diff options
144 files changed, 1531 insertions, 523 deletions
@@ -29,8 +29,6 @@ meetings: time: '14:00 UTC' repositories: - 'oom' - - 'oom-offline-installer' - - 'oom-registrator' committers: - <<: *onap_releng_ptl - name: 'Alexis de Talhouët' @@ -78,10 +76,15 @@ committers: company: 'Orange' id: 'sdesbure' timezone: 'Paris/France' + - name: 'Krzysztof Opasiak' + email: 'k.opasiak@samsung.com' + company: 'Samsung' + id: 'kopasiak' + timezone: 'Poland/Warsaw' tsc: approval: 'https://lists.onap.org/pipermail/onap-tsc' changes: - type: 'Addition' - name: 'Brian Freeman' - name: 'Yang Xu' - link: 'TBD'
\ No newline at end of file + name: 'Krzysztof Opasiak' + # yamllint disable-line rule:line-length + link: 'https://lists.onap.org/g/onap-tsc/topic/committer_promotion_request/70242499?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,70242499' diff --git a/kubernetes/Makefile b/kubernetes/Makefile index 3f41c3cc4b..7150f10c1f 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -20,6 +20,12 @@ OUTPUT_DIR := $(ROOT_DIR)/dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets +ifneq ($(SKIP_LINT),TRUE) + HELM_LINT_CMD := helm lint +else + HELM_LINT_CMD := echo "Skipping linting of" +endif + SUBMODS := robot aai EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS) HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART) @@ -55,7 +61,7 @@ dep-%: make-% @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml index 2bd05d81ed..4078fb3c22 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/charts/aaf-cm/values.yaml @@ -63,7 +63,7 @@ ingress: resources: small: limits: - cpu: 20m + cpu: 400m memory: 300Mi requests: cpu: 1m diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml index ce59d2dec9..74638d17a8 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/charts/aaf-locate/values.yaml @@ -63,7 +63,7 @@ ingress: resources: small: limits: - cpu: 40m + cpu: 100m memory: 320Mi requests: cpu: 1m diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml index 2de7466209..41bde75677 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/values.yaml @@ -89,9 +89,9 @@ resources: small: limits: cpu: 100m - memory: 15Mi + memory: 30Mi requests: - cpu: 10m + cpu: 25m memory: 10Mi large: limits: diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 1c9c9bba658057f6147276fba4f84e7db9117e7 +Subproject 23f076495d36081f34a367067918d15fcc5ada8 diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh index 14689d5b11..6aad5912f4 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh @@ -54,7 +54,7 @@ ODL_HOME=${ODL_HOME:-/opt/opendaylight/current} SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk} APPC_HOME=${APPC_HOME:-/opt/onap/appc} SLEEP_TIME=${SLEEP_TIME:-120} -MYSQL_PASSWD=${MYSQL_ROOT_PASSWORDD} +MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD} ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false} ENABLE_AAF=${ENABLE_AAF:-true} DBINIT_DIR=${DBINIT_DIR:-/opt/opendaylight/current/daexim} diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index b102b7c365..31ddc59983 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -82,7 +82,9 @@ blueprintsprocessor.grpcclient.remote-python.type=token-auth blueprintsprocessor.grpcclient.remote-python.host=cds-command-executor blueprintsprocessor.grpcclient.remote-python.port=50051 blueprintsprocessor.grpcclient.remote-python.token=Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== - +blueprintsprocessor.grpcclient.py-executor.host=py-executor-default:50052 +blueprintsprocessor.grpcclient.py-executor.trustCertCollection=/opt/app/onap/config/certs/py-executor/py-executor-chain.pem +blueprintsprocessor.grpcclient.py-executor.type=tls-auth # Config Data REST client settings blueprintsprocessor.restclient.sdnc.type=basic-auth blueprintsprocessor.restclient.sdnc.url=http://sdnc:8282 @@ -110,6 +112,12 @@ blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000 # Self Service Response Kafka Message Producer blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092 +# Executor Options +blueprintsprocessor.resourceResolution.enabled=true +blueprintsprocessor.netconfExecutor.enabled=true +blueprintsprocessor.restConfExecutor.enabled=true +blueprintsprocessor.cliExecutor.enabled=true +blueprintsprocessor.remoteScriptCommand.enabled=true # Used in Health Check blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml new file mode 100755 index 0000000000..3a3a1ce095 --- /dev/null +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/hazelcast.yaml @@ -0,0 +1,35 @@ +hazelcast: + cp-subsystem: + cp-member-count: {{ .Values.replicaCount }} + group-size: {{ .Values.cluster.groupSize }} + session-time-to-live-seconds: 10 + session-heartbeat-interval-seconds: 5 + missing-cp-member-auto-removal-seconds: 120 + fail-on-indeterminate-operation-state: false + raft-algorithm: + leader-election-timeout-in-millis: 2000 + leader-heartbeat-period-in-millis: 5000 + max-missed-leader-heartbeat-count: 5 + append-request-max-entry-count: 50 + commit-index-advance-count-to-snapshot: 1000 + uncommitted-entry-count-to-reject-new-appends: 100 + append-request-backoff-timeout-in-millis: 100 + network: + enabled: true + rest-api: + enabled: true + endpoint-groups: + HEALTH_CHECK: + enabled: true + CP: + enabled: true + join: + multicast: + enabled: false + kubernetes: + enabled: true + namespace: {{ include "common.namespace" . }} + service-name: {{ include "common.servicename" . }}-cluster + resolve-not-ready-addresses: true + # service-label-name: MY-SERVICE-LABEL-NAME + # service-label-value: MY-SERVICE-LABEL-VALUE diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index a90e4d7b68..749e9a4637 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -24,6 +24,18 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: RollingUpdate + rollingUpdate: + # This allow a new pod to be ready before terminating the old one + # causing no downtime when replicas is set to 1 + maxUnavailable: 0 + + # maxSurge to 1 is very important for the hazelcast integration + # we only want one pod at a time to restart not multiple + # and break the hazelcast cluster. We should not use % maxSurge value + # ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/ + maxSurge: 1 template: metadata: labels: @@ -56,9 +68,23 @@ spec: env: - name: APP_CONFIG_HOME value: {{ .Values.config.appConfigDir }} + - name: USE_SCRIPT_COMPILE_CACHE + value: {{ .Values.config.useScriptCompileCache | quote }} + # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly + - name: CLUSTER_ENABLED + value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }} + - name: CLUSTER_ID + value: {{ .Values.cluster.clusterName }} + - name: CLUSTER_NODE_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CLUSTER_CONFIG_FILE + value: {{ .Values.config.appConfigDir }}/hazelcast.yaml ports: - containerPort: {{ .Values.service.http.internalPort }} - containerPort: {{ .Values.service.grpc.internalPort }} + - containerPort: {{ .Values.service.cluster.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} @@ -93,6 +119,9 @@ spec: - mountPath: {{ .Values.config.appConfigDir }}/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml + - mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml + name: {{ include "common.fullname" . }}-config + subPath: hazelcast.yaml - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer name: {{ include "common.fullname" . }}-config @@ -122,6 +151,8 @@ spec: path: application.properties - key: logback.xml path: logback.xml + - key: hazelcast.yaml + path: hazelcast.yaml - key: ONAP_RootCA.cer path: ONAP_RootCA.cer - name: {{ include "common.fullname" . }}-blueprints diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml index 411df8631c..a6a21a6a01 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml @@ -56,3 +56,27 @@ spec: selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-cluster + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.cluster.type }} + ports: + - port: {{ .Values.service.cluster.externalPort }} + targetPort: {{ .Values.service.cluster.internalPort }} + {{- if eq .Values.service.cluster.type "NodePort"}} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }} + {{- end}} + name: {{ .Values.service.cluster.portName | default "cluster" }} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 781b5383fe..35661c29e9 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -47,6 +47,7 @@ debugEnabled: false # application configuration config: appConfigDir: /opt/app/onap/config + useScriptCompileCache: true # default number of instances replicaCount: 1 @@ -85,6 +86,11 @@ service: portName: blueprints-processor-grpc internalPort: 9111 externalPort: 9111 + cluster: + type: ClusterIP + portName: blueprints-processor-cluster + internalPort: 5701 + externalPort: 5701 persistence: volumeReclaimPolicy: Retain @@ -94,6 +100,17 @@ persistence: mountSubPath: cds/blueprints/deploy deployedBlueprint: /opt/app/onap/blueprints/deploy +cluster: + # Cannot have cluster enabled if the replicaCount is not at least 3 + # AND config value useScriptCompileCache is not set to false + enabled: false + + clusterName: cds-cluster + + # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be + # between 3 and 7 only. + groupSize: 3 + ingress: enabled: false service: diff --git a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js index 66b7b5ed15..42c2e5728b 100644 --- a/kubernetes/common/dgbuilder/resources/scripts/customSettings.js +++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js @@ -26,31 +26,31 @@ module.exports={ "sharedDir": "releases/sdnc1.0/flows/shared", "userDir": "releases/sdnc1.0", "httpAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_USER}", + "pass": "${HTTP_PASSWORD}" }, "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}", "dbPort": "3306", - "dbName": "sdnctl", - "dbUser": "sdnctl", - "dbPassword": "{{.Values.config.dbSdnctlPassword}}", + "dbName": "{{.Values.config.db.dbName}}", + "dbUser": "${DB_USER}", + "dbPassword": "${DB_PASSWORD}", "gitLocalRepository": "", "restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph", - "restConfUser": "admin", - "restConfPassword": "admin", + "restConfUser": "${REST_CONF_USER}", + "restConfPassword": "${REST_CONF_PASSWORD}", "formatXML": "Y", "formatJSON": "Y", "httpRoot": "/", "disableEditor": false, "httpAdminRoot": "/", "httpAdminAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_ADMIN_USER}", + "pass": "${HTTP_ADMIN_PASSWORD}" }, "httpNodeRoot": "/", "httpNodeAuth": { - "user": "dguser", - "pass": "{{.Values.config.dgUserPassword}}" + "user": "${HTTP_NODE_USER}", + "pass": "${HTTP_NODE_PASSWORD}" }, "uiHost": "0.0.0.0", "version": "0.9.1", diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties index b780cafbcd..28612a270b 100644 --- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties +++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties @@ -13,7 +13,7 @@ # limitations under the License. org.onap.ccsdk.sli.dbtype=jdbc -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}} +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}} +org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}} +org.onap.ccsdk.sli.jdbc.user=${DB_USER} +org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD} diff --git a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh b/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh deleted file mode 100755 index b037058c2b..0000000000 --- a/kubernetes/common/dgbuilder/resources/scripts/createReleaseDir.sh +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#!/bin/bash -export PATH=$PATH:. -appDir=$(pwd) -if [ "$#" != 3 -a "$#" != 4 ] -then - echo "Usage $0 releaseDir loginId emailAddress [gitLocalRepository]" - echo "Note: Specify the gitLocalRepository path if you would want to be able to import flows from your local git repository" - exit -fi -if [ ! -e "releases" ] -then - mkdir releases -fi -releaseDir="$1" -name="Release $releaseDir" -loginId="$2" -emailid="$3" -dbHost="{{.Values.config.dbServiceName}}.{{.Release.Namespace}}" -dbPort="3306" -dbName="sdnctl" -dbUser="sdnctl" -dbPassword="{{.Values.config.dbSdnctlPassword}}" -gitLocalRepository="$4" - -lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1) -echo $lastPort|grep uiPort >/dev/null 2>&1 -if [ "$?" == "0" ] -then -lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f3|sed -e s/,//|sort|tail -1) -fi -#echo $lastPort -if [ "${lastPort}" == "" ] -then - lastPort="3099" -fi -let nextPort=$(expr $lastPort+1) -#echo $nextPort -if [ ! -e "releases/$releaseDir" ] -then -mkdir releases/$releaseDir -cd releases/$releaseDir -mkdir flows -mkdir flows/shared -mkdir flows/shared/backups -mkdir html -mkdir xml -mkdir lib -mkdir lib/flows -mkdir logs -mkdir conf -mkdir codecloud -customSettingsFile="customSettings.js" -if [ ! -e "./$customSettingsFile" ] -then - echo "module.exports = {" >$customSettingsFile - echo " 'name' : '$name'," >>$customSettingsFile - echo " 'emailAddress' :'$emailid'," >>$customSettingsFile - echo " 'uiPort' :$nextPort," >>$customSettingsFile - echo " 'mqttReconnectTime': 15000," >>$customSettingsFile - echo " 'serialReconnectTime' : 15000," >>$customSettingsFile - echo " 'debugMaxLength': 1000," >>$customSettingsFile - echo " 'htmlPath': 'releases/$releaseDir/html/'," >>$customSettingsFile - echo " 'xmlPath': 'releases/$releaseDir/xml/'," >>$customSettingsFile - echo " 'flowFile' : 'releases/$releaseDir/flows/flows.json'," >>$customSettingsFile - echo " 'sharedDir': 'releases/$releaseDir/flows/shared'," >>$customSettingsFile - echo " 'userDir' : 'releases/$releaseDir'," >>$customSettingsFile - echo " 'httpAuth': {user:'$loginId',pass:'cc03e747a6afbbcbf8be7668acfebee5'}," >>$customSettingsFile - echo " 'dbHost': '$dbHost'," >>$customSettingsFile - echo " 'dbPort': '$dbPort'," >>$customSettingsFile - echo " 'dbName': '$dbName'," >>$customSettingsFile - echo " 'dbUser': '$dbUser'," >>$customSettingsFile - echo " 'dbPassword': '$dbPassword'," >>$customSettingsFile - echo " 'gitLocalRepository': '$gitLocalRepository'" >>$customSettingsFile - echo " 'restConfUrl': '$restConfUrl'," >>$customSettingsFile - echo " 'restConfUser': '$restConfUser'," >>$customSettingsFile - echo " 'restConfPassword': '$restConfPassword'," >>$customSettingsFile - echo " 'formatXML': '$formatXML'," >>$customSettingsFile - echo " 'formatJSON': '$formatJSON'," >>$customSettingsFile - echo " 'enableHttps': true" >>$customSettingsFile - echo " }" >>$customSettingsFile -fi - #echo "Created custom settings file $customSettingsFile" - echo "Done ....." -else - echo "ERROR:customSettings file $customSettingsFile already exists for $releaseDir" - exit -fi -#echo "Content of custom settings file" -#echo "============================================================================" -# cat $customSettingsFile -#echo "============================================================================" -svclogicPropFile="./conf/svclogic.properties" -if [ ! -d "${appDir}/yangFiles" ] -then - mkdir -p "${appDir}/yangFiles" -fi -if [ ! -d "${appDir}/generatedJS" ] -then - mkdir -p "${appDir}/generatedJS" -fi - -if [ ! -e "./$svclogicPropFile" ] -then - echo "org.onap.ccsdk.sli.dbtype=jdbc" >$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile - echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile -fi -if [ ! -e "${appDir}/flowShareUsers.js" ] -then - echo "module.exports = {\"flowShareUsers\":" >${appDir}/flowShareUsers.js - echo " [" >>${appDir}/flowShareUsers.js - echo " ]" >>${appDir}/flowShareUsers.js - echo "}" >>${appDir}/flowShareUsers.js -fi -grep "$releaseDir" ${appDir}/flowShareUsers.js >/dev/null 2>&1 -if [ "$?" != "0" ] -then - num_of_lines=$(cat ${appDir}/flowShareUsers.js|wc -l) - if [ $num_of_lines -gt 4 ] - then - content=$(head -n -2 ${appDir}/flowShareUsers.js) - echo "${content}," > ${appDir}/flowShareUsers.js - else - content=$(head -n -2 ${appDir}/flowShareUsers.js) - echo "$content" > ${appDir}/flowShareUsers.js - fi - echo " {" >> ${appDir}/flowShareUsers.js - echo " \"name\" : \"$name\"," >> ${appDir}/flowShareUsers.js - echo " \"rootDir\" : \"$releaseDir\"" >> ${appDir}/flowShareUsers.js - echo " }" >> ${appDir}/flowShareUsers.js - echo " ]" >> ${appDir}/flowShareUsers.js - echo "}" >> ${appDir}/flowShareUsers.js -fi diff --git a/kubernetes/common/dgbuilder/templates/configmap.yaml b/kubernetes/common/dgbuilder/templates/configmap.yaml index 24f61b5487..828818c68d 100644 --- a/kubernetes/common/dgbuilder/templates/configmap.yaml +++ b/kubernetes/common/dgbuilder/templates/configmap.yaml @@ -24,16 +24,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-scripts - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index 495c4c6ab6..b3f0ab05a3 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -32,6 +32,40 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: HTTP_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }} + - name: HTTP_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }} + - name: HTTP_ADMIN_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }} + - name: HTTP_ADMIN_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }} + - name: HTTP_NODE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }} + - name: HTTP_NODE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }} + - name: REST_CONF_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + - name: REST_CONF_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name @@ -59,11 +93,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - name: SDNC_CONFIG_DIR value: /opt/onap/sdnc/data/properties volumeMounts: @@ -79,10 +108,7 @@ spec: - name: config mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties subPath: svclogic.properties - - name: scripts - mountPath: /opt/onap/ccsdk/dgbuilder/createReleaseDir.sh - subPath: createReleaseDir.sh - - name: scripts + - name: config mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js subPath: customSettings.js resources: @@ -99,12 +125,11 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: config + - name: config-input configMap: name: {{ include "common.fullname" . }}-config - - name: scripts - configMap: - name: {{ include "common.fullname" . }}-scripts - defaultMode: 0755 + - name: config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/dgbuilder/templates/secrets.yaml b/kubernetes/common/dgbuilder/templates/secrets.yaml index e00d7cfc03..c9a409fdca 100644 --- a/kubernetes/common/dgbuilder/templates/secrets.yaml +++ b/kubernetes/common/dgbuilder/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 AT&T, Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,16 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
\ No newline at end of file +{{ include "common.secret" . }} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index fa205e227e..96d7dffb0a 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -31,6 +31,9 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst + # image pull policy pullPolicy: Always @@ -43,6 +46,40 @@ global: debugEnabled: true ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'db-root-password' + type: password + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + password: '{{ .Values.config.dbRootPassword }}' + - uid: 'db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.dbSdnctlPassword }}' + - uid: 'http-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}' + login: '{{ .Values.config.httpUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}' + login: '{{ .Values.config.adminUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'node-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}' + login: '{{ .Values.config.nodeUser }}' + password: '{{ .Values.config.dgUserPassword }}' + - uid: 'restconf-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}' + login: '{{ .Values.config.restconfUser }}' + password: '{{ .Values.config.restconfPassword }}' + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -55,6 +92,32 @@ debugEnabled: false # application configuration config: + db: + dbName: sdnctl + # unused for now to preserve the API + rootPassword: openECOMP1.0 + # rootPasswordExternalSecret: some secret + userName: sdnctl + # unused for now to preserve the API + userPassword: gamma + # userCredentialsExternalSecret: some secret + httpUser: dguser + # unused for now to preserve the API + httpPassword: cc03e747a6afbbcbf8be7668acfebee5 + # httpCredsExternalSecret: some secret + adminUser: dguser + # unused for now to preserve the API + adminPassword: cc03e747a6afbbcbf8be7668acfebee5 + # adminCredsExternalSecret: some secret + nodeUser: dguser + # unused for now to preserve the API + nodePassword: cc03e747a6afbbcbf8be7668acfebee5 + # nodeCredsExternalSecret: some secret + restconfUser: admin + # unused for now to preserve the API + restconfPassword: admin + # restconfCredsExternalSecret: some secret + dbRootPassword: openECOMP1.0 dbSdnctlPassword: gamma dbPodName: mysql-db diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml index cac6f79f16..f6ce95a65f 100644 --- a/kubernetes/common/mariadb-init/values.yaml +++ b/kubernetes/common/mariadb-init/values.yaml @@ -37,7 +37,7 @@ secrets: password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}' - uid: '{{ .Values.config.mysqlDatabase }}' type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.mysqlExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.userName }}' password: '{{ .Values.config.userPassword }}' passwordPolicy: required @@ -56,7 +56,7 @@ config: userPassword: Ci@shsOd3pky1Vji userName: u5WZ1GMSIS1wHZF # set this value if you would like to use external secret instead of providing a password - # mysqlExternalsecret: some-secret-name + # userCredentialsExternalsecret: some-secret-name mysqlDatabase: ynsaUCru6mUNwGal mysqlAdditionalDatabases: {} # add addtional dabases diff --git a/kubernetes/common/network-name-gen/requirements.yaml b/kubernetes/common/network-name-gen/requirements.yaml index 9ef8db89a4..eda693f832 100644 --- a/kubernetes/common/network-name-gen/requirements.yaml +++ b/kubernetes/common/network-name-gen/requirements.yaml @@ -18,4 +18,9 @@ dependencies: repository: '@local'
- name: mariadb-galera
version: ~5.x-0
- repository: file://../mariadb-galera/
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
+ version: ~5.x-0
+ repository: '@local'
+ condition: not global.mariadbGalera.localCluster
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 2f9cd6a158..a6d18e7a59 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -31,11 +31,19 @@ spec: release: {{ include "common.release" . }} spec: initContainers: +{{- if .Values.global.mariadbGalera.localCluster }} - command: - /root/ready.py args: - --container-name - {{ index .Values "mariadb-galera" "nameOverride" }} +{{- else }} + - command: + - /root/job_complete.py + args: + - --job-name + - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job +{{- end }} env: - name: NAMESPACE valueFrom: @@ -53,11 +61,11 @@ spec: - name: SPRING_PROFILE value: "{{ .Values.config.springProfile }}" - name: NENG_DB_USER - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10}} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}} - name: NENG_DB_PASS - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10}} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}} - name: NENG_DB_URL - value: {{ .Values.config.dbUrl }} + value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: POL_CLIENT_AUTH value: "{{ .Values.config.polClientAuth }}" - name: POL_BASIC_AUTH diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index d5897013c4..0defa97c26 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -32,24 +32,29 @@ global: # image pull policy pullPolicy: IfNotPresent + mariadbGalera: &mariadbGalera + #This flag allows SO to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + ################################################################# # Secrets metaconfig ################################################################# secrets: - - uid: "db-user-creds" - externalSecret: '{{- include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' + - uid: neng-db-secret + name: '{{ include "common.release" . }}-neng-db-secret' type: basicAuth - - uid: "db-root-pass" - externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' - type: password + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' # sub-chart config mariadb-galera: - config: - userName: nenguser - userPassword: nenguser123 - mariadbRootPassword: nenguser123 - mysqlDatabase: nengdb + config: &mariadbConfig + userCredentialsExternalSecret: '{{ include "common.release" . }}-neng-db-secret' + mysqlDatabase: nengdb nameOverride: nengdb service: name: nengdb @@ -59,6 +64,9 @@ mariadb-galera: enabled: true mountSubPath: network-name-gen/data +mariadb-init: + config: *mariadbConfig + nameOverride: nengdb-init ################################################################# # Application configuration defaults. @@ -70,7 +78,10 @@ pullPolicy: IfNotPresent # application configuration config: - dbUrl: jdbc:mysql://nengdb:3306/nengdb + db: + userName: nenguser + # userPassword: password + # userCredentialsExternalSecret: some-secret springProfile: live polClientAuth: cHl0aG9uOnRlc3Q= polBasicAuth: dGVzdHBkcDphbHBoYTEyMw== diff --git a/kubernetes/common/postgres/templates/pvc-primary.yaml b/kubernetes/common/postgres/templates/pvc-primary.yaml index fa25f19077..a47d3ed56e 100644 --- a/kubernetes/common/postgres/templates/pvc-primary.yaml +++ b/kubernetes/common/postgres/templates/pvc-primary.yaml @@ -41,5 +41,4 @@ spec: {{- else }} storageClassName: {{ include "common.storageClass" . }} {{- end }} - storageClassName: "{{ include "common.fullname" . }}-primary" {{- end -}} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index c2131e9ad0..7aff189ba9 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -48,7 +48,7 @@ busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest postgresRepository: crunchydata -image: crunchy-postgres:centos7-10.4-2.0.0 +image: crunchy-postgres:centos7-10.11-4.2.1 pullPolicy: Always # application configuration diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md new file mode 100644 index 0000000000..dced68d7c6 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/README.md @@ -0,0 +1,23 @@ +# Motivations +Ingress controller implementation in the ONAP cluster is based on the virtual host routing. +Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts. +Adding many entries into the configuration files on testing machines is quite problematic and error prone. +The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster. + +# How to deploy test DNS server: +Run script ./deploy\_dns.sh + +# How to add DNS address on testing machines: +See post deploy info + +# Test DNS inside cluster (optional) +1. You can add the following entry after DNS deploy on running cluster at the end of cluster.yaml file (rke) +~~~yaml +dns: + provider: coredns + upstreamnameservers: + - <cluster_ip>:31555 +~~~ +2. You can edit coredns configuration with command: + kubectl -n kube-system edit configmap coredns + diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore new file mode 100644 index 0000000000..dacad44a66 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/.helmignore @@ -0,0 +1,37 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml new file mode 100644 index 0000000000..a618fd792c --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/Chart.yaml @@ -0,0 +1,20 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +appVersion: "1.0" +description: bind9 DNS server for kubernetes cluster +name: bind9dns +version: 0.1.0 diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt new file mode 100644 index 0000000000..7211966b89 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the installed DNS host and port by running this commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range $.Values.ingress.paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bind9dns.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo DNS host: $NODE_IP dns port: $NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "bind9dns.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bind9dns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bind9dns.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl new file mode 100644 index 0000000000..3efbbbf831 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* + + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "bind9dns.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bind9dns.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "bind9dns.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml new file mode 100644 index 0000000000..1a76ba0a96 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/deployment.yaml @@ -0,0 +1,76 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "bind9dns.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: DNS_FORWARDER + value: {{ .Values.dnsconf.forwarder }} + - name: WILDCARD_DNS + value: {{ .Values.dnsconf.wildcard }} + - name: ALLOW_RECURSION + value: any + - name: ALLOW_QUERY + value: any + ports: + - name: dnsport + containerPort: {{ .Values.service.port }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + tcpSocket: + port: {{ .Values.service.port }} + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml new file mode 100644 index 0000000000..715f2ff78e --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "bind9dns.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + nodePort: {{ .Values.service.nodePort }} + protocol: TCP + name: dnstcp + - port: {{ .Values.service.port }} + nodePort: {{ .Values.service.nodePort }} + protocol: UDP + name: dnsudp + selector: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml new file mode 100644 index 0000000000..4fe5d05b02 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/templates/tests/test-connection.yaml @@ -0,0 +1,34 @@ +{{/* + Copyright 2020 Samsung Electronics Co., Ltd. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/}} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "bind9dns.fullname" . }}-test-connection" + labels: + app.kubernetes.io/name: {{ include "bind9dns.name" . }} + helm.sh/chart: {{ include "bind9dns.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "bind9dns.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml new file mode 100644 index 0000000000..c9e19f41d0 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/bind9dns/values.yaml @@ -0,0 +1,46 @@ +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +replicaCount: 1 + +image: + repository: luccksam/docker-bind + tag: 0.1.0 + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +service: + type: NodePort + port: 53 + nodePort: 31555 + +ingress: + enabled: false + annotations: {} + paths: [] + hosts: + - dnsserver.local + tls: [] + +resources: {} +nodeSelector: {} +tolerations: [] +affinity: {} + +dnsconf: + forwarder: "8.8.8.8,8.8.4.4" + wildcard: "simpledemo.onap.org=0.0.0.0" diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh new file mode 100755 index 0000000000..a78bc077d8 --- /dev/null +++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh @@ -0,0 +1,62 @@ +#!/bin/bash -e +# +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +DNS_PORT=31555 +CLUSTER_CONTROL=$( kubectl get no -l node-role.kubernetes.io/controlplane=true -o jsonpath='{.items..metadata.name}') +CLUSTER_IP=$(kubectl get no $CLUSTER_CONTROL -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }') +SPATH="$( dirname "$( which "$0" )" )" + + + +usage() { +cat << ==usage +$0 [cluster_domain] [helm_chart_args ...] + [cluster_domain] Default value simpledemo.onap.org + [helm_chart_args...] Optional arguments passed to helm install command +==usage +} + + +target_machine_notice_info() { +cat << ==infodeploy +Extra DNS server already deployed: +1. You can add the DNS server to the target machine using following commands: + sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 +2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine +==infodeploy +} + +deploy() { + pushd "$SPATH/bind9dns" > /dev/null + if [ $# -eq 0 ]; then + local cl_domain="simpledemo.onap.org" + else + local cl_domain=$1 + shift + fi + helm install . --set dnsconf.wildcard="$cl_domain=$CLUSTER_IP" $@ + popd > /dev/null + target_machine_notice_info +} + +if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then + usage +else + deploy $@ +fi diff --git a/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml b/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml index 937828a759..af0f59b768 100644 --- a/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml +++ b/kubernetes/contrib/ingress-nginx-post-inst/nginx_ingress_cluster_config.yaml @@ -10,6 +10,8 @@ metadata: kind: ConfigMap apiVersion: v1 +data: + enable-underscores-in-headers: "on" metadata: name: nginx-configuration namespace: ingress-nginx diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index d459d5bb95..e5057427e8 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -28,11 +28,11 @@ "config_path": "/usr/share/filebeat/filebeat.yml", "config_subpath": "filebeat.yml", "image" : "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}", - "config_map" : "dcae-filebeat-configmap" + "config_map" : "{{ include "common.release" . }}-dcae-filebeat-configmap" }, "tls": { - "cert_path": "/opt/tls/shared", + "cert_path": "/opt/app/osaaf", "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}", "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem", "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml deleted file mode 100644 index 2718e1882f..0000000000 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-dashboard-inputs.yaml +++ /dev/null @@ -1,32 +0,0 @@ -#============LICENSE_START======================================================== -#================================================================================= -# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -{{ if .Values.componentImages.dashboard }} -dashboard_docker_image: {{ include "common.repository" . }}/{{ .Values.componentImages.dashboard }} -{{ end }} -external_port: {{ .Values.config.address.dashboard.port }} -external_tls_port: {{ .Values.config.address.dashboard.portSecure }} -database_cluster_name: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }} -database_cluster_fqdn: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }}.{{ .Values.postgres.suffix }} -database_name: "dashboard_pg" -cloudify_ip: {{ .Values.config.address.cm.host }} -cloudify_user: "admin" -cloudify_password: "admin" -consul_url: {{ .Values.config.address.consul_ui }} -postgres_port: "5432" -replicas: 1 diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index d41fef9180..7a28812278 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -68,11 +68,13 @@ spec: fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 60a8d912f7..20caa5c122 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -27,7 +27,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 - tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 config: logstashServiceName: log-ls @@ -95,7 +95,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.4 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.9.0 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -103,7 +103,7 @@ default_k8s_location: central componentImages: holmes_rules: onap/holmes/rule-management:1.2.7 holmes_engine: onap/holmes/engine-management:1.2.6 - tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.2 + tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2 ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.2 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0 diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml index b8dadaae89..f1add2dac1 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml @@ -27,7 +27,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: dcae-filebeat-configmap + name: {{ include "common.release" . }}-dcae-filebeat-configmap namespace: {{include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} @@ -42,7 +42,7 @@ metadata: apiVersion: v1 kind: ConfigMap metadata: - name: dcae-filebeat-configmap + name: {{ include "common.release" . }}-dcae-filebeat-configmap namespace: {{ .Values.dcae_ns }} data: {{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index d843290be1..9bee0510cd 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -57,11 +57,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP + - name: aaf_locator_fqdn + value: dcae image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - - mountPath: /opt/tls/shared + - mountPath: /opt/app/osaaf name: tls-info containers: - name: {{ include "common.name" . }} diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 60fd7e55b3..673b01776e 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -26,6 +26,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 repositoryCred: user: docker password: docker diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml index 131137ecb3..fe681ca566 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml @@ -50,6 +50,8 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: aaf_locator_fqdn + value: dcae {{- if .Values.service.secure.enabled }} - name: init-tls env: @@ -62,7 +64,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - - mountPath: /opt/tls/shared + - mountPath: /opt/app/osaaf name: tls-info {{ end }} containers: diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml index 8cff544d93..98faef0792 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml @@ -26,7 +26,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 - tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 repositoryCred: user: docker password: docker diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index ca9551bc6a..116a77fd8b 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -65,11 +65,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP + - name: aaf_locator_fqdn + value: dcae image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - - mountPath: /opt/tls/shared + - mountPath: /opt/app/osaaf name: tls-info containers: - name: {{ include "common.name" . }} diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index ec187e3f60..03cb99ad14 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -25,7 +25,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 - tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 config: logstashServiceName: log-ls diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml index 54beb0933b..9563f94fd9 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml @@ -61,11 +61,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP + - name: aaf_locator_fqdn + value: dcae image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - - mountPath: /opt/tls/shared + - mountPath: /opt/app/osaaf name: tls-info - name: init-consul image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }} diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index 30893b6d7c..c78625227a 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -25,7 +25,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 - tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 consulLoaderRepository: nexus3.onap.org:10001 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 repositoryCred: diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml index 21601eeba9..dd5fd05d88 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml @@ -61,11 +61,13 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.podIP + - name: aaf_locator_fqdn + value: dcae image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - - mountPath: /opt/tls/shared + - mountPath: /opt/app/osaaf name: tls-info - name: init-consul image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }} diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 3b15c55118..8517073729 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -25,7 +25,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 - tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 consulLoaderRepository: nexus3.onap.org:10001 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 repositoryCred: diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml index 0b88a65c69..63ce3db3fc 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml @@ -25,7 +25,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 - tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 repositoryCred: user: docker password: docker diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 254ec398f6..dfc4dbf949 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -19,7 +19,8 @@ global: nodePortPrefix: 302 tlsRepository: nexus3.onap.org:10001 - tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 +# Have to use locally-define tlsImage until inventory API can use 2.x.y +# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 consulLoaderRepository: nexus3.onap.org:10001 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 redis: diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index 30e4c77576..aa97e32a9a 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -75,6 +75,7 @@ spec: - -exec - | chown -R 1000:1000 /opt/kafka/data; + rm -rf '/opt/kafka/data/lost+found'; cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/; chown 1000:1000 /opt/kafka/config/server.properties; cd /opt/kafka/config; diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml index a2e03b8bf6..fb31b8b65e 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml @@ -79,8 +79,6 @@ spec: value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }} - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}} - - name: REDIS_ADDR - value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" volumeMounts: - name: {{ include "common.fullname" . }}-etsicatalog mountPath: /service/modeling/etsicatalog/static diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index bb5a76b0ee..353f2a7c70 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -24,9 +24,7 @@ global: config: msbServiceName: msb-iag - msbPort: 80 - redisServiceName: vfc-redis - redisPort: 6379 + msbPort: 443 persistence: mountPath: /dockerdata-nfs diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-fcaps/templates/deployment.yaml index 3f09b08eb8..30d521ac2a 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/templates/deployment.yaml +++ b/kubernetes/multicloud/charts/multicloud-fcaps/templates/deployment.yaml @@ -41,7 +41,7 @@ spec: containers: - env: - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }} + value: {{ .Values.config.msbprotocol }} - name: MSB_ADDR value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml index 8ec5449266..9112e352e4 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml +++ b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/log.yml @@ -15,6 +15,10 @@ version: 1 disable_existing_loggers: False loggers: + starlingx_base: + handlers: [starlingx_handler] + level: "DEBUG" + propagate: False starlingx: handlers: [starlingx_handler] level: "DEBUG" diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml index e800c81cce..f132cc73b2 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml +++ b/kubernetes/multicloud/charts/multicloud-starlingx/templates/deployment.yaml @@ -41,7 +41,7 @@ spec: containers: - env: - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }} + value: {{ .Values.config.msbprotocol }} - name: MSB_ADDR value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT diff --git a/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml index c14d192fc8..dc8744cb9e 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml +++ b/kubernetes/multicloud/charts/multicloud-windriver/templates/deployment.yaml @@ -50,7 +50,7 @@ spec: containers: - env: - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }} + value: {{ .Values.config.msbprotocol }} - name: MSB_ADDR value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT diff --git a/kubernetes/multicloud/templates/deployment.yaml b/kubernetes/multicloud/templates/deployment.yaml index ed74032e85..3d75b78187 100644 --- a/kubernetes/multicloud/templates/deployment.yaml +++ b/kubernetes/multicloud/templates/deployment.yaml @@ -40,7 +40,7 @@ spec: containers: - env: - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }} + value: {{ .Values.config.msbprotocol }} - name: MSB_ADDR value: {{ .Values.config.msbgateway }}.{{ include "common.namespace" . }} - name: MSB_PORT diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index ba13e3d2f7..29939722d6 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -69,7 +69,7 @@ mariadb-galera: # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. config: &mariadbConfig - mysqlExternalSecret: '{{ include "common.release" . }}-nbi-db-secret' + userCredentialsExternalSecret: '{{ include "common.release" . }}-nbi-db-secret' mysqlDatabase: nbi nameOverride: nbi-galera service: diff --git a/kubernetes/onap/resources/overrides/openstack.yaml b/kubernetes/onap/resources/overrides/openstack.yaml index a8294d249f..5e09d7cfe9 100644 --- a/kubernetes/onap/resources/overrides/openstack.yaml +++ b/kubernetes/onap/resources/overrides/openstack.yaml @@ -55,8 +55,12 @@ so: openStackUserName: "OPENSTACK_USERNAME_HERE" openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0" openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX" + # For Support of Keystone v3, uncomment and fill + # openStackKeystoneVersion: "KEYSTONE_V3" + # openStackProjectDomainName: "DEFAULT" + # openStackUserDomainName: "DEFAULT" nbi: config: # openstack configuration openStackRegion: "Yolo" - openStackVNFTenantId: "1234"
\ No newline at end of file + openStackVNFTenantId: "1234" diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml index d7a0ea5ca3..f623496537 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - /root/ready.py args: - --container-name - - {{ .Values.mariadb.nameOverride }} + - {{ .Values.config.db.container }} env: - name: NAMESPACE valueFrom: @@ -50,18 +50,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_root }} + value: {{ .Values.config.db.root }} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-root-password - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -74,18 +71,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_root }} + value: {{ .Values.config.db.root }} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-root-password - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml index af56717fdc..a9a89ddd72 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/values.yaml @@ -35,6 +35,23 @@ dbinit: # flag to enable debugging - application support required debugEnabled: false + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + type: password + password: '{{ .Values.config.db.rootPassword }}' + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + policy: required + - uid: cmso-db-user-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.user }}' + password: '{{ .Values.config.db.password }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -70,19 +87,22 @@ service: config: - db_root: root - db_user: cmso-admin - mysqlDatabase: optimizer - db_host: oof-cmso-dbhost - db_port: 3306 + db: + port: 3306 + root: root +# rootPassword: pass +# rootPasswordExternalSecret: some secret +# user: cmso-admin +# password: pass +# userCredentialsExternalSecret: some-secret +# host: host +# container: container +# mysqlDatabase: optimizer topology_host: oof-cmso-topology topology_port: 7998 ticketmgt_host: oof-cmso-ticketmgt ticketmgt_port: 7999 -mariadb: - nameOverride: cmso-db - ingress: enabled: false diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index 385d61684f..b0afb6e285 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: - /root/ready.py args: - --container-name - - {{ .Values.mariadb.nameOverride }} + - {{ .Values.config.db.container }} env: - name: NAMESPACE valueFrom: @@ -50,18 +50,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_root }} + value: {{ .Values.config.db.root }} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-root-password - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}} terminationMessagePolicy: File volumeMounts: - name: {{ include "common.fullname" . }}-config @@ -98,18 +95,15 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: DB_HOST - value: {{ .Values.config.db_host }}.{{.Release.Namespace}} + value: {{ .Values.config.db.host }}.{{.Release.Namespace}} - name: DB_PORT - value: {{ .Values.config.db_port | quote}} + value: {{ .Values.config.db.port | quote}} - name: DB_USERNAME - value: {{ .Values.config.db_user }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}} - name: DB_SCHEMA - value: {{ .Values.config.mysqlDatabase }} + value: {{ .Values.config.db.mysqlDatabase }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-cmso-db-db-user-credentials - key: password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}} - name: JAVA_TRUSTSTORE value: /share/etc/certs/{{ .Values.global.truststoreFile }} - name: SSL_KEYSTORE diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml index 85f6094615..345f03d4d3 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml @@ -37,6 +37,22 @@ dbinit: debugEnabled: false ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + type: password + password: '{{ .Values.config.db.rootPassword }}' + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + policy: required + - uid: cmso-db-user-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.user }}' + password: '{{ .Values.config.db.password }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# # default number of instances @@ -71,17 +87,20 @@ service: config: - db_root: root - db_user: cmso-admin - mysqlDatabase: cmso - db_host: oof-cmso-dbhost - db_port: 3306 + db: + port: 3306 + root: root +# rootPassword: pass +# rootPasswordExternalSecret: some secret +# user: cmso-admin +# password: pass +# userCredentialsExternalSecret: some-secret +# host: host +# container: container +# mysqlDatabase: cmso optimizer_host: oof-cmso-optimizer optimizer_port: 7997 -mariadb: - nameOverride: cmso-db - ingress: enabled: false diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml index 11a9221fed..3c61bf3bdc 100644 --- a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml +++ b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{ include "common.secret" . }} +--- apiVersion: v1 kind: Secret metadata: diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml index c97138bded..2b8ad9487d 100644 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/values.yaml @@ -12,6 +12,23 @@ # See the License for the specific language governing permissions and # limitations under the License. +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cmso-db-root-password + name: '{{ include "common.release" . }}-cmso-db-root-password' + type: password + password: '' + policy: generate + - uid: cmso-db-secret + name: '{{ include "common.release" . }}-cmso-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + passwordPolicy: generate + mariadb-galera: replicaCount: 1 nameOverride: cmso-db @@ -26,9 +43,8 @@ mariadb-galera: enabled: true disableNfsProvisioner: true config: - mariadbRootPassword: beer - userName: cmso-admin - userPassword: nimda-osmc + mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' mysqlDatabase: cmso externalConfig: | [mysqld] @@ -49,4 +65,26 @@ flavor: small config: log: logstashServiceName: log-ls - logstashPort: 5044
\ No newline at end of file + logstashPort: 5044 + db: + # userCredentialsExternalsecret: some secret + userName: cmso-admin + # userPassword: password + +oof-cmso-service: + config: + db: + userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' + rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + host: oof-cmso-dbhost + container: cmso-db + mysqlDatabase: cmso + +oof-cmso-optimizer: + config: + db: + userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret' + rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password' + host: oof-cmso-dbhost + container: cmso-db + mysqlDatabase: optimizer diff --git a/kubernetes/robot b/kubernetes/robot -Subproject df719f4a3e63cff0d5d832945f0b8ba18230635 +Subproject 591bfdea4f1d833abee3c7e60f084da546d9082 diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index a6a3f6bd22..a7deeaeca0 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -99,7 +99,7 @@ cert: persistence: enabled: true size: 10Mi - accessMode: ReadOnlyMany + accessMode: ReadWriteOnce volumeReclaimPolicy: Retain mountSubPath: /sdc/onbaording/cert diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index 5930b5d5be..a714ba9328 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} dme2: timeout: '30000' endpoint: https://aai.{{ include "common.namespace" . }}:8443 @@ -21,7 +21,7 @@ aai: cds: endpoint: cds-blueprints-processor-grpc port: 9111 - auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + auth: {{ .Values.cds.auth }} timeout: 600 camunda: bpm: @@ -51,10 +51,12 @@ mso: rainyDay: retryDurationMultiplier: 2 maxRetries: 5 - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + msoKey: {{ .Values.mso.key }} correlation: timeout: 60 logPath: logs + config: + cadi: {{ include "cadi.keys" . | nindent 8}} async: core-pool-size: 50 max-pool-size: 50 @@ -64,10 +66,10 @@ mso: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}} db: - auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF - password: wLg4sjrAFUS8rfVfdvTXeQ== + auth: {{ .Values.mso.adapters.db.auth }} + password: {{ .Values.mso.adapters.db.password }} endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter spring: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 @@ -79,7 +81,7 @@ mso: db: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter po: - auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF + auth: {{ .Values.mso.adapters.po.auth }} sdnc: endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter rest: @@ -112,7 +114,7 @@ mso: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} default: adapter: namespace: http://org.onap.mso @@ -129,7 +131,7 @@ mso: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/ rollback: 'true' sdnc: - password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F + password: {{ .Values.mso.sdnc.password }} service: agnostic: sniro: @@ -137,12 +139,12 @@ mso: host: http://sniro-emulator:80 site-name: CamundaEngine sniro: - auth: test:testpwd + auth: {{ .Values.mso.sniro.auth }} callback: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/adapters/rest/SDNCNotify - endpoint: http://replaceme:28090/optimizationInstance/V1/create + endpoint: {{ .Values.mso.sniro.endpoint }} timeout: PT30M oof: - auth: test:testpwd + auth: {{ .Values.mso.oof.auth }} callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698/api/oof/v1/placement timeout: PT30M @@ -361,7 +363,7 @@ so: vnfm: adapter: url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/ - auth: Basic dm5mbTpwYXNzd29yZDEk + auth: {{ .Values.so.vnfm.adapter.auth }} org: onap: so: diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml index 931a89516b..91e9be6376 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml @@ -85,6 +85,22 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.admin.password + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -95,16 +111,7 @@ spec: - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml index 2ea2cffe27..fb83e4e26b 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml @@ -19,12 +19,14 @@ ssl-enable: false mso: logPath: logs site-name: onapheat + config: + cadi: {{ include "cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}} spring: datasource: hikari: @@ -67,7 +69,7 @@ cloud_config: admin_tenant: "{{ .Values.config.openStackServiceTenantName }}" member_role: "admin" tenant_metadata: true - identity_server_type: "KEYSTONE" + identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}" identity_authentication_type: "USERNAME_PASSWORD" project_domain_name: "{{ .Values.config.openStackProjectDomainName }}" user_domain_name: "{{ .Values.config.openStackUserDomainName }}" diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml index 931a89516b..91e9be6376 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml @@ -85,6 +85,22 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.admin.password + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -95,16 +111,7 @@ spec: - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 4685fd166a..c4e23164f2 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -83,6 +83,8 @@ config: openStackTenantId: "d570c718cbc545029f40e50b75eb13df" openStackProjectDomainName: "openStackProjectDomainName" openStackUserDomainName: "openStackUserDomainName" + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml index 4bf20a683b..4710fea218 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} endpoint: https://aai.{{ include "common.namespace" . }}:8443 server: port: {{ index .Values.containerPort }} @@ -58,7 +58,7 @@ org: default_keystone_url_version: /v2.0 default_keystone_reg_ex: "/[vV][0-9]" vnf: - bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E + bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} checkRequiredParameters: true addGetFilesOnVolumeReq: false sockettimeout: 30 @@ -69,7 +69,7 @@ org: valet_enabled: false fail_requests_on_valet_failure: false network: - bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E + bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} sockettimeout: 5 connecttimeout: 5 retrycount: 5 @@ -96,22 +96,21 @@ ecomp: pollTimeout: 7500 pollInterval: 15 mso: - auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} logPath: ./logs/openstack msb-ip: msb-iag.{{ include "common.namespace" . }} msb-port: 80 workflow: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + msoKey: {{ .Values.mso.msoKey }} config: - cadi: - aafId: poBpmn + cadi: {{ include "cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} site-name: localDevEnv async: core-pool-size: 50 diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml index 931a89516b..91e9be6376 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml @@ -85,6 +85,22 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.admin.password + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -95,16 +111,7 @@ spec: - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml index 6d746ede18..8dde3b7f99 100755 --- a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml @@ -20,9 +20,11 @@ ssl-enable: false mso: logPath: logs site-name: localSite + config: + cadi: {{- include "cadi.keys" . | nindent 8}} adapters: requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 spring: datasource: diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml index 931a89516b..91e9be6376 100755 --- a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml @@ -85,6 +85,22 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.admin.password + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -95,16 +111,7 @@ spec: - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml index 44544f49e7..8d02cc1f5c 100755 --- a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + auth: {{.Values.aai.auth}} server: port: {{ index .Values.containerPort }} spring: @@ -44,20 +44,22 @@ request: pool-name: reqdb-pool registerMbeans: false mso: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + msoKey: {{ index .Values.mso.msoKey }} logPath: ./logs/sdc + config: + cadi: {{ include "cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} site-name: onapheat camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} aai: endpoint: https://aai.{{ include "common.namespace" . }}:8443 asdc-connections: @@ -67,7 +69,7 @@ mso: consumerId: SO-COpenSource-Env11 environmentName: AUTO asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443 - password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }} pollingInterval: 60 pollingTimeout: 60 relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL @@ -82,7 +84,7 @@ mso: config: activity: endpoint: http://sdc-wfd-be:8080 - key: 566B754875657232314F5548556D3665 + key: {{ .Values.mso.asdc.config.key }} components: count: 3, componentNames: SO,AAI,SDNC diff --git a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml index 931a89516b..91e9be6376 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml @@ -85,6 +85,22 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.admin.password + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -95,16 +111,7 @@ spec: - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml index 5062a1f8f0..a20d2178ba 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -19,12 +19,14 @@ mso: max-pool-size: 50 queue-capacity: 500 logPath: ./logs/sdnc + config: + cadi: {{ include "cadi.keys" . | nindent 14}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} site-name: onapheat org: onap: @@ -100,7 +102,7 @@ org: changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf - bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100 + bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}} bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService generic-resource: network-topology-operation: @@ -139,7 +141,7 @@ org: myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify rest: bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage - sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135 + sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} sdncconnecttime: 5000 sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:' sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:' @@ -159,7 +161,7 @@ org: '': query: GET|60000|sdncurl12| network: - encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 + encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }} spring: security: usercredentials: diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml index ab489160fc..5c7f3ab0ca 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml @@ -70,6 +70,22 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.admin.password + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -80,16 +96,7 @@ spec: - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-secrets/Chart.yaml b/kubernetes/so/charts/so-secrets/Chart.yaml new file mode 100644 index 0000000000..be61d24840 --- /dev/null +++ b/kubernetes/so/charts/so-secrets/Chart.yaml @@ -0,0 +1,17 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +description: A Helm chart for so secrets +name: so-secrets +version: 5.0.0 diff --git a/kubernetes/so/charts/so-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-secrets/templates/secrets.yaml new file mode 100644 index 0000000000..9a749638f0 --- /dev/null +++ b/kubernetes/so/charts/so-secrets/templates/secrets.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-so-client-certs-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }} + keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}} +type: Opaque diff --git a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml index dee73abd41..ea61f502f2 100755 --- a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml @@ -37,12 +37,14 @@ server: mso: site-name: localSite logPath: ./logs/vfc + config: + cadi: {{ include "cadi.keys" . | nindent 8}} msb-ip: msb-iag.{{ include "common.namespace" . }} msb-port: 80 adapters: requestDb: endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} #Actuator management: security: diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml index 931a89516b..44040c2c43 100755 --- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml @@ -85,6 +85,22 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.admin.password + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml index 5213700df0..ebfbc44685 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} version: v15 endpoint: https://aai.{{ include "common.namespace" . }}:8443 spring: @@ -37,15 +37,17 @@ http: trust-store: classpath:org.onap.so.trust.jks trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H' mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 + key: {{ .Values.mso.key }} site-name: localSite logPath: ./logs/vnfm-adapter + config: + cadi: {{ include "cadi.keys" . | nindent 8}} msb-ip: msb-iag.{{ include "common.namespace" . }} msb-port: 80 sdc: - username: mso - password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F - key: 566B754875657232314F5548556D3665 + username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}} + password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}} + key: {{ .Values.sdc.key }} endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 vnfmadapter: endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092 diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml index c79e58a711..b57205223e 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml @@ -1,4 +1,4 @@ -# Copyright © 2019 Nordix Foundation +# Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml index a253a21ecc..c297ac3ce8 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml @@ -39,6 +39,23 @@ spec: image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | indent 12 }} + {{- if eq .Values.global.security.aaf.enabled true }} + env: + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index 1aeb50dd23..c57ed023ef 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -4,21 +4,22 @@ server: max-threads: 50 ssl-enable: false mso: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 - logPath: logs - site-name: onapheat + msoKey: {{ .Values.global.app.msoKey }} + logPath: ./logs/apih + site-name: {{ index .Values.global.app.siteName }} adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} config: path: /src/main/resources/ + cadi: {{ include "cadi.keys" . | nindent 10}} infra: default: alacarte: @@ -30,14 +31,14 @@ mso: default: testApi: GR_API camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ - camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A + camundaAuth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}} async: core-pool-size: 50 max-pool-size: 50 queue-capacity: 500 sdc: client: - auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}} activate: instanceid: test userid: cs0008 @@ -48,7 +49,8 @@ mso: count: 3 aai: endpoint: https://aai.{{ include "common.namespace" . }}:8443 - auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} + extApi: endpoint: http://nbi.onap:8080/nbi/api/v3 so: @@ -57,17 +59,16 @@ mso: username: testuser password: VjR5NDcxSzA= host: http://dmaap-bc.{{ include "common.namespace" . }}:8080 - auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}} publisher: topic: com.att.ecomp.mso.operationalEnvironmentEvent health: - auth: Basic bXNvX2FkbWlufHBhc3N3b3JkMSQ= + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}} endpoints: - subsystem: apih uri: http://so-bpmn-infra:8081 - subsystem: catalogdb uri: http://so-catalog-db-adapter:8082 - spring: datasource: hikari: @@ -120,4 +121,4 @@ org: cloud-owner: CloudOwner adapters: network: - encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 + encryptionKey: {{ .Values.global.app.msoKey }} diff --git a/kubernetes/so/templates/_cadiValues.tpl b/kubernetes/so/templates/_cadiValues.tpl new file mode 100644 index 0000000000..426facc4b1 --- /dev/null +++ b/kubernetes/so/templates/_cadiValues.tpl @@ -0,0 +1,19 @@ +{{- define "cadi.keys" -}} +cadiLoglevel: DEBUG +cadiKeyFile: /org.onap.so.keyfile +cadiTrustStore: /app/org.onap.so.trust.jks +cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }} +cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }} +cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }} +aafEnv: {{ .Values.global.app.cadi.aafEnv }} +aafApiVersion: 2.0 +aafRootNs: {{ .Values.global.app.cadi.aafRootNs }} +aafId: {{ .Values.mso.config.cadi.aafId }} +aafPassword: {{ .Values.mso.config.cadi.aafPassword }} +aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }} +aafUrl: {{ .Values.global.app.cadi.aafUrl }} +apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }} +{{- if (.Values.global.app.cadi.noAuthn) }} +noAuthn: {{ .Values.mso.config.cadi.noAuthn }} +{{- end }} +{{- end }} diff --git a/kubernetes/so/templates/_livenessProbe.tpl b/kubernetes/so/templates/_livenessProbe.tpl new file mode 100644 index 0000000000..4181beb1f8 --- /dev/null +++ b/kubernetes/so/templates/_livenessProbe.tpl @@ -0,0 +1,17 @@ +{{- define "helpers.livenessProbe" -}} +livenessProbe: + httpGet: + path: {{- index .Values.livenessProbe.path|indent 2}} + port: {{ index .Values.containerPort }} + scheme: {{- index .Values.livenessProbe.scheme| indent 2}} + {{- if eq .Values.global.security.aaf.enabled true }} + httpHeaders: + - name: Authorization + value: {{ index .Values.global.aaf.auth.header }} + {{- end }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{- end -}} diff --git a/kubernetes/so/templates/_profileProperty.tpl b/kubernetes/so/templates/_profileProperty.tpl new file mode 100644 index 0000000000..113bc343d0 --- /dev/null +++ b/kubernetes/so/templates/_profileProperty.tpl @@ -0,0 +1,3 @@ +{{- define "helpers.profileProperty" -}} + {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }} +{{- end -}} diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/templates/configmap.yaml +++ b/kubernetes/so/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 931a89516b..91e9be6376 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -85,6 +85,22 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.admin.password + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -95,16 +111,7 @@ spec: - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 9af34af88e..5a06253863 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -39,14 +39,40 @@ global: dbUser: root dbPassword: secretpassword msbEnabled: true - + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + app: + siteName: onapheat + auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + defaultCloudOwner: onap + cadi: + cadiLoglevel: DEBUG + cadiKeyFile: /app/org.onap.so.keyfile + cadiTrustStore: /app/org.onap.so.trust.jks + cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC + cadiLatitude: 38.4329 + cadiLongitude: -90.43248 + aafEnv: IST + aafApiVersion: 2.1 + aafRootNs: org.onap.so + aafLocateUrl: https://aaf-locate.onap:8095 + aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1 + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + client: + certs: + trustStorePassword: b25hcDRzbw== + keyStorePassword: c280b25hcA== ################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 image: onap/so/api-handler-infra:1.5.3 pullPolicy: Always - replicaCount: 1 minReadySeconds: 10 containerPort: 8080 @@ -115,3 +141,175 @@ ingress: port: 8080 config: ssl: "none" + +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.apihPerm + noAuthn: /manage/health + camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A + sdc: + client: + auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24 + aai: + auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F + so: + operationalEnv: + dmaap: + auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A + health: + auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ= +so-bpmn-infra: + cds: + auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + aai: + auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885 + mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + db: + auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF + password: wLg4sjrAFUS8rfVfdvTXeQ== + po: + auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF + config: + cadi: + aafId: so@so.onap.org + aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.bpmnPerm + noAuthn: /manage/health + sdnc: + password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F + sniro: + auth: test:testpwd + endpoint: http://replaceme:28090/optimizationInstance/V1/create + oof: + auth: test:testpwd + so: + vnfm: + adapter: + auth: Basic dm5mbTpwYXNzd29yZDEk +so-catalog-db-adapter: + mso: + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.catalogDbAdapterPerm + noAuthn: /manage/health + adapters: + db: + auth: Basic YnBlbDpwYXNzd29yZDEk +so-openstack-adapter: + aaf: + auth: + encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F + aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + org: + onap: + so: + adapters: + bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E + valet: + basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg== + mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.openStackAdapterPerm + noAuthn: /manage/health + db: + auth: Basic YnBlbDpwYXNzd29yZDEk +so-request-db-adapter: + mso: + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.requestDbAdapterPerm + noAuthn: /manage/health + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk +so-sdc-controller: + aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.sdcControllerPerm + noAuthn: /manage/health + asdc: + config: + key: 566B754875657232314F5548556D3665 + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + asdc-connections: + asdc-controller1: + password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F +so-sdnc-adapter: + org: + onap: + so: + adapters: + sdnc: + bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100 + sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135 + network: + encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 + mso: + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.sdncAdapterPerm + noAuthn: /manage/health + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + rest: + aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 +so-vfc-adapter: + mso: + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.vfcAdapterPerm + noAuthn: /manage/health + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk +so-vnfm-adapter: + aaf: + auth: + username: so@so.onap.org + password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA + aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + sdc: + username: mso + password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + key: 566B754875657232314F5548556D3665 + mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.vnfmAdapterPerm + noAuthn: /manage/health diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml index d8ac61bae7..8e5d097e40 100644 --- a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml @@ -68,6 +68,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/service.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/service.yaml index 7f7e668e58..a9c382a3f7 100644 --- a/kubernetes/vfc/charts/vfc-catalog/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-catalog/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/catalog/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml index 4feba42c6c..446bcb96d5 100644 --- a/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml @@ -69,6 +69,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: VES_ADDR diff --git a/kubernetes/vfc/charts/vfc-ems-driver/templates/service.yaml b/kubernetes/vfc/charts/vfc-ems-driver/templates/service.yaml index 4da613f4e5..394c69d6a3 100644 --- a/kubernetes/vfc/charts/vfc-ems-driver/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-ems-driver/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/emsdriver/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml index bb608295f5..5e84c86ad1 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml @@ -53,6 +53,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/service.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/service.yaml index cf48f76d35..e5a244e9d8 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/gvnfmdriver/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml index 544d423ae7..163214a692 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml @@ -70,6 +70,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/service.yaml b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/service.yaml index 5141429bf0..b8a6b07b32 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/huaweivnfmdriver/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml index 12534bc94a..008d480194 100644 --- a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml @@ -69,6 +69,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName}}:{{ .Values.global.config.msbPort }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/service.yaml b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/service.yaml index 8b42bf7c18..ea94a3f518 100644 --- a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/jujuvnfmdriver/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml index 3f9cd5fad2..be76d55c96 100644 --- a/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml @@ -69,6 +69,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" resources: diff --git a/kubernetes/vfc/charts/vfc-multivim-proxy/templates/service.yaml b/kubernetes/vfc/charts/vfc-multivim-proxy/templates/service.yaml index 3dc7a4db86..7b4f74e4e6 100644 --- a/kubernetes/vfc/charts/vfc-multivim-proxy/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-multivim-proxy/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/multivimproxy/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml index 3bac8c6523..3f747ce3a6 100644 --- a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml @@ -71,6 +71,10 @@ spec: env: - name: EXTERNAL_PORT value: "8089" + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" resources: diff --git a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/service.yaml b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/service.yaml index e2ae287d61..98b00c1eaa 100644 --- a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/NokiaSVNFM/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml index 8110315a0e..fc6c736fbd 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml @@ -68,6 +68,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml index 4500742c87..5484b2cfa2 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/nslcm/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml index 6c6ba6401b..ce381d7140 100644 --- a/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml @@ -69,6 +69,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-resmgr/templates/service.yaml b/kubernetes/vfc/charts/vfc-resmgr/templates/service.yaml index 2f072377eb..2923f73c5e 100644 --- a/kubernetes/vfc/charts/vfc-resmgr/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-resmgr/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/resmgr/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml index 208b0c345a..e99f4d1120 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml @@ -68,6 +68,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/service.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/service.yaml index 21fd31a66e..049e7e1ccc 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/vnflcm/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml index c3e6238c34..66db39ec36 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml @@ -68,6 +68,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/service.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/service.yaml index 9c7f64a3fb..d87ad801ba 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/vnfmgr/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml index a913138193..f5fc28466a 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml @@ -68,6 +68,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/service.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/service.yaml index 2b470ba772..902b4ed481 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/vnfres/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml index 91cc63b3e7..410d4b6b5b 100644 --- a/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml @@ -69,6 +69,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: SERVICE_IP valueFrom: fieldRef: diff --git a/kubernetes/vfc/charts/vfc-workflow-engine/templates/service.yaml b/kubernetes/vfc/charts/vfc-workflow-engine/templates/service.yaml index a94a475b88..fc41fe0da6 100644 --- a/kubernetes/vfc/charts/vfc-workflow-engine/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-workflow-engine/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/activiti-rest", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml index aa8b8619ed..534979b835 100644 --- a/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml @@ -69,6 +69,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: SERVICE_IP valueFrom: fieldRef: diff --git a/kubernetes/vfc/charts/vfc-workflow/templates/service.yaml b/kubernetes/vfc/charts/vfc-workflow/templates/service.yaml index cedab28818..5a780c8f94 100644 --- a/kubernetes/vfc/charts/vfc-workflow/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-workflow/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/workflow/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml index 3f9cd5fad2..be76d55c96 100644 --- a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml @@ -69,6 +69,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" resources: diff --git a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/service.yaml b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/service.yaml index 394b1ce3df..9a0aa1ccbe 100644 --- a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/ztesdncdriver/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml index c6dd85458a..5f5e710632 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml @@ -69,6 +69,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbprotocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" volumeMounts: diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/service.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/service.yaml index 9c27abe0af..5b22914f38 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/service.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/service.yaml @@ -30,6 +30,7 @@ metadata: "url": "/api/ztevnfmdriver/v1", "protocol": "REST", "port": "{{ .Values.service.externalPort }}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml index 303010389a..eb6638b18b 100644 --- a/kubernetes/vfc/values.yaml +++ b/kubernetes/vfc/values.yaml @@ -14,15 +14,17 @@ global: config: + ssl_enabled: false + msbprotocol: https msbServiceName: msb-iag - msbPort: 80 + msbPort: 443 dbServiceName: vfc-db dbPort: 3306 dbUser: root mariadbRootPassword: secretpassword redisServiceName: vfc-redis redisPort: 6379 - reg_to_msb_when_start: True + reg_to_msb_when_start: False persistence: mountPath: /dockerdata-nfs diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 0a5c0c5ba4..d449da1140 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -105,14 +106,9 @@ spec: - name: VID_MYSQL_DBNAME value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }} - name: VID_MYSQL_USER - value: {{ index .Values "mariadb-galera" "config" "userName" }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }} - name: VID_MYSQL_PASS - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-db - key: db-user-password - #valueFrom: - # secretKeyRef: {name: {{ include "common.fullname" . }}, key: vid-password} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }} - name: VID_MYSQL_MAXCONNECTIONS value: "{{ .Values.config.vidmysqlmaxconnections }}" volumeMounts: diff --git a/kubernetes/vid/templates/job.yaml b/kubernetes/vid/templates/job.yaml index 625fb0c6a1..75e40a1201 100644 --- a/kubernetes/vid/templates/job.yaml +++ b/kubernetes/vid/templates/job.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -60,14 +61,11 @@ spec: - /dbcmd-config/db_cmd.sh env: - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-db - key: db-user-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }} - name: MYSQL_HOST value: {{ index .Values "mariadb-galera" "service" "name" }} - name: MYSQL_USER - value: {{ index .Values "mariadb-galera" "config" "userName" }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" restartPolicy: Never diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml index 2a66c4fbec..44a9b3e9e0 100644 --- a/kubernetes/vid/templates/secrets.yaml +++ b/kubernetes/vid/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,19 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - vid-password: {{ .Values.config.vidmysqlpassword | b64enc | quote }} +{{ include "common.secret" . }} --- apiVersion: v1 kind: Secret @@ -39,18 +28,3 @@ metadata: type: Opaque data: {{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-db - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }} - db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }} diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 805e337f57..e8d0595284 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,17 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: vid-db-user-secret + name: '{{ include "common.release" . }}-vid-db-user-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + subChartsOnly: enabled: true @@ -35,7 +47,10 @@ mariadb_image: library/mariadb:10 # application configuration config: - vidmysqlpassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + db: + userName: vidadmin +# userCredentialsExternalSecret: some secret +# userPassword: password vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!' asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=" asdcclientrestport: "8443" @@ -54,9 +69,7 @@ config: mariadb-galera: config: - userName: vidadmin - userPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - mariadbRootPassword: kjgsdhjqhawxvnbpoiawsfgjsqhsgjhjhdqihhjqdvcbxkjchizpw + userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret' mysqlDatabase: vid_openecomp_epsdk nameOverride: vid-galera service: |