aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore3
-rw-r--r--docs/oom_quickstart_guide.rst21
-rw-r--r--kubernetes/aaf/.gitignore1
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml5
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/values.yaml2
-rw-r--r--kubernetes/common/Makefile2
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml4
-rw-r--r--kubernetes/common/common/templates/_certificate.tpl192
-rw-r--r--kubernetes/common/readinessCheck/requirements.yaml3
-rw-r--r--kubernetes/common/readinessCheck/templates/_readinessCheck.tpl2
-rw-r--r--kubernetes/common/readinessCheck/values.yaml1
-rw-r--r--kubernetes/contrib/.gitignore1
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml29
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml5
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml2
-rwxr-xr-xkubernetes/onap/values.yaml28
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/values.yaml2
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml2
-rw-r--r--kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal.cql6
-rw-r--r--kubernetes/portal/components/portal-cassandra/templates/deployment.yaml59
-rw-r--r--kubernetes/portal/components/portal-cassandra/values.yaml11
-rw-r--r--kubernetes/sdnc/templates/certificates.yaml19
-rw-r--r--kubernetes/sdnc/values.yaml26
-rw-r--r--kubernetes/uui/components/uui-server/values.yaml2
24 files changed, 381 insertions, 47 deletions
diff --git a/.gitignore b/.gitignore
index 11c7e801d7..cb4cb34579 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,6 @@ requirements.lock
# Mac OS
*DS_Store*
+
+# dist
+dist
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 51c28c2ca3..2c1e48e01b 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -78,6 +78,8 @@ openssl algorithm that works with the python based Robot Framework.
cd so/resources/config/mso/
/oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p``
+ Use OS_PASSWORD value from openstack .RC file for "openstack tenant password"
+
c. Generating SO Encrypted Password:
The SO Encrypted Password uses a java based encryption utility since the
Java encryption library is not easy to integrate with openssl/python that
@@ -87,7 +89,7 @@ Robot uses in Dublin and upper versions.
To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword``
ensure `default-jdk` is installed::
- apt-get update; apt-get install default-jdk
+ sudo apt-get update; sudo apt-get install default-jdk
Then execute::
@@ -130,6 +132,10 @@ observe the following constraints.
deployment need not worry about this setting but for the demonstration VNFs
the ip asssignment strategy assumes 10.0 ip prefix.
+.. note::
+ Copy below required openstack.yaml file and update the parameters for the variables
+ accordingly from openstack environment (openrc file) and replace
+
Example Keystone v2.0
.. literalinclude:: example-integration-override.yaml
@@ -246,4 +252,17 @@ for use::
> helm undeploy dev --purge
+.. note::
+ After undeploy follow the below steps to cleanup everything before redeplying ONAP
+
+::
+
+ > kubectl delete namespace onap
+
+ > kubectl delete pv -n onap --all
+
+ > kubectl delete pvc -n onap --all
+
+ > sudo rm -rf /dockerdata-nfs/*
+
More examples of using the deploy and undeploy plugins can be found here: https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins
diff --git a/kubernetes/aaf/.gitignore b/kubernetes/aaf/.gitignore
index 3a4f8ba352..71fbb5cbb9 100644
--- a/kubernetes/aaf/.gitignore
+++ b/kubernetes/aaf/.gitignore
@@ -1 +1,2 @@
/sms/
+components/dist
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index f321e54fd1..9645b20cd2 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -109,11 +109,8 @@ spec:
env:
- name: APP_CONFIG_HOME
value: {{ .Values.config.appConfigDir }}
- - name: USE_SCRIPT_COMPILE_CACHE
- value: {{ .Values.config.useScriptCompileCache | quote }}
- # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly
- name: CLUSTER_ENABLED
- value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
+ value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
- name: CLUSTER_ID
value: {{ .Values.cluster.clusterName }}
- name: CLUSTER_NODE_ID
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index 629b8252cc..1b456983f7 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -60,7 +60,6 @@ debugEnabled: false
# application configuration
config:
appConfigDir: /opt/app/onap/config
- useScriptCompileCache: false
sdncDB:
dbService: mariadb-galera
dbPort: 3306
@@ -130,7 +129,6 @@ persistence:
cluster:
# Cannot have cluster enabled if the replicaCount is not at least 3
- # AND config value useScriptCompileCache is not set to false
enabled: true
clusterName: cds-cluster
diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile
index 43d62f1a82..c7aba635c1 100644
--- a/kubernetes/common/Makefile
+++ b/kubernetes/common/Makefile
@@ -21,7 +21,7 @@ COMMON_CHARTS_DIR := common
EXCLUDES :=
PROCESSED_LAST := cert-wrapper repository-wrapper
-PROCESSED_FIRST := repositoryGenerator certInitializer
+PROCESSED_FIRST := repositoryGenerator readinessCheck certInitializer
TO_FILTER := $(PROCESSED_FIRST) $(EXCLUDES) $(PROCESSED_LAST)
HELM_BIN := helm
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index c22f9731b5..19b87b1afa 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -14,7 +14,7 @@
global:
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
secretName: oom-cert-service-client-tls-secret
envVariables:
# Certificate related
@@ -29,5 +29,5 @@ global:
keystorePassword: "secret"
truststorePassword: "secret"
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.1
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.2
diff --git a/kubernetes/common/common/templates/_certificate.tpl b/kubernetes/common/common/templates/_certificate.tpl
new file mode 100644
index 0000000000..74f81af901
--- /dev/null
+++ b/kubernetes/common/common/templates/_certificate.tpl
@@ -0,0 +1,192 @@
+{{/*#
+# Copyright © 2020, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.*/}}
+
+{{/*
+# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
+#
+# To request a certificate following steps are to be done:
+# - create an object 'certificates' in the values.yaml
+# - create a file templates/certificates.yaml and invoke the function "commom.certificate".
+#
+# Here is an example of the certificate request for a component:
+#
+# Directory structure:
+# component
+# templates
+# certifictes.yaml
+# values.yaml
+#
+# To be added in the file certificates.yamll
+#
+# To be added in the file values.yaml
+# 1. Minimal version (certificates only in PEM format)
+# certificates:
+# - name: onap-component-certificate
+# secretName: onap-component-certificate
+# commonName: component.onap.org
+# 2. Extended version (with defined own issuer and additional certificate format):
+# certificates:
+# - name: onap-component-certificate
+# secretName: onap-component-certificate
+# commonName: component.onap.org
+# dnsNames:
+# - component.onap.org
+# issuer:
+# group: certmanager.onap.org
+# kind: CMPv2Issuer
+# name: cmpv2-issuer-for-the-component
+# p12Keystore:
+# create: true
+# passwordSecretRef:
+# name: secret-name
+# key: secret-key
+# jksKeystore:
+# create: true
+# passwordSecretRef:
+# name: secret-name
+# key: secret-key
+#
+# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
+# Other mandatory fields for the certificate definition do not have to be defined directly,
+# in that case they will be taken from default values.
+#
+# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
+# and can be overriden during onap installation process.
+#
+*/}}
+
+{{- define "common.certificate" -}}
+{{- $dot := default . .dot -}}
+{{- $certificates := $dot.Values.certificates -}}
+
+{{ range $certificate := $certificates }}
+{{/*# General certifiacate attributes #*/}}
+{{- $name := $certificate.name -}}
+{{- $secretName := $certificate.secretName -}}
+{{- $commonName := default $dot.Values.global.certificate.default.commonName $certificate.commonName -}}
+{{- $renewBefore := default $dot.Values.global.certificate.default.renewBefore $certificate.renewBefore -}}
+{{- $duration := $certificate.duration -}}
+{{- $namespace := default $dot.Release.Namespace $dot.Values.global.certificate.default.namespace -}}
+{{- if $certificate.namespace -}}
+{{- $namespace = default $namespace $certificate.namespace -}}
+{{- end -}}
+{{/*# SAN's #*/}}
+{{- $dnsNames := default $dot.Values.global.certificate.default.dnsNames $certificate.dnsNames -}}
+{{- $ipAddresses := default $dot.Values.global.certificate.default.ipAddresses $certificate.ipAddresses -}}
+{{- $uris := default $dot.Values.global.certificate.default.uris $certificate.uris -}}
+{{- $emailAddresses := default $dot.Values.global.certificate.default.emailAddresses $certificate.emailAddresses -}}
+{{/*# Subject #*/}}
+{{- $subject := $dot.Values.global.certificate.default.subject -}}
+{{- if $certificate.subject -}}
+{{- $subject = mergeOverwrite $subject $certificate.subject -}}
+{{- end -}}
+{{/*# Issuer #*/}}
+{{- $issuer := $dot.Values.global.certificate.default.issuer -}}
+{{- if $certificate.issuer -}}
+{{- $issuer = mergeOverwrite $issuer $certificate.issuer -}}
+{{- end -}}
+{{/*# Keystores #*/}}
+{{- $createJksKeystore := $dot.Values.global.certificate.default.jksKeystore.create -}}
+{{- $jksKeystorePasswordSecretName := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.name -}}
+{{- $jksKeystorePasswordSecreKey := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.key -}}
+{{- $createP12Keystore := $dot.Values.global.certificate.default.p12Keystore.create -}}
+{{- $p12KeystorePasswordSecretName := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.name -}}
+{{- $p12KeystorePasswordSecreKey := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.key -}}
+{{- if $certificate.jksKeystore -}}
+{{- $createJksKeystore = default $createJksKeystore $certificate.jksKeystore.create -}}
+{{- if $certificate.jksKeystore.passwordSecretRef -}}
+{{- $jksKeystorePasswordSecretName = default $jksKeystorePasswordSecretName $certificate.jksKeystore.passwordSecretRef.name -}}
+{{- $jksKeystorePasswordSecreKey = default $jksKeystorePasswordSecreKey $certificate.jksKeystore.passwordSecretRef.key -}}
+{{- end -}}
+{{- end -}}
+{{- if $certificate.p12Keystore -}}
+{{- $createP12Keystore = default $createP12Keystore $certificate.p12Keystore.create -}}
+{{- if $certificate.p12Keystore.passwordSecretRef -}}
+{{- $p12KeystorePasswordSecretName = default $p12KeystorePasswordSecretName $certificate.p12Keystore.passwordSecretRef.name -}}
+{{- $p12KeystorePasswordSecreKey = default $p12KeystorePasswordSecreKey $certificate.p12Keystore.passwordSecretRef.key -}}
+{{- end -}}
+{{- end -}}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ $name }}
+ namespace: {{ $namespace }}
+spec:
+ secretName: {{ $secretName }}
+ commonName: {{ $commonName }}
+ renewBefore: {{ $renewBefore }}
+ {{- if $duration }}
+ duration: {{ $duration }}
+ {{- end }}
+ subject:
+ organizations:
+ - {{ $subject.organization }}
+ countries:
+ - {{ $subject.country }}
+ localities:
+ - {{ $subject.locality }}
+ provinces:
+ - {{ $subject.province }}
+ organizationalUnits:
+ - {{ $subject.organizationalUnit }}
+ {{- if $dnsNames }}
+ dnsNames:
+ {{- range $dnsName := $dnsNames }}
+ - {{ $dnsName }}
+ {{- end }}
+ {{- end }}
+ {{- if $ipAddresses }}
+ ipAddresses:
+ {{- range $ipAddress := $ipAddresses }}
+ - {{ $ipAddress }}
+ {{- end }}
+ {{- end }}
+ {{- if $uris }}
+ uris:
+ {{- range $uri := $uris }}
+ - {{ $uri }}
+ {{- end }}
+ {{- end }}
+ {{- if $emailAddresses }}
+ emailAddresses:
+ {{- range $emailAddress := $emailAddresses }}
+ - {{ $emailAddress }}
+ {{- end }}
+ {{- end }}
+ issuerRef:
+ group: {{ $issuer.group }}
+ kind: {{ $issuer.kind }}
+ name: {{ $issuer.name }}
+ {{- if or $createJksKeystore $createP12Keystore }}
+ keystores:
+ {{- if $createJksKeystore }}
+ jks:
+ create: {{ $createJksKeystore }}
+ passwordSecretRef:
+ name: {{ $jksKeystorePasswordSecretName }}
+ key: {{ $jksKeystorePasswordSecreKey }}
+ {{- end }}
+ {{- if $createP12Keystore }}
+ pkcs12:
+ create: {{ $createP12Keystore }}
+ passwordSecretRef:
+ name: {{ $p12KeystorePasswordSecretName }}
+ key: {{ $p12KeystorePasswordSecreKey }}
+ {{- end }}
+ {{- end }}
+{{ end }}
+
+{{- end -}}
diff --git a/kubernetes/common/readinessCheck/requirements.yaml b/kubernetes/common/readinessCheck/requirements.yaml
index 51e8789caf..9ef1615aae 100644
--- a/kubernetes/common/readinessCheck/requirements.yaml
+++ b/kubernetes/common/readinessCheck/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
- name: common
version: ~7.x-0
repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index aa03938d28..95de6ec29f 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -65,7 +65,7 @@
{{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}}
{{- $jobs := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "jobs" -}}
- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness
- image: "{{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" $subchartDot }}
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
command:
- /app/ready.py
diff --git a/kubernetes/common/readinessCheck/values.yaml b/kubernetes/common/readinessCheck/values.yaml
index 7bd0c3d679..b15b1c2af3 100644
--- a/kubernetes/common/readinessCheck/values.yaml
+++ b/kubernetes/common/readinessCheck/values.yaml
@@ -13,7 +13,6 @@
# limitations under the License.
global:
- readinessImage: onap/oom/readiness:3.0.1
pullPolicy: Always
limits:
diff --git a/kubernetes/contrib/.gitignore b/kubernetes/contrib/.gitignore
new file mode 100644
index 0000000000..7020381894
--- /dev/null
+++ b/kubernetes/contrib/.gitignore
@@ -0,0 +1 @@
+components/dist
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml
index 8c2c0a217b..d05129bc10 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml
@@ -21,14 +21,23 @@
{{ if .Values.componentImages.datafile_collector }}
tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.datafile_collector }}
{{ end }}
-host_port: {{ .Values.config.address.datafile_collector.port }}
-host_port_secure: {{ .Values.config.address.datafile_collector.portSecure }}
-dmaap_mr_host: "{{ .Values.config.address.message_router }}"
-dmaap_mr_port: 3904
-dmaap_mr_user: "admin"
-dmaap_mr_passwd: "admin"
-dmaap_dr_host: "{{ .Values.config.address.dmaap_dr_prov }}"
-dmaap_dr_port: 8443
-dmaap_dr_user: "dradmin"
-dmaap_dr_passwd: "dradmin"
replicas: 1
+log_directory: "/var/log/ONAP"
+topic_name: "unauthenticated.VES_NOTIFICATION_OUTPUT"
+envs: {}
+use_tls: true
+PM_MEAS_FILES_feed0_location: "loc00"
+feed0_name: "bulk_pm_feed"
+consumer_id: "C12"
+consumer_group: "OpenDcae-c12"
+cert_directory: "/opt/app/datafile/etc/cert/"
+external_port: ":0"
+datafile-collector_memory_limit: "512Mi"
+datafile-collector_memory_request: "512Mi"
+datafile-collector_cpu_limit: "250m"
+datafile-collector_cpu_request: "250m"
+external_cert_use_external_tls: false
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-datafile-collector"
+external_cert_sans: "dcae-datafile-collector,datafile-collector,datafile"
+external_cert_cert_type: "P12"
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index a3bff07fb2..b3ff95a40d 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -103,7 +103,7 @@ mongo:
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.1
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.3
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
@@ -115,7 +115,8 @@ componentImages:
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.1
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0
+ datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.0
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index c13d3cebe6..e187e119dc 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -49,7 +49,7 @@ config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.1
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.2
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 1998539726..5376940938 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -172,11 +172,37 @@ global:
aafEnabled: true
aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ # default values for certificates
+ certificate:
+ default:
+ renewBefore: 8h
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
+ p12Keystore:
+ create: false
+ passwordSecretRef:
+ name: ""
+ key: ""
+ jksKeystore:
+ create: false
+ passwordSecretRef:
+ name: ""
+ key: ""
+
# Enabling CMPv2
cmpv2Enabled: true
+ CMPv2CertManagerIntegration: false
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index 990c36d7a3..0614819930 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -38,7 +38,7 @@ service:
# Deployment configuration
deployment:
name: oom-certservice-cmpv2issuer
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.2
proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
# fol local development use IfNotPresent
pullPolicy: Always
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index bd415c06b1..8f31124e41 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -38,7 +38,7 @@ certificateGenerationImage: onap/integration-java11:7.2.0
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.1
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.2
pullPolicy: Always
replicaCount: 1
diff --git a/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal.cql b/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal.cql
index 4fd368a5b8..21715a9e2a 100644
--- a/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal.cql
+++ b/kubernetes/portal/components/portal-cassandra/resources/config/cassandra/docker-entrypoint-initdb.d/portal.cql
@@ -1,4 +1,5 @@
-// Copyright © 2018 Amdocs, Bell Canada, AT&T
+// Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+// Modifications Copyright (c) 2020 Nokia
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -66,3 +67,6 @@ CREATE TABLE portal.spring_session_attributes (
AND min_index_interval = 128
AND read_repair_chance = 0.0
AND speculative_retry = '99PERCENTILE';
+
+CREATE TABLE portal.health_check (primary_id text PRIMARY KEY, creation_time text);
+insert into portal.health_check (primary_id,creation_time) values ('ECOMPPortal-25927','2018-05-25T20:14:39.408Z');
diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
index 80197a6094..84a78ab977 100644
--- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,8 +39,13 @@ spec:
spec:
containers:
- name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ /opt/bitnami/scripts/cassandra/entrypoint.sh /opt/bitnami/scripts/cassandra/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
@@ -51,37 +57,64 @@ spec:
exec:
command:
- /bin/bash
- - -c
- - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
+ - -ec
+ - |
+ nodetool status
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
{{ end }}
readinessProbe:
exec:
command:
- /bin/bash
- - -c
- - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
+ - -ec
+ - |
+ nodetool status | grep -E "^UN\\s+${POD_IP}"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ successThreshold: {{ .Values.readiness.successThreshold }}
+ failureThreshold: {{ .Values.readiness.failureThreshold }}
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - bash
+ - -ec
+ - nodetool decommission
env:
- - name: CASSUSER
+ - name: CASSANDRA_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}}
- - name: CASSPASS
+ - name: CASSANDRA_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}}
- - name: JVM_OPTS
- value: "{{ .Values.config.cassandraJvmOpts }}"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
+ - name: CASSANDRA_PASSWORD_SEEDER
+ value: "yes"
+ - name: BITNAMI_DEBUG
+ value: "true"
+ - name: CASSANDRA_CLUSTER_NAME
+ value: cassandra
+ - name: CASSANDRA_NUM_TOKENS
+ value: "256"
+ - name: CASSANDRA_DATACENTER
+ value: dc1
+ - name: CASSANDRA_ENDPOINT_SNITCH
+ value: SimpleSnitch
+ - name: CASSANDRA_RACK
+ value: rack1
+ - name: CASSANDRA_ENABLE_RPC
+ value: "true"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- name: cassandra-docker-entrypoint-initdb
- mountPath: /docker-entrypoint-initdb.d/aaa_portal_single.cql
- subPath: portal_single.cql
+ mountPath: /docker-entrypoint-initdb.d/aaa_portal.cql
+ subPath: portal.cql
- name: {{ include "common.fullname" . }}-data
mountPath: /var/lib/cassandra/data
resources:
diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml
index a0488e5cc7..ec76d08b72 100644
--- a/kubernetes/portal/components/portal-cassandra/values.yaml
+++ b/kubernetes/portal/components/portal-cassandra/values.yaml
@@ -1,5 +1,6 @@
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,7 +23,7 @@ global: # global defaults
# application image
-image: onap/music/cassandra_music:3.0.0
+image: bitnami/cassandra:3.11.9-debian-10-r30
pullPolicy: Always
#################################################################
@@ -56,10 +57,14 @@ liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ successThreshold: 1
+ failureThreshold: 3
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
## Persist data to a persitent volume
persistence:
diff --git a/kubernetes/sdnc/templates/certificates.yaml b/kubernetes/sdnc/templates/certificates.yaml
new file mode 100644
index 0000000000..dda16176a5
--- /dev/null
+++ b/kubernetes/sdnc/templates/certificates.yaml
@@ -0,0 +1,19 @@
+{{/*
+# Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ include "common.certificate" . }}
+{{ end }}
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index f4f09107bb..1d2fa266ea 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -32,9 +32,10 @@ global:
service: mariadb-galera
# Enabling CMPv2
cmpv2Enabled: true
+ CMPv2CertManagerIntegration: false
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
@@ -132,6 +133,29 @@ secrets:
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ password: secret
+ passwordPolicy: required
+#################################################################
+# Certificates
+#################################################################
+certificates:
+ - name: onap-sdnc-certificate
+ secretName: onap-sdnc-certificate
+ commonName: sdnc.simpledemo.onap.org
+ dnsNames:
+ - sdnc.simpledemo.onap.org
+ p12Keystore:
+ create: true
+ passwordSecretRef:
+ name: keystore-password
+ key: password
+ jksKeystore:
+ create: true
+ passwordSecretRef:
+ name: keystore-password
+ key: password
#################################################################
# Application configuration defaults.
#################################################################
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml
index a43ae6eff0..3232d828cb 100644
--- a/kubernetes/uui/components/uui-server/values.yaml
+++ b/kubernetes/uui/components/uui-server/values.yaml
@@ -25,7 +25,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:3.0.6
+image: onap/usecase-ui-server:3.0.7
pullPolicy: Always
# application configuration