: {{ .Values.mso.requestDb.auth }}
site-name: onapheat
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
+ auth: {{ .Values.mso.requestDb.auth }}
aai:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
asdc-connections:
asdc-controller1:
user: mso
consumerGroup: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
consumerId: {{ .Values.config.kafka.sdcTopic.clientId }}
environmentName: AUTO
- {{ if (include "common.needTLS" .) }}
- sdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
- {{ else }}
sdcAddress: sdc-be.{{ include "common.namespace" . }}:8080
- {{ end }}
password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
pollingInterval: 60
pollingTimeout: 60
relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
- useHttpsWithSdc: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttpsWithSdc: false
activateServerTLSAuth: false
keyStorePassword:
keyStorePath:
diff --git a/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml
index 050aab9732..cb40c08f77 100755
--- a/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml
@@ -14,10 +14,6 @@
# limitations under the License.
*/}}
apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
@@ -27,6 +23,10 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
index 6ee0b25cbd..4becf41897 100755
--- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
@@ -15,17 +15,9 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
@@ -34,30 +26,14 @@ spec:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
@@ -77,12 +53,11 @@ spec:
value: {{ .Values.config.kafka.saslMechanism }}
- name: SASL_JAAS_CONFIG
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -91,14 +66,11 @@ spec:
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-sdc-controller/templates/service.yaml b/kubernetes/so/components/so-sdc-controller/templates/service.yaml
index 5b8dee0774..495f828bfb 100755
--- a/kubernetes/so/components/so-sdc-controller/templates/service.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/service.yaml
@@ -13,28 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index 63a641c359..dbde74808b 100755
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -19,12 +19,6 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
@@ -106,25 +100,19 @@ containerPort: &containerPort 8085
logPath: ./logs/sdc/
app: sdc-controller
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-sdc-cert-init
- certInitializer:
- nameOverride: so-sdc-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.sdcControllerPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
@@ -147,14 +135,14 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8085
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8085
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
diff --git a/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml
index 119236b1b2..55dc11526d 100755
--- a/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml
@@ -20,20 +20,21 @@ server:
port: {{ index .Values.containerPort }}
mso:
msoKey: ${MSO_KEY}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "${AAF_AUTH}" "value2" "${MSO_AUTH}" )}}
+ auth: ${MSO_AUTH}
async:
core-pool-size: 50
max-pool-size: 50
queue-capacity: 500
logPath: ./logs/sdnc
config:
- cadi: {{ include "so.cadi.keys" . | nindent 14}}
+ cadi:
+ aafId: so@so.onap.org
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
site-name: onapheat
#needs to be confirmed TODO
workflow:
@@ -112,7 +113,7 @@ org:
changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
+ bpelauth: {{ .Values.org.onap.so.adapters.sdnc.bpelauth }}
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
opticalservice:
optical-service-create:
@@ -157,7 +158,7 @@ org:
myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify
rest:
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- sdncauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
+ sdncauth: {{ .Values.org.onap.so.adapters.sdnc.sdncauth }}
sdncconnecttime: 5000
sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:'
sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:'
diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml
index 050aab9732..eeab0f72cd 100755
--- a/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml
@@ -17,7 +17,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
index 1b94083d5e..141b5ab1c9 100755
--- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
@@ -15,17 +15,9 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
@@ -34,28 +26,12 @@ spec:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
@@ -73,14 +49,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-mso-key" "key" "password") | indent 10 }}
- name: MSO_AUTH
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-mso-auth" "key" "password") | indent 10 }}
- - name: AAF_AUTH
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-aaf-auth" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -89,14 +62,11 @@ spec:
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml
index 5b8dee0774..495f828bfb 100755
--- a/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml
@@ -13,28 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml
index 1562a37ddd..60c1f9b285 100755
--- a/kubernetes/so/components/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml
@@ -22,14 +22,6 @@ global:
#This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
- encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
- #encryptedSecret: some secret
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
@@ -55,11 +47,6 @@ secrets:
type: password
externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
password: '{{ .Values.mso.msoKey }}'
- - uid: sdnc-adapter-aaf-auth
- name: '{{ include "common.release" . }}-so-sdnc-aaf-auth'
- type: password
- externalSecret: '{{ tpl (default "" .Values.global.aaf.auth.encryptedSecret) . }}'
- password: '{{ .Values.global.aaf.auth.encrypted }}'
- uid: sdnc-adapter-mso-auth
name: '{{ include "common.release" . }}-so-sdnc-mso-auth'
type: password
@@ -107,26 +94,19 @@ containerPort: &containerPort 8086
logPath: ./logs/sdnc/
app: sdnc-adapter
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-sdnc-cert-init
- certInitializer:
- nameOverride: so-sdnc-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.sdncAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
@@ -149,14 +129,14 @@ resources:
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8086
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8086
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml
index 1b4294af2f..387303b4fb 100755
--- a/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml
@@ -32,9 +32,6 @@ dependencies:
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: soHelpers
- version: ~12.x-0
- repository: 'file://../soHelpers'
- name: serviceAccount
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml
index 1a96abf9cb..606ceb4fcc 100755
--- a/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml
@@ -21,18 +21,10 @@ server:
port: {{ include "common.getPort" (dict "global" . "name" "http") }}
vevnfmadapter:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
- {{ else }}
- endpoint: http://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
- {{ end }}
+ endpoint: http://msb-iag:80/api/{{ include "common.servicename" . }}/v1
aai:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
dmaap:
endpoint: http://message-router.{{ include "common.namespace" . }}:3904
diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml
index 9a6b79c440..e322b60e48 100755
--- a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml
@@ -24,7 +24,7 @@ spec:
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ initContainers:
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
@@ -34,7 +34,7 @@ spec:
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -47,9 +47,9 @@ spec:
periodSeconds: {{ .Values.livenessProbe.periodSeconds}}
successThreshold: {{ .Values.livenessProbe.successThreshold}}
failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
- ports: {{- include "common.containerPorts" . | nindent 10 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml
index 8e8236cfb4..08911aae76 100755
--- a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml
+++ b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml
@@ -48,15 +48,6 @@ service:
- name: http
port: 9098
-#################################################################
-# soHelpers part
-#################################################################
-soHelpers:
- nameOverride: so-vevnfm-cert-init
- certInitializer:
- nameOverride: so-vevnfm-cert-init
- credsPath: /opt/app/osaaf/local
-
flavor: small
resources:
small:
diff --git a/kubernetes/so/components/soHelpers/Chart.yaml b/kubernetes/so/components/soHelpers/Chart.yaml
index bf300e3f3b..caada54b79 100755
--- a/kubernetes/so/components/soHelpers/Chart.yaml
+++ b/kubernetes/so/components/soHelpers/Chart.yaml
@@ -25,6 +25,3 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
deleted file mode 100644
index 7e04706d4a..0000000000
--- a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
+++ /dev/null
@@ -1,21 +0,0 @@
-{{- define "so.cadi.keys" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
-cadiLoglevel: {{ $initRoot.cadi.logLevel }}
-cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.certInitializer.fqi_namespace }}.keyfile
-cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/truststoreONAPall.jks
-cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
-cadiLatitude: {{ $initRoot.cadi.latitude }}
-cadiLongitude: {{ $initRoot.cadi.longitude }}
-aafEnv: {{ $initRoot.cadi.aafEnv }}
-aafApiVersion: {{ $initRoot.cadi.aafApiVersion }}
-aafRootNs: {{ $initRoot.cadi.aafRootNs }}
-aafId: {{ $initRoot.cadi.aafId }}
-aafPassword: {{ $initRoot.cadi.aafPassword }}
-aafLocateUrl: {{ $initRoot.cadi.aafLocateUrl }}
-aafUrl: {{ $initRoot.cadi.aafUrl }}
-apiEnforcement: {{ $initRoot.cadi.apiEnforcement }}
-{{- if ($initRoot.cadi.noAuthn) }}
-noAuthn: {{ $initRoot.cadi.noAuthn }}
-{{- end }}
-{{- end }}
diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
deleted file mode 100644
index cda61b2cfa..0000000000
--- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl
+++ /dev/null
@@ -1,34 +0,0 @@
-{{- define "so.certificate.container_importer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-{{ include "common.certInitializer.initContainer" $subchartDot }}
-{{- end -}}
-
-{{- define "so.certificate.volumes" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-{{ include "common.certInitializer.volumes" $subchartDot }}
-{{- end -}}
-
-{{- define "so.certificate.volumeMount" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-{{ include "common.certInitializer.volumeMount" $subchartDot }}
-{{- end -}}
-
-{{- define "so.certificates.env" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-{{- if $dot.Values.global.aafEnabled }}
-- name: TRUSTSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks
-{{- if $dot.Values.global.security.aaf.enabled }}
-- name: KEYSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.certInitializer.fqi_namespace }}.p12
-{{- end }}
-{{- end }}
-{{- end -}}
diff --git a/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl
index cde94742c6..e596b806ed 100644
--- a/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl
@@ -7,11 +7,6 @@ livenessProbe:
path: {{ $subchartDot.Values.livenessProbe.path }}
port: {{ $subchartDot.Values.containerPort }}
scheme: {{ $subchartDot.Values.livenessProbe.scheme }}
- {{- if $subchartDot.Values.global.security.aaf.enabled }}
- httpHeaders:
- - name: Authorization
- value: {{ $subchartDot.Values.global.aaf.auth.header }}
- {{- end }}
initialDelaySeconds: {{ $subchartDot.Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ $subchartDot.Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ $subchartDot.Values.livenessProbe.timeoutSeconds }}
diff --git a/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl
deleted file mode 100644
index 56910ebebd..0000000000
--- a/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl
+++ /dev/null
@@ -1,3 +0,0 @@
-{{- define "so.helpers.profileProperty" -}}
- {{ if .condition }}{{ .value1 }}{{ else }}{{ .value2 }}{{ end }}
-{{- end -}}
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
index 2417d2553c..ec3fef2d81 100755
--- a/kubernetes/so/components/soHelpers/values.yaml
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -16,39 +16,11 @@
# Global configuration defaults.
#################################################################
global:
- aafAgentImage: onap/aaf/aaf_agent:2.1.20
msbEnabled: true
- security:
- aaf:
- enabled: false
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
#################################################################
-# AAF part
-#################################################################
-certInitializer:
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: so
- fqi: so@so.onap.org
- public_fqdn: so.onap.org
- fqi_namespace: org.onap.so
- cadi_longitude: '0.0'
- cadi_latitude: '0.0'
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PASSWORD={{ .Values.truststorePassword }}" >> {{ .Values.credsPath }}/mycreds.prop
-
-aafConfig:
- permission_user: 1000
- permission_group: 999
-
-#################################################################
# Application configuration defaults.
#################################################################
@@ -60,17 +32,3 @@ livenessProbe:
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
-
-cadi:
- logLevel: DEBUG
- latitude: 38.4329
- longitude: -90.43248
- aafEnv: IST
- aafApiVersion: 2.1
- aafRootNs: org.onap.so
- aafLocateUrl: https://aaf-locate.onap:8095
- aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.apihPerm
- noAuthn: /manage/health
diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml
index 48b75c72e9..47fc6d3d5d 100755
--- a/kubernetes/so/resources/config/overrides/override.yaml
+++ b/kubernetes/so/resources/config/overrides/override.yaml
@@ -1,10 +1,6 @@
aai:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+ auth: {{ .Values.mso.aai.auth }}
server:
port: {{ index .Values.containerPort }}
tomcat:
@@ -17,16 +13,15 @@ mso:
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
config:
path: /src/main/resources/
- cadi: {{ include "so.cadi.keys" . | nindent 10}}
infra:
default:
alacarte:
@@ -38,33 +33,25 @@ mso:
default:
testApi: GR_API
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
- camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
+ camundaAuth: {{ .Values.mso.camundaAuth }}
async:
core-pool-size: 50
max-pool-size: 50
queue-capacity: 500
sdc:
client:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
+ auth: {{ .Values.mso.sdc.client.auth }}
activate:
instanceid: test
userid: cs0008
- {{ if (include "common.needTLS" .) }}
- endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080
- {{ end }}
tenant:
isolation:
retry:
count: 3
aai:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+ auth: {{ .Values.mso.aai.auth }}
extApi:
endpoint: http://nbi.onap:8080/nbi/api/v3
@@ -74,11 +61,11 @@ mso:
username: testuser
password: VjR5NDcxSzA=
host: http://dmaap-bc.{{ include "common.namespace" . }}:8080
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
+ auth: {{ .Values.mso.so.operationalEnv.dmaap.auth }}
publisher:
topic: com.att.ecomp.mso.operationalEnvironmentEvent
health:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
+ auth: {{ .Values.mso.health.auth }}
endpoints:
- subsystem: apih
uri: http://so-bpmn-infra:8081
diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml
index c55bf573f1..052a985387 100755
--- a/kubernetes/so/templates/configmap.yaml
+++ b/kubernetes/so/templates/configmap.yaml
@@ -14,10 +14,6 @@
# limitations under the License.
*/}}
apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
@@ -27,6 +23,10 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml
index 56faa934ae..3110802fa0 100755
--- a/kubernetes/so/templates/deployment.yaml
+++ b/kubernetes/so/templates/deployment.yaml
@@ -15,18 +15,10 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
type: {{ index .Values.updateStrategy.type }}
@@ -34,30 +26,14 @@ spec:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
@@ -71,12 +47,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
@@ -85,19 +60,16 @@ spec:
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
- name: {{ include "common.fullname" . }}-app-configmap
+ name: {{ include "common.fullname" . }}-app-configmap
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
diff --git a/kubernetes/so/templates/ingress.yaml b/kubernetes/so/templates/ingress.yaml
index 8f87c68f1e..9bef773eda 100644
--- a/kubernetes/so/templates/ingress.yaml
+++ b/kubernetes/so/templates/ingress.yaml
@@ -1 +1,17 @@
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/so/templates/service.yaml b/kubernetes/so/templates/service.yaml
index 5a83d566ac..21a6a77e27 100755
--- a/kubernetes/so/templates/service.yaml
+++ b/kubernetes/so/templates/service.yaml
@@ -13,391 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/activate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/deactivate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}/{requestId}/unlock",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}/unlock",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/activate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/deactivate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][7]}/serviceInstances/assign",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/unassign",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/enablePort",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/disablePort",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/activate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/deactivate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/addRelationships",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/removeRelationships",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/replace",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/applyUpdatedConfig",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/replace",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/inPlaceSoftwareUpdate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/deactivateAndCloudDelete",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/scaleOut",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 32e6e4776d..014cbadbab 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -1,6 +1,7 @@
# Copyright © 2018 AT&T USA
# Copyright © 2020 Huawei
# Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -18,7 +19,6 @@
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- aafAgentImage: onap/aaf/aaf_agent:2.1.20
centralizedLoggingEnabled: true
mariadbGalera:
nameOverride: mariadb-galera
@@ -46,22 +46,11 @@ global:
dbPassword: secretpassword
# dbCredsExternalSecret: some secret
msbEnabled: true
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
- encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
app:
siteName: onapheat
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- certificates:
- path: /etc/ssl/certs
- share_path: /usr/local/share/ca-certificates/
-
soSdcListenerKafkaUser: so-sdc-list-user
readinessCheck:
@@ -131,13 +120,6 @@ secrets:
login: '{{ .Values.server.bpel.username }}'
password: '{{ .Values.server.bpel.password }}'
passwordPolicy: required
- - uid: so-aaf-creds
- name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
- login: '{{ .Values.server.aaf.username }}'
- password: '{{ .Values.server.aaf.password }}'
- passwordPolicy: required
- uid: so-aai-creds
name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds'
type: basicAuth
@@ -146,32 +128,7 @@ secrets:
password: '{{ .Values.server.aai.password }}'
passwordPolicy: required
-aafConfig:
- permission_user: 1000
- permission_group: 999
-
-aaf:
- trustore: org.onap.so.trust.jks
-
-#################################################################
-# AAF part for Ingress
-#################################################################
-certInitializer:
- nameOverride: so-tls-cert
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: so
- fqi: so@so.onap.org
- public_fqdn: so.onap.org
- fqi_namespace: org.onap.so
- cadi_longitude: '0.0'
- cadi_latitude: '0.0'
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- ingressTlsSecret: '{{ include "common.release" . }}-so-ingress-certs'
-
-#################################################################
+##################################################################
# Application configuration defaults.
#################################################################
@@ -187,10 +144,6 @@ dbCreds:
image: onap/so/api-handler-infra:1.11.0
server:
- aaf:
- username: so@so.onap.org
- password: demo123456
- # aafCredsExternalSecret: some secret
aai:
username: aai@aai.onap.org
password: demo123456!
@@ -212,30 +165,390 @@ logPath: ./logs/apih/
app: api-handler-infra
service:
type: NodePort
- nodePort: 77
internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ ports:
+ - name: http
+ port: *containerPort
+ nodePort: '77'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/activate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/deactivate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}/{requestId}/unlock",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}/unlock",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/activate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/deactivate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][7]}/serviceInstances/assign",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/unassign",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/enablePort",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/disablePort",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/activate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/deactivate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/addRelationships",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/removeRelationships",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/replace",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/applyUpdatedConfig",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/replace",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/inPlaceSoftwareUpdate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/deactivateAndCloudDelete",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/scaleOut",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ }
+ ]{{ end }}
+
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
-#################################################################
+################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-apih-cert-init
- certInitializer:
- nameOverride: so-apih-cert-init
- credsPath: /opt/app/osaaf/local
containerPort: *containerPort
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
-persistence:
- certificatesPath: /certificates
resources:
small:
limits:
@@ -285,9 +598,6 @@ ingress:
- baseaddr: 'so-api'
name: 'so'
port: 8080
- config:
- tls:
- secret: '{{ include "common.release" . }}-so-ingress-certs'
mso:
adapters:
@@ -310,13 +620,6 @@ mso:
health:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
-so-appc-orchestrator:
- enabled: false
- server:
- actuatorCredsExternalSecret: *actuator-secrets
- db:
- <<: *dbSecrets
-
so-bpmn-infra:
db:
<<: *dbSecrets
@@ -332,12 +635,16 @@ so-cnf-adapter:
db:
<<: *dbSecrets
server:
- aafCredsExternalSecret: *aaf-secrets
aaiCredsExternalSecret: *aai-secrets
actuatorCredsExternalSecret: *actuator-secrets
mso:
msoKeySecret: *mso-key
+so-cnfm-lcm:
+ enabled: true
+ db:
+ <<: *dbSecrets
+
so-etsi-nfvo-ns-lcm:
enabled: true
db: