summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/oom_hardcoded_certificates.rst18
-rw-r--r--docs/oom_project_description.rst1
-rw-r--r--kubernetes/common/common/templates/_aafconfig.tpl226
-rw-r--r--kubernetes/common/common/templates/_labels.tpl64
-rw-r--r--kubernetes/common/common/templates/_name.tpl22
-rw-r--r--kubernetes/common/common/templates/_service.tpl54
-rw-r--r--kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json4
-rw-r--r--kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json4
-rw-r--r--kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json4
-rw-r--r--kubernetes/sdnc/templates/service.yaml56
-rw-r--r--kubernetes/sdnc/values.yaml17
-rwxr-xr-xkubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml5
-rwxr-xr-xkubernetes/so/values.yaml1
-rw-r--r--kubernetes/vid/resources/certs/org.onap.vid.jksbin3612 -> 3597 bytes
-rw-r--r--kubernetes/vid/values.yaml2
15 files changed, 404 insertions, 74 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
new file mode 100644
index 0000000000..84ca2d0eed
--- /dev/null
+++ b/docs/oom_hardcoded_certificates.rst
@@ -0,0 +1,18 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2018 Amdocs, Bell Canada
+
+.. Links
+.. _hardcoded-certiticates-label:
+
+ONAP Hardcoded certificates
+###########################
+
+ONAP current installation have hardcoded certificates.
+Here's the list of these certificates:
+
+ +----------------------------------------------------------------------------------+
+ | Project | ONAP Certificate | Own Certificate | Path |
+ +============+==================+==================+===============================+
+ | VID | No | Yes | kubernetes/vid/resources/cert |
+ +------------+------------------+------------------+-------------------------------+
diff --git a/docs/oom_project_description.rst b/docs/oom_project_description.rst
index 6486f4bab7..7903b709d8 100644
--- a/docs/oom_project_description.rst
+++ b/docs/oom_project_description.rst
@@ -38,6 +38,7 @@ The OOM documentation is broken into four different areas each targeted at a dif
- :ref:`user-guide-label` - a guide for operators of an ONAP instance
- :ref:`developer-guide-label` - a guide for developers of OOM and ONAP
- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use
+- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation
The :ref:`release-notes-label` for OOM describe the incremental features per release.
diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl
new file mode 100644
index 0000000000..db7cbe8d8d
--- /dev/null
+++ b/kubernetes/common/common/templates/_aafconfig.tpl
@@ -0,0 +1,226 @@
+{{/*
+# Copyright © 2020 Amdocs, Bell Canada, highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ common templates to enable aaf configs for applictaions
+
+ Parameter for aafConfig to be defined in values.yaml
+ aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" "<yourkey>" "dot" .)
+ # additional scripts can be defined to handle certs
+ addconfig: true|false
+ fqdn: "sdnc"
+ image: onap/aaf/aaf_agent:2.1.15
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "aaf.osaaf.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ persistence:
+ enabled: true
+ config.volumeReclaimPolicy: Delete
+ config.accessMode: ReadWriteMany
+ config.size: 40M
+ config.storageClass: "manual"
+ config.mountPath: "/dockerdata-nfs"
+ config.mountSubPath: "sdnc/aaf"
+ # secrets configuration, Note: create a secrets template
+ secrets:
+ - uid: aaf-deploy-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{ include "common.aaf-config" . | nindent XX}}
+
+ containers:
+ volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- end }}
+ volumes:
+ {{- include "common.aaf-config-volumes" . | nindent XX}}
+
+ If persistence.enabled = true
+ Create pvc:
+ {{ include "common.aaf-config-pvc" . }}
+ Create pv
+ {{ include "common.aaf-config-pv" . }}
+
+*/}}
+{{- define "common.aaf-config" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+{{ if .Values.global.aafEnabled }}
+- name: {{ include "common.name" . }}-aaf-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
+
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+- name: {{ include "common.name" . }}-aaf-config
+ image: {{ .Values.global.repository }}/{{index .Values $aafRoot "image" }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- if (index .Values $aafRoot "addconfig") }}
+ - name: aaf-add-config
+ mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
+ subPath: aaf-add-config.sh
+ {{- end }}
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash
+ /opt/app/aaf_config/bin/agent.sh
+ {{- if (index .Values $aafRoot "addconfig") }}
+ /opt/app/aaf_config/bin/aaf-add-config.sh
+ {{- end }}
+ env:
+ - name: APP_FQI
+ value: "{{ index .Values $aafRoot "fqi" }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ index .Values $aafRoot "fqdn" }}"
+ - name: aaf_locator_app_ns
+ value: "{{ index .Values $aafRoot "app_ns" }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 6 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 6 }}
+ #Note: want to put this on Nodes, evenutally
+ - name: cadi_longitude
+ value: "{{ default "52.3" (index .Values $aafRoot "cadi_longitude") }}"
+ - name: cadi_latitude
+ value: "{{ default "13.2" (index .Values $aafRoot "cadi_latitude") }}"
+ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+ - name: aaf_locator_public_fqdn
+ value: "{{ (index .Values $aafRoot "public_fqdn") | default "" }}"
+{{- end -}}
+{{- end -}}
+
+
+{{- define "common.aaf-config-volume-mountpath" -}}
+{{ if .Values.global.aafEnabled }}
+- mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+{{- end -}}
+{{- end -}}
+
+{{- define "common.aaf-config-volumes" -}}
+{{ if .Values.global.aafEnabled }}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+- name: {{ include "common.fullname" . }}-aaf-config-vol
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-aaf-config-pvc
+{{- if (index .Values $aafRoot "addconfig") }}
+- name: aaf-add-config
+ configMap:
+ name: {{ include "common.fullname" . }}-aaf-add-config
+ defaultMode: 0700
+{{- end }}
+{{- end -}}
+{{- end }}
+
+{{- define "common.aaf-config-pv" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-config-pv
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-aaf-config-pv
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ index .Values $aafRoot "persistence" "config" "size"}}
+ accessModes:
+ - {{ index .Values $aafRoot "persistence" "config" "accessMode" }}
+ persistentVolumeReclaimPolicy: {{ index .Values $aafRoot "persistence" "config" "volumeReclaimPolicy" }}
+ hostPath:
+ path: {{ index .Values $aafRoot "persistence" "config" "mountPath" }}/{{ .Release.Name }}/{{ index .Values $aafRoot "persistence" "config" "mountSubPath" }}
+{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }}
+{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{- define "common.aaf-config-pvc" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-config-pvc
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if (index .Values $aafRoot "persistence" "annotations") }}
+ annotations:
+{{ toYaml (index .Values $aafRoot "persistence" "annotations" ) | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}-aaf-config-pv
+ accessModes:
+ - {{ index .Values $aafRoot "persistence" "config" "accessMode" }}
+ resources:
+ requests:
+ storage: {{ index .Values $aafRoot "persistence" "config" "size" }}
+{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }}
+{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}"
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_labels.tpl b/kubernetes/common/common/templates/_labels.tpl
index 95d51e17b7..854019c197 100644
--- a/kubernetes/common/common/templates/_labels.tpl
+++ b/kubernetes/common/common/templates/_labels.tpl
@@ -18,45 +18,81 @@
{{/*
Common labels
+The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .labels : labels to add (dict)
*/}}
{{- define "common.labels" -}}
-app.kubernetes.io/name: {{ include "common.name" . }}
-helm.sh/chart: {{ include "common.chart" . }}
-app.kubernetes.io/instance: {{ include "common.release" . }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- $dot := default . .dot -}}
+app.kubernetes.io/name: {{ include "common.name" $dot }}
+helm.sh/chart: {{ include "common.chart" $dot }}
+app.kubernetes.io/instance: {{ include "common.release" $dot }}
+app.kubernetes.io/managed-by: {{ $dot.Release.Service }}
+{{ if .labels }}
+{{- include "common.tplValue" (dict "value" .labels "context" $dot) }}
+{{- end -}}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
+The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .matchLabels: selectors/matchlLabels to add (dict)
*/}}
{{- define "common.matchLabels" -}}
-app.kubernetes.io/name: {{ include "common.name" . }}
-app.kubernetes.io/instance: {{ include "common.release" . }}
+{{- $dot := default . .dot -}}
+{{- if not .matchLabels.nameNoMatch -}}
+app.kubernetes.io/name: {{ include "common.name" $dot }}
+{{- end }}
+app.kubernetes.io/instance: {{ include "common.release" $dot }}
+{{ if .matchLabels }}
+{{$_ := unset .matchLabels "nameNoMatch"}}
+{{- include "common.tplValue" (dict "value" .matchLabels "context" $dot) }}
+{{- end -}}
{{- end -}}
{{/*
Generate "top" metadata for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .labels: labels to add (dict)
+ - .suffix: suffix to name
+
*/}}
{{- define "common.resourceMetadata" -}}
-name: {{ include "common.fullname" . }}
-namespace: {{ include "common.namespace" . }}
-labels: {{- include "common.labels" . | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" .suffix -}}
+{{- $labels := default (dict) .labels -}}
+
+name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}}
+namespace: {{ include "common.namespace" $dot }}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }}
{{- end -}}
{{/*
Generate selectors for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .matchLabels: labels to add (dict)
*/}}
{{- define "common.selectors" -}}
-matchLabels: {{- include "common.matchLabels" . | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+matchLabels: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 2 }}
{{- end -}}
{{/*
Generate "template" metadata for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary)
+ - .dot : environment (.)
+ - .labels: labels to add (dict)
*/}}
{{- define "common.templateMetadata" -}}
-{{- if .Values.podAnnotations }}
-annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $labels := default (dict) .labels -}}
+{{- if $dot.Values.podAnnotations }}
+annotations: {{- include "common.tplValue" (dict "value" $dot.Values.podAnnotations "context" $) | nindent 2 }}
{{- end }}
-labels: {{- include "common.labels" . | nindent 2 }}
-name: {{ include "common.name" . }}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }}
+name: {{ include "common.name" $dot }}
{{- end -}}
diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl
index 943078ff2f..e918cc1dd8 100644
--- a/kubernetes/common/common/templates/_name.tpl
+++ b/kubernetes/common/common/templates/_name.tpl
@@ -16,9 +16,14 @@
{{/*
Expand the name of a chart.
+ The function takes from one to two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix : add a suffix to the name
*/}}
{{- define "common.name" -}}
- {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+ {{- $dot := default . .dot -}}
+ {{- $suffix := .suffix -}}
+ {{- default $dot.Chart.Name $dot.Values.nameOverride | trunc 63 | trimSuffix "-" -}}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
{{- end -}}
{{/*
@@ -28,16 +33,25 @@
{{- define "common.fullnameExplicit" -}}
{{- $dot := .dot }}
{{- $name := .chartName }}
- {{- printf "%s-%s" (include "common.release" $dot) $name | trunc 63 | trimSuffix "-" -}}
+ {{- $suffix := default "" .suffix -}}
+ {{- printf "%s-%s-%s" (include "common.release" $dot) $name $suffix | trunc 63 | trimSuffix "-" | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified application name.
Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+ Usage:
+ include "common.fullname" .
+ include "common.fullname" (dict "suffix" "mySuffix" "dot" .)
+ The function takes from one to two arguments:
+ - .dot : environment (.)
+ - .suffix : add a suffix to the fullname
*/}}
{{- define "common.fullname" -}}
- {{- $name := default .Chart.Name .Values.nameOverride -}}
- {{- include "common.fullnameExplicit" (dict "dot" . "chartName" $name) }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" .suffix -}}
+ {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
+ {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
{{- end -}}
{{/*
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index cd1595b0ca..8b430ef2bd 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -31,11 +31,12 @@
{{- end -}}
{{/* Define the metadata of Service
- The function takes from one to three arguments (inside a dictionary):
+ The function takes from one to four arguments (inside a dictionary):
- .dot : environment (.)
- .suffix : a string which will be added at the end of the name (with a '-').
- .annotations: the annotations to add
- .msb_informations: msb information in order to create msb annotation
+ - .labels : labels to add
Usage example:
{{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }}
{{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }}
@@ -45,6 +46,7 @@
{{- $suffix := default "" .suffix -}}
{{- $annotations := default "" .annotations -}}
{{- $msb_informations := default "" .msb_informations -}}
+ {{- $labels := default (dict) .labels -}}
{{- if or $annotations $msb_informations -}}
annotations:
{{- if $annotations }}
@@ -65,7 +67,7 @@ annotations:
{{- end }}
name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
namespace: {{ include "common.namespace" $dot }}
-labels: {{- include "common.labels" $dot | nindent 2 -}}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 -}}
{{- end -}}
{{/* Define the ports of Service
@@ -125,6 +127,9 @@ labels: {{- include "common.labels" $dot | nindent 2 -}}
- .publishNotReadyAddresses: if we publish not ready address
- .headless: if the service is headless
- .add_plain_port: add tls port AND plain port
+ - .labels : labels to add (dict)
+ - .matchLabels: selectors/machLabels to add (dict)
+ - .sessionAffinity: ClientIP - enables sticky sessions based on client IP, default: None
*/}}
{{- define "common.genericService" -}}
{{- $dot := default . .dot -}}
@@ -136,9 +141,12 @@ labels: {{- include "common.labels" $dot | nindent 2 -}}
{{- $ports := .ports -}}
{{- $headless := default false .headless -}}
{{- $add_plain_port := default false .add_plain_port }}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+{{- $sessionAffinity := default "None" $dot.Values.service.sessionAffinity -}}
apiVersion: v1
kind: Service
-metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot) | nindent 2 }}
+metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "labels" $labels "dot" $dot) | nindent 2 }}
spec:
{{- if $headless }}
clusterIP: None
@@ -148,7 +156,8 @@ spec:
publishNotReadyAddresses: true
{{- end }}
type: {{ $serviceType }}
- selector: {{- include "common.matchLabels" $dot | nindent 4 }}
+ selector: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 4 }}
+ sessionAffinity: {{ $sessionAffinity }}
{{- end -}}
{{/*
@@ -166,15 +175,19 @@ spec:
ports and the other one is NodePort (or LoadBalancer) with crypted port only.
*/}}
{{- define "common.service" -}}
-{{- $suffix := default "" .Values.service.suffix -}}
-{{- $annotations := default "" .Values.service.annotations -}}
-{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}}
-{{- $msb_informations := default "" .Values.service.msb -}}
-{{- $serviceType := .Values.service.type -}}
-{{- $ports := .Values.service.ports -}}
-{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" $dot.Values.service.suffix -}}
+{{- $annotations := default "" $dot.Values.service.annotations -}}
+{{- $publishNotReadyAddresses := default false $dot.Values.service.publishNotReadyAddresses -}}
+{{- $msb_informations := default "" $dot.Values.service.msb -}}
+{{- $serviceType := $dot.Values.service.type -}}
+{{- $ports := $dot.Values.service.ports -}}
+{{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+
{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
{{- if (ne $serviceType "ClusterIP") }}
---
{{- if $suffix }}
@@ -182,20 +195,23 @@ spec:
{{- else }}
{{- $suffix = "external" }}
{{- end }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
{{- end }}
{{- else }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
{{- end }}
{{- end -}}
{{/* Create headless service template */}}
{{- define "common.headlessService" -}}
-{{- $suffix := include "common._makeHeadlessSuffix" . -}}
-{{- $annotations := default "" .Values.service.headless.annotations -}}
-{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}}
-{{- $ports := .Values.service.headlessPorts -}}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true ) }}
+{{- $dot := default . .dot -}}
+{{- $suffix := include "common._makeHeadlessSuffix" $dot -}}
+{{- $annotations := default "" $dot.Values.service.headless.annotations -}}
+{{- $publishNotReadyAddresses := default false $dot.Values.service.headless.publishNotReadyAddresses -}}
+{{- $ports := $dot.Values.service.headlessPorts -}}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }}
{{- end -}}
{{/*
diff --git a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json
index ebec0adc6f..27df701b80 100644
--- a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json
+++ b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json
@@ -27,9 +27,9 @@
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json
index 7ca5251d40..da0727c3a7 100644
--- a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json
+++ b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json
@@ -27,9 +27,9 @@
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json b/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json
index 0647844a7c..655076a901 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json
+++ b/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json
@@ -27,9 +27,9 @@
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml
index c5577a1cdb..0bbda1a364 100644
--- a/kubernetes/sdnc/templates/service.yaml
+++ b/kubernetes/sdnc/templates/service.yaml
@@ -35,33 +35,45 @@ metadata:
}
]'
spec:
- type: {{ .Values.service.type }}
+ type: NodePort
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
+ - name: "{{ .Values.service.portName }}-restconf"
{{ if not .Values.global.aafEnabled }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- {{ end }}
- name: "{{ .Values.service.portName }}-8282"
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: "{{ .Values.service.portName }}-8202"
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: "{{ .Values.service.portName }}-8280"
- - port: {{ .Values.service.externalPort4 }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
- {{ if .Values.global.aafEnabled }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
{{ end }}
- name: "{{ .Values.service.portName }}-8443"
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ .Values.service.name }}-oam"
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ ports:
+ - name: "{{ .Values.service.portName }}-restconf-alt"
+ {{ if .Values.global.aafEnabled }}
+ port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ {{- else -}}
+ port: {{ .Values.service.internalPort4 }}
+ target: {{ .Values.service.internalPort4 }}
+ {{ end }}
+ - name: "{{ .Values.service.portName }}-karaf"
+ port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 8fd7590863..0e7d97f3ad 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -198,7 +198,7 @@ aaf_init:
mariadb-galera: &mariadbGalera
nameOverride: sdnc-db
- config:
+ config: &mariadbGaleraConfig
rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}'
userName: sdnctl
userCredentialsExternalSecret: *dbSecretName
@@ -217,8 +217,9 @@ cds:
dmaap-listener:
nameOverride: sdnc-dmaap-listener
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
@@ -229,8 +230,9 @@ dmaap-listener:
ueb-listener:
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
nameOverride: sdnc-ueb-listener
config:
@@ -241,8 +243,9 @@ ueb-listener:
sdnc-portal:
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
@@ -253,8 +256,9 @@ sdnc-ansible-server:
config:
restCredsExternalSecret: *ansibleSecretName
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: ansible
service:
name: sdnc-ansible-server
@@ -306,13 +310,10 @@ service:
#port
externalPort: 8282
- nodePort: "02"
externalPort2: 8202
- nodePort2: "08"
externalPort3: 8280
- nodePort3: 46
externalPort4: 8443
nodePort4: 67
diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml
index ffebc4c794..117d270ab0 100755
--- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml
@@ -105,7 +105,12 @@ mso:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
msoKey: {{ .Values.mso.msoKey }}
config:
+ {{ if eq .Values.global.security.aaf.enabled true }}
cadi: {{ include "cadi.keys" . | nindent 8}}
+ {{- else }}
+ cadi:
+ aafId: {{ .Values.mso.basicUser }}
+ {{- end }}
catalog:
db:
spring:
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index a792ff9acd..807d2a6c7e 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -231,6 +231,7 @@ so-openstack-adapter:
mso:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ basicUser: poBpmn
config:
cadi:
aafId: so@so.onap.org
diff --git a/kubernetes/vid/resources/certs/org.onap.vid.jks b/kubernetes/vid/resources/certs/org.onap.vid.jks
index 2b9338dc74..a05f12d857 100644
--- a/kubernetes/vid/resources/certs/org.onap.vid.jks
+++ b/kubernetes/vid/resources/certs/org.onap.vid.jks
Binary files differ
diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml
index fb8f1a04f8..f22ea19e56 100644
--- a/kubernetes/vid/values.yaml
+++ b/kubernetes/vid/values.yaml
@@ -51,7 +51,7 @@ config:
userName: vidadmin
# userCredentialsExternalSecret: some secret
# userPassword: password
- vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!'
+ vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g'
asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
asdcclientrestport: "8443"
vidaaiport: "8443"