diff options
23 files changed, 213 insertions, 137 deletions
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml index 3f7782c604..dd04c93bd7 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml +++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml @@ -46,8 +46,8 @@ flavor: small resources: small: limits: - cpu: 20m - memory: 50Mi + cpu: 50m + memory: 100Mi requests: cpu: 10m memory: 10Mi diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 0e0f339e11..17872d7f12 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -128,16 +128,16 @@ - name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} emptyDir: medium: Memory -{{- if $initRoot.aaf_add_config }} -- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} - configMap: - name: {{ include "common.fullname" $subchartDot }}-add-config - defaultMode: 0700 - name: aaf-agent-certs configMap: name: {{ include "common.fullname" $subchartDot }}-certs defaultMode: 0700 +{{- if $initRoot.aaf_add_config }} +- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + configMap: + name: {{ include "common.fullname" $subchartDot }}-add-config + defaultMode: 0700 {{- end -}} {{- end -}} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index 9bee0510cd..8a03e90333 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -65,6 +65,19 @@ spec: volumeMounts: - mountPath: /opt/app/osaaf name: tls-info + {{- if .Values.persistence.enabled }} + - name: remove-lost-found + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /cfy-persist + name: cm-persistent + command: + - /bin/sh + args: + - -c + - "rm -rf '/cfy-persist/lost+found';" + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 25ddfc7558..aff40d4a6a 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -22,5 +22,7 @@ global: tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 consulLoaderRepository: nexus3.onap.org:10001 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 + busyboxRepository: docker.io + busyboxImage: library/busybox:1.30 redis: replicaCount: 6 diff --git a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml index e0d80e7515..656fee77f8 100644 --- a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml @@ -16,6 +16,9 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' - name: postgres version: ~6.x-0 repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/aaf/org.onap.dmaap-bc.props b/kubernetes/dmaap/components/dmaap-bc/resources/aaf/org.onap.dmaap-bc.props deleted file mode 100644 index 3c29073e7a..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/resources/aaf/org.onap.dmaap-bc.props +++ /dev/null @@ -1,15 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2019-03-22T17:37:33.690+0000 -# @copyright 2016, AT&T -############################################################ -aaf_env=DEV -aaf_id=dmaap-bc@dmaap-bc.onap.org -aaf_locate_url={{ .Values.aafLocateUrl }} -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 -cadi_etc_dir=/opt/app/osaaf/local -cadi_latitude=38.000 -cadi_longitude=-72.000 -cadi_prop_files=/opt/app/osaaf/local/org.onap.dmaap-bc.location.props:/opt/app/osaaf/local/org.onap.dmaap-bc.cred.props -cm_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml index 46ef837504..37d39effd6 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml @@ -51,16 +51,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/dcaeLocations/*.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-aaf-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/aaf/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index a957acee9e..2cfa3738b2 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -43,63 +43,13 @@ spec: name: {{ include "common.name" . }}-update-config {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - command: - - /root/ready.py - args: - - --container-name - - aaf-locate - - --container-name - - aaf-cm - - --container-name - - aaf-service - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-aaf-config - image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config-vol - env: - - name: APP_FQI - value: "{{ .Values.aafConfig.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace }}:8095" - - name: aaf_locator_container - value: "{{ .Values.global.aafLocatorContainer }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aafConfig.fqdn }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.aafConfig.publicFqdn}}" - - name: aaf_locator_app_ns - value: "{{ .Values.global.aafAppNs }}" - - name: DEPLOY_FQI - value: "{{ .Values.aafConfig.aafDeployFqi }}" - - name: DEPLOY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.fullname" . }}-secret - key: aaf-deploy-password - - name: cadi_longitude - value: "{{ .Values.aafConfig.cadiLongitude }}" - - name: cadi_latitude - value: "{{ .Values.aafConfig.cadiLatitude }}" + +{{ include "common.certInitializer.initContainer" . | nindent 6 }} + - name: {{ include "common.name" . }}-permission-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config-vol + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} command: ["chown","-Rf","1000:1001", "/opt/app/"] # See AAF-425 for explanation of why this is needed. # This artifact is provisioned in AAF for both pks12 and jks format and apparently @@ -108,9 +58,7 @@ spec: - name: {{ include "common.name" . }}-cred-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config-vol + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} command: ["/bin/sh"] args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ] @@ -153,12 +101,10 @@ spec: scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config-vol # NOTE: on the following several configMaps, careful to include / at end # since there may be more than one file in each mountPath - name: {{ include "common.name" . }}-config @@ -170,15 +116,13 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime - name: {{ include "common.name" . }}-config-input configMap: name: {{ include "common.fullname" . }}-config - - name: {{ include "common.name" . }}-aaf-config-vol - emptyDir: {} - name: {{ include "common.name" . }}-config emptyDir: medium: Memory diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml index 25f5e7ad60..7074e4de9a 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml @@ -13,20 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{- if .Values.global.aafEnabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - aaf-deploy-password: {{ index .Values.aafConfig.aafDeployPass | b64enc | quote }} -{{- end }} ---- {{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index d975dbaad2..d9936d79f4 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -64,15 +64,21 @@ topicMgrPwd: demo123456! adminUser: aaf_admin@people.osaaf.org adminPwd: demo123456! -#AAF local config -aafConfig: +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: dmaap-bc-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret fqdn: dmaap-bc fqi: dmaap-bc@dmaap-bc.onap.org publicFqdn: dmaap-bc.onap.org cadiLatitude: 0.0 cadiLongitude: 0.0 + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local persistence: aafCredsPath: /opt/app/osaaf/local/ diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index a278a47e4a..30ca493775 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -62,7 +62,7 @@ mariadb-galera: flavor: small repository: nexus3.onap.org:10001 -image: onap/modeling/etsicatalog:1.0.5 +image: onap/modeling/etsicatalog:1.0.6 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json index 3b6813d3e3..767d1452cc 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -3,8 +3,8 @@ "restServerParameters": { "host": "0.0.0.0", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${RESTSERVER_USER}", + "password": "${RESTSERVER_PASSWORD}", "https": true }, "pdpStatusParameters":{ diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json index 57542c3510..5df0a26596 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json @@ -18,7 +18,7 @@ { "javaProperties" : [ ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"], - ["javax.net.ssl.trustStorePassword", "UG9sMWN5XzBuYXA="] + ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"] ], "engineServiceParameters": { "name": "MyApexEngine", diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml index 4d35509d9a..35f8aacb40 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml @@ -38,6 +38,27 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: + - command: + - sh + args: + - -c + - "export TRUSTSTORE_PASSWORD_BASE64=`echo -n ${TRUSTSTORE_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: apexconfig-input + - mountPath: /config + name: apexconfig + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -87,9 +108,12 @@ spec: path: /etc/localtime - name: policy-logs emptyDir: {} - - name: apexconfig + - name: apexconfig-input configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: apexconfig + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml index 1fdc215ff7..8730c9ef29 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml @@ -25,6 +25,21 @@ global: persistence: {} ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + - uid: truststore-pass + type: password + externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}' + password: '{{ .Values.truststore.password }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -37,6 +52,12 @@ debugEnabled: false # application configuration +restServer: + user: healthcheck + password: zb!XztG34 +truststore: + password: Pol1cy_0nap + # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/charts/policy-distribution/resources/config/config.json index 906263343a..4c42ed2353 100644 --- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/charts/policy-distribution/resources/config/config.json @@ -21,8 +21,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https":true }, "receptionHandlerParameters":{ @@ -61,8 +61,8 @@ "messageBusAddress": [ "message-router" ], - "user": "policy", - "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", + "user": "${SDCBE_USER}", + "password": "${SDCBE_PASSWORD}", "pollingInterval":20, "pollingTimeout":30, "consumerId": "policy-id", @@ -107,14 +107,14 @@ "apiParameters": { "hostName": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34" + "userName": "${API_USER}", + "password": "${API_PASSWORD}" }, "papParameters": { "hostName": "policy-pap", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34" + "userName": "${PAP_USER}", + "password": "${PAP_PASSWORD}" }, "isHttps": true, "deployPolicies": true diff --git a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml index 65961d8f8b..b3b017acd3 100644 --- a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml @@ -16,6 +16,37 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "apiparameters-creds" "key" "password") | indent 10 }} + - name: PAP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "login") | indent 10 }} + - name: PAP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "papparameters-creds" "key" "password") | indent 10 }} + - name: SDCBE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "login") | indent 10 }} + - name: SDCBE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdcbe-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: distributionconfig-input + - mountPath: /config + name: distributionconfig + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -58,9 +89,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: distributionconfig + - name: distributionconfig-input configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: distributionconfig + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml index 835bfc4656..c8d24e5563 100644 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/charts/policy-distribution/values.yaml @@ -18,10 +18,40 @@ # ============LICENSE_END========================================================= ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: apiparameters-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.apiParameters.credsExternalSecret) . }}' + login: '{{ .Values.apiParameters.user }}' + password: '{{ .Values.apiParameters.password }}' + passwordPolicy: required + - uid: papparameters-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.papParameters.credsExternalSecret) . }}' + login: '{{ .Values.papParameters.user }}' + password: '{{ .Values.papParameters.password }}' + passwordPolicy: required + - uid: sdcbe-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.sdcBe.credsExternalSecret) . }}' + login: '{{ .Values.sdcBe.user }}' + password: '{{ .Values.sdcBe.password }}' + passwordPolicy: required + +################################################################# # Global configuration defaults. ################################################################# global: persistence: {} + envsubstImage: dibi/envsubst ################################################################# # Application configuration defaults. @@ -36,6 +66,19 @@ debugEnabled: false # application configuration +restServer: + user: healthcheck + password: zb!XztG34 +apiParameters: + user: healthcheck + password: zb!XztG34 +papParameters: + user: healthcheck + password: zb!XztG34 +sdcBe: + user: policy + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + # default number of instances replicaCount: 1 diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties index eff236a962..6d5afef190 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties @@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH Latitude =50.000000 Longitude =-100.000000 Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events Environment =TEST Partner = routeOffer=MR1 @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties index 944b63f4c2..fcb56e08c3 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties @@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH Latitude =50.000000 Longitude =-100.000000 Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events Environment =TEST Partner = routeOffer=MR1 @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties index b670d436c0..a03871d428 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties @@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH Latitude =50.000000 Longitude =-100.000000 Version =1.0 -ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events Environment =TEST Partner = routeOffer=MR1 @@ -30,6 +30,6 @@ AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 AFT_DME2_EP_READ_TIMEOUT_MS=50000 sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt -sdnc.odl.user=$(ODL_USER} +sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations |