diff options
46 files changed, 598 insertions, 51 deletions
diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst index 70f5190e8a..4b3ec92ccb 100644 --- a/docs/oom_cloud_setup_guide.rst +++ b/docs/oom_cloud_setup_guide.rst @@ -60,10 +60,6 @@ The versions of Kubernetes that are supported by OOM are as follows: Istanbul 1.19.11 3.6.3 1.19.11 19.03.x 1.5.4 ============== =========== ======= ======== ======== ============ -.. note:: - Guilin version also supports Kubernetes up to version 1.19.x and should work - with Helm with version up to 3.3.x but has not been thoroughly tested. - Minimum Hardware Configuration ============================== diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 2059251928..74f8c57f6e 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -15,8 +15,8 @@ .. _Kubernetes LoadBalancer: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer .. _user-guide-label: -OOM User Guide helm3 (experimental) -################################### +OOM User Guide +############## The ONAP Operations Manager (OOM) provide the ability to manage the entire life-cycle of an ONAP installation, from the initial deployment to final @@ -64,7 +64,7 @@ Enter the following to install kubectl (on Ubuntu, there are slight differences on other O/Ss), the Kubernetes command line interface used to manage a Kubernetes cluster:: - > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl + > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.11/bin/linux/amd64/kubectl > chmod +x ./kubectl > sudo mv ./kubectl /usr/local/bin/kubectl > mkdir ~/.kube @@ -88,8 +88,8 @@ Install Helm Helm is used by OOM for package and configuration management. To install Helm, enter the following:: - > wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz - > tar -zxvf helm-v3.5.2-linux-amd64.tar.gz + > wget https://get.helm.sh/helm-v3.6.3-linux-amd64.tar.gz + > tar -zxvf helm-v3.6.3-linux-amd64.tar.gz > sudo mv linux-amd64/helm /usr/local/bin/helm Verify the Helm version with:: diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 07d12343a8..489390d8f1 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -63,7 +63,7 @@ certInitializer: echo "*** change ownership of certificates to targeted user" chown -R 1000 . -image: onap/ccsdk-oran-a1policymanagementservice:1.2.1 +image: onap/ccsdk-oran-a1policymanagementservice:1.2.3 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID pullPolicy: IfNotPresent diff --git a/kubernetes/common/common/templates/_log.tpl b/kubernetes/common/common/templates/_log.tpl index dc714aecc4..81420468b0 100644 --- a/kubernetes/common/common/templates/_log.tpl +++ b/kubernetes/common/common/templates/_log.tpl @@ -31,10 +31,12 @@ {{- end -}} {{- define "common.log.volumes" -}} -{{- if .Values.global.centralizedLoggingEnabled }} +{{- $dot := default . .dot }} +{{- if $dot.Values.global.centralizedLoggingEnabled }} +{{- $configMapName := printf "%s-filebeat" (default (include "common.fullname" $dot) .configMapNamePrefix) }} - name: filebeat-conf configMap: - name: {{ include "common.fullname" . }}-filebeat + name: {{ $configMapName }} - name: filebeat-data emptyDir: {} {{- end -}} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 681c6afc4f..fa1f6c3e62 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -69,7 +69,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-dgbuilder-image:1.2.1 +image: onap/ccsdk-dgbuilder-image:1.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 8ca5374bbd..9bdf19c7ec 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -93,6 +93,8 @@ spec: value: "{{ .Values.config.aaiUri }}" - name: AAI_AUTH value: "{{ .Values.config.aaiAuth }}" + - name: DISABLE_HOST_VERIFICATION + value: "{{ .Values.config.disableHostVerification }}" volumeMounts: - name: certs mountPath: /opt/etc/config/aai_keystore diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index c1717c3d24..6937facf6f 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -74,7 +74,7 @@ mariadb-init: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-apps-ms-neng:1.2.0 +image: onap/ccsdk-apps-ms-neng:1.2.1 pullPolicy: IfNotPresent # application configuration @@ -90,6 +90,7 @@ config: polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision polEnv: TEST polReqId: xx + disableHostVerification: true aaiCertPass: changeit aaiCertPath: /opt/etc/config/aai_keystore aaiAuth: QUFJOkFBSQ== diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml index 2e5018807c..8e71114c8c 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml @@ -20,7 +20,7 @@ dmi: service: - name: {{ .Values.config.dmiServiceName }} + url: {{ .Values.config.dmiServiceUrl }} cps-core: baseUrl: {{ .Values.config.cpsCore.url }} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml index 234f9eb646..a4a56dee80 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml @@ -47,7 +47,7 @@ global: virtualhost: baseurl: "simpledemo.onap.org" -image: onap/ncmp-dmi-plugin:1.0.0 +image: onap/ncmp-dmi-plugin:1.0.1 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 @@ -147,7 +147,7 @@ config: spring: profile: helm - dmiServiceName: http://*svc_name:*svc_port + dmiServiceUrl: http://*svc_name:*svc_port sdnc: url: http://sdnc:8181 username: admin diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml index 2e8b4cd4e8..f01edd240b 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml @@ -37,8 +37,10 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" restartPolicy: Never containers: - name: dcae-cleanup image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cleanupImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
\ No newline at end of file + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 3983d932a0..3318a199f1 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.6.0 +image: onap/policy-apex-pdp:2.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 87ddd73adf..26ed0a77eb 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -36,7 +36,7 @@ secrets: passwordPolicy: required - uid: restserver-creds type: basicAuth - externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.5.0 +image: onap/policy-api:2.5.1 pullPolicy: Always # flag to enable debugging - application support required @@ -94,7 +94,7 @@ db: restServer: user: healthcheck - password: zb!XztG34 + password: none # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index 518e7b13a2..35011dea1d 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -70,7 +70,7 @@ secrets: flavor: small # application image -image: onap/policy-clamp-backend:6.1.2 +image: onap/policy-clamp-backend:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml index 74cf74f36d..f98fce1137 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml @@ -72,7 +72,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-k8s-ppnt:6.1.2 +image: onap/policy-clamp-cl-k8s-ppnt:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml new file mode 100644 index 0000000000..bdca3aaf16 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Policy Clamp Controlloop Policy Participant +name: policy-clamp-cl-pf-ppnt +version: 9.0.0 diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/requirements.yaml new file mode 100644 index 0000000000..e6af3b046f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/requirements.yaml @@ -0,0 +1,31 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~9.x-0 + repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml new file mode 100644 index 0000000000..8a6c60e352 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -0,0 +1,62 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +participant: + pdpGroup: defaultGroup + pdpType: apex + policyApiParameters: + clientName: api + hostname: policy-api + port: 6969 + userName: ${API_USER} + password: ${API_PASSWORD} + https: true + allowSelfSignedCerts: true + policyPapParameters: + clientName: pap + hostname: policy-pap + port: 6969 + userName: ${PAP_USER} + password: ${PAP_PASSWORD} + https: true + allowSelfSignedCerts: true + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: org.onap.PM_Policy + version: 1.0.0 + participantType: + name: org.onap.policy.controlloop.PolicyControlLoopParticipant + version: 2.3.1 + clampControlLoopTopics: + topicSources: + - + topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: true + topicSinks: + - + topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml new file mode 100644 index 0000000000..1447eb49fc --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2021 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pf-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pf-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pf-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pf-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pf-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pf-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml new file mode 100644 index 0000000000..09cc8cd48f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml new file mode 100644 index 0000000000..2317194e96 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml @@ -0,0 +1,102 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }} + - name: PAP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "login") | indent 10 }} + - name: PAP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: cl-pf-ppnt-config + - mountPath: /config + name: cl-pf-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/policy-participant.sh /opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/policy-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: cl-pf-ppnt-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: cl-pf-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: cl-pf-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml new file mode 100644 index 0000000000..f0f3c5e993 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml new file mode 100644 index 0000000000..791b785502 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml @@ -0,0 +1,125 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: api-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' + login: '{{ .Values.restServer.api.user }}' + password: '{{ .Values.restServer.api.password }}' + passwordPolicy: required + - uid: pap-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' + login: '{{ .Values.restServer.pap.user }}' + password: '{{ .Values.restServer.pap.password }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-cl-pf-ppnt-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-cl-pf-ppnt:6.1.3 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +# application configuration +restServer: + api: + user: healthcheck + password: none + pap: + user: healthcheck + password: none + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-cl-pf-ppnt + roles: + - read diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml index 4cf9e67c99..c0044e2cd1 100644 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-runtime:6.1.2 +image: onap/policy-clamp-cl-runtime:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml index 9e021c8d0e..e5587411d5 100644 --- a/kubernetes/policy/components/policy-clamp-fe/values.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -60,7 +60,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-clamp-frontend:6.1.2 +image: onap/policy-clamp-frontend:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 1614bd840e..2d80fbb216 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -67,7 +67,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.6.0 +image: onap/policy-distribution:2.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 678cce74ee..fa0fda80e1 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:1.9.0 +image: onap/policy-pdpd-cl:1.9.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index 460a83d9b2..a1810d387c 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -63,7 +63,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-gui:2.1.0 +image: onap/policy-gui:2.1.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index c373e04cf2..d7135524d3 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -38,13 +38,13 @@ secrets: passwordPolicy: required - uid: restserver-secret type: basicAuth - externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required - uid: api-secret type: basicAuth - externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' login: '{{ .Values.healthCheckRestClient.api.user }}' password: '{{ .Values.healthCheckRestClient.api.password }}' passwordPolicy: required @@ -92,7 +92,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.5.0 +image: onap/policy-pap:2.5.1 pullPolicy: Always # flag to enable debugging - application support required @@ -109,12 +109,12 @@ db: restServer: user: healthcheck - password: zb!XztG34 + password: none healthCheckRestClient: api: user: healthcheck - password: zb!XztG34 + password: none distribution: user: healthcheck password: zb!XztG34 diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 91984cc81b..7c2d1b13a8 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -83,7 +83,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.5.0 +image: onap/policy-xacml-pdp:2.5.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index 65ca87b2a4..246e129234 100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -70,6 +70,10 @@ dependencies: version: ~9.x-0 repository: 'file://components/policy-gui' condition: policy-gui.enabled + - name: policy-clamp-cl-pf-ppnt + version: ~9.x-0 + repository: 'file://components/policy-clamp-cl-pf-ppnt' + condition: policy-clamp-cl-pf-ppnt.enabled - name: repositoryGenerator version: ~9.x-0 repository: '@local' diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 29603690b8..33602a97d0 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -52,6 +52,20 @@ secrets: login: '{{ .Values.config.policyAppUserName }}' password: '{{ .Values.config.policyAppUserPassword }}' passwordPolicy: generate + - uid: policy-pap-user-creds + name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyPapUserName }}' + password: '{{ .Values.restServer.policyPapUserPassword }}' + passwordPolicy: required + - uid: policy-api-user-creds + name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyApiUserName }}' + password: '{{ .Values.restServer.policyApiUserPassword }}' + passwordPolicy: required db: &dbSecretsHook credsExternalSecret: *dbSecretName @@ -59,9 +73,14 @@ db: &dbSecretsHook policy-api: enabled: true db: *dbSecretsHook + restServer: + apiUserExternalSecret: *policyApiCredsSecret policy-pap: enabled: true db: *dbSecretsHook + restServer: + papUserExternalSecret: *policyPapCredsSecret + apiUserExternalSecret: *policyApiCredsSecret policy-xacml-pdp: enabled: true db: *dbSecretsHook @@ -83,6 +102,11 @@ policy-clamp-fe: enabled: true policy-clamp-cl-k8s-ppnt: enabled: true +policy-clamp-cl-pf-ppnt: + enabled: true + restServer: + apiUserExternalSecret: *policyApiCredsSecret + papUserExternalSecret: *policyPapCredsSecret policy-nexus: enabled: false policy-clamp-cl-runtime: @@ -104,7 +128,7 @@ mariadb: image: mariadb:10.5.8 dbmigrator: - image: onap/policy-db-migrator:2.3.0 + image: onap/policy-db-migrator:2.3.1 schema: policyadmin policy_home: "/opt/app/policy" @@ -156,6 +180,12 @@ mariadb-galera: serviceAccount: nameOverride: *policy-mariadb +restServer: + policyPapUserName: healthcheck + policyPapUserPassword: zb!XztG34 + policyApiUserName: healthcheck + policyApiUserPassword: zb!XztG34 + # Resource Limit flavor -By Default using small # Segregation for Different environment (small, large, or unlimited) flavor: small diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index d769f628eb..521912e1ce 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.9.3 -backendInitImage: onap/sdc-backend-init:1.9.3 +image: onap/sdc-backend-all-plugins:1.9.4 +backendInitImage: onap/sdc-backend-init:1.9.4 pullPolicy: Always diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 223e023b28..a36fdb5c0d 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -38,8 +38,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.9.3 -cassandraInitImage: onap/sdc-cassandra-init:1.9.3 +image: onap/sdc-cassandra:1.9.4 +cassandraInitImage: onap/sdc-cassandra-init:1.9.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index d563e80f42..24257994b3 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.9.3 +image: onap/sdc-frontend:1.9.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 1bce6b17af..4d20b7d626 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.9.3 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.3 +image: onap/sdc-onboard-backend:1.9.4 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 95aba913a3..1c8bd5a26f 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.2.0 +image: onap/sdnc-dmaap-listener-image:2.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 7294dbccc7..6b4c5a25c5 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.2.0 +image: onap/sdnc-ansible-server-image:2.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index 803488b054..eafb3f2ec0 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.2.0" +image: "onap/sdnc-web-image:2.2.1" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index b58154fd1a..aba55dd693 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.2.0 +image: onap/sdnc-ueb-listener-image:2.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 785435a478..d244f9c455 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -206,7 +206,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.2.0 +image: onap/sdnc-image:2.2.1 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml index b7e8dd9098..2b6fff63c8 100755 --- a/kubernetes/so/components/so-cnf-adapter/values.yaml +++ b/kubernetes/so/components/so-cnf-adapter/values.yaml @@ -76,7 +76,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/so-cnf-adapter:1.9.1 +image: onap/so/so-cnf-adapter:1.9.2 pullPolicy: Always readinessCheck: diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml index 09f61a5320..2489ddd75e 100755 --- a/kubernetes/so/components/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -75,7 +75,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/so-nssmf-adapter:1.8.3 +image: onap/so/so-nssmf-adapter:1.9.1 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml index 15f08bccc6..e332f98302 100755 --- a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml @@ -57,7 +57,11 @@ org: onap: so: adapters: + {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }} + default_keystone_url_version: /v3 + {{- else }} default_keystone_url_version: /v2.0 + {{- end }} default_keystone_reg_ex: "/[vV][0-9]" vnf: bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} @@ -79,7 +83,11 @@ org: retrylist: 408,429,500,502,503,504,900 encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 tenant: + {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }} + default_keystone_url_version: /v3 + {{- else }} default_keystone_url_version: /v2.0 + {{- end }} default_keystone_reg_ex: "/[vV][0-9]" default_tenant_description: Tenant default_region_type: single diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml index 2ac829592c..ab97d406a4 100755 --- a/kubernetes/so/components/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -150,6 +150,8 @@ config: openStackServiceTenantName: "service" openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" openStackTenantId: "d570c718cbc545029f40e50b75eb13df" + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/resources/config/mso/mso-docker.json b/kubernetes/so/resources/config/mso/mso-docker.json index 167a8edc09..119a31304a 100755 --- a/kubernetes/so/resources/config/mso/mso-docker.json +++ b/kubernetes/so/resources/config/mso/mso-docker.json @@ -84,13 +84,17 @@ [ { "dcp_clli": "DEFAULT_KEYSTONE", + {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }} + "identity_url": "{{ .Values.config.openStackKeyStoneUrl }}/v3", + {{- else }} "identity_url": "{{ .Values.config.openStackKeyStoneUrl }}/v2.0", + {{- end }} "mso_id": "{{ .Values.config.openStackUserName }}", "mso_pass": "{{ .Values.config.openStackEncryptedPasswordHere }}", "admin_tenant":"{{ .Values.config.openStackServiceTenantName }}", "member_role": "admin", "tenant_metadata": "true", - "identity_server_type": "KEYSTONE", + "identity_server_type": "{{ .Values.config.openStackKeystoneVersion }}", "identity_authentication_type": "USERNAME_PASSWORD" } ], diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 988b8ef585..b14c014bc0 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -257,6 +257,8 @@ affinity: {} config: logstashServiceName: log-ls logstashPort: 5044 + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" #Used only if localCluster is enabled. Instantiates SO's own cassandra cluster #helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \ |