diff options
24 files changed, 138 insertions, 113 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index 8943910eb0..922cd5f01d 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -80,3 +80,5 @@ Here's the list of these certificates: +------------------+------------------+------------------+---------------------------------------------------------------------------------------------------+ | CDS BP Executor | Yes | No | No | kubernetes/cds/charts/cds-blueprints-processor/resources/config/ONAP_RootCA.cer | +------------------+------------------+------------------+---------------------------------------------------------------------------------------------------+ + | CCSDK dgbuilder | No | Yes | No | kubernetes/common/dgbuilder/resources/certs | + +------------------+------------------+------------------+---------------------------------------------------------------------------------------------------+ diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks Binary files differindex f24908c55d..e7da9a7d44 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks Binary files differindex 89605b6b7a..f47adb614f 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 Binary files differindex 2106c817ef..9b90af6499 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt index faeee81357..b5e75dadd6 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt +++ b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt @@ -1,32 +1,33 @@ -----BEGIN CERTIFICATE----- -MIIFlDCCA3ygAwIBAgIETsAy8jANBgkqhkiG9w0BAQwFADByMQswCQYDVQQGEwJQ
-TDEUMBIGA1UECBMLRG9sbnkgU2xhc2sxEDAOBgNVBAcTB1dyb2NsYXcxFTATBgNV
-BAoTDFJvb3QgQ29tcGFueTERMA8GA1UECxMIUm9vdCBPcmcxETAPBgNVBAMTCHJv
-b3QuY29tMB4XDTIwMDQwMzA5MTYxNloXDTMwMDQwMTA5MTYxNlowcjELMAkGA1UE
-BhMCUEwxFDASBgNVBAgTC0RvbG55IFNsYXNrMRAwDgYDVQQHEwdXcm9jbGF3MRUw
-EwYDVQQKEwxSb290IENvbXBhbnkxETAPBgNVBAsTCFJvb3QgT3JnMREwDwYDVQQD
-Ewhyb290LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAImm68wu
-rtdkVrC5JI2y53+DoVE4al7NxC2yHeVW0PRD3CgW1xba6dlSQoDQQKkDkxtuNhlU
-IQxU1bbKR6syqJgpJXwSDx4sl4J5lQGWN+iuNA72C1IyXATOgowGq6PbOVVTkApy
-3+ZZGBCmweTjhvddAO7k5p8v+ePt17VvBTxSt6rSvrkGMbpCxBGAPfGpL9xykm9Z
-okVSlA42gGhbra499QTT0Yc/WPPFotKkDKFGaDrLW3NYX1Lio11myYNvLOMwfSEV
-Xy9vkwxcdqFJpHjx+EVLLQXwkudZP+D53N4bk8nP3SacbZSQ/A85mZpWNtw+r9QL
-fZGecY1YIR0udLj66CIG3ybl3gSXX7TSRERTIMR6Um1lt+039FSa18mRBpQTCDXV
-tSL58Qs5BHFkCe0sGpY+XiSEypc6oYPf/7YjiTvMT/mHhDffrvFjhK+wP/oCIg8u
-vuPRoPWuyw41bBeFGitJgDn7E8p9B4K/1DCO/ZcjXiYMgn5Hwb3ojablYUeiXs99
-2AAV8gCceUCdgcP8d6wdAydOVljavkgHPG0IMbiVG1WT57oM3HQpejgpujlKDDsI
-bi9/lbcC/U0JoN9yAaJZFr7CXJrxRv8DWeTwzMTo203KHNu9roQiERd38P8Dp6AQ
-ivmqf0+0VZM3IpjWBYKM68tclHJcG+7wyFjvAgMBAAGjMjAwMB0GA1UdDgQWBBSN
-lFyR56zh67mnvYTmmgJQVxEJrjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-DAUAA4ICAQBczmFY0kmr1FK50glkT282ur0vukNtwXQNJONof3rYRqP2W98jID6D
-ayma0B4/H1EqCa0d66wRBxFdwW+MqOc4uWD3uUwgazrYD/Bv+V3aumaw8yX6vbyL
-hLNfpd4pViAEGtzYxYfMfFR6uzInF3NMpvt8OXCSGKiQjDMnMs0ekvUZLJm7yxwT
-Qr9aAEFYQYM/GstUC6qFfuUa4MaGvmyKWhZ10JoKXYbGGeFU4wI7Kzifh3VvawTg
-r314ZvQ3zpEwzNJpdvT5ZKuPvyN+drAKFpSPfOTFmmb3uF95FgYq33OFPpo7SR43
-tnw5u5YqKnsHmqCIRMctWiYZc8rBJ3+eBGmke6z/AN6FraG6Ejc8e4WPclrB8STb
-+oB3a4Cvri1VHyodkm50Sb/d1FAMDXvzEPBfu2D0dVvOwOcISSN/MQUom8NN4YeI
-aEATdAPNkokgehOzZ1OPRv47FKYEVPCXjaZEWAC7NNmNiRn4RQOti0DlNrLL7Nx9
-vK09G0EnW01MO2ARRkZ3dog+Ph7orJQV3sd7TO4EEortqWtbegSH75ylyYw6rt/j
-uBzYtMOnEtnQKhxj4Wj7PO+StCgspoOByn0d+iSgDd2TlpWm4naP2pfFZT0R+TOH
-wzSH0F47TSfRd0++uEz/QhViybrvQK7yMt1G1YwZp2im+imuWwUC8Q== +MIIFnjCCA4agAwIBAgIEDQtWKTANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV
+UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ
+MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE
+AxMIb25hcC5vcmcwHhcNMjAwNzA5MDgwNDE1WhcNMzAwNzA3MDgwNDE1WjB3MQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy
+YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B
+UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCkxel9G29Hgy9j7cEQ0BGlPrP9s1SF3ADe7f56jTjQd/jFUsN67Da+l9Dt
+vy1yUwPnTr3krpXOHwQKplsuBDMoa0ayRhqUpp6fuSuu/zgGJOQIe7NlJh9FbYfq
+ax0nHO8qtwd+eTUCqkwVfOFZpDFwR7Ss73Z++14Em8TgFiIsTlBV1sa/xRWLT9JL
+Sqnr0tQiUJewO6sCUsis+U7kEf+QCueJAktMxR70rQcAJ2gd/zlnIaoaL4rF+MU8
+xlbEfMK/rxC6jeVm3oJu4ihjDKj1V6PDyEtzjsWQFtM+y6wgd98Kxt+0mHW3mZZ0
++Ul0fHSE0fRNp8qEMOUKYFbCffWBrMBZaOaUy6FSnnGi8frv7WqJXNiO2lClhsN1
+2yA1HgiorhK9sXjVdwsjTmJhOdvn5sla22+QXrobNflHZHo8JhWHpZ9RbBWAZdaa
+FrEizBoDnkpdaNb2PykYjqPo8D1Y/lOSDOg32wOW50F6bZg3yyQzFe0+PsAPK/u+
+b8THRJhkbXYvcAoDQv785aXoaa0mVg+yAvz6dorchJkViaOvUlNl+DNNKGJb1hWc
+KWLU1SpH7I9QWQYGExFEzsg4Wv2ErGponSoecAm+IM23mn/fhGrwv1r/bl5WR++5
+5nUIAbPysz3yQoMllSsBBOpuSsCLo1KQqQeQxnTwFxLS0Ag2SwIDAQABozIwMDAd
+BgNVHQ4EFgQUff+Pkp90yZtYsNvFGhq6SBdL+f0wDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQwFAAOCAgEAAWzAQxiJb+3WiXnVC0AeQ2GBnj3JNWI13WE1VJ1a
++hsKAGHk6ACzsGfN0BiGp81Bt/4y+AinWTPI0xnuYqfJHS8/7sEvC7aSzmR0TsuM
+u7xOYCiczoEwlM2YoFt1dRWt+ve6EZgTXzBSm75to7F3HS0dZzRaEKxyOA3ONFHT
+tGgT+u7851qJQvNVwTOt54C7/PZ9Me5y98sosiGbp0USKroJbiMXHzIligp8s1uT
++Pm581C8YTVHKciR/4fhChu+tx39ZR2p4AoJFjEvgcWqYy+sOyn+Z8sWWLoj3dFk
+xjdpSRLPI771ihGdV2JXwgzN1ei8OvUzrW1a1gLZkZ1ZWtK4rwpJteFh4YW/wuDb
+dKElfqXJITmOEO+uT4cJ5+hGa3rl6asxbEJ6vhy7SZPOzgM1uAjRT1MpBtG/ZPY5
+mOkjzNbjlNsgwJNkuXCi4+3DWNC3QNrIqm825Wdr79TM3kYGfkK/ngargA0z0KYc
+7sF6P0tGo6gLACbx+dO9KFpjBIqVaw9AUwb/IOGm1Yv+QutEISqgDQTKzT0iv2Pt
+eSkR2IzaEvH0VmBnTHoHQwrV7x10cMxhwoA1mRvdt8L+gKC91CbVirIiRGCrJabO
+GiKKZ+pD5kVi9gy7omrjw2kH6Vu4aQGySGBhzpIZ977oO9u+jaTdMHBtladqVvWd
+sIM= -----END CERTIFICATE----- diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks Binary files differindex c32d37fd9d..90dfcb937c 100644 --- a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks +++ b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks diff --git a/kubernetes/common/dgbuilder/resources/certs/node-cert.cer b/kubernetes/common/dgbuilder/resources/certs/node-cert.cer Binary files differnew file mode 100644 index 0000000000..d944fc702d --- /dev/null +++ b/kubernetes/common/dgbuilder/resources/certs/node-cert.cer diff --git a/kubernetes/common/dgbuilder/resources/certs/node-cert.pem b/kubernetes/common/dgbuilder/resources/certs/node-cert.pem new file mode 100644 index 0000000000..13a4046d83 --- /dev/null +++ b/kubernetes/common/dgbuilder/resources/certs/node-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDATCCAekCFC8zGpHciUlQB1u+pmfkprCO65ASMA0GCSqGSIb3DQEBCwUAMD0x +CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjENMAsGA1UECgwET05BUDESMBAGA1UE +AwwJZGdidWlsZGVyMB4XDTIwMDcxNTE5NTAwMVoXDTIxMDcxNTE5NTAwMVowPTEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMQ0wCwYDVQQKDARPTkFQMRIwEAYDVQQD +DAlkZ2J1aWxkZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8p5VL +FX+kneXJEwcO1fTy2AThZyhzjxGCllEKx5WVRc7vLBVdmFQr8jTbnGGIgPcXOFHz +GyO8dYRra0tz+sIeBdkNDNRcmDyRVD0ThjDLTCbZ3KZJp8LKDE0iOO4NZVAm6lb8 +ZNLz8hX6rtw9YBOKQXW/WZ0kWIzC0/qnVQUPbtS6kvDcaWIacpGwUkLq0NcNCo9q +b14ADChMpVtfBj7RRpqEVS9QVQ8VTK9kKT26GPSj4se2jN4Zu7m5ReVO1GcdxmyK +AAaB0w/bmIfploRehuNFhPVkFJJD5BGjF/YiGhrvJCgqrmrueIwgu3sLXyMXakeJ +7sPzkg/iLzt5ee93AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKhP8mTxEF2+cX6p +V9lIX0M8sIN5ENEfF64QcNHWdoZK+8hr7xfV6l36F8SNNQJG5/o+R6doYQ4DkoH8 +UtIWz0JMA7C9Mo+/8fEpHUeg+co5KDsEYNkhoGi5RELRFon0Q/kCaVIhcpuOJkna +0ZoIxExSzKOWfJeybtZMMHJVJbmCyPkcnx5m5yZ/Q5VcWA2b11lvldfjkaTR27C1 +2N2m9qgi93frv+wilbwAMLv+tCarjaxS5IZO0YhrCmjIwCRQtg7tLW7j8DSfohPo +xG3TmoNdt0m3xUsiC+M7Th+V/xtwimaaHuqu1iwN/c67wV3XlBn76zqBx88YoRvM +b8lj6Qc= +-----END CERTIFICATE----- diff --git a/kubernetes/common/dgbuilder/resources/certs/node-csr.pem b/kubernetes/common/dgbuilder/resources/certs/node-csr.pem new file mode 100644 index 0000000000..28a6a370d5 --- /dev/null +++ b/kubernetes/common/dgbuilder/resources/certs/node-csr.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgjCCAWoCAQAwPTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMQ0wCwYDVQQK +DARPTkFQMRIwEAYDVQQDDAlkZ2J1aWxkZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC8p5VLFX+kneXJEwcO1fTy2AThZyhzjxGCllEKx5WVRc7vLBVd +mFQr8jTbnGGIgPcXOFHzGyO8dYRra0tz+sIeBdkNDNRcmDyRVD0ThjDLTCbZ3KZJ +p8LKDE0iOO4NZVAm6lb8ZNLz8hX6rtw9YBOKQXW/WZ0kWIzC0/qnVQUPbtS6kvDc +aWIacpGwUkLq0NcNCo9qb14ADChMpVtfBj7RRpqEVS9QVQ8VTK9kKT26GPSj4se2 +jN4Zu7m5ReVO1GcdxmyKAAaB0w/bmIfploRehuNFhPVkFJJD5BGjF/YiGhrvJCgq +rmrueIwgu3sLXyMXakeJ7sPzkg/iLzt5ee93AgMBAAGgADANBgkqhkiG9w0BAQsF +AAOCAQEAE5Qgik0whJkv4WJVCbCPpbHvpXXXNqMeuxybCixKVTZGY9xxxYOPe/OL +5UqMTqes8Tb56e0feOweCecFLX+AatiDjPg9ZlPW/1LQEWEmvG2uh/0AeNt2nTA5 +WnmqgEwdJszopumVfCDg8vqcaGuDxRXE38mD1jnJYPjjQIumGhpHtqjIfp5CSXJb +2HXpMQUOqs9dJJATyKvjIpnAJPInlxp3c24pehuMT/IXtbAAGUlGl4wCEQOREzHi +3fLqJ9eZ3/96jlWAY8KHeAne+IOV8QRf6XsdpJ/TIFGBxlGokqSY1lE3kbAhlfgP ++vnPsK4kQP0JuQ7Mr5cLnSknOMxICw== +-----END CERTIFICATE REQUEST----- diff --git a/kubernetes/common/dgbuilder/resources/certs/node-key.pem b/kubernetes/common/dgbuilder/resources/certs/node-key.pem new file mode 100644 index 0000000000..c6f44914b1 --- /dev/null +++ b/kubernetes/common/dgbuilder/resources/certs/node-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvKeVSxV/pJ3lyRMHDtX08tgE4Wcoc48RgpZRCseVlUXO7ywV +XZhUK/I025xhiID3FzhR8xsjvHWEa2tLc/rCHgXZDQzUXJg8kVQ9E4Ywy0wm2dym +SafCygxNIjjuDWVQJupW/GTS8/IV+q7cPWATikF1v1mdJFiMwtP6p1UFD27UupLw +3GliGnKRsFJC6tDXDQqPam9eAAwoTKVbXwY+0UaahFUvUFUPFUyvZCk9uhj0o+LH +tozeGbu5uUXlTtRnHcZsigAGgdMP25iH6ZaEXobjRYT1ZBSSQ+QRoxf2Ihoa7yQo +Kq5q7niMILt7C18jF2pHie7D85IP4i87eXnvdwIDAQABAoIBAAnKRJQd7H7VdtxF +cYNSlSCZFz+/Q7kjfowhUtlVXCzf74o35m/x/MQ/EIEpD2KvFqOM16vfB667BoEw +kzzUkYhPU2E6/jZD7Di6f2To/NVAAXAi5DpES3aCxun0vF3TmSI73QHCFbR1JrDY +rDM/LiRpmzuv4djGA6AEsihG4DlZtzRjgf6E7bISEv0GKJKnSotFsygvCxFj4n87 +gILsRpbcJgfCyCt5AYHN2Slw0N588WLMm2ShzFT1BoXDX2F2rZFPsHYM/DaFkHHe +5Q8GlMou0OLnpH+9eJIR9TWXqjCokuEVu5nMLwccsEcujkc5OSt3R0U9HZqpvAPY +K1l/rkkCgYEA6ZaIgI1w9lGt26rmYD87dlfrPAk/y3qeWbnADE9TcGf1A+qLntuK +MWGTCzQ25nmQykAjBLt+688EaVBmeL3M33EIsUco1G3wM0y3UYoJ3YOgiYwMz+bm +4xrWm388H+fwwR8XsmdgVlQ4/ssbPlIZVwiKP16Fe5TEKnj/VkJnxZUCgYEAzsFh +f+NDEx0qZiZ0a+e8bdZzEjPuq0DI0bn2Q6nL1VOCcrPrvjPRyuX655v2ruvKMEe/ +mLwwH2XwCHcurLXog/y8ZMsMnm5hPufmoyWxP3L6l+uPho+fUk8s+rpWPtS2cgAt +OhuKPGYub5yesnc4q5BibD4MtcHWM0YYsm54BdsCgYB/hxPXO2Fk2YsV1uQXv+3y +2mUvTc1qhfNWATd8gQKI5/i4vqCjhjCYbTEeeM9QXSZThViZCNRuYYODC8YmPVlQ +1CFux+7eq3bsSwH6nmZsbaSD89Y621FKxChOlNR6huLGTPdfC1lpSGolkTW6fJAh +GCSCHFS796hxl8WvjmmhUQKBgGcMSyQKiSvFpZQ0JmKBpZC5CbFQ4OvJ5k1hejRP +NKCmdqXktuKdwTp3VY6KVXDpZGSb3gqqAPIlRHVzsXezUqg2F0/FRAzSxvUrb/Bw +oN8W139QkMBoZOgJPknZBZNbQXOgUupbP5LK+un2DcK1WTFpTSTV6E/OxIvZrAWC +uZ9xAoGBAJufbS/h8Yo1sQMuIZEZhC6jFiPqA5fnIyQgaZu+zgpy3zjYXHpJ0THE +wYZMEMKKxRFgZ7XXTWDkgdEfoJXMtnq/bN4BFxJ5Ns0FkitXmIc96+UYaKjC2KJK +9TXMGe4bMJtFDhHZ0lzBqs0U88Yy/7AIupusuBnyupU5vLDUujh3 +-----END RSA PRIVATE KEY----- diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index e1fac77a97..ac15055a81 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -113,6 +113,8 @@ spec: - name: config mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js subPath: customSettings.js + - name: certificates + mountPath: /opt/onap/ccsdk/dgbuilder/certs resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -133,5 +135,8 @@ spec: - name: config emptyDir: medium: Memory + - name: certificates + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "{{.Release.Name}}-dgbuilder-onap-certs") }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index a1f637b199..6f8beef576 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -78,6 +78,15 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}' login: '{{ .Values.config.restconfUser }}' password: '{{ .Values.config.restconfPassword }}' + - uid: "{{.Release.Name}}-dgbuilder-onap-certs" + name: '{{.Release.Name}}-dgbuilder-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: + - resources/certs/node-cert.cer + - resources/certs/node-cert.pem + - resources/certs/node-csr.pem + - resources/certs/node-key.pem ################################################################# # Application configuration defaults. diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index 70a2e3e855..70bea2c028 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 +image: onap/policy-pe:1.6.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index 8921eabf81..f33a736c80 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -51,7 +51,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 +image: onap/policy-pe:1.6.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json deleted file mode 100644 index 5df0a26596..0000000000 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json +++ /dev/null @@ -1,64 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2018 Ericsson. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -{ - "javaProperties" : [ - ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"], - ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"] - ], - "engineServiceParameters": { - "name": "MyApexEngine", - "version": "0.0.1", - "id": 45, - "instanceCount": 4, - "deploymentPort": 12345, - "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json", - "engineParameters": { - "executorParameters": { - "JAVASCRIPT": { - "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters" - } - } - } - }, - "eventOutputParameters": { - "FirstProducer": { - "carrierTechnologyParameters": { - "carrierTechnology": "FILE", - "parameters": { - "standardIo": true - } - }, - "eventProtocolParameters": { - "eventProtocol": "JSON" - } - } - }, - "eventInputParameters": { - "FirstConsumer": { - "carrierTechnologyParameters": { - "carrierTechnology": "FILE", - "parameters": { - "standardIo": true - } - }, - "eventProtocolParameters": { - "eventProtocol": "JSON" - } - } - } -} diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml index 35f8aacb40..2e6a08c487 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -43,10 +44,8 @@ spec: - sh args: - -c - - "export TRUSTSTORE_PASSWORD_BASE64=`echo -n ${TRUSTSTORE_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - - name: TRUSTSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }} - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD @@ -84,6 +83,10 @@ spec: env: - name: REPLICAS value: "{{ .Values.replicaCount }}" + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml index 9d52812f91..0959a77a5d 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2020 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,9 +36,14 @@ secrets: password: '{{ .Values.restServer.password }}' - uid: truststore-pass type: password - externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}' - password: '{{ .Values.truststore.password }}' - policy: required + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + - uid: keystore-pass + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -55,8 +61,9 @@ debugEnabled: false restServer: user: healthcheck password: zb!XztG34 -truststore: - password: Pol1cy_0nap +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 4de13eee2d..a136b0ad46 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -67,7 +67,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 +image: onap/policy-pe:1.6.5 mariadb_image: library/mariadb:10 pullPolicy: Always diff --git a/kubernetes/robot b/kubernetes/robot -Subproject 36eee9317915ad1728421a5abeaa84fff239911 +Subproject 878f64c190e1dc5937ed30ff13921ff7fb1cbd9 diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index ac0403b889..efe9cb0cf0 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.6 -backendInitImage: onap/sdc-backend-init:1.6.6 +image: onap/sdc-backend:1.6.7 +backendInitImage: onap/sdc-backend-init:1.6.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index cabf2c19eb..927dd98887 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.6 -cassandraInitImage: onap/sdc-cassandra-init:1.6.6 +image: onap/sdc-cassandra:1.6.7 +cassandraInitImage: onap/sdc-cassandra-init:1.6.7 pullPolicy: Always diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index 98452c23e1..ff1890ca66 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.6 +image: onap/sdc-frontend:1.6.7 pullPolicy: Always config: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index f83000f74a..bdd99953bd 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.6 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.6 +image: onap/sdc-onboard-backend:1.6.7 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/so/charts/so-appc-orchestrator/values.yaml b/kubernetes/so/charts/so-appc-orchestrator/values.yaml index f10873d66b..1c0cd43c6f 100644 --- a/kubernetes/so/charts/so-appc-orchestrator/values.yaml +++ b/kubernetes/so/charts/so-appc-orchestrator/values.yaml @@ -61,7 +61,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-appc-orchestrator:1.6.0 +image: onap/so/so-appc-orchestrator:1.6.4 pullPolicy: Always db: |