aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml3
-rw-r--r--kubernetes/aaf/components/aaf-sms/resources/config/has.json7
-rw-r--r--kubernetes/aaf/components/aaf-sms/templates/job.yaml6
-rw-r--r--kubernetes/aaf/components/aaf-sms/values.yaml9
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml2
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml2
-rw-r--r--kubernetes/aai/components/aai-sparky-be/requirements.yaml3
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties (renamed from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties)0
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties (renamed from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties)0
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties (renamed from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties)10
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties (renamed from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties)5
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties (renamed from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties)10
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties (renamed from kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties)0
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application.properties (renamed from kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties)12
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml187
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12bin0 -> 4347 bytes
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12bin0 -> 4347 bytes
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties2
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties14
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/roles.config (renamed from kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config)0
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/users.config (renamed from kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config)0
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml21
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml118
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml47
-rw-r--r--kubernetes/aai/resources/config/aai/aai_keystorebin7544 -> 3846 bytes
-rw-r--r--kubernetes/cds/components/Makefile4
-rw-r--r--kubernetes/cds/components/cds-ui/requirements.yaml3
-rw-r--r--kubernetes/cds/components/cds-ui/templates/deployment.yaml13
-rw-r--r--kubernetes/cds/components/cds-ui/values.yaml21
-rw-r--r--kubernetes/common/certInitializer/templates/_certInitializer.yaml3
-rw-r--r--kubernetes/common/etcd/templates/statefulset.yaml2
-rw-r--r--kubernetes/common/postgres/templates/_deployment.tpl3
-rw-r--r--kubernetes/common/postgres/values.yaml2
-rw-r--r--kubernetes/consul/values.yaml2
-rw-r--r--kubernetes/contrib/components/awx/templates/configmap.yaml92
-rw-r--r--kubernetes/contrib/components/awx/templates/statefulset.yaml14
-rwxr-xr-xkubernetes/contrib/components/awx/values.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml10
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml2
-rw-r--r--kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml2
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml4
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml6
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties4
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml4
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml14
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties8
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml4
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml17
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml2
-rw-r--r--kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml2
-rw-r--r--kubernetes/oof/components/oof-cmso/values.yaml12
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/values.yaml2
-rw-r--r--kubernetes/oof/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml4
-rw-r--r--kubernetes/policy/components/policy-clamp-be/values.yaml4
-rw-r--r--kubernetes/policy/components/policy-clamp-fe/values.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/resources/config/config.json3
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml4
-rw-r--r--kubernetes/robot/resources/config/eteshare/config/robot_properties.py7
-rw-r--r--kubernetes/robot/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-cs/values.yaml5
-rw-r--r--kubernetes/sdc/components/sdc-fe/values.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/values.yaml4
-rwxr-xr-xkubernetes/sdnc/resources/config/bin/createLinks.sh11
-rwxr-xr-xkubernetes/sdnc/resources/config/bin/installSdncDb.sh4
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml1
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/deployment.yaml4
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml3
-rw-r--r--kubernetes/so/components/so-monitoring/templates/deployment.yaml2
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-vfc-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml3
-rw-r--r--kubernetes/so/components/soHelpers/templates/_cadiValues.tpl4
-rw-r--r--kubernetes/so/components/soHelpers/templates/_certificates.tpl43
-rwxr-xr-xkubernetes/so/components/soHelpers/values.yaml34
-rw-r--r--kubernetes/so/resources/config/certificates/msb-ca.crt22
-rwxr-xr-xkubernetes/so/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/values.yaml15
-rw-r--r--kubernetes/vid/values.yaml7
-rw-r--r--kubernetes/vnfsdk/values.yaml6
98 files changed, 429 insertions, 548 deletions
diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml
index 750363c8f4..96b7499fdf 100644
--- a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml
+++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml
@@ -35,7 +35,6 @@ config:
consul:
server: true
log_level: INFO
- server: true
data_dir: '/consul/data'
ports:
http: 8500
@@ -95,7 +94,7 @@ flavor: small
resources:
small:
limits:
- cpu: 40m
+ cpu: 400m
memory: 40Mi
requests:
cpu: 10m
diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/has.json b/kubernetes/aaf/components/aaf-sms/resources/config/has.json
index 679b5189de..ef42ce98d3 100644
--- a/kubernetes/aaf/components/aaf-sms/resources/config/has.json
+++ b/kubernetes/aaf/components/aaf-sms/resources/config/has.json
@@ -38,6 +38,13 @@
"password": "${AAF_PASS}",
"aaf_conductor_user": "oof@oof.onap.org"
}
+ },
+ {
+ "name": "sdc",
+ "values": {
+ "username": "${SDC_USER}",
+ "password": "${SDC_PASS}"
+ }
}
]
}
diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
index 1341889af3..6e50620a99 100644
--- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
@@ -51,6 +51,7 @@ spec:
export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN};
export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN};
export SO_PASS=${SO_PASS_PLAIN};
+ export SDC_PASS=${SDC_PASS_PLAIN};
cd /config-input;
for PFILE in `find . -not -type d | grep -v -F ..`; do
envsubst <${PFILE} >/config/${PFILE};
@@ -131,6 +132,11 @@ spec:
- name: SO_PASS_PLAIN
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "password") | indent 10 }}
+ - name: SDC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "login") | indent 10 }}
+ - name: SDC_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }}
+
volumeMounts:
- mountPath: /config-input
name: {{ include "common.name" . }}-preload-input
diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml
index 3b777c64f6..ab7d8fb71b 100644
--- a/kubernetes/aaf/components/aaf-sms/values.yaml
+++ b/kubernetes/aaf/components/aaf-sms/values.yaml
@@ -192,7 +192,11 @@ secrets:
login: '{{ .Values.oofCreds.soUsername }}'
password: '{{ .Values.oofCreds.soPassword }}'
passwordPolicy: required
-
+ - uid: sdc-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.sdcUsername }}'
+ password: '{{ .Values.oofCreds.sdcPassword }}'
+ passwordPolicy: required
oofCreds:
aaiUsername: oof@oof.onap.org
aaiPassword: demo123456!
@@ -239,6 +243,9 @@ oofCreds:
soUsername: apihBpmn
soPassword: password1$
+ sdcUsername: aai
+ sdcPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
# Configure resource requests and limits
resources:
small:
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index db1a2eb86b..7560efde26 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -24,7 +24,7 @@ global: {}
#################################################################
# application image
-image: onap/babel:1.7.1
+image: onap/babel:1.8.0
flavor: small
flavorOverride: small
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index 0d8acf83a5..b235ba171c 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -21,7 +21,7 @@ global: # global defaults
# application image
-image: onap/model-loader:1.7.0
+image: onap/model-loader:1.8.0
pullPolicy: Always
restartPolicy: Always
flavor: small
diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
index 498f1b837d..42641a2e5c 100644
--- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml
@@ -21,9 +21,6 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~7.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~7.x-0
repository: '@local' \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties
index 084f6e46bc..084f6e46bc 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties
index 4465fb3e11..4465fb3e11 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
index b6c5f68368..094c815744 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
@@ -15,14 +15,14 @@
*/}}
oxm.schemaNodeDir=/opt/app/sparky/onap/oxm
-#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
+#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
oxm.schemaServiceTranslatorList=config
# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
-oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD}
-oxm.schemaServiceTruststorePassword=${KEYSTORE_PASSWORD}
+oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12
+oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore
+oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
index 2143bf8902..59c0349b06 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
@@ -19,7 +19,4 @@ resources.port=8443
resources.authType=SSL_BASIC
resources.basicAuthUserName=aai@aai.onap.org
resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-resources.trust-store-password=${TRUSTSTORE_PASSWORD}
-resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-resources.client-cert-password=${KEYSTORE_PASSWORD} \ No newline at end of file
+resources.trust-store=tomcat_keystore
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
index 073e9d318a..4db6c0a374 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
@@ -1,4 +1,3 @@
-{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,11 +11,10 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
server.port=8000
-server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
+server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12
+server.ssl.key-store-password=OBF:1xfz1qie1jf81b3s1ir91tag1h381cvr1kze1zli16kj1b301b4y16kb1zm01kzo1cw71gze1t9y1ivd1b461je21qiw1xf3
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-server.ssl.trust-store-password=${KEYSTORE_PASSWORD}
+server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks
+server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties
index 4fb10a21f7..4fb10a21f7 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
index a9e5908ec7..1269f25355 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
@@ -1,4 +1,3 @@
-{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,7 +15,6 @@
#
# disable the default thyme leaf icon on web-pages
#
-*/}}
spring.mvc.favicon.enabled=false
#
@@ -24,14 +22,14 @@ spring.mvc.favicon.enabled=false
# and in the values.yaml change the internalPort to 9517
#
-spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,portal,aai-proxy
+spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy
portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
+portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
-searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-searchservice.client-cert-password=${KEYSTORE_PASSWORD}
-searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-searchservice.truststore-password=${TRUSTSTORE_PASSWORD}
+searchservice.client-cert=client-cert-onap.p12
+searchservice.client-cert-password=1xfz1qie1jf81b3s1ir91tag1h381cvr1kze1zli16kj1b301b4y16kb1zm01kzo1cw71gze1t9y1ivd1b461je21qiw1xf3
+searchservice.truststore=tomcat_keystore
schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml
deleted file mode 100644
index cd5338f5b3..0000000000
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml
+++ /dev/null
@@ -1,187 +0,0 @@
-<configuration scan="true" scanPeriod="3 seconds" debug="false">
- <!--{{/*
- # Copyright © 2018 AT&T
- # Copyright © 2021 Orange
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- */}}-->
- <!--<jmxConfigurator /> -->
- <!-- directory path for all other type logs -->
-
- <property name="logDir" value="/var/log/onap" />
-
- <!-- <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy"
- | "SDNC" | "AC" -->
- <property name="componentName" value="AAI-UI"></property>
-
- <!-- default eelf log file names -->
- <property name="generalLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
-
- <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|AAIUI|%mdc{PartnerName}|%logger|%.-5level|%msg%n" />
- <property name="auditMetricPattern" value="%m%n" />
-
- <property name="logDirectory" value="${logDir}/${componentName}" />
-
-
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${errorLogPattern}</pattern>
- </encoder>
- </appender>
-
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
-
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${generalLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
-</fileNamePattern>
- <maxHistory>60</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${errorLogPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <queueSize>256</queueSize>
- <appender-ref ref="EELF" />
- </appender>
-
-
- <!-- EELF Audit Appender. This appender is used to record audit engine related
- logging events. The audit logger and appender are specializations of the
- EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
-
- <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
-</fileNamePattern>
- <maxHistory>60</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${auditMetricPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
-
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
-</fileNamePattern>
- <maxHistory>60</maxHistory>
- </rollingPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
- <pattern>${auditMetricPattern}</pattern>
- </encoder>
- </appender>
-
-
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFMetrics" />
- </appender>
-
- <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
-</fileNamePattern>
- <maxHistory>60</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${errorLogPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>false</includeCallerData>
- </appender>
-
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger name="com.att.eelf" level="info" additivity="false">
- <appender-ref ref="asyncEELF" />
- <appender-ref ref="asyncEELFDebug" />
- <appender-ref ref="STDOUT" />
- </logger>
-
- <logger name="com.att.eelf.audit" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="WARN" />
- <logger name="org.springframework.beans" level="WARN" />
- <logger name="org.springframework.web" level="WARN" />
- <logger name="com.blog.spring.jms" level="WARN" />
-
- <!-- Sparky loggers -->
- <logger name="org.onap" level="INFO">
- <appender-ref ref="STDOUT" />
- </logger>
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="net.sf" level="WARN" />
- <logger name="org.apache.commons.httpclient" level="WARN" />
- <logger name="org.apache.commons" level="WARN" />
- <logger name="org.apache.coyote" level="WARN" />
- <logger name="org.apache.jasper" level="WARN" />
-
- <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
- May aid in troubleshooting) -->
- <logger name="org.apache.camel" level="WARN" />
- <logger name="org.apache.cxf" level="WARN" />
- <logger name="org.apache.camel.processor.interceptor" level="WARN" />
- <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
- <logger name="org.apache.cxf.service" level="WARN" />
- <logger name="org.restlet" level="WARN" />
- <logger name="org.apache.camel.component.restlet" level="WARN" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="WARN" />
- <logger name="ch.qos.logback.core" level="WARN" />
-
- <root>
- <appender-ref ref="asyncEELF" />
- <appender-ref ref="STDOUT" />
- <!-- <appender-ref ref="asyncEELFDebug" /> -->
- </root>
-
-</configuration> \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
new file mode 100644
index 0000000000..2601acf88a
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12
new file mode 100644
index 0000000000..2601acf88a
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
index 7a0fb8250b..2592e5ca7c 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
@@ -46,4 +46,4 @@ ext_req_connection_timeout=15000
ext_req_read_timeout=20000
#Add AAF namespace if the app is centralized
-auth_namespace={{ .Values.certInitializer.fqi_namespace }}
+auth_namespace={{.Values.config.aafNamespace}}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
index baefd9806b..1f154b6101 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
@@ -6,18 +6,14 @@ aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
# AAF Environment Designation
#if you are running aaf service from a docker image you have to use aaf service IP and port number
-aaf_id={{ .Values.certInitializer.fqi }}
+aaf_id={{.Values.config.aafUsername}}
#Encrypt the password using AAF Jar
-aaf_password={{ .Values.certInitializer.aafDeployPass }}
+aaf_password={{.Values.config.aafPassword}}
# Sample CADI Properties, from CADI 1.4.2
#hostname=org.onap.aai.orr
csp_domain=PROD
# Add Absolute path to Keyfile
-cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile
-cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-cadi_keystore_password=${KEYSTORE_PASSWORD}
-
-cadi_alias={{ .Values.certInitializer.fqi }}
+cadi_keyfile={{.Values.config.cadiKeyFile}}
# This is required to accept Certificate Authentication from Certman certificates.
# can be TEST, IST or PROD
@@ -27,9 +23,9 @@ aaf_env=DEV
cadi_loglevel=DEBUG
# Add Absolute path to truststore2018.jks
-cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+cadi_truststore={{.Values.config.cadiTrustStore}}
# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
-cadi_truststore_password=${TRUSTSTORE_PASSWORD}
+cadi_truststore_password={{.Values.config.cadiTrustStorePassword}}
# how to turn on SSL Logging
#javax.net.debug=ssl
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config
index df41395058..df41395058 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config
index ce69e88918..ce69e88918 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
index fee07d8acf..162e96b0dc 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
@@ -14,6 +14,25 @@
# limitations under the License.
*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prop
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
@@ -26,7 +45,7 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 51d577ba91..6e74526ddc 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -38,29 +38,7 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
- | xargs -0)
- echo "*** write them in portal part"
- cd /config-input
- for PFILE in `ls -1 .`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: portal-config-input
- - mountPath: /config
- name: portal-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
+ initContainers:
- command:
- /app/ready.py
args:
@@ -79,56 +57,68 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
- | xargs -0)
- echo "*** actual launch of AAI Sparky BE"
- /opt/app/sparky/bin/start.sh
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
+ name: {{ include "common.fullname" . }}-auth-config
+ subPath: client-cert-onap.p12
+
- mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
- name: auth-config
+ name: {{ include "common.fullname" . }}-auth-config
subPath: csp-cookie-filter.properties
+
+ - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12
+ name: {{ include "common.fullname" . }}-auth-config
+ subPath: org.onap.aai.p12
+
+ - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks
+ name: aai-common-aai-auth-mount
+ subPath: truststoreONAPall.jks
+
- mountPath: /opt/app/sparky/config/portal/
- name: portal-config
+ name: {{ include "common.fullname" . }}-portal-config
+
- mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
- name: portal-config-props
+ name: {{ include "common.fullname" . }}-portal-config-props
+
- mountPath: /var/log/onap
- name: logs
+ name: {{ include "common.fullname" . }}-logs
+
- mountPath: /opt/app/sparky/config/application.properties
- name: config
+ name: {{ include "common.fullname" . }}-properties
subPath: application.properties
+
- mountPath: /opt/app/sparky/config/application-resources.properties
- name: config
+ name: {{ include "common.fullname" . }}-properties
subPath: application-resources.properties
+
- mountPath: /opt/app/sparky/config/application-ssl.properties
- name: config
+ name: {{ include "common.fullname" . }}-properties
subPath: application-ssl.properties
+
- mountPath: /opt/app/sparky/config/application-oxm-default.properties
- name: config
+ name: {{ include "common.fullname" . }}-properties
subPath: application-oxm-default.properties
+
- mountPath: /opt/app/sparky/config/application-oxm-override.properties
- name: config
+ name: {{ include "common.fullname" . }}-properties
subPath: application-oxm-override.properties
+
- mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties
- name: config
+ name: {{ include "common.fullname" . }}-properties
subPath: application-oxm-schema-prod.properties
+
- mountPath: /opt/app/sparky/config/roles.config
- name: config
+ name: {{ include "common.fullname" . }}-properties
subPath: roles.config
+
- mountPath: /opt/app/sparky/config/users.config
- name: config
+ name: {{ include "common.fullname" . }}-properties
subPath: users.config
- - mountPath: /opt/app/sparky/config/logging/logback.xml
- name: config
- subPath: logback.xml
+
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -165,35 +155,45 @@ spec:
subPath: filebeat.yml
name: filebeat-conf
- mountPath: /var/log/onap
- name: logs
+ name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: aai-sparky-filebeat
resources:
{{ include "common.resources" . }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config
+
+ - name: {{ include "common.fullname" . }}-properties
+ configMap:
+ name: {{ include "common.fullname" . }}-prop
+
+ - name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- - name: portal-config
- emptyDir:
- medium: Memory
- - name: portal-config-input
+
+ - name: {{ include "common.fullname" . }}-portal-config
configMap:
name: {{ include "common.fullname" . }}-portal
- - name: portal-config-props
+
+ - name: {{ include "common.fullname" . }}-portal-config-props
configMap:
name: {{ include "common.fullname" . }}-portal-props
- - name: auth-config
+
+ - name: {{ include "common.fullname" . }}-auth-config
secret:
secretName: {{ include "common.fullname" . }}
+
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
+
- name: filebeat-conf
configMap:
name: aai-filebeat
- - name: logs
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: aai-sparky-filebeat
emptyDir: {}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index 147feb13c8..f8de79d31a 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -27,47 +27,8 @@ global: # global defaults
searchData:
serviceName: aai-search-data
-
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-sparky-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "aai"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.aai"
- fqi: "aai@aai.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing passwords into shell safe ones"
- export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
- -storepass "${cadi_keystore_password_jks}" \
- -keystore {{ .Values.fqi_namespace }}.jks
- keytool -storepasswd -new "${TRUSTORE_PASSWD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** set key password as same password as keystore password"
- keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_jks}" \
- -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
# application image
-image: onap/sparky-be:2.0.2
+image: onap/sparky-be:2.0.3
pullPolicy: Always
restartPolicy: Always
flavor: small
@@ -83,7 +44,13 @@ config:
portalPassword: OBF:1t2v1vfv1unz1vgz1t3b
portalCookieName: UserId
portalAppRoles: ui_view
+ aafUsername: aai@aai.onap.org
+ aafNamespace: org.onap.aai
+ aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz
+ cadiKeyFile: /opt/app/sparky/config/portal/keyFile
+ cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks
cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
+ cadiTrustStorePassword: changeit
cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
# ONAP Cookie Processing - During initial development, the following flag, if true, will
diff --git a/kubernetes/aai/resources/config/aai/aai_keystore b/kubernetes/aai/resources/config/aai/aai_keystore
index d1ebae8e23..b9a3e45107 100644
--- a/kubernetes/aai/resources/config/aai/aai_keystore
+++ b/kubernetes/aai/resources/config/aai/aai_keystore
Binary files differ
diff --git a/kubernetes/cds/components/Makefile b/kubernetes/cds/components/Makefile
index f2e7a1fb82..bf267b7720 100644
--- a/kubernetes/cds/components/Makefile
+++ b/kubernetes/cds/components/Makefile
@@ -17,9 +17,9 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
-EXCLUDES := soHelpers
+EXCLUDES :=
HELM_BIN := helm
-HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
diff --git a/kubernetes/cds/components/cds-ui/requirements.yaml b/kubernetes/cds/components/cds-ui/requirements.yaml
index ff51b4420a..2f608f1baf 100644
--- a/kubernetes/cds/components/cds-ui/requirements.yaml
+++ b/kubernetes/cds/components/cds-ui/requirements.yaml
@@ -16,6 +16,9 @@ dependencies:
- name: common
version: ~7.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~7.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~7.x-0
repository: '@local' \ No newline at end of file
diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
index 1c88f56d99..359c713ed4 100644
--- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
@@ -37,6 +37,9 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.fullname" . }}
spec:
+ {{- if .Values.global.aafEnabled }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -71,12 +74,18 @@ spec:
value: "{{ .Values.config.api.processor.grpc.port }}"
- name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN
value: {{ .Values.config.api.processor.grpc.authToken }}
+ {{- if .Values.global.aafEnabled }}
+ - name: KEYSTORE
+ value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12"
+ - name: PASSPHRASE
+ value: "{{ .Values.certInitializer.credsPath }}/mycreds.prop"
+ {{- end }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -90,7 +99,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml
index 1c7f628b2c..a7d0667695 100644
--- a/kubernetes/cds/components/cds-ui/values.yaml
+++ b/kubernetes/cds/components/cds-ui/values.yaml
@@ -22,6 +22,27 @@ global:
subChartsOnly:
enabled: true
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: cds-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: sdnc-cds
+ fqi: sdnc-cds@sdnc-cds.onap.org
+ public_fqdn: sdnc-cds.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.sdnc-cds
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
# application image
image: onap/ccsdk-cds-ui-server:1.0.3
pullPolicy: Always
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index a46400b911..414192e2bc 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -67,9 +67,8 @@
- sh
- -c
- |
- #!/usr/bin/env bash
/opt/app/aaf_config/bin/agent.sh
- source /opt/app/aaf_config/bin/retrieval_check.sh
+ . /opt/app/aaf_config/bin/retrieval_check.sh
{{- if $initRoot.aaf_add_config }}
/opt/app/aaf_config/bin/aaf-add-config.sh
{{- end }}
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
index e39b8c4ca2..a343d4fce5 100644
--- a/kubernetes/common/etcd/templates/statefulset.yaml
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -184,7 +184,7 @@ spec:
fi
cat /var/run/etcd/new_member_envs
- source /var/run/etcd/new_member_envs
+ . /var/run/etcd/new_member_envs
collect_member &
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index 6142baa63f..38a7ce1f63 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
# Copyright © 2020 Samsung Electronics
+# Modifications Copyright (C) 2021 Bell Canada.
# #
# # Licensed under the Apache License, Version 2.0 (the "License");
# # you may not use this file except in compliance with the License.
@@ -134,6 +135,8 @@ spec:
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ - name: PGDATA_PATH_OVERRIDE
+ value: "{{ $dot.Values.config.pgDataPath }}"
volumeMounts:
- name: config
mountPath: /pgconf/pool_hba.conf
diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml
index 07bb5c4eac..93f6d66385 100644
--- a/kubernetes/common/postgres/values.yaml
+++ b/kubernetes/common/postgres/values.yaml
@@ -1,4 +1,5 @@
# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Modifications Copyright (C) 2021 Bell Canada.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -50,6 +51,7 @@ pullPolicy: Always
config:
pgUserName: testuser
pgDatabase: userdb
+ pgDataPath: data
# pgPrimaryPassword: password
# pgUserPassword: password
# pgRootPassword: password
diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml
index 639e4eb7af..0f5d2861cc 100644
--- a/kubernetes/consul/values.yaml
+++ b/kubernetes/consul/values.yaml
@@ -98,7 +98,7 @@ resources:
odl:
jolokia:
username: admin
- password: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
sdnc:
config:
diff --git a/kubernetes/contrib/components/awx/templates/configmap.yaml b/kubernetes/contrib/components/awx/templates/configmap.yaml
index 9bc62b0856..59900f1c64 100644
--- a/kubernetes/contrib/components/awx/templates/configmap.yaml
+++ b/kubernetes/contrib/components/awx/templates/configmap.yaml
@@ -144,3 +144,95 @@ data:
{"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}}
]
}
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-nginx-conf
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ helm.sh/chart: {{ include "common.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+ nginx.conf: |
+ worker_processes 1;
+ pid /tmp/nginx.pid;
+ events {
+ worker_connections 1024;
+ }
+ http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+ server_tokens off;
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+ access_log /dev/stdout main;
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+ }
+ sendfile on;
+ #tcp_nopush on;
+ #gzip on;
+ upstream uwsgi {
+ server 127.0.0.1:8050;
+ }
+ upstream daphne {
+ server 127.0.0.1:8051;
+ }
+ server {
+ listen 8052 default_server;
+ # If you have a domain name, this is where to add it
+ server_name _;
+ keepalive_timeout 65;
+ # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
+ add_header Strict-Transport-Security max-age=15768000;
+ add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
+ add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
+ # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
+ add_header X-Frame-Options "DENY";
+ location /nginx_status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+ }
+ location /static/ {
+ alias /var/lib/awx/public/static/;
+ }
+ location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
+ location /websocket {
+ # Pass request to the upstream alias
+ proxy_pass http://daphne;
+ # Require http version 1.1 to allow for upgrade requests
+ proxy_http_version 1.1;
+ # We want proxy_buffering off for proxying to websockets.
+ proxy_buffering off;
+ # http://en.wikipedia.org/wiki/X-Forwarded-For
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # enable this if you use HTTPS:
+ proxy_set_header X-Forwarded-Proto https;
+ # pass the Host: header from the client for the sake of redirects
+ proxy_set_header Host $http_host;
+ # We've set the Host header, so we don't need Nginx to muddle
+ # about with redirects
+ proxy_redirect off;
+ # Depending on the request value, set the Upgrade and
+ # connection headers
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ }
+ location / {
+ # Add trailing / if missing
+ rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
+ uwsgi_read_timeout 120s;
+ uwsgi_pass uwsgi;
+ include /etc/nginx/uwsgi_params;
+ proxy_set_header X-Forwarded-Port 443;
+ }
+ }
+ }
diff --git a/kubernetes/contrib/components/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/templates/statefulset.yaml
index 46747cd85f..1f2c093742 100644
--- a/kubernetes/contrib/components/awx/templates/statefulset.yaml
+++ b/kubernetes/contrib/components/awx/templates/statefulset.yaml
@@ -82,6 +82,10 @@ spec:
name: awx-secret-key
readOnly: true
subPath: SECRET_KEY
+ - mountPath: /etc/nginx/nginx.conf
+ name: awx-nginx-conf
+ subPath: "nginx.conf"
+
- command: ["/bin/sh","-c"]
args: ["/usr/bin/launch_awx_task.sh"]
env:
@@ -109,6 +113,9 @@ spec:
name: awx-secret-key
readOnly: true
subPath: SECRET_KEY
+ - mountPath: /etc/nginx/nginx.conf
+ name: awx-nginx-conf
+ subPath: "nginx.conf"
- env:
- name: MY_POD_IP
valueFrom:
@@ -209,5 +216,12 @@ spec:
path: rabbitmq_definitions.json
name: {{ include "common.fullname" . }}-rabbitmq
name: rabbitmq-config
+ - configMap:
+ defaultMode: 420
+ items:
+ - key: nginx.conf
+ path: nginx.conf
+ name: {{ include "common.fullname" . }}-nginx-conf
+ name: awx-nginx-conf
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml
index a29866da9a..02642fd3fd 100755
--- a/kubernetes/contrib/components/awx/values.yaml
+++ b/kubernetes/contrib/components/awx/values.yaml
@@ -95,7 +95,7 @@ service:
type: NodePort
portName: web
internalPort: 8052
- externalPort: 80
+ externalPort: 8052
nodePort: 78
rabbitmq:
type: ClusterIP
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 458ec101dc..1ac3671833 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -104,7 +104,7 @@ mongo:
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.3
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
@@ -113,11 +113,11 @@ componentImages:
holmes_rules: onap/holmes/rule-management:1.2.9
holmes_engine: onap/holmes/engine-management:1.2.9
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9
- snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.5
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.8.0
+ snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.4
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0
- datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.0
+ datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.4
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
index 8f6432d031..50c59c8ae8 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
@@ -44,7 +44,7 @@ config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0
+image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.1
pullPolicy: Always
# probe configuration parameters
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
index 356149c0dd..3366b00f20 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
@@ -41,7 +41,7 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 10
# application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
index 735b0281be..42f596db1e 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
@@ -67,6 +67,10 @@ spec:
value: {{ .Values.config.importDMaaP }}
- name: ONAP_USEDMAAPPLUGIN
value: {{ .Values.config.useDmaapPlugin | quote }}
+ - name: BP_RESOURCES_CPU_LIMIT
+ value: {{ .Values.config.bpResourcesCpuLimit }}
+ - name: BP_RESOURCES_MEMORY_LIMIT
+ value: {{ .Values.config.bpResourcesMemoryLimit }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index 2482748e4c..521fac06a2 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -33,11 +33,13 @@ config:
#dashboardPassword: doesntmatter
mrTopicURL: http://message-router:3904/events
importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
- importK8S: plugin:k8splugin?version=>=3.4.3,<4.0.0
+ importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0
importPostgres: plugin:pgaas?version=1.3.0
importClamp: plugin:clamppolicyplugin?version=1.1.0
importDMaaP: plugin:dmaap?version=1.5.0
useDmaapPlugin: false
+ bpResourcesCpuLimit: 250m
+ bpResourcesMemoryLimit: 128Mi
secrets:
- uid: "dashsecret"
@@ -69,7 +71,7 @@ readiness:
# Should have a proper readiness endpoint or script
# application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.2
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.3
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
index 4bf8f74666..04a5714a8e 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties
@@ -52,8 +52,8 @@ cmso.minizinc.command.solver=OSICBC
cmso.minizinc.command.timelimit=60000
cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn
-mechid.user=oof@oof.onap.org
-mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+mechid.user=${AAF_USER}
+mechid.pass=${AAF_PASSWORD}
aaf.urls=https://aaf-locate:8095
aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
index c1d2602713..1f96183dd5 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml
@@ -116,6 +116,10 @@ spec:
value: {{ .Values.global.truststorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ - name: AAF_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
+ - name: AAF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
command:
- /bin/sh
args:
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
index aa6ae1941c..d50995a615 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml
@@ -24,12 +24,12 @@ subChartsOnly:
enabled: true
# application image
-image: onap/optf-cmso-optimizer:2.3.1
+image: onap/optf-cmso-optimizer:2.3.2
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.3.1
+ image: onap/optf-cmso-dbinit:2.3.2
# flag to enable debugging - application support required
debugEnabled: false
@@ -45,6 +45,12 @@ secrets:
login: '{{ .Values.config.db.user }}'
password: '{{ .Values.config.db.password }}'
passwordPolicy: required
+ - uid: cmso-aaf-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.aaf.user }}'
+ password: '{{ .Values.config.aaf.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -81,6 +87,10 @@ service:
config:
+ aaf:
+ user: user
+ password: pass
+# userCredentialsExternalSecret: some-secret
db:
port: 3306
# rootPassword: pass
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
index 6525a4ee9c..363aecbc03 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties
@@ -94,11 +94,11 @@ so.polling.interval.ms=10000
## loopback settings
so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7
-so.user=oof@oof.onap.org
-so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+so.user=${AAF_USER}
+so.pass=${AAF_USER}
-mechid.user=oof@oof.onap.org
-mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+mechid.user=${AAF_USER}
+mechid.pass=${AAF_PASSWORD}
cmso.dispatch.url=http://localhost:8089
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
index 27d52a24ba..d9f2bd0734 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml
@@ -140,6 +140,10 @@ spec:
value: {{ .Values.global.truststorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ - name: AAF_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
+ - name: AAF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
command:
- /bin/sh
args:
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
index f0e62e458d..06dd478b0e 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml
@@ -23,13 +23,13 @@ subChartsOnly:
enabled: true
# application image
-image: onap/optf-cmso-service:2.3.1
-robotimage: onap/optf-cmso-robot:2.3.1
+image: onap/optf-cmso-service:2.3.2
+robotimage: onap/optf-cmso-robot:2.3.2
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.3.1
+ image: onap/optf-cmso-dbinit:2.3.2
# flag to enable debugging - application support required
debugEnabled: false
@@ -44,6 +44,12 @@ secrets:
login: '{{ .Values.config.db.user }}'
password: '{{ .Values.config.db.password }}'
passwordPolicy: required
+ - uid: cmso-aaf-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.aaf.user }}'
+ password: '{{ .Values.config.aaf.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -80,6 +86,10 @@ service:
config:
+ aaf:
+ user: user
+ password: pass
+# userCredentialsExternalSecret: some-secret
db:
port: 3306
# rootPassword: pass
@@ -93,6 +103,7 @@ config:
optimizer_host: oof-cmso-optimizer
optimizer_port: 7997
+
ingress:
enabled: false
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
index d88e1b22c2..4f6976ed28 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml
@@ -23,7 +23,7 @@ subChartsOnly:
enabled: true
# application image
-image: onap/optf-cmso-ticketmgt:2.3.1
+image: onap/optf-cmso-ticketmgt:2.3.2
pullPolicy: Always
diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
index 56d9c7c12a..b3adb5c69c 100644
--- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml
@@ -22,7 +22,7 @@ subChartsOnly:
enabled: true
# application image
-image: onap/optf-cmso-topology:2.3.1
+image: onap/optf-cmso-topology:2.3.2
pullPolicy: Always
diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml
index c574a86136..c46fd0a33a 100644
--- a/kubernetes/oof/components/oof-cmso/values.yaml
+++ b/kubernetes/oof/components/oof-cmso/values.yaml
@@ -36,6 +36,11 @@ secrets:
login: '{{ .Values.config.db.optimizer.userName }}'
password: '{{ .Values.config.db.optimizer.userPassword }}'
passwordPolicy: generate
+ - uid: cmso-aaf-creds
+ name: &aafCreds '{{ include "common.release" . }}-cmso-aaf-creds'
+ type: basicAuth
+ login: '{{ .Values.config.aaf.user }}'
+ password: '{{ .Values.config.aaf.password }}'
mariadb-galera:
replicaCount: 1
@@ -75,6 +80,9 @@ mariadb-init:
flavor: small
config:
+ aaf:
+ user: oof@oof.onap.org
+ password: demo123456!
log:
logstashServiceName: log-ls
logstashPort: 5044
@@ -115,6 +123,8 @@ oof-cmso-service:
host: *dbName
container: *dbName
mysqlDatabase: cmso
+ aaf:
+ userCredentialsExternalSecret: *aafCreds
oof-cmso-optimizer:
enabled: true
@@ -128,6 +138,8 @@ oof-cmso-optimizer:
host: *dbName
container: *dbName
mysqlDatabase: optimizer
+ aaf:
+ userCredentialsExternalSecret: *aafCreds
oof-cmso-topology:
enabled: true
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index 0f2e01f5c7..d6743cdfda 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -16,7 +16,7 @@
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index df50561d51..3cbf96adc1 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index b069be6d9c..0940a9db39 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index b069be6d9c..0940a9db39 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index b069be6d9c..0940a9db39 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index 2891f806c3..3615a3bd33 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -19,7 +19,7 @@
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
persistence:
enabled: true
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index 87e6536c35..7362ec70a6 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -35,7 +35,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/optf-osdf:3.0.3
+image: onap/optf-osdf:3.0.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
index 10c2a054e7..586f468334 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
@@ -71,7 +71,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
- source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+ . {{ .Values.certInitializer.credsPath }}/.ci; fi;\
/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
ports:
- containerPort: {{ .Values.service.externalPort }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 6b13133815..fb4742e9e4 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -1,6 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.4.4
+image: onap/policy-apex-pdp:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 3657bc1f53..9d3ea8c4b5 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -81,7 +81,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.3.3
+image: onap/policy-api:2.4.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml
index 1446ac42b6..cd78850150 100644
--- a/kubernetes/policy/components/policy-clamp-be/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/values.yaml
@@ -1,5 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2021 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -63,7 +63,7 @@ secrets:
flavor: small
# application image
-image: onap/policy-clamp-backend:6.0.0
+image: onap/policy-clamp-backend:6.0.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml
index 91a096d1b2..15b69ef93d 100644
--- a/kubernetes/policy/components/policy-clamp-fe/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml
@@ -1,5 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2021 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -62,7 +62,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/policy-clamp-frontend:6.0.0
+image: onap/policy-clamp-frontend:6.0.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index a099bb6bf0..752b83cf00 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -1,6 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -67,7 +67,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.4.3
+image: onap/policy-distribution:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index c44691e275..459767e13f 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -1,5 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright © 2018-2021 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.7.5
+image: onap/policy-pdpd-cl:1.8.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 0ab62ffa66..42f0e13b71 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -1,6 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
-# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright (C) 2020 Bell Canada.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -95,7 +95,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.3.3
+image: onap/policy-pap:2.4.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
index 8ad9fcc3c0..a626a046a5 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@
{
"name": "XacmlPdpParameters",
"pdpGroup": "defaultGroup",
+ "pdpType": "xacml",
"restServerParameters": {
"host": "0.0.0.0",
"port": 6969,
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index acc1d55002..41bec0ba74 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -86,7 +86,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.3.3
+image: onap/policy-xacml-pdp:2.4.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
index 807f070aa0..674a416dc2 100644
--- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
@@ -25,6 +25,7 @@ GLOBAL_INJECTED_CLI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" .
GLOBAL_INJECTED_CLOUD_ENV = 'openstack'
GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}"
GLOBAL_INJECTED_DCAE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-healthcheck") }}'
+GLOBAL_INJECTED_DCAE_MS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ms-healthcheck") }}'
GLOBAL_INJECTED_DCAE_VES_HOST = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ves-collector") }}'
GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}'
GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}'
@@ -165,6 +166,12 @@ GLOBAL_DCAE_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" .
GLOBAL_DCAE_USERNAME = '{{ .Values.dcaeUsername }}'
GLOBAL_DCAE_PASSWORD = '{{ .Values.dcaePassword}}'
GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD]
+# dcae microservice info - everything is from the private oam network (also called onap private network)
+GLOBAL_DCAE_MS_SERVER_PROTOCOL = "http"
+GLOBAL_DCAE_MS_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-healthcheck" "port" 8080) }}'
+GLOBAL_DCAE_MS_USERNAME = '{{ .Values.dcaeMsUsername }}'
+GLOBAL_DCAE_MS_PASSWORD = '{{ .Values.dcaeMsPassword}}'
+GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD]
# dcae hv-ves info
GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}'
GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}'
diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
index bbc4a952de..6f54c6b340 100644
--- a/kubernetes/robot/values.yaml
+++ b/kubernetes/robot/values.yaml
@@ -22,7 +22,7 @@ global: # global defaults
# application image
repository: nexus3.onap.org:10001
-image: onap/testsuite:1.7.2
+image: onap/testsuite:1.7.3
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
@@ -325,6 +325,8 @@ appcPassword: "demo123456!"
# DCAE
dcaeUsername: "dcae@dcae.onap.org"
dcaePassword: "demo123456!"
+dcaeMsUsername: "dcae@dcae.onap.org"
+dcaeMsPassword: "demo123456!"
# DROOLS
droolsUsername: "demo@people.osaaf.org"
droolsPassword: "demo123456!"
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index e9f83b6978..77577d6ee3 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -35,8 +35,8 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.7.3
-backendInitImage: onap/sdc-backend-init:1.7.3
+image: onap/sdc-backend-all-plugins:1.8.4
+backendInitImage: onap/sdc-backend-init:1.8.4
pullPolicy: Always
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index efe6dcddea..33e32ddfbe 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -38,9 +38,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.7.3
-cassandraInitImage: onap/sdc-cassandra-init:1.7.3
-
+image: onap/sdc-cassandra:1.8.4
+cassandraInitImage: onap/sdc-cassandra-init:1.8.4
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index 0db5a390c8..079d7ad462 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -47,8 +47,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.7.3
-
+image: onap/sdc-frontend:1.8.4
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index 553ec72260..e34d5c5cfb 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -59,8 +59,8 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.7.3
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.3
+image: onap/sdc-onboard-backend:1.8.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.8.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/resources/config/bin/createLinks.sh b/kubernetes/sdnc/resources/config/bin/createLinks.sh
index 1999dabb37..52c40723f9 100755
--- a/kubernetes/sdnc/resources/config/bin/createLinks.sh
+++ b/kubernetes/sdnc/resources/config/bin/createLinks.sh
@@ -27,11 +27,6 @@ then
MDSAL_PATH=/opt/opendaylight/mdsal
fi
-if [ "$DAEXIM_PATH" = "" ]
-then
- DAEXIM_PATH=/opt/opendaylight/daexim
-fi
-
if [ "$JOURNAL_PATH" = "" ]
then
JOURNAL_PATH=/opt/opendaylight/journal
@@ -42,12 +37,6 @@ then
SNAPSHOTS_PATH=/opt/opendaylight/snapshots
fi
-
-if [ ! -L $DAEXIM_PATH ]
-then
- ln -s $MDSAL_PATH/daexim $DAEXIM_PATH
-fi
-
if [ ! -L $JOURNAL_PATH ]
then
if [ -d $JOURNAL_PATH ]
diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
index 11ed7f45bf..42abf54444 100755
--- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
+++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
@@ -37,8 +37,8 @@ SDNC_DB_DATABASE=${SDNC_DB_DATABASE}
# Create tablespace and user account
mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} mysql <<-END
CREATE DATABASE IF NOT EXISTS ${SDNC_DB_DATABASE};
-CREATE USER '${SDNC_DB_USER}'@'localhost' IDENTIFIED BY '${SDNC_DB_PASSWORD}';
-CREATE USER '${SDNC_DB_USER}'@'%' IDENTIFIED BY '${SDNC_DB_PASSWORD}';
+CREATE USER IF NOT EXISTS '${SDNC_DB_USER}'@'localhost' IDENTIFIED BY '${SDNC_DB_PASSWORD}';
+CREATE USER IF NOT EXISTS '${SDNC_DB_USER}'@'%' IDENTIFIED BY '${SDNC_DB_PASSWORD}';
GRANT ALL PRIVILEGES ON ${SDNC_DB_DATABASE}.* TO '${SDNC_DB_USER}'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON ${SDNC_DB_DATABASE}.* TO '${SDNC_DB_USER}'@'%' WITH GRANT OPTION;
flush privileges;
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 96fa3378fb..48776c9961 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -116,6 +116,7 @@ spec:
- |
mkdir {{ .Values.persistence.mdsalPath }}/journal
mkdir {{ .Values.persistence.mdsalPath }}/snapshots
+ mkdir {{ .Values.persistence.mdsalPath }}/daexim
chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
{{- if .Values.global.aafEnabled }}
chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}
diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
index 917c067681..142ae725d6 100644
--- a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
@@ -55,8 +55,7 @@ spec:
- |
export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
index 3fee225c03..6e117cd8bf 100755
--- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
index 75e6b1ee62..f756448e2b 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
index 4518a5f607..0d80b2a9ae 100755
--- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
@@ -63,8 +63,7 @@ spec:
export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
export AAI_AUTH=$(cat /input/.aai_creds)
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password}"
{{- end }}
@@ -116,4 +115,3 @@ spec:
medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
index 2cf23e23be..c33dcb7f32 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
@@ -39,8 +39,7 @@ spec:
- |
export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
index dc80d426fc..ca108ac5cd 100644
--- a/kubernetes/so/components/so-monitoring/templates/deployment.yaml
+++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
@@ -66,7 +66,7 @@ spec:
export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export KEYSTORE=file://$cadi_keystore
export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
export TRUSTSTORE=file://$cadi_truststore
diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
index 75d831eba6..dde03a4aad 100755
--- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
@@ -42,8 +42,7 @@ spec:
export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
index 3fee225c03..6e117cd8bf 100755
--- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
index 75e6b1ee62..f756448e2b 100755
--- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
index 3fee225c03..6e117cd8bf 100755
--- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
index 6f9d7f7b16..5a98828c1a 100755
--- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
@@ -50,8 +50,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
index 7c10e7f8ed..c769961059 100755
--- a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
index 8abd9a9796..29ebd97229 100755
--- a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
@@ -50,8 +50,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
/app/start-app.sh
diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
index d16b4f7cf8..7e04706d4a 100644
--- a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
@@ -2,8 +2,8 @@
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
cadiLoglevel: {{ $initRoot.cadi.logLevel }}
-cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }}
-cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }}
+cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.certInitializer.fqi_namespace }}.keyfile
+cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/truststoreONAPall.jks
cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
cadiLatitude: {{ $initRoot.cadi.latitude }}
cadiLongitude: {{ $initRoot.cadi.longitude }}
diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
index c5232e8f48..cda61b2cfa 100644
--- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
@@ -3,40 +3,6 @@
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{ include "common.certInitializer.initContainer" $subchartDot }}
-{{- if $dot.Values.global.aafEnabled }}
-- name: {{ include "common.name" $dot }}-msb-cert-importer
- image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $dot.Values.global.aafAgentImage }}
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
- command:
- - "/bin/sh"
- args:
- - "-c"
- - |
- export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- keytool -import -trustcacerts -alias msb_root -file \
- /certificates/msb-ca.crt -keystore \
- "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -storepass $cadi_truststore_password -noprompt
- export EXIT_VALUE=$?
- if [ "${EXIT_VALUE}" != "0" ]
- then
- echo "issue with password: $cadi_truststore_password"
- ls -lh {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop
- cat {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop
- exit $EXIT_VALUE
- else
- keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
- -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
- -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -deststorepass $cadi_truststore_password -noprompt
- export EXIT_VALUE=$?
- fi
- exit $EXIT_VALUE
- volumeMounts:
- {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
- - name: {{ include "common.name" $dot }}-msb-certificate
- mountPath: /certificates
-{{- end }}
{{- end -}}
{{- define "so.certificate.volumes" -}}
@@ -44,11 +10,6 @@
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{ include "common.certInitializer.volumes" $subchartDot }}
-{{- if $dot.Values.global.aafEnabled }}
-- name: {{ include "common.name" $dot }}-msb-certificate
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }}
-{{- end }}
{{- end -}}
{{- define "so.certificate.volumeMount" -}}
@@ -64,10 +25,10 @@
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{- if $dot.Values.global.aafEnabled }}
- name: TRUSTSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks
{{- if $dot.Values.global.security.aaf.enabled }}
- name: KEYSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.certInitializer.fqi_namespace }}.p12
{{- end }}
{{- end }}
{{- end -}}
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
index a367272d9a..938a6f9d00 100755
--- a/kubernetes/so/components/soHelpers/values.yaml
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -1,5 +1,6 @@
# Copyright © 2018 AT&T USA
# Copyright © 2020 Huawei
+# Copyright © 2021 Orange
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -22,26 +23,6 @@ global:
enabled: false
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- client:
- certs:
- truststore: /app/client/org.onap.so.trust.jks
- keystore: /app/client/org.onap.so.jks
- trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
- keyStorePassword: c280b25hcA==
- certificates:
- path: /etc/ssl/certs
- share_path: /usr/local/share/ca-certificates/
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: 'so-onap-certs'
- name: '{{ include "common.release" . }}-so-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths:
- - resources/config/certificates/msb-ca.crt
#################################################################
# AAF part
@@ -57,19 +38,16 @@ certInitializer:
cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
- trustStoreAllPass: changeit
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh local showpass
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+ qi_namespace: org.onap.so
+ aaf_add_config: |
+ echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD={{ .Values.truststorePassword }}" >> {{ .Values.credsPath }}/mycreds.prop
aafConfig:
permission_user: 1000
permission_group: 999
-aaf:
- trustore: org.onap.so.trust.jks
- keyFile: org.onap.so.keyfile
-
#################################################################
# Application configuration defaults.
#################################################################
diff --git a/kubernetes/so/resources/config/certificates/msb-ca.crt b/kubernetes/so/resources/config/certificates/msb-ca.crt
deleted file mode 100644
index 62da777a58..0000000000
--- a/kubernetes/so/resources/config/certificates/msb-ca.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
-Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
-DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
-Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
-Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
-bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
-YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
-dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
-Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
-mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
-2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
-6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
-7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
-p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
-5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
-bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
-wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
-ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
-FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
-3lR7lW/J
------END CERTIFICATE-----
diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml
index 3fee225c03..6e117cd8bf 100755
--- a/kubernetes/so/templates/deployment.yaml
+++ b/kubernetes/so/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index f7d74a347f..6bd6e26885 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -1,5 +1,6 @@
# Copyright © 2018 AT&T USA
# Copyright © 2020 Huawei
+# Copyright © 2021 Orange
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -56,12 +57,6 @@ global:
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- client:
- certs:
- truststore: /app/client/org.onap.so.trust.jks
- keystore: /app/client/org.onap.so.jks
- trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
- keyStorePassword: c280b25hcA==
certificates:
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/
@@ -108,12 +103,6 @@ secrets:
login: '{{ .Values.dbCreds.adminName }}'
password: '{{ .Values.dbCreds.adminPassword }}'
passwordPolicy: generate
- - uid: 'so-onap-certs'
- name: &so-certs '{{ include "common.release" . }}-so-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths:
- - resources/config/certificates/msb-ca.crt
- uid: 'mso-key'
name: &mso-key '{{ include "common.release" . }}-mso-key'
type: password
@@ -218,7 +207,6 @@ soHelpers:
certInitializer:
nameOverride: so-apih-cert-init
credsPath: /opt/app/osaaf/local
- certSecret: *so-certs
containerPort: *containerPort
# Resource Limit flavor -By Default using small
@@ -388,4 +376,3 @@ so-vfc-adapter:
so-vnfm-adapter:
enabled: true
-
diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml
index 4510dc6908..6b323a4a17 100644
--- a/kubernetes/vid/values.yaml
+++ b/kubernetes/vid/values.yaml
@@ -64,7 +64,7 @@ certInitializer:
else
echo "*** changing them into shell safe ones"
export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTORE_PASSWD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
cd {{ .Values.credsPath }}
keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
-storepass "${cadi_keystore_password_jks}" \
@@ -79,7 +79,7 @@ certInitializer:
-storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
echo "*** save the generated passwords"
echo "VID_KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
- echo "VID_TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop
+ echo "VID_TRUSTSTORE_PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp" >> mycreds.prop
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
fi
@@ -88,7 +88,7 @@ subChartsOnly:
enabled: true
# application image
-image: onap/vid:7.0.0
+image: onap/vid:8.0.2
pullPolicy: Always
# application configuration
@@ -114,7 +114,6 @@ config:
mariadb-galera:
db:
- user: sdnctl
# password:
externalSecret: *dbUserSecretName
name: &mysqlDbName vid_openecomp_epsdk
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index 55eea0fa60..28a2ac419e 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -37,7 +37,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/vnfsdk/refrepo:1.6.2
+image: onap/vnfsdk/refrepo:1.6.3
pullPolicy: Always
# application configuration override for postgres
@@ -96,8 +96,8 @@ liveness:
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 60
+ periodSeconds: 30
service:
type: NodePort