diff options
98 files changed, 429 insertions, 548 deletions
diff --git a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml index 750363c8f4..96b7499fdf 100644 --- a/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/components/aaf-sms-vault/values.yaml @@ -35,7 +35,6 @@ config: consul: server: true log_level: INFO - server: true data_dir: '/consul/data' ports: http: 8500 @@ -95,7 +94,7 @@ flavor: small resources: small: limits: - cpu: 40m + cpu: 400m memory: 40Mi requests: cpu: 10m diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/has.json b/kubernetes/aaf/components/aaf-sms/resources/config/has.json index 679b5189de..ef42ce98d3 100644 --- a/kubernetes/aaf/components/aaf-sms/resources/config/has.json +++ b/kubernetes/aaf/components/aaf-sms/resources/config/has.json @@ -38,6 +38,13 @@ "password": "${AAF_PASS}", "aaf_conductor_user": "oof@oof.onap.org" } + }, + { + "name": "sdc", + "values": { + "username": "${SDC_USER}", + "password": "${SDC_PASS}" + } } ] } diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index 1341889af3..6e50620a99 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -51,6 +51,7 @@ spec: export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN}; export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; export SO_PASS=${SO_PASS_PLAIN}; + export SDC_PASS=${SDC_PASS_PLAIN}; cd /config-input; for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; @@ -131,6 +132,11 @@ spec: - name: SO_PASS_PLAIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "password") | indent 10 }} + - name: SDC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "login") | indent 10 }} + - name: SDC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }} + volumeMounts: - mountPath: /config-input name: {{ include "common.name" . }}-preload-input diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index 3b777c64f6..ab7d8fb71b 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -192,7 +192,11 @@ secrets: login: '{{ .Values.oofCreds.soUsername }}' password: '{{ .Values.oofCreds.soPassword }}' passwordPolicy: required - + - uid: sdc-creds + type: basicAuth + login: '{{ .Values.oofCreds.sdcUsername }}' + password: '{{ .Values.oofCreds.sdcPassword }}' + passwordPolicy: required oofCreds: aaiUsername: oof@oof.onap.org aaiPassword: demo123456! @@ -239,6 +243,9 @@ oofCreds: soUsername: apihBpmn soPassword: password1$ + sdcUsername: aai + sdcPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + # Configure resource requests and limits resources: small: diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index db1a2eb86b..7560efde26 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -24,7 +24,7 @@ global: {} ################################################################# # application image -image: onap/babel:1.7.1 +image: onap/babel:1.8.0 flavor: small flavorOverride: small diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 0d8acf83a5..b235ba171c 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -21,7 +21,7 @@ global: # global defaults # application image -image: onap/model-loader:1.7.0 +image: onap/model-loader:1.8.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml index 498f1b837d..42641a2e5c 100644 --- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml +++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml @@ -21,9 +21,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties index 084f6e46bc..084f6e46bc 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties index 4465fb3e11..4465fb3e11 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties index b6c5f68368..094c815744 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties @@ -15,14 +15,14 @@ */}} oxm.schemaNodeDir=/opt/app/sparky/onap/oxm -#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config +#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config oxm.schemaServiceTranslatorList=config # The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/ oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/ -oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD} -oxm.schemaServiceTruststorePassword=${KEYSTORE_PASSWORD} +oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12 +oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore +oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o +oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties index 2143bf8902..59c0349b06 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties @@ -19,7 +19,4 @@ resources.port=8443 resources.authType=SSL_BASIC resources.basicAuthUserName=aai@aai.onap.org resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek -resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -resources.trust-store-password=${TRUSTSTORE_PASSWORD} -resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -resources.client-cert-password=${KEYSTORE_PASSWORD}
\ No newline at end of file +resources.trust-store=tomcat_keystore diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties index 073e9d318a..4db6c0a374 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties @@ -1,4 +1,3 @@ -{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,11 +11,10 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} server.port=8000 -server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12 +server.ssl.key-store-password=OBF:1xfz1qie1jf81b3s1ir91tag1h381cvr1kze1zli16kj1b301b4y16kb1zm01kzo1cw71gze1t9y1ivd1b461je21qiw1xf3 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -server.ssl.trust-store-password=${KEYSTORE_PASSWORD} +server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks +server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties index 4fb10a21f7..4fb10a21f7 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties index a9e5908ec7..1269f25355 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties @@ -1,4 +1,3 @@ -{{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,7 +15,6 @@ # # disable the default thyme leaf icon on web-pages # -*/}} spring.mvc.favicon.enabled=false # @@ -24,14 +22,14 @@ spring.mvc.favicon.enabled=false # and in the values.yaml change the internalPort to 9517 # -spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,portal,aai-proxy +spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy portal.cadiFileLocation={{.Values.config.cadiFileLocation}} +portal.cadiFileLocation={{.Values.config.cadiFileLocation}} searchservice.hostname={{.Values.global.searchData.serviceName}} searchservice.port=9509 -searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -searchservice.client-cert-password=${KEYSTORE_PASSWORD} -searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks -searchservice.truststore-password=${TRUSTSTORE_PASSWORD} +searchservice.client-cert=client-cert-onap.p12 +searchservice.client-cert-password=1xfz1qie1jf81b3s1ir91tag1h381cvr1kze1zli16kj1b301b4y16kb1zm01kzo1cw71gze1t9y1ivd1b461je21qiw1xf3 +searchservice.truststore=tomcat_keystore schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml deleted file mode 100644 index cd5338f5b3..0000000000 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml +++ /dev/null @@ -1,187 +0,0 @@ -<configuration scan="true" scanPeriod="3 seconds" debug="false"> - <!--{{/* - # Copyright © 2018 AT&T - # Copyright © 2021 Orange - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - */}}--> - <!--<jmxConfigurator /> --> - <!-- directory path for all other type logs --> - - <property name="logDir" value="/var/log/onap" /> - - <!-- <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" - | "SDNC" | "AC" --> - <property name="componentName" value="AAI-UI"></property> - - <!-- default eelf log file names --> - <property name="generalLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - - <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|AAIUI|%mdc{PartnerName}|%logger|%.-5level|%msg%n" /> - <property name="auditMetricPattern" value="%m%n" /> - - <property name="logDirectory" value="${logDir}/${componentName}" /> - - - <!-- Example evaluator filter applied against console appender --> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>${errorLogPattern}</pattern> - </encoder> - </appender> - - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - - <!-- The EELFAppender is used to record events to the general application - log --> - - <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${generalLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip -</fileNamePattern> - <maxHistory>60</maxHistory> - </rollingPolicy> - <encoder> - <pattern>${errorLogPattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> - <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - <queueSize>256</queueSize> - <appender-ref ref="EELF" /> - </appender> - - - <!-- EELF Audit Appender. This appender is used to record audit engine related - logging events. The audit logger and appender are specializations of the - EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - - <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip -</fileNamePattern> - <maxHistory>60</maxHistory> - </rollingPolicy> - <encoder> - <pattern>${auditMetricPattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - - <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip -</fileNamePattern> - <maxHistory>60</maxHistory> - </rollingPolicy> - <encoder> - <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> --> - <pattern>${auditMetricPattern}</pattern> - </encoder> - </appender> - - - <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - - <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip -</fileNamePattern> - <maxHistory>60</maxHistory> - </rollingPolicy> - <encoder> - <pattern>${errorLogPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>256</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>false</includeCallerData> - </appender> - - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger name="com.att.eelf" level="info" additivity="false"> - <appender-ref ref="asyncEELF" /> - <appender-ref ref="asyncEELFDebug" /> - <appender-ref ref="STDOUT" /> - </logger> - - <logger name="com.att.eelf.audit" level="info" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger name="com.att.eelf.metrics" level="info" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - - <!-- Spring related loggers --> - <logger name="org.springframework" level="WARN" /> - <logger name="org.springframework.beans" level="WARN" /> - <logger name="org.springframework.web" level="WARN" /> - <logger name="com.blog.spring.jms" level="WARN" /> - - <!-- Sparky loggers --> - <logger name="org.onap" level="INFO"> - <appender-ref ref="STDOUT" /> - </logger> - - <!-- Other Loggers that may help troubleshoot --> - <logger name="net.sf" level="WARN" /> - <logger name="org.apache.commons.httpclient" level="WARN" /> - <logger name="org.apache.commons" level="WARN" /> - <logger name="org.apache.coyote" level="WARN" /> - <logger name="org.apache.jasper" level="WARN" /> - - <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. - May aid in troubleshooting) --> - <logger name="org.apache.camel" level="WARN" /> - <logger name="org.apache.cxf" level="WARN" /> - <logger name="org.apache.camel.processor.interceptor" level="WARN" /> - <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" /> - <logger name="org.apache.cxf.service" level="WARN" /> - <logger name="org.restlet" level="WARN" /> - <logger name="org.apache.camel.component.restlet" level="WARN" /> - - <!-- logback internals logging --> - <logger name="ch.qos.logback.classic" level="WARN" /> - <logger name="ch.qos.logback.core" level="WARN" /> - - <root> - <appender-ref ref="asyncEELF" /> - <appender-ref ref="STDOUT" /> - <!-- <appender-ref ref="asyncEELFDebug" /> --> - </root> - -</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 Binary files differnew file mode 100644 index 0000000000..2601acf88a --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 Binary files differnew file mode 100644 index 0000000000..2601acf88a --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties index 7a0fb8250b..2592e5ca7c 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties @@ -46,4 +46,4 @@ ext_req_connection_timeout=15000 ext_req_read_timeout=20000 #Add AAF namespace if the app is centralized -auth_namespace={{ .Values.certInitializer.fqi_namespace }} +auth_namespace={{.Values.config.aafNamespace}} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties index baefd9806b..1f154b6101 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties @@ -6,18 +6,14 @@ aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 # AAF Environment Designation #if you are running aaf service from a docker image you have to use aaf service IP and port number -aaf_id={{ .Values.certInitializer.fqi }} +aaf_id={{.Values.config.aafUsername}} #Encrypt the password using AAF Jar -aaf_password={{ .Values.certInitializer.aafDeployPass }} +aaf_password={{.Values.config.aafPassword}} # Sample CADI Properties, from CADI 1.4.2 #hostname=org.onap.aai.orr csp_domain=PROD # Add Absolute path to Keyfile -cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile -cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -cadi_keystore_password=${KEYSTORE_PASSWORD} - -cadi_alias={{ .Values.certInitializer.fqi }} +cadi_keyfile={{.Values.config.cadiKeyFile}} # This is required to accept Certificate Authentication from Certman certificates. # can be TEST, IST or PROD @@ -27,9 +23,9 @@ aaf_env=DEV cadi_loglevel=DEBUG # Add Absolute path to truststore2018.jks -cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +cadi_truststore={{.Values.config.cadiTrustStore}} # Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs -cadi_truststore_password=${TRUSTSTORE_PASSWORD} +cadi_truststore_password={{.Values.config.cadiTrustStorePassword}} # how to turn on SSL Logging #javax.net.debug=ssl diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config index df41395058..df41395058 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config index ce69e88918..ce69e88918 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml index fee07d8acf..162e96b0dc 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml @@ -14,6 +14,25 @@ # limitations under the License. */}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prop + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap @@ -26,7 +45,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 51d577ba91..6e74526ddc 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -38,29 +38,7 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - - command: - - sh - args: - - -c - - | - echo "*** retrieve Truststore and Keystore password" - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ - | xargs -0) - echo "*** write them in portal part" - cd /config-input - for PFILE in `ls -1 .` - do - envsubst <${PFILE} >/config/${PFILE} - done - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - mountPath: /config-input - name: portal-config-input - - mountPath: /config - name: portal-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config + initContainers: - command: - /app/ready.py args: @@ -79,56 +57,68 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - -c - - | - echo "*** retrieve Truststore and Keystore password" - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ - | xargs -0) - echo "*** actual launch of AAI Sparky BE" - /opt/app/sparky/bin/start.sh - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + + volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 + name: {{ include "common.fullname" . }}-auth-config + subPath: client-cert-onap.p12 + - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties - name: auth-config + name: {{ include "common.fullname" . }}-auth-config subPath: csp-cookie-filter.properties + + - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-auth-config + subPath: org.onap.aai.p12 + + - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks + - mountPath: /opt/app/sparky/config/portal/ - name: portal-config + name: {{ include "common.fullname" . }}-portal-config + - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ - name: portal-config-props + name: {{ include "common.fullname" . }}-portal-config-props + - mountPath: /var/log/onap - name: logs + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/sparky/config/application.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application.properties + - mountPath: /opt/app/sparky/config/application-resources.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application-resources.properties + - mountPath: /opt/app/sparky/config/application-ssl.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application-ssl.properties + - mountPath: /opt/app/sparky/config/application-oxm-default.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application-oxm-default.properties + - mountPath: /opt/app/sparky/config/application-oxm-override.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application-oxm-override.properties + - mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties - name: config + name: {{ include "common.fullname" . }}-properties subPath: application-oxm-schema-prod.properties + - mountPath: /opt/app/sparky/config/roles.config - name: config + name: {{ include "common.fullname" . }}-properties subPath: roles.config + - mountPath: /opt/app/sparky/config/users.config - name: config + name: {{ include "common.fullname" . }}-properties subPath: users.config - - mountPath: /opt/app/sparky/config/logging/logback.xml - name: config - subPath: logback.xml + ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -165,35 +155,45 @@ spec: subPath: filebeat.yml name: filebeat-conf - mountPath: /var/log/onap - name: logs + name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: aai-sparky-filebeat resources: {{ include "common.resources" . }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: localtime hostPath: path: /etc/localtime - - name: config + + - name: {{ include "common.fullname" . }}-properties + configMap: + name: {{ include "common.fullname" . }}-prop + + - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} - - name: portal-config - emptyDir: - medium: Memory - - name: portal-config-input + + - name: {{ include "common.fullname" . }}-portal-config configMap: name: {{ include "common.fullname" . }}-portal - - name: portal-config-props + + - name: {{ include "common.fullname" . }}-portal-config-props configMap: name: {{ include "common.fullname" . }}-portal-props - - name: auth-config + + - name: {{ include "common.fullname" . }}-auth-config secret: secretName: {{ include "common.fullname" . }} + + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth + - name: filebeat-conf configMap: name: aai-filebeat - - name: logs + - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: aai-sparky-filebeat emptyDir: {} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 147feb13c8..f8de79d31a 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -27,47 +27,8 @@ global: # global defaults searchData: serviceName: aai-search-data - -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: aai-sparky-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: "aai" - app_ns: "org.osaaf.aaf" - fqi_namespace: "org.onap.aai" - fqi: "aai@aai.onap.org" - public_fqdn: "aaf.osaaf.org" - cadi_longitude: "0.0" - cadi_latitude: "0.0" - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** changing passwords into shell safe ones" - export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWD}" \ - -storepass "${cadi_keystore_password_jks}" \ - -keystore {{ .Values.fqi_namespace }}.jks - keytool -storepasswd -new "${TRUSTORE_PASSWD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** set key password as same password as keystore password" - keytool -keypasswd -new "${KEYSTORE_PASSWD}" \ - -keystore {{ .Values.fqi_namespace }}.jks \ - -keypass "${cadi_keystore_password_jks}" \ - -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }} - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop - echo "TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 {{ .Values.credsPath }} - # application image -image: onap/sparky-be:2.0.2 +image: onap/sparky-be:2.0.3 pullPolicy: Always restartPolicy: Always flavor: small @@ -83,7 +44,13 @@ config: portalPassword: OBF:1t2v1vfv1unz1vgz1t3b portalCookieName: UserId portalAppRoles: ui_view + aafUsername: aai@aai.onap.org + aafNamespace: org.onap.aai + aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz + cadiKeyFile: /opt/app/sparky/config/portal/keyFile + cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties + cadiTrustStorePassword: changeit cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor # ONAP Cookie Processing - During initial development, the following flag, if true, will diff --git a/kubernetes/aai/resources/config/aai/aai_keystore b/kubernetes/aai/resources/config/aai/aai_keystore Binary files differindex d1ebae8e23..b9a3e45107 100644 --- a/kubernetes/aai/resources/config/aai/aai_keystore +++ b/kubernetes/aai/resources/config/aai/aai_keystore diff --git a/kubernetes/cds/components/Makefile b/kubernetes/cds/components/Makefile index f2e7a1fb82..bf267b7720 100644 --- a/kubernetes/cds/components/Makefile +++ b/kubernetes/cds/components/Makefile @@ -17,9 +17,9 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets -EXCLUDES := soHelpers +EXCLUDES := HELM_BIN := helm -HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) .PHONY: $(EXCLUDES) $(HELM_CHARTS) diff --git a/kubernetes/cds/components/cds-ui/requirements.yaml b/kubernetes/cds/components/cds-ui/requirements.yaml index ff51b4420a..2f608f1baf 100644 --- a/kubernetes/cds/components/cds-ui/requirements.yaml +++ b/kubernetes/cds/components/cds-ui/requirements.yaml @@ -16,6 +16,9 @@ dependencies: - name: common version: ~7.x-0 repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml index 1c88f56d99..359c713ed4 100644 --- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml @@ -37,6 +37,9 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.fullname" . }} spec: + {{- if .Values.global.aafEnabled }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -71,12 +74,18 @@ spec: value: "{{ .Values.config.api.processor.grpc.port }}" - name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN value: {{ .Values.config.api.processor.grpc.authToken }} + {{- if .Values.global.aafEnabled }} + - name: KEYSTORE + value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" + - name: PASSPHRASE + value: "{{ .Values.certInitializer.credsPath }}/mycreds.prop" + {{- end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -90,7 +99,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index 1c7f628b2c..a7d0667695 100644 --- a/kubernetes/cds/components/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -22,6 +22,27 @@ global: subChartsOnly: enabled: true +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: cds-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: sdnc-cds + fqi: sdnc-cds@sdnc-cds.onap.org + public_fqdn: sdnc-cds.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.sdnc-cds + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + # application image image: onap/ccsdk-cds-ui-server:1.0.3 pullPolicy: Always diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index a46400b911..414192e2bc 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -67,9 +67,8 @@ - sh - -c - | - #!/usr/bin/env bash /opt/app/aaf_config/bin/agent.sh - source /opt/app/aaf_config/bin/retrieval_check.sh + . /opt/app/aaf_config/bin/retrieval_check.sh {{- if $initRoot.aaf_add_config }} /opt/app/aaf_config/bin/aaf-add-config.sh {{- end }} diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index e39b8c4ca2..a343d4fce5 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -184,7 +184,7 @@ spec: fi cat /var/run/etcd/new_member_envs - source /var/run/etcd/new_member_envs + . /var/run/etcd/new_member_envs collect_member & diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 6142baa63f..38a7ce1f63 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T, Bell Canada # Copyright © 2020 Samsung Electronics +# Modifications Copyright (C) 2021 Bell Canada. # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. @@ -134,6 +135,8 @@ spec: value: "{{ $dot.Values.config.pgDatabase }}" - name: PG_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} + - name: PGDATA_PATH_OVERRIDE + value: "{{ $dot.Values.config.pgDataPath }}" volumeMounts: - name: config mountPath: /pgconf/pool_hba.conf diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index 07bb5c4eac..93f6d66385 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, AT&T, Bell Canada +# Modifications Copyright (C) 2021 Bell Canada. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -50,6 +51,7 @@ pullPolicy: Always config: pgUserName: testuser pgDatabase: userdb + pgDataPath: data # pgPrimaryPassword: password # pgUserPassword: password # pgRootPassword: password diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml index 639e4eb7af..0f5d2861cc 100644 --- a/kubernetes/consul/values.yaml +++ b/kubernetes/consul/values.yaml @@ -98,7 +98,7 @@ resources: odl: jolokia: username: admin - password: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U sdnc: config: diff --git a/kubernetes/contrib/components/awx/templates/configmap.yaml b/kubernetes/contrib/components/awx/templates/configmap.yaml index 9bc62b0856..59900f1c64 100644 --- a/kubernetes/contrib/components/awx/templates/configmap.yaml +++ b/kubernetes/contrib/components/awx/templates/configmap.yaml @@ -144,3 +144,95 @@ data: {"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}} ] } +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-nginx-conf + namespace: {{ include "common.namespace" . }} + labels: + app.kubernetes.io/name: {{ include "common.name" . }} + helm.sh/chart: {{ include "common.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + nginx.conf: | + worker_processes 1; + pid /tmp/nginx.pid; + events { + worker_connections 1024; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + server_tokens off; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /dev/stdout main; + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + sendfile on; + #tcp_nopush on; + #gzip on; + upstream uwsgi { + server 127.0.0.1:8050; + } + upstream daphne { + server 127.0.0.1:8051; + } + server { + listen 8052 default_server; + # If you have a domain name, this is where to add it + server_name _; + keepalive_timeout 65; + # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) + add_header Strict-Transport-Security max-age=15768000; + add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/"; + add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/"; + # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009) + add_header X-Frame-Options "DENY"; + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + location /static/ { + alias /var/lib/awx/public/static/; + } + location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; } + location /websocket { + # Pass request to the upstream alias + proxy_pass http://daphne; + # Require http version 1.1 to allow for upgrade requests + proxy_http_version 1.1; + # We want proxy_buffering off for proxying to websockets. + proxy_buffering off; + # http://en.wikipedia.org/wiki/X-Forwarded-For + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # enable this if you use HTTPS: + proxy_set_header X-Forwarded-Proto https; + # pass the Host: header from the client for the sake of redirects + proxy_set_header Host $http_host; + # We've set the Host header, so we don't need Nginx to muddle + # about with redirects + proxy_redirect off; + # Depending on the request value, set the Upgrade and + # connection headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } + location / { + # Add trailing / if missing + rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent; + uwsgi_read_timeout 120s; + uwsgi_pass uwsgi; + include /etc/nginx/uwsgi_params; + proxy_set_header X-Forwarded-Port 443; + } + } + } diff --git a/kubernetes/contrib/components/awx/templates/statefulset.yaml b/kubernetes/contrib/components/awx/templates/statefulset.yaml index 46747cd85f..1f2c093742 100644 --- a/kubernetes/contrib/components/awx/templates/statefulset.yaml +++ b/kubernetes/contrib/components/awx/templates/statefulset.yaml @@ -82,6 +82,10 @@ spec: name: awx-secret-key readOnly: true subPath: SECRET_KEY + - mountPath: /etc/nginx/nginx.conf + name: awx-nginx-conf + subPath: "nginx.conf" + - command: ["/bin/sh","-c"] args: ["/usr/bin/launch_awx_task.sh"] env: @@ -109,6 +113,9 @@ spec: name: awx-secret-key readOnly: true subPath: SECRET_KEY + - mountPath: /etc/nginx/nginx.conf + name: awx-nginx-conf + subPath: "nginx.conf" - env: - name: MY_POD_IP valueFrom: @@ -209,5 +216,12 @@ spec: path: rabbitmq_definitions.json name: {{ include "common.fullname" . }}-rabbitmq name: rabbitmq-config + - configMap: + defaultMode: 420 + items: + - key: nginx.conf + path: nginx.conf + name: {{ include "common.fullname" . }}-nginx-conf + name: awx-nginx-conf imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml index a29866da9a..02642fd3fd 100755 --- a/kubernetes/contrib/components/awx/values.yaml +++ b/kubernetes/contrib/components/awx/values.yaml @@ -95,7 +95,7 @@ service: type: NodePort portName: web internalPort: 8052 - externalPort: 80 + externalPort: 8052 nodePort: 78 rabbitmq: type: ClusterIP diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 458ec101dc..1ac3671833 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -104,7 +104,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.2 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.3 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -113,11 +113,11 @@ componentImages: holmes_rules: onap/holmes/rule-management:1.2.9 holmes_engine: onap/holmes/engine-management:1.2.9 tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9 - snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.5 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.8.0 + snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.4 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6 hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0 - datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.0 + datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.4 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 8f6432d031..50c59c8ae8 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -44,7 +44,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0 +image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.1 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml index 356149c0dd..3366b00f20 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml @@ -41,7 +41,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml index 735b0281be..42f596db1e 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml @@ -67,6 +67,10 @@ spec: value: {{ .Values.config.importDMaaP }} - name: ONAP_USEDMAAPPLUGIN value: {{ .Values.config.useDmaapPlugin | quote }} + - name: BP_RESOURCES_CPU_LIMIT + value: {{ .Values.config.bpResourcesCpuLimit }} + - name: BP_RESOURCES_MEMORY_LIMIT + value: {{ .Values.config.bpResourcesMemoryLimit }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 2482748e4c..521fac06a2 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -33,11 +33,13 @@ config: #dashboardPassword: doesntmatter mrTopicURL: http://message-router:3904/events importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml - importK8S: plugin:k8splugin?version=>=3.4.3,<4.0.0 + importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0 importPostgres: plugin:pgaas?version=1.3.0 importClamp: plugin:clamppolicyplugin?version=1.1.0 importDMaaP: plugin:dmaap?version=1.5.0 useDmaapPlugin: false + bpResourcesCpuLimit: 250m + bpResourcesMemoryLimit: 128Mi secrets: - uid: "dashsecret" @@ -69,7 +71,7 @@ readiness: # Should have a proper readiness endpoint or script # application image -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.2 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.3 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties index 4bf8f74666..04a5714a8e 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties @@ -52,8 +52,8 @@ cmso.minizinc.command.solver=OSICBC cmso.minizinc.command.timelimit=60000 cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn -mechid.user=oof@oof.onap.org -mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== +mechid.user=${AAF_USER} +mechid.pass=${AAF_PASSWORD} aaf.urls=https://aaf-locate:8095 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml index c1d2602713..1f96183dd5 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml @@ -116,6 +116,10 @@ spec: value: {{ .Values.global.truststorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}} + - name: AAF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}} command: - /bin/sh args: diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml index aa6ae1941c..d50995a615 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml @@ -24,12 +24,12 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-optimizer:2.3.1 +image: onap/optf-cmso-optimizer:2.3.2 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.3.1 + image: onap/optf-cmso-dbinit:2.3.2 # flag to enable debugging - application support required debugEnabled: false @@ -45,6 +45,12 @@ secrets: login: '{{ .Values.config.db.user }}' password: '{{ .Values.config.db.password }}' passwordPolicy: required + - uid: cmso-aaf-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.aaf.user }}' + password: '{{ .Values.config.aaf.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -81,6 +87,10 @@ service: config: + aaf: + user: user + password: pass +# userCredentialsExternalSecret: some-secret db: port: 3306 # rootPassword: pass diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties index 6525a4ee9c..363aecbc03 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties @@ -94,11 +94,11 @@ so.polling.interval.ms=10000 ## loopback settings so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7 -so.user=oof@oof.onap.org -so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== +so.user=${AAF_USER} +so.pass=${AAF_USER} -mechid.user=oof@oof.onap.org -mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== +mechid.user=${AAF_USER} +mechid.pass=${AAF_PASSWORD} cmso.dispatch.url=http://localhost:8089 diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml index 27d52a24ba..d9f2bd0734 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml @@ -140,6 +140,10 @@ spec: value: {{ .Values.global.truststorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}} + - name: AAF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}} command: - /bin/sh args: diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml index f0e62e458d..06dd478b0e 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml @@ -23,13 +23,13 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-service:2.3.1 -robotimage: onap/optf-cmso-robot:2.3.1 +image: onap/optf-cmso-service:2.3.2 +robotimage: onap/optf-cmso-robot:2.3.2 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.3.1 + image: onap/optf-cmso-dbinit:2.3.2 # flag to enable debugging - application support required debugEnabled: false @@ -44,6 +44,12 @@ secrets: login: '{{ .Values.config.db.user }}' password: '{{ .Values.config.db.password }}' passwordPolicy: required + - uid: cmso-aaf-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.aaf.user }}' + password: '{{ .Values.config.aaf.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -80,6 +86,10 @@ service: config: + aaf: + user: user + password: pass +# userCredentialsExternalSecret: some-secret db: port: 3306 # rootPassword: pass @@ -93,6 +103,7 @@ config: optimizer_host: oof-cmso-optimizer optimizer_port: 7997 + ingress: enabled: false diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml index d88e1b22c2..4f6976ed28 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml @@ -23,7 +23,7 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-ticketmgt:2.3.1 +image: onap/optf-cmso-ticketmgt:2.3.2 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml index 56d9c7c12a..b3adb5c69c 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml @@ -22,7 +22,7 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-topology:2.3.1 +image: onap/optf-cmso-topology:2.3.2 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml index c574a86136..c46fd0a33a 100644 --- a/kubernetes/oof/components/oof-cmso/values.yaml +++ b/kubernetes/oof/components/oof-cmso/values.yaml @@ -36,6 +36,11 @@ secrets: login: '{{ .Values.config.db.optimizer.userName }}' password: '{{ .Values.config.db.optimizer.userPassword }}' passwordPolicy: generate + - uid: cmso-aaf-creds + name: &aafCreds '{{ include "common.release" . }}-cmso-aaf-creds' + type: basicAuth + login: '{{ .Values.config.aaf.user }}' + password: '{{ .Values.config.aaf.password }}' mariadb-galera: replicaCount: 1 @@ -75,6 +80,9 @@ mariadb-init: flavor: small config: + aaf: + user: oof@oof.onap.org + password: demo123456! log: logstashServiceName: log-ls logstashPort: 5044 @@ -115,6 +123,8 @@ oof-cmso-service: host: *dbName container: *dbName mysqlDatabase: cmso + aaf: + userCredentialsExternalSecret: *aafCreds oof-cmso-optimizer: enabled: true @@ -128,6 +138,8 @@ oof-cmso-optimizer: host: *dbName container: *dbName mysqlDatabase: optimizer + aaf: + userCredentialsExternalSecret: *aafCreds oof-cmso-topology: enabled: true diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index 0f2e01f5c7..d6743cdfda 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,7 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index df50561d51..3cbf96adc1 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # Secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index b069be6d9c..0940a9db39 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index b069be6d9c..0940a9db39 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index b069be6d9c..0940a9db39 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 2891f806c3..3615a3bd33 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -19,7 +19,7 @@ global: commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 persistence: enabled: true diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 87e6536c35..7362ec70a6 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/optf-osdf:3.0.3 +image: onap/optf-osdf:3.0.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml index 10c2a054e7..586f468334 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -71,7 +71,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["sh","-c"] args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ - source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + . {{ .Values.certInitializer.credsPath }}/.ci; fi;\ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"] ports: - containerPort: {{ .Values.service.externalPort }} diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 6b13133815..fb4742e9e4 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. -# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.4.4 +image: onap/policy-apex-pdp:2.5.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 3657bc1f53..9d3ea8c4b5 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -81,7 +81,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.3.3 +image: onap/policy-api:2.4.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index 1446ac42b6..cd78850150 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2021 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -63,7 +63,7 @@ secrets: flavor: small # application image -image: onap/policy-clamp-backend:6.0.0 +image: onap/policy-clamp-backend:6.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml index 91a096d1b2..15b69ef93d 100644 --- a/kubernetes/policy/components/policy-clamp-fe/values.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2021 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -62,7 +62,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-clamp-frontend:6.0.0 +image: onap/policy-clamp-frontend:6.0.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index a099bb6bf0..752b83cf00 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. -# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -67,7 +67,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.4.3 +image: onap/policy-distribution:2.5.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index c44691e275..459767e13f 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T Intellectual Property +# Modifications Copyright © 2018-2021 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,7 +34,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:1.7.5 +image: onap/policy-pdpd-cl:1.8.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 0ab62ffa66..42f0e13b71 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -1,6 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. -# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright (C) 2020 Bell Canada. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -95,7 +95,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.3.3 +image: onap/policy-pap:2.4.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index 8ad9fcc3c0..a626a046a5 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,6 +20,7 @@ { "name": "XacmlPdpParameters", "pdpGroup": "defaultGroup", + "pdpType": "xacml", "restServerParameters": { "host": "0.0.0.0", "port": 6969, diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index acc1d55002..41bec0ba74 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -86,7 +86,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.3.3 +image: onap/policy-xacml-pdp:2.4.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index 807f070aa0..674a416dc2 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -25,6 +25,7 @@ GLOBAL_INJECTED_CLI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . GLOBAL_INJECTED_CLOUD_ENV = 'openstack' GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}" GLOBAL_INJECTED_DCAE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-healthcheck") }}' +GLOBAL_INJECTED_DCAE_MS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ms-healthcheck") }}' GLOBAL_INJECTED_DCAE_VES_HOST = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ves-collector") }}' GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}' GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}' @@ -165,6 +166,12 @@ GLOBAL_DCAE_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . GLOBAL_DCAE_USERNAME = '{{ .Values.dcaeUsername }}' GLOBAL_DCAE_PASSWORD = '{{ .Values.dcaePassword}}' GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD] +# dcae microservice info - everything is from the private oam network (also called onap private network) +GLOBAL_DCAE_MS_SERVER_PROTOCOL = "http" +GLOBAL_DCAE_MS_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-healthcheck" "port" 8080) }}' +GLOBAL_DCAE_MS_USERNAME = '{{ .Values.dcaeMsUsername }}' +GLOBAL_DCAE_MS_PASSWORD = '{{ .Values.dcaeMsPassword}}' +GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD] # dcae hv-ves info GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}' GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}' diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index bbc4a952de..6f54c6b340 100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -22,7 +22,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/testsuite:1.7.2 +image: onap/testsuite:1.7.3 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 @@ -325,6 +325,8 @@ appcPassword: "demo123456!" # DCAE dcaeUsername: "dcae@dcae.onap.org" dcaePassword: "demo123456!" +dcaeMsUsername: "dcae@dcae.onap.org" +dcaeMsPassword: "demo123456!" # DROOLS droolsUsername: "demo@people.osaaf.org" droolsPassword: "demo123456!" diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index e9f83b6978..77577d6ee3 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.7.3 -backendInitImage: onap/sdc-backend-init:1.7.3 +image: onap/sdc-backend-all-plugins:1.8.4 +backendInitImage: onap/sdc-backend-init:1.8.4 pullPolicy: Always diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index efe6dcddea..33e32ddfbe 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -38,9 +38,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.7.3 -cassandraInitImage: onap/sdc-cassandra-init:1.7.3 - +image: onap/sdc-cassandra:1.8.4 +cassandraInitImage: onap/sdc-cassandra-init:1.8.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 0db5a390c8..079d7ad462 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,8 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.7.3 - +image: onap/sdc-frontend:1.8.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 553ec72260..e34d5c5cfb 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.7.3 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.3 +image: onap/sdc-onboard-backend:1.8.4 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.8.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/bin/createLinks.sh b/kubernetes/sdnc/resources/config/bin/createLinks.sh index 1999dabb37..52c40723f9 100755 --- a/kubernetes/sdnc/resources/config/bin/createLinks.sh +++ b/kubernetes/sdnc/resources/config/bin/createLinks.sh @@ -27,11 +27,6 @@ then MDSAL_PATH=/opt/opendaylight/mdsal fi -if [ "$DAEXIM_PATH" = "" ] -then - DAEXIM_PATH=/opt/opendaylight/daexim -fi - if [ "$JOURNAL_PATH" = "" ] then JOURNAL_PATH=/opt/opendaylight/journal @@ -42,12 +37,6 @@ then SNAPSHOTS_PATH=/opt/opendaylight/snapshots fi - -if [ ! -L $DAEXIM_PATH ] -then - ln -s $MDSAL_PATH/daexim $DAEXIM_PATH -fi - if [ ! -L $JOURNAL_PATH ] then if [ -d $JOURNAL_PATH ] diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh index 11ed7f45bf..42abf54444 100755 --- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh +++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh @@ -37,8 +37,8 @@ SDNC_DB_DATABASE=${SDNC_DB_DATABASE} # Create tablespace and user account mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} mysql <<-END CREATE DATABASE IF NOT EXISTS ${SDNC_DB_DATABASE}; -CREATE USER '${SDNC_DB_USER}'@'localhost' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; -CREATE USER '${SDNC_DB_USER}'@'%' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; +CREATE USER IF NOT EXISTS '${SDNC_DB_USER}'@'localhost' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; +CREATE USER IF NOT EXISTS '${SDNC_DB_USER}'@'%' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; GRANT ALL PRIVILEGES ON ${SDNC_DB_DATABASE}.* TO '${SDNC_DB_USER}'@'localhost' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON ${SDNC_DB_DATABASE}.* TO '${SDNC_DB_USER}'@'%' WITH GRANT OPTION; flush privileges; diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 96fa3378fb..48776c9961 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -116,6 +116,7 @@ spec: - | mkdir {{ .Values.persistence.mdsalPath }}/journal mkdir {{ .Values.persistence.mdsalPath }}/snapshots + mkdir {{ .Values.persistence.mdsalPath }}/daexim chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} {{- if .Values.global.aafEnabled }} chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }} diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml index 917c067681..142ae725d6 100644 --- a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml @@ -55,8 +55,7 @@ spec: - | export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)" {{- if .Values.global.aafEnabled }} - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml index 3fee225c03..6e117cd8bf 100755 --- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml @@ -52,8 +52,7 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml index 75e6b1ee62..f756448e2b 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml @@ -52,8 +52,7 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml index 4518a5f607..0d80b2a9ae 100755 --- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml @@ -63,8 +63,7 @@ spec: export AAF_AUTH=$(echo "Basic ${AAF_BASE64}") export AAI_AUTH=$(cat /input/.aai_creds) {{- if .Values.global.aafEnabled }} - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password}" {{- end }} @@ -116,4 +115,3 @@ spec: medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml index 2cf23e23be..c33dcb7f32 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -39,8 +39,7 @@ spec: - | export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` {{- if .Values.global.aafEnabled }} - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/components/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml index dc80d426fc..ca108ac5cd 100644 --- a/kubernetes/so/components/so-monitoring/templates/deployment.yaml +++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml @@ -66,7 +66,7 @@ spec: export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'` {{- if .Values.global.aafEnabled }} export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0) - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export KEYSTORE=file://$cadi_keystore export KEYSTORE_PASSWORD=$cadi_keystore_password_p12 export TRUSTSTORE=file://$cadi_truststore diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml index 75d831eba6..dde03a4aad 100755 --- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml @@ -42,8 +42,7 @@ spec: export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` {{- if .Values.global.aafEnabled }} - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml index 3fee225c03..6e117cd8bf 100755 --- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml @@ -52,8 +52,7 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml index 75e6b1ee62..f756448e2b 100755 --- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml @@ -52,8 +52,7 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index 3fee225c03..6e117cd8bf 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -52,8 +52,7 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml index 6f9d7f7b16..5a98828c1a 100755 --- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml @@ -50,8 +50,7 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml index 7c10e7f8ed..c769961059 100755 --- a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml @@ -52,8 +52,7 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml index 8abd9a9796..29ebd97229 100755 --- a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml @@ -50,8 +50,7 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12" /app/start-app.sh diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl index d16b4f7cf8..7e04706d4a 100644 --- a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl +++ b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl @@ -2,8 +2,8 @@ {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.soHelpers .initRoot -}} cadiLoglevel: {{ $initRoot.cadi.logLevel }} -cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }} -cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }} +cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.certInitializer.fqi_namespace }}.keyfile +cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/truststoreONAPall.jks cadiTruststorePassword: ${TRUSTSTORE_PASSWORD} cadiLatitude: {{ $initRoot.cadi.latitude }} cadiLongitude: {{ $initRoot.cadi.longitude }} diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl index c5232e8f48..cda61b2cfa 100644 --- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -3,40 +3,6 @@ {{- $initRoot := default $dot.Values.soHelpers .initRoot -}} {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} {{ include "common.certInitializer.initContainer" $subchartDot }} -{{- if $dot.Values.global.aafEnabled }} -- name: {{ include "common.name" $dot }}-msb-cert-importer - image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $dot.Values.global.aafAgentImage }} - imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} - command: - - "/bin/sh" - args: - - "-c" - - | - export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - keytool -import -trustcacerts -alias msb_root -file \ - /certificates/msb-ca.crt -keystore \ - "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ - -storepass $cadi_truststore_password -noprompt - export EXIT_VALUE=$? - if [ "${EXIT_VALUE}" != "0" ] - then - echo "issue with password: $cadi_truststore_password" - ls -lh {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop - cat {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop - exit $EXIT_VALUE - else - keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \ - -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \ - -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ - -deststorepass $cadi_truststore_password -noprompt - export EXIT_VALUE=$? - fi - exit $EXIT_VALUE - volumeMounts: - {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }} - - name: {{ include "common.name" $dot }}-msb-certificate - mountPath: /certificates -{{- end }} {{- end -}} {{- define "so.certificate.volumes" -}} @@ -44,11 +10,6 @@ {{- $initRoot := default $dot.Values.soHelpers .initRoot -}} {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} {{ include "common.certInitializer.volumes" $subchartDot }} -{{- if $dot.Values.global.aafEnabled }} -- name: {{ include "common.name" $dot }}-msb-certificate - secret: - secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }} -{{- end }} {{- end -}} {{- define "so.certificate.volumeMount" -}} @@ -64,10 +25,10 @@ {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} {{- if $dot.Values.global.aafEnabled }} - name: TRUSTSTORE - value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }} + value: {{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks {{- if $dot.Values.global.security.aaf.enabled }} - name: KEYSTORE - value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12 + value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.certInitializer.fqi_namespace }}.p12 {{- end }} {{- end }} {{- end -}} diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml index a367272d9a..938a6f9d00 100755 --- a/kubernetes/so/components/soHelpers/values.yaml +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 AT&T USA # Copyright © 2020 Huawei +# Copyright © 2021 Orange # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -22,26 +23,6 @@ global: enabled: false app: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 - client: - certs: - truststore: /app/client/org.onap.so.trust.jks - keystore: /app/client/org.onap.so.jks - trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI - keyStorePassword: c280b25hcA== - certificates: - path: /etc/ssl/certs - share_path: /usr/local/share/ca-certificates/ - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: 'so-onap-certs' - name: '{{ include "common.release" . }}-so-certs' - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: - - resources/config/certificates/msb-ca.crt ################################################################# # AAF part @@ -57,19 +38,16 @@ certInitializer: cadi_latitude: '0.0' app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local - trustStoreAllPass: changeit - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh local showpass - {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + qi_namespace: org.onap.so + aaf_add_config: | + echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop + echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PASSWORD={{ .Values.truststorePassword }}" >> {{ .Values.credsPath }}/mycreds.prop aafConfig: permission_user: 1000 permission_group: 999 -aaf: - trustore: org.onap.so.trust.jks - keyFile: org.onap.so.keyfile - ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/so/resources/config/certificates/msb-ca.crt b/kubernetes/so/resources/config/certificates/msb-ca.crt deleted file mode 100644 index 62da777a58..0000000000 --- a/kubernetes/so/resources/config/certificates/msb-ca.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC -Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK -DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg -Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa -Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh -bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu -YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1 -dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK -Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/ -mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt -2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog -6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp -7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3 -p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu -5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA -bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J -wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w -ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/ -FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3 -3lR7lW/J ------END CERTIFICATE----- diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 3fee225c03..6e117cd8bf 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -52,8 +52,7 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index f7d74a347f..6bd6e26885 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2018 AT&T USA # Copyright © 2020 Huawei +# Copyright © 2021 Orange # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -56,12 +57,6 @@ global: auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 defaultCloudOwner: onap - client: - certs: - truststore: /app/client/org.onap.so.trust.jks - keystore: /app/client/org.onap.so.jks - trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI - keyStorePassword: c280b25hcA== certificates: path: /etc/ssl/certs share_path: /usr/local/share/ca-certificates/ @@ -108,12 +103,6 @@ secrets: login: '{{ .Values.dbCreds.adminName }}' password: '{{ .Values.dbCreds.adminPassword }}' passwordPolicy: generate - - uid: 'so-onap-certs' - name: &so-certs '{{ include "common.release" . }}-so-certs' - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: - - resources/config/certificates/msb-ca.crt - uid: 'mso-key' name: &mso-key '{{ include "common.release" . }}-mso-key' type: password @@ -218,7 +207,6 @@ soHelpers: certInitializer: nameOverride: so-apih-cert-init credsPath: /opt/app/osaaf/local - certSecret: *so-certs containerPort: *containerPort # Resource Limit flavor -By Default using small @@ -388,4 +376,3 @@ so-vfc-adapter: so-vnfm-adapter: enabled: true - diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 4510dc6908..6b323a4a17 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -64,7 +64,7 @@ certInitializer: else echo "*** changing them into shell safe ones" export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTORE_PASSWD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U cd {{ .Values.credsPath }} keytool -storepasswd -new "${KEYSTORE_PASSWD}" \ -storepass "${cadi_keystore_password_jks}" \ @@ -79,7 +79,7 @@ certInitializer: -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }} echo "*** save the generated passwords" echo "VID_KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop - echo "VID_TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop + echo "VID_TRUSTSTORE_PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 . fi @@ -88,7 +88,7 @@ subChartsOnly: enabled: true # application image -image: onap/vid:7.0.0 +image: onap/vid:8.0.2 pullPolicy: Always # application configuration @@ -114,7 +114,6 @@ config: mariadb-galera: db: - user: sdnctl # password: externalSecret: *dbUserSecretName name: &mysqlDbName vid_openecomp_epsdk diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 55eea0fa60..28a2ac419e 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -37,7 +37,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/vnfsdk/refrepo:1.6.2 +image: onap/vnfsdk/refrepo:1.6.3 pullPolicy: Always # application configuration override for postgres @@ -96,8 +96,8 @@ liveness: enabled: true readiness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 60 + periodSeconds: 30 service: type: NodePort |