diff options
| -rw-r--r-- | docs/oom_hardcoded_certificates.rst | 18 | ||||
| -rw-r--r-- | docs/oom_project_description.rst | 1 | ||||
| -rw-r--r-- | kubernetes/common/common/templates/_aafconfig.tpl | 226 | ||||
| -rw-r--r-- | kubernetes/common/common/templates/_labels.tpl | 64 | ||||
| -rw-r--r-- | kubernetes/common/common/templates/_name.tpl | 22 | ||||
| -rw-r--r-- | kubernetes/common/common/templates/_service.tpl | 54 | ||||
| -rw-r--r-- | kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json | 4 | ||||
| -rw-r--r-- | kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json | 4 | ||||
| -rw-r--r-- | kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json | 4 | ||||
| -rw-r--r-- | kubernetes/sdnc/templates/service.yaml | 56 | ||||
| -rw-r--r-- | kubernetes/sdnc/values.yaml | 17 | ||||
| -rwxr-xr-x | kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml | 5 | ||||
| -rwxr-xr-x | kubernetes/so/values.yaml | 1 | ||||
| -rw-r--r-- | kubernetes/vid/resources/certs/org.onap.vid.jks | bin | 3612 -> 3597 bytes | |||
| -rw-r--r-- | kubernetes/vid/values.yaml | 2 |
15 files changed, 404 insertions, 74 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst new file mode 100644 index 0000000000..84ca2d0eed --- /dev/null +++ b/docs/oom_hardcoded_certificates.rst @@ -0,0 +1,18 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2018 Amdocs, Bell Canada + +.. Links +.. _hardcoded-certiticates-label: + +ONAP Hardcoded certificates +########################### + +ONAP current installation have hardcoded certificates. +Here's the list of these certificates: + + +----------------------------------------------------------------------------------+ + | Project | ONAP Certificate | Own Certificate | Path | + +============+==================+==================+===============================+ + | VID | No | Yes | kubernetes/vid/resources/cert | + +------------+------------------+------------------+-------------------------------+ diff --git a/docs/oom_project_description.rst b/docs/oom_project_description.rst index 6486f4bab7..7903b709d8 100644 --- a/docs/oom_project_description.rst +++ b/docs/oom_project_description.rst @@ -38,6 +38,7 @@ The OOM documentation is broken into four different areas each targeted at a dif - :ref:`user-guide-label` - a guide for operators of an ONAP instance - :ref:`developer-guide-label` - a guide for developers of OOM and ONAP - :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use +- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation The :ref:`release-notes-label` for OOM describe the incremental features per release. diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl new file mode 100644 index 0000000000..db7cbe8d8d --- /dev/null +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -0,0 +1,226 @@ +{{/* +# Copyright © 2020 Amdocs, Bell Canada, highstreet technologies GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + common templates to enable aaf configs for applictaions + + Parameter for aafConfig to be defined in values.yaml + aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" "<yourkey>" "dot" .) + # additional scripts can be defined to handle certs + addconfig: true|false + fqdn: "sdnc" + image: onap/aaf/aaf_agent:2.1.15 + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "aaf.osaaf.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + persistence: + enabled: true + config.volumeReclaimPolicy: Delete + config.accessMode: ReadWriteMany + config.size: 40M + config.storageClass: "manual" + config.mountPath: "/dockerdata-nfs" + config.mountSubPath: "sdnc/aaf" + # secrets configuration, Note: create a secrets template + secrets: + - uid: aaf-deploy-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required + + In deployments/jobs/stateful include: + initContainers: + {{ include "common.aaf-config" . | nindent XX}} + + containers: + volumeMounts: + {{- if .Values.global.aafEnabled }} + - mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- end }} + volumes: + {{- include "common.aaf-config-volumes" . | nindent XX}} + + If persistence.enabled = true + Create pvc: + {{ include "common.aaf-config-pvc" . }} + Create pv + {{ include "common.aaf-config-pv" . }} + +*/}} +{{- define "common.aaf-config" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +{{ if .Values.global.aafEnabled }} +- name: {{ include "common.name" . }}-aaf-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + - --container-name + - aaf-cm + - --container-name + - aaf-service + + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +- name: {{ include "common.name" . }}-aaf-config + image: {{ .Values.global.repository }}/{{index .Values $aafRoot "image" }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- if (index .Values $aafRoot "addconfig") }} + - name: aaf-add-config + mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh + subPath: aaf-add-config.sh + {{- end }} + command: + - sh + - -c + - | + #!/usr/bin/env bash + /opt/app/aaf_config/bin/agent.sh + {{- if (index .Values $aafRoot "addconfig") }} + /opt/app/aaf_config/bin/aaf-add-config.sh + {{- end }} + env: + - name: APP_FQI + value: "{{ index .Values $aafRoot "fqi" }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ index .Values $aafRoot "fqdn" }}" + - name: aaf_locator_app_ns + value: "{{ index .Values $aafRoot "app_ns" }}" + - name: DEPLOY_FQI + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 6 }} + - name: DEPLOY_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 6 }} + #Note: want to put this on Nodes, evenutally + - name: cadi_longitude + value: "{{ default "52.3" (index .Values $aafRoot "cadi_longitude") }}" + - name: cadi_latitude + value: "{{ default "13.2" (index .Values $aafRoot "cadi_latitude") }}" + #Hello specific. Clients don't don't need this, unless Registering with AAF Locator + - name: aaf_locator_public_fqdn + value: "{{ (index .Values $aafRoot "public_fqdn") | default "" }}" +{{- end -}} +{{- end -}} + + +{{- define "common.aaf-config-volume-mountpath" -}} +{{ if .Values.global.aafEnabled }} +- mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol +{{- end -}} +{{- end -}} + +{{- define "common.aaf-config-volumes" -}} +{{ if .Values.global.aafEnabled }} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +- name: {{ include "common.fullname" . }}-aaf-config-vol + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-aaf-config-pvc +{{- if (index .Values $aafRoot "addconfig") }} +- name: aaf-add-config + configMap: + name: {{ include "common.fullname" . }}-aaf-add-config + defaultMode: 0700 +{{- end }} +{{- end -}} +{{- end }} + +{{- define "common.aaf-config-pv" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +metadata: + name: {{ include "common.fullname" . }}-aaf-config-pv + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-aaf-config-pv + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ index .Values $aafRoot "persistence" "config" "size"}} + accessModes: + - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} + persistentVolumeReclaimPolicy: {{ index .Values $aafRoot "persistence" "config" "volumeReclaimPolicy" }} + hostPath: + path: {{ index .Values $aafRoot "persistence" "config" "mountPath" }}/{{ .Release.Name }}/{{ index .Values $aafRoot "persistence" "config" "mountSubPath" }} +{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} +{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" +{{- end }} +{{- end }} +{{- end -}} + +{{- define "common.aaf-config-pvc" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +metadata: + name: {{ include "common.fullname" . }}-aaf-config-pvc + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if (index .Values $aafRoot "persistence" "annotations") }} + annotations: +{{ toYaml (index .Values $aafRoot "persistence" "annotations" ) | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }}-aaf-config-pv + accessModes: + - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} + resources: + requests: + storage: {{ index .Values $aafRoot "persistence" "config" "size" }} +{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} +{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_labels.tpl b/kubernetes/common/common/templates/_labels.tpl index 95d51e17b7..854019c197 100644 --- a/kubernetes/common/common/templates/_labels.tpl +++ b/kubernetes/common/common/templates/_labels.tpl @@ -18,45 +18,81 @@ {{/* Common labels +The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .labels : labels to add (dict) */}} {{- define "common.labels" -}} -app.kubernetes.io/name: {{ include "common.name" . }} -helm.sh/chart: {{ include "common.chart" . }} -app.kubernetes.io/instance: {{ include "common.release" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- $dot := default . .dot -}} +app.kubernetes.io/name: {{ include "common.name" $dot }} +helm.sh/chart: {{ include "common.chart" $dot }} +app.kubernetes.io/instance: {{ include "common.release" $dot }} +app.kubernetes.io/managed-by: {{ $dot.Release.Service }} +{{ if .labels }} +{{- include "common.tplValue" (dict "value" .labels "context" $dot) }} +{{- end -}} {{- end -}} {{/* Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .matchLabels: selectors/matchlLabels to add (dict) */}} {{- define "common.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.name" . }} -app.kubernetes.io/instance: {{ include "common.release" . }} +{{- $dot := default . .dot -}} +{{- if not .matchLabels.nameNoMatch -}} +app.kubernetes.io/name: {{ include "common.name" $dot }} +{{- end }} +app.kubernetes.io/instance: {{ include "common.release" $dot }} +{{ if .matchLabels }} +{{$_ := unset .matchLabels "nameNoMatch"}} +{{- include "common.tplValue" (dict "value" .matchLabels "context" $dot) }} +{{- end -}} {{- end -}} {{/* Generate "top" metadata for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .labels: labels to add (dict) + - .suffix: suffix to name + */}} {{- define "common.resourceMetadata" -}} -name: {{ include "common.fullname" . }} -namespace: {{ include "common.namespace" . }} -labels: {{- include "common.labels" . | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" .suffix -}} +{{- $labels := default (dict) .labels -}} + +name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}} +namespace: {{ include "common.namespace" $dot }} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }} {{- end -}} {{/* Generate selectors for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .matchLabels: labels to add (dict) */}} {{- define "common.selectors" -}} -matchLabels: {{- include "common.matchLabels" . | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $matchLabels := default (dict) .matchLabels -}} +matchLabels: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 2 }} {{- end -}} {{/* Generate "template" metadata for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary) + - .dot : environment (.) + - .labels: labels to add (dict) */}} {{- define "common.templateMetadata" -}} -{{- if .Values.podAnnotations }} -annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $labels := default (dict) .labels -}} +{{- if $dot.Values.podAnnotations }} +annotations: {{- include "common.tplValue" (dict "value" $dot.Values.podAnnotations "context" $) | nindent 2 }} {{- end }} -labels: {{- include "common.labels" . | nindent 2 }} -name: {{ include "common.name" . }} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }} +name: {{ include "common.name" $dot }} {{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index 943078ff2f..e918cc1dd8 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -16,9 +16,14 @@ {{/* Expand the name of a chart. + The function takes from one to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix : add a suffix to the name */}} {{- define "common.name" -}} - {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} + {{- $dot := default . .dot -}} + {{- $suffix := .suffix -}} + {{- default $dot.Chart.Name $dot.Values.nameOverride | trunc 63 | trimSuffix "-" -}}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} {{- end -}} {{/* @@ -28,16 +33,25 @@ {{- define "common.fullnameExplicit" -}} {{- $dot := .dot }} {{- $name := .chartName }} - {{- printf "%s-%s" (include "common.release" $dot) $name | trunc 63 | trimSuffix "-" -}} + {{- $suffix := default "" .suffix -}} + {{- printf "%s-%s-%s" (include "common.release" $dot) $name $suffix | trunc 63 | trimSuffix "-" | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified application name. Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). + Usage: + include "common.fullname" . + include "common.fullname" (dict "suffix" "mySuffix" "dot" .) + The function takes from one to two arguments: + - .dot : environment (.) + - .suffix : add a suffix to the fullname */}} {{- define "common.fullname" -}} - {{- $name := default .Chart.Name .Values.nameOverride -}} - {{- include "common.fullnameExplicit" (dict "dot" . "chartName" $name) }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" .suffix -}} + {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}} + {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }} {{- end -}} {{/* diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index cd1595b0ca..8b430ef2bd 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -31,11 +31,12 @@ {{- end -}} {{/* Define the metadata of Service - The function takes from one to three arguments (inside a dictionary): + The function takes from one to four arguments (inside a dictionary): - .dot : environment (.) - .suffix : a string which will be added at the end of the name (with a '-'). - .annotations: the annotations to add - .msb_informations: msb information in order to create msb annotation + - .labels : labels to add Usage example: {{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }} {{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }} @@ -45,6 +46,7 @@ {{- $suffix := default "" .suffix -}} {{- $annotations := default "" .annotations -}} {{- $msb_informations := default "" .msb_informations -}} + {{- $labels := default (dict) .labels -}} {{- if or $annotations $msb_informations -}} annotations: {{- if $annotations }} @@ -65,7 +67,7 @@ annotations: {{- end }} name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} namespace: {{ include "common.namespace" $dot }} -labels: {{- include "common.labels" $dot | nindent 2 -}} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 -}} {{- end -}} {{/* Define the ports of Service @@ -125,6 +127,9 @@ labels: {{- include "common.labels" $dot | nindent 2 -}} - .publishNotReadyAddresses: if we publish not ready address - .headless: if the service is headless - .add_plain_port: add tls port AND plain port + - .labels : labels to add (dict) + - .matchLabels: selectors/machLabels to add (dict) + - .sessionAffinity: ClientIP - enables sticky sessions based on client IP, default: None */}} {{- define "common.genericService" -}} {{- $dot := default . .dot -}} @@ -136,9 +141,12 @@ labels: {{- include "common.labels" $dot | nindent 2 -}} {{- $ports := .ports -}} {{- $headless := default false .headless -}} {{- $add_plain_port := default false .add_plain_port }} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} +{{- $sessionAffinity := default "None" $dot.Values.service.sessionAffinity -}} apiVersion: v1 kind: Service -metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot) | nindent 2 }} +metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "labels" $labels "dot" $dot) | nindent 2 }} spec: {{- if $headless }} clusterIP: None @@ -148,7 +156,8 @@ spec: publishNotReadyAddresses: true {{- end }} type: {{ $serviceType }} - selector: {{- include "common.matchLabels" $dot | nindent 4 }} + selector: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 4 }} + sessionAffinity: {{ $sessionAffinity }} {{- end -}} {{/* @@ -166,15 +175,19 @@ spec: ports and the other one is NodePort (or LoadBalancer) with crypted port only. */}} {{- define "common.service" -}} -{{- $suffix := default "" .Values.service.suffix -}} -{{- $annotations := default "" .Values.service.annotations -}} -{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}} -{{- $msb_informations := default "" .Values.service.msb -}} -{{- $serviceType := .Values.service.type -}} -{{- $ports := .Values.service.ports -}} -{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" $dot.Values.service.suffix -}} +{{- $annotations := default "" $dot.Values.service.annotations -}} +{{- $publishNotReadyAddresses := default false $dot.Values.service.publishNotReadyAddresses -}} +{{- $msb_informations := default "" $dot.Values.service.msb -}} +{{- $serviceType := $dot.Values.service.type -}} +{{- $ports := $dot.Values.service.ports -}} +{{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} + {{- if (and (include "common.needTLS" .) $both_tls_and_plain) }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }} {{- if (ne $serviceType "ClusterIP") }} --- {{- if $suffix }} @@ -182,20 +195,23 @@ spec: {{- else }} {{- $suffix = "external" }} {{- end }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- else }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- end -}} {{/* Create headless service template */}} {{- define "common.headlessService" -}} -{{- $suffix := include "common._makeHeadlessSuffix" . -}} -{{- $annotations := default "" .Values.service.headless.annotations -}} -{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}} -{{- $ports := .Values.service.headlessPorts -}} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true ) }} +{{- $dot := default . .dot -}} +{{- $suffix := include "common._makeHeadlessSuffix" $dot -}} +{{- $annotations := default "" $dot.Values.service.headless.annotations -}} +{{- $publishNotReadyAddresses := default false $dot.Values.service.headless.publishNotReadyAddresses -}} +{{- $ports := $dot.Values.service.headlessPorts -}} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }} {{- end -}} {{/* diff --git a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json index ebec0adc6f..27df701b80 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json +++ b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json @@ -27,9 +27,9 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be:8443", + "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", "messageBusAddress": [ - "message-router" + "message-router.{{ include "common.namespace" . }}" ], "user": "multicloud", "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json index 7ca5251d40..da0727c3a7 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json +++ b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json @@ -27,9 +27,9 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be:8443", + "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", "messageBusAddress": [ - "message-router" + "message-router.{{ include "common.namespace" . }}" ], "user": "multicloud", "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", diff --git a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json b/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json index 0647844a7c..655076a901 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json +++ b/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json @@ -27,9 +27,9 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be:8443", + "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", "messageBusAddress": [ - "message-router" + "message-router.{{ include "common.namespace" . }}" ], "user": "multicloud", "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index c5577a1cdb..0bbda1a364 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -35,33 +35,45 @@ metadata: } ]' spec: - type: {{ .Values.service.type }} + type: NodePort ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} + - name: "{{ .Values.service.portName }}-restconf" {{ if not .Values.global.aafEnabled }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} - {{ end }} - name: "{{ .Values.service.portName }}-8282" - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: "{{ .Values.service.portName }}-8202" - - port: {{ .Values.service.externalPort3 }} - targetPort: {{ .Values.service.internalPort3 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: "{{ .Values.service.portName }}-8280" - - port: {{ .Values.service.externalPort4 }} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + {{- else -}} + port: {{ .Values.service.externalPort4 }} targetPort: {{ .Values.service.internalPort4 }} - {{ if .Values.global.aafEnabled }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} {{ end }} - name: "{{ .Values.service.portName }}-8443" - {{- else -}} - - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Values.service.name }}-oam" + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - name: "{{ .Values.service.portName }}-restconf-alt" + {{ if .Values.global.aafEnabled }} + port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} + {{- else -}} + port: {{ .Values.service.internalPort4 }} + target: {{ .Values.service.internalPort4 }} + {{ end }} + - name: "{{ .Values.service.portName }}-karaf" + port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 8fd7590863..0e7d97f3ad 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -198,7 +198,7 @@ aaf_init: mariadb-galera: &mariadbGalera nameOverride: sdnc-db - config: + config: &mariadbGaleraConfig rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}' userName: sdnctl userCredentialsExternalSecret: *dbSecretName @@ -217,8 +217,9 @@ cds: dmaap-listener: nameOverride: sdnc-dmaap-listener mariadb-galera: - << : *mariadbGalera + <<: *mariadbGalera config: + <<: *mariadbGaleraConfig mysqlDatabase: *sdncDbName config: sdncChartName: sdnc @@ -229,8 +230,9 @@ dmaap-listener: ueb-listener: mariadb-galera: - << : *mariadbGalera + <<: *mariadbGalera config: + <<: *mariadbGaleraConfig mysqlDatabase: *sdncDbName nameOverride: sdnc-ueb-listener config: @@ -241,8 +243,9 @@ ueb-listener: sdnc-portal: mariadb-galera: - << : *mariadbGalera + <<: *mariadbGalera config: + <<: *mariadbGaleraConfig mysqlDatabase: *sdncDbName config: sdncChartName: sdnc @@ -253,8 +256,9 @@ sdnc-ansible-server: config: restCredsExternalSecret: *ansibleSecretName mariadb-galera: - << : *mariadbGalera + <<: *mariadbGalera config: + <<: *mariadbGaleraConfig mysqlDatabase: ansible service: name: sdnc-ansible-server @@ -306,13 +310,10 @@ service: #port externalPort: 8282 - nodePort: "02" externalPort2: 8202 - nodePort2: "08" externalPort3: 8280 - nodePort3: 46 externalPort4: 8443 nodePort4: 67 diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml index ffebc4c794..117d270ab0 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml @@ -105,7 +105,12 @@ mso: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine msoKey: {{ .Values.mso.msoKey }} config: + {{ if eq .Values.global.security.aaf.enabled true }} cadi: {{ include "cadi.keys" . | nindent 8}} + {{- else }} + cadi: + aafId: {{ .Values.mso.basicUser }} + {{- end }} catalog: db: spring: diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index a792ff9acd..807d2a6c7e 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -231,6 +231,7 @@ so-openstack-adapter: mso: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + basicUser: poBpmn config: cadi: aafId: so@so.onap.org diff --git a/kubernetes/vid/resources/certs/org.onap.vid.jks b/kubernetes/vid/resources/certs/org.onap.vid.jks Binary files differindex 2b9338dc74..a05f12d857 100644 --- a/kubernetes/vid/resources/certs/org.onap.vid.jks +++ b/kubernetes/vid/resources/certs/org.onap.vid.jks diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index fb8f1a04f8..f22ea19e56 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -51,7 +51,7 @@ config: userName: vidadmin # userCredentialsExternalSecret: some secret # userPassword: password - vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!' + vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g' asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=" asdcclientrestport: "8443" vidaaiport: "8443" |