diff options
41 files changed, 406 insertions, 63 deletions
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml index bf1179d49a..84d69ed127 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml @@ -28,7 +28,7 @@ spec: selector: matchLabels: app: {{ include "common.name" . }} - serviceName: + serviceName: {{ include "common.servicename" . }} template: metadata: labels: diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml index 45bf399437..b50fe7789c 100644 --- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml @@ -28,7 +28,7 @@ spec: selector: matchLabels: app: {{ include "common.name" . }} - serviceName: + serviceName: {{ include "common.servicename" . }} template: metadata: labels: diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index dccf57ca96..148d10da13 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -104,6 +104,11 @@ service: internalPort: 10443 externalPort: 10443 +#define value for aaf-sms-quorumclient subchart +aaf-sms-quorumclient: + service: + name: aaf-sms + persistence: enabled: true volumeReclaimPolicy: Retain diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml index 53ea99524b..2715120ba9 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml @@ -17,7 +17,7 @@ {{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}} apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml index 23fe79d716..e6ccf05e61 100644 --- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml @@ -48,13 +48,13 @@ spec: - name: {{ include "common.fullname" . }}-tpmconfig mountPath: "/abrmd/cred/" readOnly: true - resources: {{ toYaml .Values.resources | nindent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - {{- end -}} {{- if .Values.global.tpm.enabled }} {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }} {{- end -}} + {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile index 8af301d7ae..248fb056ab 100644 --- a/kubernetes/clamp/Makefile +++ b/kubernetes/clamp/Makefile @@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -39,7 +40,11 @@ lint-%: dep-% package-%: lint-% @mkdir -p $(PACKAGE_DIR) +ifeq "$(findstring v3,$(HELM_VER))" "v3" + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi +else @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi +endif @helm repo index $(PACKAGE_DIR) clean: diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml index 0cd8cfbd36..e5d7174e85 100644 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung, Orange +{{/* # Copyright © 2020 Samsung, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index eb782b4fd8..0e923b7a75 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -22,7 +22,7 @@ COMMON_CHARTS_DIR := common EXCLUDES := HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER != helm version --template "{{.Version}}" +HELM_VER := $(shell helm version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index 1a188355d0..f6feee6e06 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -14,7 +14,8 @@ global: platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + secretName: oom-cert-service-client-tls-secret envVariables: # Certificate related cmpv2Organization: "Linux-Foundation" @@ -27,3 +28,6 @@ global: requestTimeout: "30000" keystorePassword: "secret" truststorePassword: "secret" + certPostProcessor: + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0 + diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index 3979dd2407..d0413192c8 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -49,8 +49,12 @@ "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}", "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}", "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}", + "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}", "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}", "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}" + }, + "truststore_merger": + { + "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}" } } - diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml index 0d3082819f..a7be74a7ad 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml @@ -44,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2 +image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index e46901bc94..25e595f672 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -105,7 +105,7 @@ spec: successThreshold: 1 timeoutSeconds: 1 volumeMounts: - - mountPath: /usr/local/share/ca-certificates/ + - mountPath: /opt/app/osaaf/ name: tls-info - mountPath: /opt/logs/dcae/dashboard name: component-log diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 884a753ff8..7aa9b68030 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -52,7 +52,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.0 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index fd705499d0..f281f6b90f 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -45,7 +45,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0 +image: onap/org.onap.dcaegen2.platform.deployment-handler:4.4.1 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index ee2c03e237..3fec537716 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -53,7 +53,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1 +image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1 pullPolicy: Always diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml index f373888ab8..c717ca3309 100644 --- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml @@ -35,7 +35,7 @@ config: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1 +image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.0 service: type: ClusterIP diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index a83770ea45..161b3621a0 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -92,7 +92,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.2 +image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml index c4ca4edc8b..d33cb297db 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml @@ -15,7 +15,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.global.dmaapDrProvName }} + name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index 7c6334c76d..169e898ca6 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -148,7 +148,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . | indent 10 }} env: - name : KAFKA_HEAP_OPTS value: "{{ .Values.zkConfig.heapOptions }}" diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 5f4495498c..3413c3840e 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -125,7 +125,7 @@ global: cmpv2Enabled: true platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 secret: name: oom-cert-service-client-tls-secret mountPath: /etc/onap/oom/certservice/certs/ diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile new file mode 100644 index 0000000000..c4723dfdd1 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -0,0 +1,148 @@ +CERTS_DIR = resources +CURRENT_DIR := ${CURDIR} +DOCKER_CONTAINER = generate-certs +DOCKER_EXEC = docker exec ${DOCKER_CONTAINER} + +all: start_docker \ + clear_all \ + root_generate_keys \ + root_create_certificate \ + root_self_sign_certificate \ + client_generate_keys \ + client_generate_csr \ + client_sign_certificate_by_root \ + client_import_root_certificate \ + client_convert_certificate_to_jks \ + server_generate_keys \ + server_generate_csr \ + server_sign_certificate_by_root \ + server_import_root_certificate \ + server_convert_certificate_to_jks \ + server_convert_certificate_to_p12 \ + clear_unused_files \ + stop_docker + +.PHONY: all + +# Starts docker container for generating certificates - deletes first, if already running +start_docker: + @make stop_docker + docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null + +# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted +stop_docker: + docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true + +#Clear all files related to certificates +clear_all: + @make clear_existing_certificates + @make clear_unused_files + +#Clear certificates +clear_existing_certificates: + @echo "Clear certificates" + ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 + @echo "#####done#####" + +#Generate root private and public keys +root_generate_keys: + @echo "Generate root private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \ + -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \ + -storepass secret -ext BasicConstraints:critical="ca:true" + @echo "#####done#####" + +#Export public key as certificate +root_create_certificate: + @echo "(Export public key as certificate)" + ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc + @echo "#####done#####" + +#Self-signed root (import root certificate into truststore) +root_self_sign_certificate: + @echo "(Self-signed root (import root certificate into truststore))" + ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt + @echo "#####done#####" + +#Generate certService's client private and public keys +client_generate_keys: + @echo "Generate certService's client private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \ + -keystore certServiceClient-keystore.jks -storetype JKS \ + -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret + @echo "####done####" + +#Generate certificate signing request for certService's client +client_generate_csr: + @echo "Generate certificate signing request for certService's client" + ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr + @echo "####done####" + +#Sign certService's client certificate by root CA +client_sign_certificate_by_root: + @echo "Sign certService's client certificate by root CA" + ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \ + -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" + @echo "####done####" + +#Import root certificate into client +client_import_root_certificate: + @echo "Import root certificate into intermediate" + ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt" + @echo "####done####" + +#Import signed certificate into certService's client +client_convert_certificate_to_jks: + @echo "Import signed certificate into certService's client" + ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt + @echo "####done####" + +#Generate certService private and public keys +server_generate_keys: + @echo "Generate certService private and public keys" + ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \ + -keystore certServiceServer-keystore.jks -storetype JKS \ + -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \ + -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false" + @echo "####done####" + +#Generate certificate signing request for certService +server_generate_csr: + @echo "Generate certificate signing request for certService" + ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr + @echo "####done####" + +#Sign certService certificate by root CA +server_sign_certificate_by_root: + @echo "Sign certService certificate by root CA" + ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \ + -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \ + -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost" + @echo "####done####" + +#Import root certificate into server +server_import_root_certificate: + @echo "Import root certificate into intermediate(server)" + ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt" + @echo "####done####" + +#Import signed certificate into certService +server_convert_certificate_to_jks: + @echo "Import signed certificate into certService" + ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \ + -storepass secret -noprompt + @echo "####done####" + +#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12) +server_convert_certificate_to_p12: + @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)" + ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \ + -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret + @echo "#####done#####" + +#Clear unused certificates +clear_unused_files: + @echo "Clear unused certificates" + ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr + @echo "#####done#####" diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks Binary files differdeleted file mode 100644 index c089764466..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks +++ /dev/null diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks Binary files differdeleted file mode 100644 index e3882b1357..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks +++ /dev/null diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 Binary files differdeleted file mode 100644 index ce9261146c..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 +++ /dev/null diff --git a/kubernetes/platform/components/oom-cert-service/resources/root.crt b/kubernetes/platform/components/oom-cert-service/resources/root.crt deleted file mode 100644 index 242e437f75..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/root.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFnjCCA4agAwIBAgIEHn8h9TANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV -UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ -MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE -AxMIb25hcC5vcmcwHhcNMjAwODI3MDg1MjQ3WhcNMzAwODI1MDg1MjQ3WjB3MQsw -CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy -YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B -UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCOQ8TArFljhDu9EXKqAppV/eslelFAGG1NhDnh3PI6jK7qKKSTIcUpKPiG -u9CagyNq4Y1dNt1LsP/KSDDkm6CGYW2z4E0Nm0ckcGc4izdoFDFhoXkrMoKvQxct -az3YD1AiEH7kIYqDp7S3LMP8FbAXlcV62J2AEPqWtbFGszi6Pj65InNnFTGT4Oon -E46egKcSWAhNR6vN29MO9/0wZHxwXWlcS2CKt6+2QKpfimHf48EJ0idntsKpj302 -i93jWGVNtORZbDddmVZG6XaVQkfRrJiivPQHvIXU5bWCsV7OQsrzbbsSscnqDuAr -5DjR1Jbm2394e3DkXZTnqLGKReaaz0roA7ybLSesU1Fu0ZjD5Zq6ZezpXEQvcxcd -wmq1A8ugeuRKhizeBO9YddjYTHWflHLBpiEyIwDCUsXfdNdS0nHQNKMDNbkC9512 -SLbG1N6iLGt85BriMLzJrlMP48feuheu3G/Mrit01yBzIgbqP30DcAIox5bgnJOY -knxPctNaGsBup76msBzk+aBeDU5N/zirEJYxTmC3okeISzcLFlqYUUSsEzlqh8SS -pNDK6ZbnX1khJJdUbCJGmgFS6N4RPXdxX12OCJDyjjCXcn7RXcZsYb3A+eF09+EM -l0Vp3P+Aj6+eSN+t1Ez0sjGfSv/I8q1zV/trYZBq/LZIznfBFwIDAQABozIwMDAd -BgNVHQ4EFgQUC0e3vObokYFDHM21OlRF4UO6L7EwDwYDVR0TAQH/BAUwAwEB/zAN -BgkqhkiG9w0BAQwFAAOCAgEAWLrsWPcRJb81ozx1O8lytX4aUagjYyWIDOst1mqI -VH+U5bHo7oReKdfFcy4Zen2bKh9DITGD7jweqTxAVx3scLq/3PE2HSG+6fNJ6wt7 -amrMZA6IdWqDWnaFMZQug3JTMH7s6v3rD7FU7awVc6lY+7TjR3qunU2m8F5GvATF -ag+VmMSLiaBBbbmQqd1JkvCzPXlwwN3rg2u81zMys1AIbgeOlE5ZmWppOQpi7UrZ -C8PTsRKzapgENlgxtsqVjsAMJI6OGk20bNcQKDn5fU6QwYLfnLPlkuRmFD8FeluI -jz+ROjzxdC7E/BA80uZctvEEvn2VnD01IlEm6HoC+71erT+zmvM4AGd7EJa6mklb -X+tGSkfzbIAR2gcn9sdNdhYA2hXXpQaeEp19bB8MAoSp5raCtbqZDQVHofJFY7gG -FW+yKLlqBTCTm1XOPriUwbP6gkpLlkeTxeIAx8QbucoFx11J7jAeXY7oTXfSQw3h -OR0/CHlG0BjVep6RNGA0k9cDNRyIdkxvA31rtgYCSbtepR5IhZyFhiN25Djxu/g9 -krspoxAS9ModBSiswjl4Q26eoYT4pnFXMfYbh5E4qNZNv0/S3YQ0HSTupls6M77J -KHMx17m8EWtdsv2KyUkFqu1Q1nGky7SjpFUsVlp65Q+au3ftKxUDIRWK6jgpRH1e -YIk= ------END CERTIFICATE----- diff --git a/kubernetes/platform/components/oom-cert-service/resources/truststore.jks b/kubernetes/platform/components/oom-cert-service/resources/truststore.jks Binary files differdeleted file mode 100644 index 3d857e34af..0000000000 --- a/kubernetes/platform/components/oom-cert-service/resources/truststore.jks +++ /dev/null diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index 64ed1a387b..3ab9895037 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -47,7 +47,7 @@ service: # Deployment configuration repository: nexus3.onap.org:10001 -image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.0.0 +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties new file mode 100644 index 0000000000..368cbe75b8 --- /dev/null +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties @@ -0,0 +1,2 @@ +# Encrypted Properties +cipher.enc.key = ${CIPHER_ENC_KEY} diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties index 37544d11e3..4efbac7fe3 100644 --- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties +++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties @@ -29,5 +29,5 @@ music.serialize.compress = true music.atomic.get = false music.atomic.put = true cassandra.host={{.Values.cassandra.service.name}} -cassandra.user={{.Values.cassandra.config.cassandraUsername}} -cassandra.password={{.Values.cassandra.config.cassandraPassword}} +cassandra.user=${CASSA_USER} +cassandra.password=${CASSA_PASSWORD} diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index 6964715ef1..0be1fdc91f 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -49,6 +49,23 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portal-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"] + env: + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} + - name: CIPHER_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapportal-scrubbed + - mountPath: /config + name: properties-onapportal {{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} @@ -103,6 +120,9 @@ spec: mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties" subPath: portal.properties - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties" + subPath: key.properties + - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties" subPath: music.properties - name: properties-onapportal @@ -114,6 +134,8 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml" subPath: web.xml + - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/temp" - name: var-log-onap mountPath: /var/log/onap resources: @@ -122,7 +144,7 @@ spec: nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} {{- end -}} - {{- if .Values.affinity }} +{{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} @@ -143,6 +165,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapportal + emptyDir: + medium: Memory + - name: properties-onapportal-scrubbed configMap: name: {{ include "common.fullname" . }}-onapportal defaultMode: 0755 diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index 73306ba773..55a7ccca38 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -23,9 +23,27 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst #AAF service aafEnabled: true +################################################################ +# Secrets metaconfig +################################################################# + +secrets: + - uid: portal-cass + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}' + login: '{{ .Values.cassandra.config.cassandraUsername }}' + password: '{{ .Values.cassandra.config.cassandraPassword }}' + passwordPolicy: required + - uid: cipher-enc-key + type: password + externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' + password: '{{ .Values.config.cipherEncKey }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -35,6 +53,11 @@ repository: nexus3.onap.org:10001 image: onap/portal-app:3.2.3 pullPolicy: Always +# application configuration +config: + # cipherEncKeyExternalSecret: some secret + cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==! + #AAF local config aafURL: https://aaf-service:8100/authz/ @@ -104,6 +127,7 @@ cassandra: service: name: portal-cassandra config: + # cassandraExternalSecret: some secret cassandraUsername: root cassandraPassword: Aa123456 messageRouter: diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml index 5b4bf0c0e7..16b8971339 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml @@ -64,9 +64,9 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: CASSUSER - value: "{{ .Values.config.cassandraUsername }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}} - name: CASSPASS - value: "{{ .Values.config.cassandraPassword }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}} - name: JVM_OPTS value: "{{ .Values.config.cassandraJvmOpts }}" - name: POD_IP diff --git a/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml index 65fcdbe84a..eb6fc12274 100644 --- a/kubernetes/portal/components/portal-cassandra/values.yaml +++ b/kubernetes/portal/components/portal-cassandra/values.yaml @@ -26,10 +26,21 @@ repository: nexus3.onap.org:10001 image: onap/music/cassandra_music:3.0.0 pullPolicy: Always +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'db-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}' + login: '{{ .Values.config.cassandraUsername }}' + password: '{{ .Values.config.cassandraPassword }}' + # application configuration config: cassandraUsername: root cassandraPassword: Aa123456 +# cassandraCredsExternalSecret: some secret cassandraJvmOpts: -Xmx2536m -Xms2536m # default number of instances diff --git a/kubernetes/portal/components/portal-mariadb/templates/job.yaml b/kubernetes/portal/components/portal-mariadb/templates/job.yaml index e8a6e0fb12..b05b9208cc 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/job.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/job.yaml @@ -72,7 +72,9 @@ spec: value: "{{ .Values.service.internalPort }}" - name: DB_PASS valueFrom: - secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password} + secretKeyRef: + name: {{ include "common.fullname" . }} + key: db-root-password command: - /bin/sh - -x diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties new file mode 100644 index 0000000000..0025a58e46 --- /dev/null +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties @@ -0,0 +1,40 @@ +### +# ============LICENSE_START========================================== +# ONAP Portal SDK +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# +### + +# Properties read by the ECOMP Framework library (epsdk-fw) +cipher.enc.key = ${CIPHER_ENC_KEY} diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties index 83ce9ca983..f97b90c654 100644 --- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties +++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties @@ -30,5 +30,5 @@ music.atomic.get = false music.atomic.put = true cassandra.host={{.Values.cassandra.service.name}} -cassandra.user={{.Values.cassandra.config.cassandraUsername}} -cassandra.password={{.Values.cassandra.config.cassandraPassword}} +cassandra.user=${CASSA_USER} +cassandra.password=${CASSA_PASSWORD} diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index 104c2df34a..f79098fade 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -49,6 +49,23 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portalsdk-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh"] + args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"] + env: + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }} + - name: CIPHER_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapportalsdk-scrubbed + - mountPath: /config + name: properties-onapportalsdk {{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} @@ -100,6 +117,9 @@ spec: mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties" subPath: portal.properties - name: properties-onapportalsdk + mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties" + subPath: key.properties + - name: properties-onapportalsdk mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties" subPath: music.properties - name: properties-onapportalsdk @@ -135,6 +155,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapportalsdk + emptyDir: + medium: Memory + - name: properties-onapportalsdk-scrubbed configMap: name: {{ include "common.fullname" . }}-onapportalsdk defaultMode: 0755 diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index ebe49e08c2..c0f1b58c9a 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -24,9 +24,27 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: {} + envsubstImage: dibi/envsubst #AAF service aafEnabled: true +################################################################ +# Secrets metaconfig +################################################################# + +secrets: + - uid: portal-cass + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}' + login: '{{ .Values.cassandra.config.cassandraUsername }}' + password: '{{ .Values.cassandra.config.cassandraPassword }}' + passwordPolicy: required + - uid: cipher-enc-key + type: password + externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}' + password: '{{ .Values.config.cipherEncKey }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -36,6 +54,12 @@ repository: nexus3.onap.org:10001 image: onap/portal-sdk:3.2.0 pullPolicy: Always +# application configuration +config: + # cipherEncKeyExternalSecret: some secret + cipherEncKey: AGLDdG4D04BKm2IxIWEr8o== + + #AAF local config aafURL: https://aaf-service:8100/authz/ certInitializer: @@ -98,6 +122,7 @@ cassandra: service: name: portal-cassandra config: + # cassandraExternalSecret: some secret cassandraUsername: root cassandraPassword: Aa123456 messageRouter: diff --git a/kubernetes/portal/templates/secrets.yaml b/kubernetes/portal/templates/secrets.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/portal/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml index a7d1e09c5d..2a760cdd98 100644 --- a/kubernetes/portal/values.yaml +++ b/kubernetes/portal/values.yaml @@ -21,9 +21,25 @@ global: portalFEPort: "30225" # application's front end hostname. Must be resolvable on the client side environment portalHostName: "portal.api.simpledemo.onap.org" + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: portal-cass + name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}' + login: '{{ .Values.config.cassandraUsername }}' + password: '{{ .Values.config.cassandraPassword }}' + config: logstashServiceName: log-ls logstashPort: 5044 + cassandraUsername: root +# cassandraPassword: Aa123456 +# casandraCredsExternalSecret: some secret + portal-mariadb: nameOverride: portal-db mariadb: @@ -36,8 +52,15 @@ cassandra: service: name: portal-cassandra config: - cassandraUsername: root - cassandraPassword: Aa123456 + cassandraExternalSecret: *dbSecretName +portal-app: + cassandra: + config: + cassandraExternalSecret: *dbSecretName +portal-sdk: + cassandra: + config: + cassandraExternalSecret: *dbSecretName messageRouter: service: name: message-router |