diff options
187 files changed, 2143 insertions, 319 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index 9cf11c5b26..085beaa4d1 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -14,6 +14,10 @@ Here's the list of these certificates: +-----------------------------------------------------------------------------------------------------------------------------------------------------+ | Project | ONAP Certificate | Own Certificate | MSB Certificate | Path | +==================+==================+==================+============================================================================================+ + | AAF | No | Yes | No | aaf/charts/aaf-cert-service/resources/ | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | AAF | Yes | No | No | aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore | diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 3e36cd165e..847795dc17 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -115,7 +115,7 @@ stable which should be removed to avoid confusion:: To prepare your system for an installation of ONAP, you'll need to:: - > git clone -b frankfurt http://gerrit.onap.org/r/oom + > git clone -b frankfurt --recurse-submodules -j2 http://gerrit.onap.org/r/oom > cd oom/kubernetes diff --git a/kubernetes/aaf/Makefile b/kubernetes/aaf/Makefile new file mode 100644 index 0000000000..9396001ebc --- /dev/null +++ b/kubernetes/aaf/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/components/Makefile b/kubernetes/aaf/components/Makefile new file mode 100644 index 0000000000..2fc0cbe4ab --- /dev/null +++ b/kubernetes/aaf/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/aaf/charts/aaf-cass/.helmignore b/kubernetes/aaf/components/aaf-cass/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/aaf/charts/aaf-cass/.helmignore +++ b/kubernetes/aaf/components/aaf-cass/.helmignore diff --git a/kubernetes/aaf/charts/aaf-cass/Chart.yaml b/kubernetes/aaf/components/aaf-cass/Chart.yaml index 42b4076689..42b4076689 100644 --- a/kubernetes/aaf/charts/aaf-cass/Chart.yaml +++ b/kubernetes/aaf/components/aaf-cass/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-cass/requirements.yaml b/kubernetes/aaf/components/aaf-cass/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cass/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/charts/aaf-cass/templates/NOTES.txt b/kubernetes/aaf/components/aaf-cass/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-cass/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml index 309a9f38c6..309a9f38c6 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml b/kubernetes/aaf/components/aaf-cass/templates/pv.yaml index 187e9b75de..187e9b75de 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml b/kubernetes/aaf/components/aaf-cass/templates/pvc.yaml index e56c98751c..e56c98751c 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/pvc.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/pvc.yaml diff --git a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml b/kubernetes/aaf/components/aaf-cass/templates/service.yaml index 8f80ee12a2..8f80ee12a2 100644 --- a/kubernetes/aaf/charts/aaf-cass/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-cass/values.yaml b/kubernetes/aaf/components/aaf-cass/values.yaml index 3d9f21e297..c5e5811fd1 100644 --- a/kubernetes/aaf/charts/aaf-cass/values.yaml +++ b/kubernetes/aaf/components/aaf-cass/values.yaml @@ -12,6 +12,25 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" flavor: small @@ -34,7 +53,7 @@ liveness: enabled: true port: tcp-cql -image: onap/aaf/aaf_cass:2.1.20 +image: onap/aaf/aaf_cass:2.1.23 config: cluster_name: osaaf diff --git a/kubernetes/aaf/components/aaf-cert-service/.helmignore b/kubernetes/aaf/components/aaf-cert-service/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/aaf/components/aaf-cert-service/Chart.yaml b/kubernetes/aaf/components/aaf-cert-service/Chart.yaml new file mode 100644 index 0000000000..525b2ac4b6 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAF Cert Service +name: aaf-cert-service +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-cert-service/requirements.yaml b/kubernetes/aaf/components/aaf-cert-service/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks Binary files differnew file mode 100644 index 0000000000..f24908c55d --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceClient-keystore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks Binary files differnew file mode 100644 index 0000000000..89605b6b7a --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 Binary files differnew file mode 100644 index 0000000000..2106c817ef --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/certServiceServer-keystore.p12 diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json b/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json new file mode 100644 index 0000000000..358f2a82c7 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/default/cmpServers.json @@ -0,0 +1,3 @@ +{ + "cmpv2Servers": [] +}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/root.crt b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt new file mode 100644 index 0000000000..faeee81357 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/root.crt @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFlDCCA3ygAwIBAgIETsAy8jANBgkqhkiG9w0BAQwFADByMQswCQYDVQQGEwJQ
+TDEUMBIGA1UECBMLRG9sbnkgU2xhc2sxEDAOBgNVBAcTB1dyb2NsYXcxFTATBgNV
+BAoTDFJvb3QgQ29tcGFueTERMA8GA1UECxMIUm9vdCBPcmcxETAPBgNVBAMTCHJv
+b3QuY29tMB4XDTIwMDQwMzA5MTYxNloXDTMwMDQwMTA5MTYxNlowcjELMAkGA1UE
+BhMCUEwxFDASBgNVBAgTC0RvbG55IFNsYXNrMRAwDgYDVQQHEwdXcm9jbGF3MRUw
+EwYDVQQKEwxSb290IENvbXBhbnkxETAPBgNVBAsTCFJvb3QgT3JnMREwDwYDVQQD
+Ewhyb290LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAImm68wu
+rtdkVrC5JI2y53+DoVE4al7NxC2yHeVW0PRD3CgW1xba6dlSQoDQQKkDkxtuNhlU
+IQxU1bbKR6syqJgpJXwSDx4sl4J5lQGWN+iuNA72C1IyXATOgowGq6PbOVVTkApy
+3+ZZGBCmweTjhvddAO7k5p8v+ePt17VvBTxSt6rSvrkGMbpCxBGAPfGpL9xykm9Z
+okVSlA42gGhbra499QTT0Yc/WPPFotKkDKFGaDrLW3NYX1Lio11myYNvLOMwfSEV
+Xy9vkwxcdqFJpHjx+EVLLQXwkudZP+D53N4bk8nP3SacbZSQ/A85mZpWNtw+r9QL
+fZGecY1YIR0udLj66CIG3ybl3gSXX7TSRERTIMR6Um1lt+039FSa18mRBpQTCDXV
+tSL58Qs5BHFkCe0sGpY+XiSEypc6oYPf/7YjiTvMT/mHhDffrvFjhK+wP/oCIg8u
+vuPRoPWuyw41bBeFGitJgDn7E8p9B4K/1DCO/ZcjXiYMgn5Hwb3ojablYUeiXs99
+2AAV8gCceUCdgcP8d6wdAydOVljavkgHPG0IMbiVG1WT57oM3HQpejgpujlKDDsI
+bi9/lbcC/U0JoN9yAaJZFr7CXJrxRv8DWeTwzMTo203KHNu9roQiERd38P8Dp6AQ
+ivmqf0+0VZM3IpjWBYKM68tclHJcG+7wyFjvAgMBAAGjMjAwMB0GA1UdDgQWBBSN
+lFyR56zh67mnvYTmmgJQVxEJrjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+DAUAA4ICAQBczmFY0kmr1FK50glkT282ur0vukNtwXQNJONof3rYRqP2W98jID6D
+ayma0B4/H1EqCa0d66wRBxFdwW+MqOc4uWD3uUwgazrYD/Bv+V3aumaw8yX6vbyL
+hLNfpd4pViAEGtzYxYfMfFR6uzInF3NMpvt8OXCSGKiQjDMnMs0ekvUZLJm7yxwT
+Qr9aAEFYQYM/GstUC6qFfuUa4MaGvmyKWhZ10JoKXYbGGeFU4wI7Kzifh3VvawTg
+r314ZvQ3zpEwzNJpdvT5ZKuPvyN+drAKFpSPfOTFmmb3uF95FgYq33OFPpo7SR43
+tnw5u5YqKnsHmqCIRMctWiYZc8rBJ3+eBGmke6z/AN6FraG6Ejc8e4WPclrB8STb
++oB3a4Cvri1VHyodkm50Sb/d1FAMDXvzEPBfu2D0dVvOwOcISSN/MQUom8NN4YeI
+aEATdAPNkokgehOzZ1OPRv47FKYEVPCXjaZEWAC7NNmNiRn4RQOti0DlNrLL7Nx9
+vK09G0EnW01MO2ARRkZ3dog+Ph7orJQV3sd7TO4EEortqWtbegSH75ylyYw6rt/j
+uBzYtMOnEtnQKhxj4Wj7PO+StCgspoOByn0d+iSgDd2TlpWm4naP2pfFZT0R+TOH
+wzSH0F47TSfRd0++uEz/QhViybrvQK7yMt1G1YwZp2im+imuWwUC8Q== +-----END CERTIFICATE----- diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json b/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json new file mode 100644 index 0000000000..06e1087f60 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/test/cmpServers.json @@ -0,0 +1,24 @@ +{ + "cmpv2Servers": [ + { + "caName": "CLIENT", + "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp", + "issuerDN": "CN=ManagementCA", + "caMode": "CLIENT", + "authentication": { + "iak": "${CLIENT_IAK}", + "rv": "${CLIENT_RV}" + } + }, + { + "caName": "RA", + "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA", + "issuerDN": "CN=ManagementCA", + "caMode": "RA", + "authentication": { + "iak": "${RA_IAK}", + "rv": "${RA_RV}" + } + } + ] +}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks Binary files differnew file mode 100644 index 0000000000..c32d37fd9d --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/resources/truststore.jks diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml new file mode 100644 index 0000000000..76e610f169 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml @@ -0,0 +1,123 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.global.cmpv2Enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + volumes: +{{- if .Values.global.addTestingComponents }} + - name: cmp-servers-template-volume + secret: + secretName: {{ .Values.cmpServers.secret.name }} + - name: {{ .Values.cmpServers.volume.name }} + emptyDir: + medium: Memory +{{- else }} + - name: {{ .Values.cmpServers.volume.name }} + secret: + secretName: {{ .Values.cmpServers.secret.name }} +{{- end }} + - name: {{ .Values.tls.server.volume.name }} + secret: + secretName: {{ .Values.tls.server.secret.name }} +{{- if .Values.global.addTestingComponents }} + initContainers: + - name: wait-for-ejbca + command: + - /root/ready.py + args: + - --container-name + - ejbca-ejbca + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + - name: subsitute-envs + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ['sh', '-c', "cd /config-input && envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"] + volumeMounts: + - name: cmp-servers-template-volume + mountPath: /config-input + readOnly: true + - name: {{ .Values.cmpServers.volume.name }} + mountPath: {{ .Values.cmpServers.volume.mountPath }} + readOnly: false + env: + - name: CLIENT_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }} + - name: CLIENT_RV + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }} + - name: RA_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }} + - name: RA_RV + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }} +{{- end }} + containers: + - name: {{ include "common.name" . }} + image: {{ .Values.repository }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: HTTPS_PORT + value: "{{ .Values.envs.httpsPort }}" + - name: KEYSTORE_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}" + - name: KEYSTORE_P12_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}" + - name: TRUSTSTORE_PATH + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}" + - name: ROOT_CERT + value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}" + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }} + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }} + livenessProbe: + exec: + command: + - /bin/bash + - -c + - {{ .Values.liveness.command }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + readinessProbe: + exec: + command: + - /bin/bash + - -c + - {{ .Values.readiness.command }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ .Values.cmpServers.volume.name }} + mountPath: {{ .Values.cmpServers.volume.mountPath }} + readOnly: false + - name: {{ .Values.tls.server.volume.name }} + mountPath: {{ .Values.tls.server.volume.mountPath }} + readOnly: true + resources: {{ include "common.resources" . | nindent 12 }} +{{ end -}} diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml new file mode 100644 index 0000000000..ac92f56487 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/secret.yaml @@ -0,0 +1,56 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.global.cmpv2Enabled }} +{{ include "common.secretFast" . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.cmpServers.secret.name }} +type: Opaque +data: +{{ if .Values.global.addTestingComponents }} + {{ (.Files.Glob "resources/test/cmpServers.json").AsSecrets }} +{{ else }} + {{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }} +{{ end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }} +type: Opaque +data: + certServiceClient-keystore.jks: + {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }} + truststore.jks: + {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.tls.server.secret.name }} +type: Opaque +data: + certServiceServer-keystore.jks: + {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }} + certServiceServer-keystore.p12: + {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }} + truststore.jks: + {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} + root.crt: + {{ (.Files.Glob "resources/root.crt").AsSecrets }} +{{ end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml new file mode 100644 index 0000000000..60e2afa41d --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/templates/service.yaml @@ -0,0 +1,17 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.global.cmpv2Enabled }} + {{ include "common.service" . }} +{{ end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/components/aaf-cert-service/values.yaml b/kubernetes/aaf/components/aaf-cert-service/values.yaml new file mode 100644 index 0000000000..17b0b758cd --- /dev/null +++ b/kubernetes/aaf/components/aaf-cert-service/values.yaml @@ -0,0 +1,160 @@ +# Copyright © 2020, Nokia +# Modifications Copyright © 2020, Nordix Foundation, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Global +global: + envsubstImage: dibi/envsubst + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + +# Service configuration +service: + type: ClusterIP + ports: + - name: http + port: 8443 + port_protocol: http + + +# Deployment configuration +repository: nexus3.onap.org:10001 +image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 +pullPolicy: Always +replicaCount: 1 + +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD +readiness: + initialDelaySeconds: 30 + periodSeconds: 10 + command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD + +flavor: small +resources: + small: + limits: + cpu: 0.5 + memory: 1Gi + requests: + cpu: 0.2 + memory: 512Mi + large: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 0.4 + memory: 1Gi + unlimited: {} + + +# Application configuration +cmpServers: + secret: + name: aaf-cert-service-secret + volume: + name: aaf-cert-service-volume + mountPath: /etc/onap/aaf/certservice + +tls: + server: + secret: + name: aaf-cert-service-server-tls-secret + volume: + name: aaf-cert-service-server-tls-volume + mountPath: /etc/onap/aaf/certservice/certs/ + client: + secret: + defaultName: aaf-cert-service-client-tls-secret + +envs: + keystore: + jksName: certServiceServer-keystore.jks + p12Name: certServiceServer-keystore.p12 + truststore: + jksName: truststore.jks + crtName: root.crt + httpsPort: 8443 + +# External secrets with credentials can be provided to override default credentials defined below, +# by uncommenting and filling appropriate *ExternalSecret value +credentials: + tls: + keystorePassword: secret + truststorePassword: secret + #keystorePasswordExternalSecret: + #truststorePasswordExternalSecret: + # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled + cmp: + #clientIakExternalSecret: + #clientRvExternalSecret: + #raIakExternalSecret: + #raRvExternalSecret: + client: {} + # iak: mypassword + # rv: unused + ra: {} + # iak: mypassword + # rv: unused + +secrets: + - uid: keystore-password + name: '{{ include "common.release" . }}-keystore-password' + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}' + password: '{{ .Values.credentials.tls.keystorePassword }}' + passwordPolicy: required + - uid: truststore-password + name: '{{ include "common.release" . }}-truststore-password' + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}' + password: '{{ .Values.credentials.tls.truststorePassword }}' + passwordPolicy: required + # Below values are relevant only if global addTestingComponents flag is enabled + - uid: ejbca-server-client-iak + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.client.iak }}' + - uid: cmp-config-client-rv + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.client.rv }}' + - uid: ejbca-server-ra-iak + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.ra.iak }}' + - uid: cmp-config-ra-rv + type: password + externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}' + password: '{{ .Values.credentials.cmp.ra.rv }}' diff --git a/kubernetes/aaf/charts/aaf-cm/.helmignore b/kubernetes/aaf/components/aaf-cm/.helmignore index daebc7da77..daebc7da77 100644 --- a/kubernetes/aaf/charts/aaf-cm/.helmignore +++ b/kubernetes/aaf/components/aaf-cm/.helmignore diff --git a/kubernetes/aaf/charts/aaf-cm/Chart.yaml b/kubernetes/aaf/components/aaf-cm/Chart.yaml index ed453f7ac7..ed453f7ac7 100644 --- a/kubernetes/aaf/charts/aaf-cm/Chart.yaml +++ b/kubernetes/aaf/components/aaf-cm/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-cm/requirements.yaml b/kubernetes/aaf/components/aaf-cm/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-cm/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt b/kubernetes/aaf/components/aaf-cm/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-cm/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml index 5074c8bc08..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-cm/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-cm/templates/ingress.yaml b/kubernetes/aaf/components/aaf-cm/templates/ingress.yaml index 40b4bba0ce..40b4bba0ce 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-cm/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml b/kubernetes/aaf/components/aaf-cm/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-cm/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/components/aaf-cm/values.yaml index c391369db6..0997c7db41 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/components/aaf-cm/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,31 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + flavor: small ################################################################# diff --git a/kubernetes/aaf/charts/aaf-fs/.helmignore b/kubernetes/aaf/components/aaf-fs/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-fs/.helmignore +++ b/kubernetes/aaf/components/aaf-fs/.helmignore diff --git a/kubernetes/aaf/charts/aaf-fs/Chart.yaml b/kubernetes/aaf/components/aaf-fs/Chart.yaml index 211c4c28de..211c4c28de 100644 --- a/kubernetes/aaf/charts/aaf-fs/Chart.yaml +++ b/kubernetes/aaf/components/aaf-fs/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-fs/requirements.yaml b/kubernetes/aaf/components/aaf-fs/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-fs/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt b/kubernetes/aaf/components/aaf-fs/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-fs/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml index c36750809c..c36750809c 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-fs/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-fs/templates/ingress.yaml b/kubernetes/aaf/components/aaf-fs/templates/ingress.yaml index 40b4bba0ce..40b4bba0ce 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-fs/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml b/kubernetes/aaf/components/aaf-fs/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-fs/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/components/aaf-fs/values.yaml index 6ddc07278b..9bffb95724 100644 --- a/kubernetes/aaf/charts/aaf-fs/values.yaml +++ b/kubernetes/aaf/components/aaf-fs/values.yaml @@ -13,6 +13,30 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + flavor: small ################################################################# diff --git a/kubernetes/aaf/charts/aaf-gui/.helmignore b/kubernetes/aaf/components/aaf-gui/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-gui/.helmignore +++ b/kubernetes/aaf/components/aaf-gui/.helmignore diff --git a/kubernetes/aaf/charts/aaf-gui/Chart.yaml b/kubernetes/aaf/components/aaf-gui/Chart.yaml index 7e81a70759..7e81a70759 100644 --- a/kubernetes/aaf/charts/aaf-gui/Chart.yaml +++ b/kubernetes/aaf/components/aaf-gui/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-gui/requirements.yaml b/kubernetes/aaf/components/aaf-gui/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-gui/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt b/kubernetes/aaf/components/aaf-gui/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-gui/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml index c36750809c..c36750809c 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-gui/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-gui/templates/ingress.yaml b/kubernetes/aaf/components/aaf-gui/templates/ingress.yaml index 40b4bba0ce..40b4bba0ce 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-gui/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml b/kubernetes/aaf/components/aaf-gui/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-gui/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/components/aaf-gui/values.yaml index f418fd5b41..8639d6c0f0 100644 --- a/kubernetes/aaf/charts/aaf-gui/values.yaml +++ b/kubernetes/aaf/components/aaf-gui/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,30 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + flavor: small ################################################################# # Application configuration defaults. diff --git a/kubernetes/aaf/charts/aaf-hello/.helmignore b/kubernetes/aaf/components/aaf-hello/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-hello/.helmignore +++ b/kubernetes/aaf/components/aaf-hello/.helmignore diff --git a/kubernetes/aaf/charts/aaf-hello/Chart.yaml b/kubernetes/aaf/components/aaf-hello/Chart.yaml index 71b3242558..71b3242558 100644 --- a/kubernetes/aaf/charts/aaf-hello/Chart.yaml +++ b/kubernetes/aaf/components/aaf-hello/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-hello/requirements.yaml b/kubernetes/aaf/components/aaf-hello/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-hello/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt b/kubernetes/aaf/components/aaf-hello/templates/NOTES.txt index ef4d8e7d23..ef4d8e7d23 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-hello/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml index 891b829f43..891b829f43 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-hello/templates/ingress.yaml b/kubernetes/aaf/components/aaf-hello/templates/ingress.yaml index 40b4bba0ce..40b4bba0ce 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml index f8c32e0670..f8c32e0670 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/secret.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/secret.yaml diff --git a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml b/kubernetes/aaf/components/aaf-hello/templates/service.yaml index 8f80ee12a2..8f80ee12a2 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-hello/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/components/aaf-hello/values.yaml index aeb659082d..df3abec67c 100644 --- a/kubernetes/aaf/charts/aaf-hello/values.yaml +++ b/kubernetes/aaf/components/aaf-hello/values.yaml @@ -41,7 +41,7 @@ aaf_init: replicaCount: 0 -image: onap/aaf/aaf_hello:2.1.20 +image: onap/aaf/aaf_hello:2.1.23 service: name: aaf-hello diff --git a/kubernetes/aaf/charts/aaf-locate/.helmignore b/kubernetes/aaf/components/aaf-locate/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-locate/.helmignore +++ b/kubernetes/aaf/components/aaf-locate/.helmignore diff --git a/kubernetes/aaf/charts/aaf-locate/Chart.yaml b/kubernetes/aaf/components/aaf-locate/Chart.yaml index 3133191280..3133191280 100644 --- a/kubernetes/aaf/charts/aaf-locate/Chart.yaml +++ b/kubernetes/aaf/components/aaf-locate/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-locate/requirements.yaml b/kubernetes/aaf/components/aaf-locate/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-locate/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt b/kubernetes/aaf/components/aaf-locate/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-locate/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml index 5074c8bc08..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-locate/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml b/kubernetes/aaf/components/aaf-locate/templates/ingress.yaml index 1b33c1f8d1..1b33c1f8d1 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-locate/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml b/kubernetes/aaf/components/aaf-locate/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-locate/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/components/aaf-locate/values.yaml index 01a5ab158a..7bcf10dabb 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/components/aaf-locate/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,31 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + flavor: small ################################################################# # Application configuration defaults. diff --git a/kubernetes/aaf/charts/aaf-oauth/.helmignore b/kubernetes/aaf/components/aaf-oauth/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-oauth/.helmignore +++ b/kubernetes/aaf/components/aaf-oauth/.helmignore diff --git a/kubernetes/aaf/charts/aaf-oauth/Chart.yaml b/kubernetes/aaf/components/aaf-oauth/Chart.yaml index a64a17c7b1..a64a17c7b1 100644 --- a/kubernetes/aaf/charts/aaf-oauth/Chart.yaml +++ b/kubernetes/aaf/components/aaf-oauth/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-oauth/requirements.yaml b/kubernetes/aaf/components/aaf-oauth/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-oauth/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt b/kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt index bd74a42cd5..bd74a42cd5 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/NOTES.txt +++ b/kubernetes/aaf/components/aaf-oauth/templates/NOTES.txt diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml index 5074c8bc08..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-oauth/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml b/kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml index 1b33c1f8d1..1b33c1f8d1 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-oauth/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-oauth/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/components/aaf-oauth/values.yaml index 7604b86393..8771041778 100644 --- a/kubernetes/aaf/charts/aaf-oauth/values.yaml +++ b/kubernetes/aaf/components/aaf-oauth/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,31 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + flavor: small ################################################################# diff --git a/kubernetes/aaf/charts/aaf-service/.helmignore b/kubernetes/aaf/components/aaf-service/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/aaf/charts/aaf-service/.helmignore +++ b/kubernetes/aaf/components/aaf-service/.helmignore diff --git a/kubernetes/aaf/charts/aaf-service/Chart.yaml b/kubernetes/aaf/components/aaf-service/Chart.yaml index 187e33ac6f..187e33ac6f 100644 --- a/kubernetes/aaf/charts/aaf-service/Chart.yaml +++ b/kubernetes/aaf/components/aaf-service/Chart.yaml diff --git a/kubernetes/aaf/components/aaf-service/requirements.yaml b/kubernetes/aaf/components/aaf-service/requirements.yaml new file mode 100644 index 0000000000..08ef7fe836 --- /dev/null +++ b/kubernetes/aaf/components/aaf-service/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: aaf-templates + version: ~6.x-0 + repository: 'file://../aaf-templates' diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml index 5074c8bc08..5074c8bc08 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-service/templates/deployment.yaml diff --git a/kubernetes/aaf/charts/aaf-service/templates/ingress.yaml b/kubernetes/aaf/components/aaf-service/templates/ingress.yaml index 40b4bba0ce..40b4bba0ce 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/ingress.yaml +++ b/kubernetes/aaf/components/aaf-service/templates/ingress.yaml diff --git a/kubernetes/aaf/charts/aaf-service/templates/service.yaml b/kubernetes/aaf/components/aaf-service/templates/service.yaml index e54c4f3057..e54c4f3057 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-service/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/components/aaf-service/values.yaml index c2d96032cc..d924bb4f54 100644 --- a/kubernetes/aaf/charts/aaf-service/values.yaml +++ b/kubernetes/aaf/components/aaf-service/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,31 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + persistence: + enabled: true + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + + aaf: + config: + image: onap/aaf/aaf_config:2.1.23 + + flavor: small ################################################################# diff --git a/kubernetes/aaf/charts/aaf-sms/Chart.yaml b/kubernetes/aaf/components/aaf-sms/Chart.yaml index 557894f456..557894f456 100644 --- a/kubernetes/aaf/charts/aaf-sms/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sms/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml index 2dc3d49b66..2dc3d49b66 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json index 3a43f00019..3a43f00019 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml index 02f1080f29..02f1080f29 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml index d855ae6fdf..d855ae6fdf 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml index 1c6cc933f5..1c6cc933f5 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml index 1459624536..1459624536 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/values.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml index 074958ff70..074958ff70 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml index 2c70c23e03..2c70c23e03 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml index d855ae6fdf..d855ae6fdf 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml index a3a7591b02..a3a7591b02 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml index 4023106091..4023106091 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml index 7787f0b85d..7787f0b85d 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/values.yaml diff --git a/kubernetes/aaf/components/aaf-sms/requirements.yaml b/kubernetes/aaf/components/aaf-sms/requirements.yaml new file mode 100644 index 0000000000..7152c37ff0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/requirements.yaml @@ -0,0 +1,21 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem b/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem new file mode 100644 index 0000000000..7939846bf0 --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json b/kubernetes/aaf/components/aaf-sms/resources/config/has.json index 679b5189de..679b5189de 100644 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json +++ b/kubernetes/aaf/components/aaf-sms/resources/config/has.json diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json index add0808701..add0808701 100644 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json +++ b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json diff --git a/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sms/templates/configmap.yaml index a74fe277b7..a74fe277b7 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml index 6113c0d5c8..bb409f33c5 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/deployment.yaml @@ -31,8 +31,25 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: - - name: fix-permission + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }} + # Currently intermediate certificate is not given by AAF CM so we need + # to give it "by hand" + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-add-intermediate-cert + command: + - /bin/sh + args: + - -c + - | + cat /int-certs/intermediate_root_ca.pem >> {{ .Values.certInitializer.mountPath }}/local/org.onap.aaf-sms.crt + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} + - mountPath: /int-certs + name: {{ include "common.fullname" . }}-int-certs + readOnly: true + {{- end }} + - name: {{ include "common.fullname" . }}-fix-permission command: - /bin/sh args: @@ -85,7 +102,7 @@ spec: path: /v1/sms/quorum/status initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -104,13 +121,18 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - name : {{ include "common.name" . }} configMap: name: {{ include "common.fullname" . }} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-int-certs + secret: + secretName: {{ include "common.fullname" . }}-int-certs + {{- end }} - name: {{ include "common.fullname" . }}-auth {{- if .Values.persistence.enabled }} persistentVolumeClaim: diff --git a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index bb145ef3f8..315d068676 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -32,7 +32,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - sh args: @@ -163,7 +163,7 @@ spec: command: - "/sms/bin/preload" - "-cacert" - - "/sms/certs/aaf_root_ca.cer" + - "{{ .Values.certInitializer.mountPath }}/local/{{ .Values.certInitializer.root_ca_name }}" - "-jsondir" - "/preload/config" - "-serviceport" @@ -171,7 +171,7 @@ spec: - "-serviceurl" - "https://aaf-sms.{{ include "common.namespace" . }}" workingDir: /sms - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -187,7 +187,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/aaf/charts/aaf-sms/templates/pv.yaml b/kubernetes/aaf/components/aaf-sms/templates/pv.yaml index d06131feb5..d06131feb5 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sms/templates/pvc.yaml index c46d50607c..c46d50607c 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/pvc.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/pvc.yaml diff --git a/kubernetes/aaf/components/aaf-sms/templates/secret.yaml b/kubernetes/aaf/components/aaf-sms/templates/secret.yaml new file mode 100644 index 0000000000..7a0213f16c --- /dev/null +++ b/kubernetes/aaf/components/aaf-sms/templates/secret.yaml @@ -0,0 +1,32 @@ +{{/* +# Copyright © 2020 Samsung Electronics, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} +--- +{{- if .Values.global.aafEnabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-int-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} +{{- end }} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/service.yaml b/kubernetes/aaf/components/aaf-sms/templates/service.yaml index 9c94202fe3..9c94202fe3 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/service.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/service.yaml diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index 7e0aa5c282..dccf57ca96 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -1,5 +1,5 @@ # Copyright 2018 Intel Corporation, Inc -# Modifications © 2020 AT&T +# Modifications © 2020 AT&T, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,8 +22,38 @@ global: loggingImage: beats/filebeat:5.5.0 persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true flavor: small + +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: aaf-sms-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aaf-sms + fqi: aaf-sms@aaf-sms.onap.org + public_fqdn: aaf-sms.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + mountPath: /opt/app/osaaf + keystore: truststoreONAPall.jks + keystore_pass: changeit + root_ca_alias: onaptestca + root_ca_name: aaf_root_ca.cer + permission_user: 1000 + permission_group: 1000 + aaf_add_config: > + cd {{ .Values.mountPath }}/local; + keytool -exportcert -rfc -file {{ .Values.root_ca_name }} -keystore {{ .Values.keystore }} + -alias {{ .Values.root_ca_alias }} -storepass {{ .Values.keystore_pass }}; + chown -R {{.Values.permission_user}}:{{.Values.permission_group}} + {{ .Values.mountPath }}; + ################################################################# # Application configuration defaults. ################################################################# @@ -39,9 +69,9 @@ debugEnabled: false # Example: config: smsdbaddress: "http://aaf-sms-db:8200" - cafile: "/sms/certs/aaf_root_ca.cer" - servercert: "/sms/certs/aaf-sms.pub" - serverkey: "/sms/certs/aaf-sms.pr" + cafile: "/opt/app/osaaf/local/aaf_root_ca.cer" + servercert: "/opt/app/osaaf/local/org.onap.aaf-sms.crt" + serverkey: "/opt/app/osaaf/local/org.onap.aaf-sms.key" password: "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==" # subchart configuration diff --git a/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/Chart.yaml index d39b561905..d39b561905 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/README.md b/kubernetes/aaf/components/aaf-sshsm/README.md index a6f2e62cb9..a6f2e62cb9 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/README.md +++ b/kubernetes/aaf/components/aaf-sshsm/README.md diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml index 499b82caaf..499b82caaf 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml index 8d1faf7e32..8d1faf7e32 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml index 23fe79d716..23fe79d716 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml index c624ccfc4d..c624ccfc4d 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml index 2a733632bf..2a733632bf 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml index 22ba3da019..22ba3da019 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml index 99176fcdf6..99176fcdf6 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml index fb48c7df4a..fb48c7df4a 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml index bf0ef74be2..bf0ef74be2 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml index a13b7f353b..a13b7f353b 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml index 94791be713..94791be713 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml index b64e0c331a..b64e0c331a 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml index a64f483d74..a64f483d74 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml index dd04c93bd7..dd04c93bd7 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml index 0704a2c9df..0704a2c9df 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/requirements.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd b/kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd index 640b325898..640b325898 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd +++ b/kubernetes/aaf/components/aaf-sshsm/resources/config/prk_passwd diff --git a/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle b/kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle index b8b9d8ddb0..b8b9d8ddb0 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle +++ b/kubernetes/aaf/components/aaf-sshsm/resources/config/srk_handle diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml index b566b11458..b566b11458 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-data.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pv-data.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml index b3e7f9fabd..b3e7f9fabd 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pv-dbus.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pv-dbus.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml index b8971cc03c..b8971cc03c 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-data.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-data.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml index 7297d6f81d..7297d6f81d 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc-dbus.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/pvc-dbus.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml index 50b6f36cd3..50b6f36cd3 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/templates/secret.yaml diff --git a/kubernetes/aaf/charts/aaf-sshsm/values.yaml b/kubernetes/aaf/components/aaf-sshsm/values.yaml index 5600213e11..30fb0d2f2f 100644 --- a/kubernetes/aaf/charts/aaf-sshsm/values.yaml +++ b/kubernetes/aaf/components/aaf-sshsm/values.yaml @@ -1,4 +1,5 @@ # Copyright 2018 Intel Corporation, Inc +# Modifications © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +17,23 @@ # Global configuration defaults. ################################################################# global: + nodePortPrefix: 302 + # Readiness image + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + # Ubuntu Init image + ubuntuInitRepository: registry.hub.docker.com + ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + # Logging image + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + # BusyBox image + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:1.31 + # Standard OOM + pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + tpm: enabled: false # if enabled, nodeselector will use the below diff --git a/kubernetes/aaf/components/aaf-templates/Chart.yaml b/kubernetes/aaf/components/aaf-templates/Chart.yaml new file mode 100644 index 0000000000..c8739e0105 --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Orange +# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Application Authorization Framework Templates +name: aaf-templates +version: 6.0.0 diff --git a/kubernetes/aaf/components/aaf-templates/requirements.yaml b/kubernetes/aaf/components/aaf-templates/requirements.yaml new file mode 100644 index 0000000000..6afaa06e8a --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/requirements.yaml @@ -0,0 +1,18 @@ + # Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + dependencies: + - name: common + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/aaf/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl index bf6931a8e3..bf6931a8e3 100644 --- a/kubernetes/aaf/templates/_deployment.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl diff --git a/kubernetes/aaf/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl index 43c511fd6d..43c511fd6d 100644 --- a/kubernetes/aaf/templates/_initContainers.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl diff --git a/kubernetes/aaf/components/aaf-templates/values.yaml b/kubernetes/aaf/components/aaf-templates/values.yaml new file mode 100644 index 0000000000..73efdc6132 --- /dev/null +++ b/kubernetes/aaf/components/aaf-templates/values.yaml @@ -0,0 +1,13 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/kubernetes/aaf/requirements.yaml b/kubernetes/aaf/requirements.yaml index 6a61926e9e..ccbe14c7a3 100644 --- a/kubernetes/aaf/requirements.yaml +++ b/kubernetes/aaf/requirements.yaml @@ -1,4 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +15,36 @@ # limitations under the License. dependencies: - - name: common + - name: aaf-cass version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://components/aaf-cass' + - name: aaf-cert-service + version: ~6.x-0 + repository: 'file://components/aaf-cert-service' + - name: aaf-cm + version: ~6.x-0 + repository: 'file://components/aaf-cm' + - name: aaf-fs + version: ~6.x-0 + repository: 'file://components/aaf-fs' + - name: aaf-gui + version: ~6.x-0 + repository: 'file://components/aaf-gui' + - name: aaf-hello + version: ~6.x-0 + repository: 'file://components/aaf-hello' + - name: aaf-locate + version: ~6.x-0 + repository: 'file://components/aaf-locate' + - name: aaf-oauth + version: ~6.x-0 + repository: 'file://components/aaf-oauth' + - name: aaf-service + version: ~6.x-0 + repository: 'file://components/aaf-service' + - name: aaf-sms + version: ~6.x-0 + repository: 'file://components/aaf-sms' + - name: aaf-sshsm + version: ~6.x-0 + repository: 'file://components/aaf-sshsm' diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index bedf243639..df4dcf3723 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -16,6 +16,7 @@ ################################################################# # Global configuration defaults. ################################################################# + global: nodePortPrefix: 302 # Readiness image @@ -40,12 +41,14 @@ global: #pullPolicy: IfNotPresent #repository: "nexus3.onap.org:10003" + cmpv2Enabled: true + addTestingComponents: false aaf: readiness: false - image: onap/aaf/aaf_core:2.1.20 + image: onap/aaf/aaf_core:2.1.23 aaf_env: "DEV" public_fqdn: "aaf.osaaf.org" - aaf_release: "El Alto" + aaf_release: "Frankfurt" # DUBLIN ONLY - for M4 compatibility with Casablanca # aaf_locator_name: "public.%NS.%N" # aaf_locator_name_oom: "%NS.%N" @@ -57,7 +60,7 @@ global: cadi_x509_issuers: "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US" config: - image: onap/aaf/aaf_config:2.1.20 + image: onap/aaf/aaf_config:2.1.23 service: fqdn: "aaf-service" @@ -73,6 +76,9 @@ global: public_port: 31112 # Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml + certServiceClient: + secret: + name: aaf-cert-service-client-tls-secret ################################################################# # Application configuration defaults. diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index 05ac61cf57..453f906101 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -127,6 +127,8 @@ blueprintsprocessor.netconfExecutor.enabled=true blueprintsprocessor.restConfExecutor.enabled=true blueprintsprocessor.cliExecutor.enabled=true blueprintsprocessor.remoteScriptCommand.enabled=true +## Enable py-executor +blueprintsprocessor.streamingRemoteExecution.enabled=true # Used in Health Check blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index 161cf28d27..c2b6d520b5 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -90,7 +90,7 @@ spec: command: - chown - -R - - 100:101 + - 1000:1000 - /opt/app/onap/blueprints/deploy image: busybox:latest imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index eddc7bc124..9c744f39ba 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -61,7 +61,7 @@ apiVersion: v1 fieldPath: metadata.namespace - name: {{ include "common.name" $dot }}-aaf-config - image: {{ (default $subchartDot.Values.repository $subchartDot.Values.global.repository) }}/{{ $subchartDot.Values.global.aafAgentImage }} + image: {{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }} imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} volumeMounts: - mountPath: {{ $initRoot.mountPath }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index b55ba5e2f3..fdee4c9bd2 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -15,6 +15,7 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 + repository: nexus3.onap.org:10001 aafAgentImage: onap/aaf/aaf_agent:2.1.20 aafEnabled: true diff --git a/kubernetes/common/mariadb-galera/resources/create-deployment.yml b/kubernetes/common/mariadb-galera/resources/create-deployment.yml new file mode 100644 index 0000000000..61bfc78945 --- /dev/null +++ b/kubernetes/common/mariadb-galera/resources/create-deployment.yml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" (dict "suffix" "upgrade-deployment" "dot" .) | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ include "common.fullname" . }} + template: + metadata: + labels: + app: {{ include "common.fullname" . }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + ports: + - containerPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - containerPort: {{ .Values.service.sstPort }} + name: {{ .Values.service.sstPortName }} + - containerPort: {{ .Values.service.replicationPort }} + name: {{ .Values.service.replicationName }} + - containerPort: {{ .Values.service.istPort }} + name: {{ .Values.service.istPortName }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: MYSQL_USER + valueFrom: + secretKeyRef: + key: login + name: {{ include "common.fullname" . }}-temp-upgrade-usercred + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: {{ include "common.fullname" . }}-temp-upgrade-usercred + - name: MYSQL_DATABASE + value: {{ default "" .Values.config.mysqlDatabase | quote }} + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: {{ include "common.fullname" . }}-temp-upgrade-root + subdomain: {{ .Values.service.name }} + hostname: {{ .Values.nameOverride }}-upgrade-deployment
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh b/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh new file mode 100644 index 0000000000..132ac27ea2 --- /dev/null +++ b/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \ + app='{{ include "common.fullname" . }}' -o \ + jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}') + +tmp_MYSQL_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \ + MYSQL_PASSWORD) | base64) + +tmp_ROOT_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \ + MYSQL_ROOT_PASSWORD) | base64) + +FLAG_EX_ROOT_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .)) }}' + +FLAG_EX_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .)) }}' + +kubectl patch secret $FLAG_EX_ROOT_SEC -p \ + '{"data":{"password":"'"$tmp_ROOT_PASSWORD"'"}}' + +kubectl patch secret $FLAG_EX_SEC -p \ + '{"data":{"password":"'"$tmp_MYSQL_PASSWORD"'"}}' + +kubectl delete pod -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 --now +kubectl delete deployment -n $NAMESPACE_ENV {{ include "common.fullname" . }}-upgrade-deployment +kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-root +kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-usercred
\ No newline at end of file diff --git a/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh b/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh new file mode 100644 index 0000000000..ff44606e23 --- /dev/null +++ b/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh @@ -0,0 +1,101 @@ +#!/bin/bash +MYSQL_USER=$(kubectl exec -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }}-0 -- printenv MYSQL_USER) + +MYSQL_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }}-0 -- printenv MYSQL_PASSWORD) + +MYSQL_ROOT_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }}-0 -- printenv MYSQL_ROOT_PASSWORD) + +kubectl create secret generic \ + '{{ include "common.fullname" . }}'-temp-upgrade-root \ + --from-literal=password=$MYSQL_ROOT_PASSWORD + +kubectl create secret generic \ + '{{ include "common.fullname" . }}'-temp-upgrade-usercred \ + --from-literal=login=$MYSQL_USER --from-literal=password=$MYSQL_PASSWORD + +kubectl create -f /upgrade/create-deployment.yml + +TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \ + app='{{ include "common.fullname" . }}' -o \ + jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}') + +CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \ + awk '{print $2}') + +CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \ + mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + +STS_REPLICA=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') + +DEPLOYMENT_REPLICA=$(kubectl get deployment -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }}-upgrade-deployment -o \ + jsonpath='{.status.replicas}') + +while [[ ! $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \ + || [[ ! $CLUSTER_STATE == "Synced" ]] +do + echo "$CLUSTER_NO and $CLUSTER_STATE" + CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \ + | awk '{print $2}') + CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \ + --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \ + -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \ + | awk '{print $2}') + sleep 2 + if [[ $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \ + && [[ $CLUSTER_STATE == "Synced" ]] + then + echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state." + break + fi +done + +MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \ + -uroot -p$MYSQL_ROOT_PASSWORD ping) + +while [[ ! $MYSQL_STATUS == "mysqld is alive" ]] +do + echo "Mariadb deployment is not ready yet." + sleep 2 + MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \ + -uroot -p$MYSQL_ROOT_PASSWORD ping) + if [[ $MYSQL_STATUS == "mysqld is alive" ]] + then + echo "Mariadb deployment is ready." + break + fi +done + +kubectl scale statefulsets {{ include "common.fullname" . }} --replicas=0 +MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') +echo "The the cluster has $MY_REPLICA_NUMBER replicas." + +while [[ ! $MY_REPLICA_NUMBER == "0" ]] +do + echo "The cluster is not scaled to 0 yet. Please wait ..." + MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \ + {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}') + echo "The current status of the cluster is $MY_REPLICA_NUMBER" + sleep 2 + if [[ $MY_REPLICA_NUMBER == "0" ]] + then + break + fi +done + +for (( index=0; index<$STS_REPLICA; index+=1 )) +do + kubectl delete pvc \ + "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index" +done diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index a7064d7ce4..685901fa95 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -1,6 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Samsung Electronics, and TATA Communications # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,7 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - {{- if .Values.externalConfig }} apiVersion: v1 kind: ConfigMap @@ -43,3 +42,37 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-upgrade-deployment + annotations: + "helm.sh/hook": "pre-upgrade" + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": hook-succeeded + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-post-upgrade-deployment + annotations: + "helm.sh/hook": "post-upgrade" + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": hook-succeeded + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/post-upgrade-script.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mariadb-galera/templates/job.yaml b/kubernetes/common/mariadb-galera/templates/job.yaml new file mode 100644 index 0000000000..cc71bb855c --- /dev/null +++ b/kubernetes/common/mariadb-galera/templates/job.yaml @@ -0,0 +1,107 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-pre-upgrade + annotations: + "helm.sh/hook": "pre-upgrade" + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + securityContext: + fsGroup: 1001 + runAsUser: 1001 + containers: + - name: mariadb-job-pre-upgrade + image: {{ .Values.global.kubectlImage}} + imagePullPolicy: IfNotPresent + env: + - name: NAMESPACE_ENV + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + command: ["/bin/bash", "-c", "--"] + args: ["/upgrade/upgrade-scripts.sh"] + volumeMounts: + - name: config-mariadb-upgrade + mountPath: /upgrade + volumes: + - name: config-mariadb-upgrade + configMap: + name: {{ include "common.fullname" . }}-upgrade-deployment + defaultMode: 0777 + restartPolicy: OnFailure +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-post-upgrade + annotations: + "helm.sh/hook": "post-upgrade" + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + securityContext: + fsGroup: 1001 + runAsUser: 0 + initContainers: + - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + name: mariadb-galera-upgrade-readiness + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + command: + - /root/ready.py + args: + - --container-name + - mariadb-galera + containers: + - name: mariadb-job-post-upgrade + image: {{ .Values.global.kubectlImage}} + imagePullPolicy: IfNotPresent + env: + - name: NAMESPACE_ENV + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + command: ["/bin/bash", "-c", "--"] + args: ["/upgrade/post-upgrade-script.sh"] + volumeMounts: + - name: config-mariadb-upgrade + mountPath: /upgrade + volumes: + - name: config-mariadb-upgrade + configMap: + name: {{ include "common.fullname" . }}-post-upgrade-deployment + defaultMode: 0777 + restartPolicy: OnFailure +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-post-delete + annotations: + "helm.sh/hook": "post-delete" + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + containers: + - name: mariadb-job-post-delete + image: {{ .Values.global.kubectlImage}} + imagePullPolicy: IfNotPresent + command: ["/bin/bash", "-c", "--"] + args: + - for ((index=0;index<{{ $.Values.replicaCount }};index+=1)); + do kubectl delete pvc "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index"; + done; kubectl delete deployment {{ include "common.fullname" . }}-upgrade-deployment; + restartPolicy: OnFailure diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index af08ea3d58..4ccb0e5c6e 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -42,7 +42,10 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 - + busyboxImage: busybox:1.30 + busyboxRepository: docker.io + # kubeclt image + kubectlImage: "bitnami/kubectl:1.15" ################################################################# # Application configuration defaults. diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml index 94b026fab7..a873762295 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml @@ -25,4 +25,7 @@ dependencies: - name: mariadb-galera alias: mariadb version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index adbdb688c2..8db6edba1e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -46,61 +46,15 @@ spec: apiVersion: v1 fieldPath: metadata.namespace {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - aaf-locate - - --container-name - - aaf-cm - - --container-name - - aaf-service - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-dr-prov-aaf-config - image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-config-vol - env: - - name: APP_FQI - value: "{{ .Values.aafConfig.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace }}:8095" - - name: aaf_locator_container - value: "{{ .Values.global.aafLocatorContainer }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aafConfig.fqdn }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.aafConfig.publicFqdn}}" - - name: aaf_locator_app_ns - value: "{{ .Values.global.aafAppNs }}" - - name: DEPLOY_FQI - value: "{{ .Values.aafConfig.aafDeployFqi }}" - - name: DEPLOY_PASSWORD - value: "{{ .Values.aafConfig.aafDeployPass }}" - - name: cadi_longitude - value: "{{ .Values.aafConfig.cadiLongitude }}" - - name: cadi_latitude - value: "{{ .Values.aafConfig.cadiLatitude }}" + + {{ include "common.certInitializer.initContainer" . | nindent 8 }} + - name: {{ include "common.name" . }}-permission-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-config-vol + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} command: ["chown","-Rf","1000:1001", "/opt/app/"] + {{ end }} containers: - name: {{ include "common.name" . }} @@ -125,11 +79,7 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} - name: DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} - volumeMounts: - {{- if .Values.global.aafEnabled }} - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-config-vol - {{- end }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: false @@ -163,7 +113,7 @@ spec: mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap/datarouter-prov - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime @@ -183,14 +133,5 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.fullname" . }}-aaf-config-vol - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-aaf-props - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml deleted file mode 100644 index 1a09a81a0e..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= -*/}} -{{- if .Values.global.aafEnabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-aaf-props - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-aaf-props - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-aaf-props -spec: - capacity: - storage: {{ .Values.persistence.aafCredsSize}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.aafCredsMountSubPath }} -{{ end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml deleted file mode 100644 index c6ac7497b5..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= -*/}} -{{- if .Values.global.aafEnabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-aaf-props - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.aafCredsSize }} -{{ end -}} -{{ end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 3fb90f0533..1cf2e583d1 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -25,7 +25,7 @@ global: ################################################################# secrets: - uid: dmaap-dr-db-user-secret - name: '{{ include "common.release" . }}-dmaap-dr-db-user-secret' + name: &dbSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-secret' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.dmaapDrDb.userName }}' @@ -69,10 +69,6 @@ persistence: accessMode: ReadWriteOnce mountPath: /dockerdata-nfs - aafCredsMountSubPath: data-router/dr-prov/aaf-props - aafCredsSize: 10M - aafCredsPath: /opt/app/osaaf/local - ingress: enabled: false service: @@ -111,7 +107,7 @@ mariadb: nameOverride: dmaap-dr-db replicaCount: 2 config: - userCredentialsExternalSecret: '{{ include "common.release" . }}-dmaap-dr-db-user-secret' + userCredentialsExternalSecret: *dbSecretName mysqlDatabase: datarouter service: name: dmaap-dr-db-svc @@ -121,15 +117,22 @@ mariadb: size: 1Gi mountSubPath: data-router/dr-db-data -#AAF local config -aafConfig: +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: dmaap-dr-prov-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! +# aafDeployCredsExternalSecret: some secret fqdn: dmaap-dr-prov fqi: dmaap-dr-prov@dmaap-dr.onap.org publicFqdn: dmaap-dr.onap.org cadiLatitude: 0.0 cadiLongitude: 0.0 + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml b/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml new file mode 100644 index 0000000000..da00f61e2f --- /dev/null +++ b/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml @@ -0,0 +1,47 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# +# These overrides will affect all helm charts (ie. applications) +# that are listed below and are 'enabled'. +# +# +# This is specifically for the environments which take time to +# deploy ONAP. This increase in timeouts prevents false restarting of +# the pods during startup configuration. +# +# These timers have been tuned by the ONAP integration team. They +# have been tested and validated in the ONAP integration lab (Intel/Windriver lab). +# They are however indicative and may be adapted to your environment as they +# depend on the performance of the infrastructure you are installing ONAP on. +# +# Please note that these timers must remain reasonable, in other words, if +# your infrastructure is not performant enough, extending the timers to very +# large value may not fix all installation issues on over subscribed hardware. +# +################################################################# +global: + cmpv2Enabled: true + aaf: + certServiceClient: + envVariables: + # Certificate related + cmpv2Organization: "Linux-Foundation" + cmpv2OrganizationalUnit: "ONAP" + cmpv2Location: "San-Francisco" + cmpv2State: "California" + cmpv2Country: "US" + # Client configuration related + caName: "RA" diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 973613b464..e60925f21f 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -58,6 +58,16 @@ global: # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co + # dockerHub main repository + dockerHubRepository: docker.io + + # busybox repo and image + busyboxRepository: docker.io + busyboxImage: busybox:1.30 + + # kubeclt image + kubectlImage: "bitnami/kubectl:1.15" + # image pull policy pullPolicy: Always @@ -101,6 +111,27 @@ global: # Enabling CMPv2 cmpv2Enabled: true + aaf: + certServiceClient: + image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.0.0 + secret: + name: aaf-cert-service-client-tls-secret + mountPath: /etc/onap/aaf/certservice/certs/ + envVariables: + # Certificate related + cmpv2Organization: "Linux-Foundation" + cmpv2OrganizationalUnit: "ONAP" + cmpv2Location: "San-Francisco" + cmpv2State: "California" + cmpv2Country: "US" + # Client configuration related + caName: "RA" + requestURL: "https://aaf-cert-service:8443/v1/certificate/" + requestTimeout: "20000" + keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks" + keystorePassword: "secret" + truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks" + truststorePassword: "secret" # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this diff --git a/kubernetes/portal/components/portal-sdk/requirements.yaml b/kubernetes/portal/components/portal-sdk/requirements.yaml index c5d7864b9d..00b92235f3 100644 --- a/kubernetes/portal/components/portal-sdk/requirements.yaml +++ b/kubernetes/portal/components/portal-sdk/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-sdk/resources/server/server.xml b/kubernetes/portal/components/portal-sdk/resources/server/server.xml index dffcfbe419..1cea5ab8f8 100644 --- a/kubernetes/portal/components/portal-sdk/resources/server/server.xml +++ b/kubernetes/portal/components/portal-sdk/resources/server/server.xml @@ -94,7 +94,7 @@ {{ if .Values.global.aafEnabled }} <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" - keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}" + keystoreFile="{{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.keystoreFile}}" keystorePass="${javax.net.ssl.keyStorePassword}" clientAuth="false" sslProtocol="TLS" /> {{ end }} @@ -152,4 +152,4 @@ </Host> </Engine> </Service> -</Server>
\ No newline at end of file +</Server> diff --git a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml index 1dbdeedd5a..5ad9910c56 100644 --- a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml @@ -26,17 +26,3 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }} - -{{ if .Values.global.aafEnabled }} -{{- if .Values.aafConfig.addconfig -}} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "aaf-add-config" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -data: - aaf-add-config.sh: |- - /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop -{{- end -}} -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index b78ef34fa1..e7913ba1a5 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -46,24 +46,22 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config" . | indent 6 }} - {{- end }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c"] {{- if .Values.global.aafEnabled }} - args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\ + args: ["export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0);\ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] env: - name: CATALINA_OPTS value: > - -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" - -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" + -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}" + -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}" {{- else }} args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] {{- end }} @@ -82,9 +80,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config-volume-mountpath" . | indent 8 }} - {{- end }} +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: properties-onapportalsdk mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml" subPath: server.xml @@ -148,8 +144,6 @@ spec: emptyDir: {} - name: portal-tomcat-logs emptyDir: {} - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config-volumes" . | indent 8 }} - {{- end }} +{{ include "common.certInitializer.volumes" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index 2363ec5691..47c0189c40 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -27,7 +27,6 @@ global: persistence: {} #AAF service aafEnabled: true - aafAgentImage: onap/aaf/aaf_agent:2.1.20 ################################################################# # Application configuration defaults. @@ -40,30 +39,25 @@ pullPolicy: Always #AAF local config aafURL: https://aaf-service:8100/authz/ -aafConfig: +certInitializer: + nameOverride: portal-sdk-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: portal fqi: portal@portal.onap.org - publicFqdn: portal.onap.org + public_fqdn: portal.onap.org cadi_latitude: "38.0" cadi_longitude: "-72.0" credsPath: /opt/app/osaaf/local app_ns: org.osaaf.aaf permission_user: 1000 permission_group: 999 - addconfig: true - secret_uid: &aaf_secret_uid portal-sdk-aaf-deploy-creds keystoreFile: "org.onap.portal.p12" truststoreFile: "org.onap.portal.trust.jks" - -secrets: - - uid: *aaf_secret_uid - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafConfig.aafDeployFqi }}' - password: '{{ .Values.aafConfig.aafDeployPass }}' - passwordPolicy: required + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + /opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/robot b/kubernetes/robot -Subproject 51322d3b374588a051b4a5522fbd25ac92ffb32 +Subproject 7ee95b4c8f667dd0506499db17688473309cd91 diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index a0e9b539e6..ac0403b889 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.5 -backendInitImage: onap/sdc-backend-init:1.6.5 +image: onap/sdc-backend:1.6.6 +backendInitImage: onap/sdc-backend-init:1.6.6 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index 3cef2cf49e..cabf2c19eb 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.5 -cassandraInitImage: onap/sdc-cassandra-init:1.6.5 +image: onap/sdc-cassandra:1.6.6 +cassandraInitImage: onap/sdc-cassandra-init:1.6.6 pullPolicy: Always diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index 8754d0fc87..98452c23e1 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.5 +image: onap/sdc-frontend:1.6.6 pullPolicy: Always config: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index 0471c031a6..f83000f74a 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.5 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.5 +image: onap/sdc-onboard-backend:1.6.6 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.6 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg index 117a663dd4..46c5db0ea9 100644 --- a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg +++ b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg @@ -17,8 +17,10 @@ # ################################################################################ -# Common pattern layout for appenders -log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %X{currentGraph} - %X{nodeId} | %m%n +# Properties used as default values in MDC +log4j2.property.ServiceName = INTERNAL +log4j2.property.ErrorCode = 900 +log4j2.property.ErrorDesc = UnknownError # Common properties @@ -33,23 +35,18 @@ metricsLogName=metrics auditLogName=audit debugLogName=debug - -# Root logger -log4j2.rootLogger.level = INFO -# uncomment to use asynchronous loggers, which require mvn:com.lmax/disruptor/3.3.2 library -#log4j2.rootLogger.type = asyncRoot -#log4j2.rootLogger.includeLocation = false -log4j2.rootLogger.appenderRef.RollingFile.ref = RollingFile +log4j2.rootLogger.appenderRef.KarafFile.ref = KarafFile log4j2.rootLogger.appenderRef.PaxOsgi.ref = PaxOsgi log4j2.rootLogger.appenderRef.Console.ref = Console +log4j2.rootLogger.appenderRef.DebugFile.ref = DebugFile +log4j2.rootLogger.appenderRef.ErrorFile.ref = ErrorFile log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF} -# Loggers configuration - -# Spifly logger -log4j2.logger.spifly.name = org.apache.aries.spifly -log4j2.logger.spifly.level = WARN +log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version} +# Veracode: Address Improper Output Neutralization for Logs CWE ID 117 flaw +# \\R matches any new line character, any new line character will replaced with space (stripped) +log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | ${log4j2.bundle.info} | %X{currentGraph} - %X{nodeId} | %replace{%m}{\\R}{ }%n # Security audit logger log4j2.logger.audit.name = org.apache.karaf.jaas.modules.audit @@ -65,74 +62,150 @@ log4j2.appender.console.name = Console log4j2.appender.console.layout.type = PatternLayout log4j2.appender.console.layout.pattern = ${log4j2.pattern} -# Rolling file appender -log4j2.appender.rolling.type = RollingRandomAccessFile -log4j2.appender.rolling.name = RollingFile -log4j.appender.rolling.level = INFO -log4j2.appender.rolling.fileName = ${logDirectory}/${karafLogName}.log -log4j2.appender.rolling.filePattern = ${logDirectory}/${karafLogName}.log.%i -# uncomment to not force a disk flush -#log4j2.appender.rolling.immediateFlush = false -log4j2.appender.rolling.append = true -log4j2.appender.rolling.layout.type = PatternLayout -log4j2.appender.rolling.layout.pattern = ${log4j2.pattern} -log4j2.appender.rolling.policies.type = Policies -log4j2.appender.rolling.policies.size.type = SizeBasedTriggeringPolicy -log4j2.appender.rolling.policies.size.size = ${maxFileSize} - -# Audit file appender - not currently used, so commented out -log4j2.appender.audit.type = RollingRandomAccessFile -log4j2.appender.audit.name = AuditRollingFile -log4j2.appender.audit.fileName = ${logDirectory}/${auditLogName}.log -log4j2.appender.audit.filePattern = ${logDirectory}/${auditLogName}.log.%i -log4j2.appender.audit.append = true -log4j2.appender.audit.layout.type = PatternLayout -log4j2.appender.audit.layout.pattern = ${log4j2.pattern} -log4j2.appender.audit.policies.type = Policies -log4j2.appender.audit.policies.size.type = SizeBasedTriggeringPolicy -log4j2.appender.audit.policies.size.size = ${maxFileSize} - # OSGi appender log4j2.appender.osgi.type = PaxOsgi log4j2.appender.osgi.name = PaxOsgi log4j2.appender.osgi.filter = * - -#ECOMP Debug appender +# KarafFile appender +log4j2.appender.karaf.type = RollingRandomAccessFile +log4j2.appender.karaf.name = KarafFile +log4j2.appender.karaf.fileName = ${logDirectory}/log/karaf.log +log4j2.appender.karaf.filePattern = ${logDirectory}/log/karaf.log.%i +# uncomment to not force a disk flush +#log4j2.appender.karaf.immediateFlush = false +log4j2.appender.karaf.append = true +log4j2.appender.karaf.layout.type = PatternLayout +log4j2.appender.karaf.layout.pattern = ${log4j2.pattern} +log4j2.appender.karaf.policies.type = Policies +log4j2.appender.karaf.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.karaf.policies.size.size = ${maxFileSize} +log4j2.appender.karaf.strategy.type = DefaultRolloverStrategy +log4j2.appender.karaf.strategy.max = ${maxBackupIndex} +log4j2.appender.karaf.strategy.fileIndex = min +# Routing appender (log4j sift) +log4j2.appender.routing.type = Routing +log4j2.appender.routing.name = Routing +log4j2.appender.routing.routes.type = Routes +log4j2.appender.routing.routes.pattern = \$\$\\\{ctx:bundle.name\} +log4j2.appender.routing.routes.bundle.type = Route +log4j2.appender.routing.routes.bundle.appender.type = RollingRandomAccessFile +log4j2.appender.routing.routes.bundle.appender.name = Bundle-\$\\\{ctx:bundle.name\} +log4j2.appender.routing.routes.bundle.appender.fileName = ${logDirectory}/log/bundle-\$\\\{ctx:bundle.name\}.log +log4j2.appender.routing.routes.bundle.appender.filePattern= ${logDirectory}/log/bundle-\$\\\{ctx:bundle.name\}.log.%i +log4j2.appender.routing.routes.bundle.appender.append = true +log4j2.appender.routing.routes.bundle.appender.layout.type = PatternLayout +log4j2.appender.routing.routes.bundle.appender.layout.pattern = ${log4j2.pattern} +log4j2.appender.routing.routes.bundle.appender.policies.type = Policies +log4j2.appender.routing.routes.bundle.appender.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.routing.routes.bundle.appender.policies.size.size = ${maxFileSize} + +#ecomp logging standards log4j2.appender.debug.type = RollingRandomAccessFile -log4j2.appender.debug.name = DebugRollingFile -log4j2.appender.debug.fileName = ${logDirectory}/${debugLogName}.log -log4j2.appender.debug.filePattern = ${logDirectory}/${debugLogName}.log.%i +log4j2.appender.debug.name = DebugFile +log4j2.appender.debug.fileName = <%= @logDir %>/debug.log +log4j2.appender.debug.filePattern = <%= @logDir %>/debug.log.%i +# uncomment to not force a disk flush +#log4j2.appender.debug.immediateFlush = false log4j2.appender.debug.append = true log4j2.appender.debug.layout.type = PatternLayout -log4j2.appender.debug.layout.pattern = ${log4j2.pattern} +log4j2.appender.debug.layout.pattern = %d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%-16.16t|%-5.5p|%-32.32c{1}|${log4j2.bundle.info}|%replace{%m}{\\R}{ }%n log4j2.appender.debug.policies.type = Policies log4j2.appender.debug.policies.size.type = SizeBasedTriggeringPolicy log4j2.appender.debug.policies.size.size = ${maxFileSize} +log4j2.appender.debug.strategy.type = DefaultRolloverStrategy +log4j2.appender.debug.strategy.max = ${maxBackupIndex} +log4j2.appender.debug.strategy.fileIndex = min -#Error appender log4j2.appender.error.type = RollingRandomAccessFile -log4j2.appender.error.name = ErrorRollingFile -log4j2.appender.error.fileName = ${logDirectory}/${errorLogName}.log -log4j2.appender.error.filePattern = ${logDirectory}/${errorLogName}.log.%i +log4j2.appender.error.name = ErrorFile +log4j2.appender.error.fileName = <%= @logDir %>/error.log +log4j2.appender.error.filePattern = <%= @logDir %>/error.log.%i +# uncomment to not force a disk flush +#log4j2.appender.error.immediateFlush = false log4j2.appender.error.append = true log4j2.appender.error.layout.type = PatternLayout -log4j2.appender.error.layout.pattern = ${log4j2.pattern} +log4j2.appender.error.layout.pattern = %d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%-16.16t|$\$\\\{ctx:ServiceName\}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%p|$\$\\\{ctx:ErrorCode\}|$\$\\\{ctx:ErrorDesc\}|%replace{%m}{\\R}{ }%ex{full}{separator(\\n)}%n + log4j2.appender.error.policies.type = Policies log4j2.appender.error.policies.size.type = SizeBasedTriggeringPolicy log4j2.appender.error.policies.size.size = ${maxFileSize} +log4j2.appender.error.strategy.type = DefaultRolloverStrategy +log4j2.appender.error.strategy.max = ${maxBackupIndex} +log4j2.appender.error.strategy.fileIndex = min +log4j2.appender.error.filter.threshold.type = ThresholdFilter +log4j2.appender.error.filter.threshold.level = WARN +log4j2.appender.error.filter.threshold.match = ACCEPT + + + +log4j2.appender.metric.type = RollingRandomAccessFile +log4j2.appender.metric.name = MetricFile +log4j2.appender.metric.fileName = <%= @logDir %>/metric.log +log4j2.appender.metric.filePattern = <%= @logDir %>/metric.log.%i +# uncomment to not force a disk flush +#log4j2.appender.metric.immediateFlush = false +log4j2.appender.metric.append = true +log4j2.appender.metric.layout.type = PatternLayout +log4j2.appender.metric.layout.pattern=%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%-16.16t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceID}|%p|%X{Severity}|<%= @hostIP %>|%X{ElapsedTime}|<%= @hostFQDN %>|%X{ClientIPAddress}|%C{1}|||%X{TargetElement}|%X{slf4j.marker}|%X|%X{currentGraph} - %X{nodeId}|${log4j2.bundle.info}|%m%n +log4j2.appender.metric.policies.type = Policies +log4j2.appender.metric.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.metric.policies.size.size = ${maxFileSize} +log4j2.appender.metric.strategy.type = DefaultRolloverStrategy +log4j2.appender.metric.strategy.max = 100 +log4j2.appender.metric.strategy.fileIndex = min -#Metrics appender - not used so commented out -#log4j2.appender.metrics.type = RollingRandomAccessFile -#log4j2.appender.metrics.name = MetricsRollingFile -#log4j2.appender.metrics.fileName = ${logDirectory}/${metricsLogName}.log -#log4j2.appender.metrics.filePattern = ${logDirectory}/${metricsLogName}.log.%i -#log4j2.appender.metrics.append = true -#log4j2.appender.metrics.layout.type = PatternLayout -#log4j2.appender.metrics.layout.pattern = ${log4j2.pattern} -#log4j2.appender.metrics.policies.type = Policies -#log4j2.appender.metrics.policies.size.type = SizeBasedTriggeringPolicy -#log4j2.appender.metrics.policies.size.size = ${maxFileSize} +log4j2.appender.audit.type = RollingRandomAccessFile +log4j2.appender.audit.name = AuditFile +log4j2.appender.audit.fileName = <%= @logDir %>/audit.log +log4j2.appender.audit.filePattern = <%= @logDir %>/audit.log.%i +# uncomment to not force a disk flush +#log4j2.appender.audit.immediateFlush = false +log4j2.appender.audit.append = true +log4j2.appender.audit.layout.type = PatternLayout +log4j2.appender.audit.layout.pattern=%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%-16.16t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceID}|INFO|%X{Severity}|<%= @hostIP %>|%X{ElapsedTime}|<%= @hostFQDN %>|%X{ClientIPAddress}|%C{1}|%X{AUDIT-Unused}|%X{AUDIT-ProcessKey}|%X{slf4j.marker}|%X|%X{currentGraph} - %X{nodeId}|${log4j2.bundle.info}|%m%n +log4j2.appender.audit.policies.type = Policies +log4j2.appender.audit.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.audit.policies.size.size = ${maxFileSize} +log4j2.appender.audit.strategy.type = DefaultRolloverStrategy +log4j2.appender.audit.strategy.max = ${maxBackupIndex} +log4j2.appender.audit.strategy.fileIndex = min + +# Loggers + +log4j2.logger.metric.name = org.onap.ccsdk.sli.core.filters.metric +log4j2.logger.metric.level = INFO +log4j2.logger.metric.additivity = false +log4j2.logger.metric.appenderRef.MetricFile.ref = MetricFile + +log4j2.logger.metric2.name = org.onap.logging.filter.base.AbstractBaseMetricLogFilter +log4j2.logger.metric2.level = INFO +log4j2.logger.metric2.additivity = false +log4j2.logger.metric2.appenderRef.MetricFile.ref = MetricFile + +log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter +log4j2.logger.audit.level = INFO +log4j2.logger.audit.additivity = false +log4j2.logger.audit.appenderRef.AuditFile.ref = AuditFile + +log4j2.logger.metric.name = org.onap.ccsdk.sli.core.filters.metric +log4j2.logger.metric.level = INFO +log4j2.logger.metric.additivity = false +log4j2.logger.metric.appenderRef.MetricFile.ref = MetricFile + +log4j2.logger.metric2.name = org.onap.logging.filter.base.AbstractBaseMetricLogFilter +log4j2.logger.metric2.level = INFO +log4j2.logger.metric2.additivity = false +log4j2.logger.metric2.appenderRef.MetricFile.ref = MetricFile + +log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter +log4j2.logger.audit.level = INFO +log4j2.logger.audit.additivity = false +log4j2.logger.audit.appenderRef.AuditFile.ref = AuditFile +log4j2.logger.rr.name = org.onap.logging.filter.base.PayloadLoggingServletFilter +log4j2.logger.rr.level = INFO +log4j2.logger.rr.additivity = false +log4j2.logger.rr.appenderRef.RequestResponseFile.ref = RequestResponseFile
\ No newline at end of file diff --git a/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml b/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml new file mode 100644 index 0000000000..ab2bad332a --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: A Helm chart for so appc orchestrator +name: so-appc-orchestrator +version: 6.0.0 diff --git a/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml new file mode 100644 index 0000000000..c897f48e4a --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml @@ -0,0 +1,57 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 + ssl-enable: false +mso: + logPath: ./logs/soappcorch + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}} + msoKey: {{ .Values.global.app.msoKey }} + config: + {{ if eq .Values.global.security.aaf.enabled true }} + cadi: {{ include "cadi.keys" . | nindent 8}} + {{- else }} + cadi: + aafId: {{ .Values.mso.basicUser }} + {{- end }} + workflow: + endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine + topics: + retryMultiplier: 1000 +appc: + client: + topic: + read: + name: {{ .Values.appc.client.topic.read.name }} + timeout: {{ .Values.appc.client.topic.read.timeout }} + write: {{ .Values.appc.client.topic.write }} + sdnc: + read: {{ .Values.appc.client.topic.sdnc.read }} + write: {{ .Values.appc.client.topic.sdnc.write }} + response: + timeout: {{ .Values.appc.client.response.timeout }} + key: {{ .Values.appc.client.key }} + secret: {{ .Values.appc.client.secret }} + service: ueb + poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904 +spring: + security: + usercredentials: + - + username: ${ACTUATOR_USERNAME} + password: ${ACTUATOR_PASSWORD} + role: ACTUATOR diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml new file mode 100755 index 0000000000..8c0ee290ce --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml @@ -0,0 +1,41 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml new file mode 100644 index 0000000000..b9a39fe8c3 --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml @@ -0,0 +1,83 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + - name: {{ include "common.name" . }}-pass-encoder + command: + - sh + args: + {{/* bcrypt plain text and convert to OpenBSD variant using sed */}} + - -c + - htpasswd -bnBC 10 "" "${ACTUATOR_PASSWORD}" | tr -d ':\n' | sed 's/\$2y/\$2a/' 1>/tmp/app/encoded; + env: + - name: ACTUATOR_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }} + image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.htpasswdImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: encoder + mountPath: /tmp/app + containers: + - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"; ./start-app.sh + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: ACTUATOR_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{- include "common.containerPorts" . | nindent 10 }} + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: encoder + mountPath: /tmp/app + - name: config + mountPath: /app/config + readOnly: true +{{ include "helpers.livenessProbe" .| indent 8 }} + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: encoder + emptyDir: + medium: Memory + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml index 34932b713d..bd7eb8ea40 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml +++ b/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml @@ -1,4 +1,3 @@ -{{/* # Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +11,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} {{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml new file mode 100644 index 0000000000..fc3e2879ce --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/values.yaml b/kubernetes/so/charts/so-appc-orchestrator/values.yaml new file mode 100644 index 0000000000..f10873d66b --- /dev/null +++ b/kubernetes/so/charts/so-appc-orchestrator/values.yaml @@ -0,0 +1,125 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# + +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + persistence: + mountPath: /dockerdata-nfs + htpasswdImage: xmartlabs/htpasswd + dockerHubRepository: docker.io +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + - uid: server-actuator-creds + name: '{{ include "common.release" . }}-so-appc-actuator-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' + login: '{{ .Values.server.actuator.username }}' + password: '{{ .Values.server.actuator.password }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/so-appc-orchestrator:1.6.0 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret +server: + actuator: + username: mso_admin + password: password1$ +replicaCount: 1 +minReadySeconds: 10 +containerPort: 8080 +logPath: ./logs/soappcorch +app: appc-orchestrator +service: + name: so-appc-orchestrator + type: ClusterIP + ports: + - port: 8080 + name: http +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8083 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index b6ba63e051..b73032e0b7 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -57,7 +57,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.6.2 +image: onap/so/bpmn-infra:1.6.3 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 70d008b106..a66a869fb1 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -54,7 +54,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.6.2 +image: onap/so/catalog-db-adapter:1.6.3 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index 1272dbdb57..fc91ee2abc 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -57,7 +57,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.6.2 +image: onap/so/so-monitoring:1.6.3 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-nssmf-adapter/values.yaml b/kubernetes/so/charts/so-nssmf-adapter/values.yaml index 7412dfa809..8a0d4e4386 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/charts/so-nssmf-adapter/values.yaml @@ -69,7 +69,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/nssmf-adapter:1.6.2 +image: onap/so/nssmf-adapter:1.6.3 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index e611ee301b..9f50806ede 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -51,7 +51,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.6.2 +image: onap/so/openstack-adapter:1.6.3 pullPolicy: Always repository: nexus3.onap.org:10001 diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index 2541d0e92b..e79b57c5f9 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -52,7 +52,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.6.2 +image: onap/so/request-db-adapter:1.6.3 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index 3cba4a0fd6..ee4b5f965d 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -52,7 +52,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.6.2 +image: onap/so/sdc-controller:1.6.3 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index 0ea7e69348..9337721ac0 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.6.2 +image: onap/so/sdnc-adapter:1.6.3 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml index 5f9d5842cf..69c877a228 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml @@ -37,7 +37,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/ve-vnfm-adapter:1.6.2 +image: onap/so/ve-vnfm-adapter:1.6.3 pullPolicy: Always replicaCount: 1 service: diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index d139b4968d..9128a5205e 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -52,7 +52,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.6.2 +image: onap/so/vfc-adapter:1.6.3 pullPolicy: Always db: diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml index 9ddc0dd835..7547096842 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml @@ -40,7 +40,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.6.2 +image: onap/so/vnfm-adapter:1.6.3 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index a6f2c8cd7b..ad20b0f117 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -137,7 +137,7 @@ dbCreds: adminName: so_admin repository: nexus3.onap.org:10001 -image: onap/so/api-handler-infra:1.6.2 +image: onap/so/api-handler-infra:1.6.3 pullPolicy: Always replicaCount: 1 minReadySeconds: 10 @@ -457,3 +457,35 @@ so-mariadb: backupCredsExternalSecret: *dbBackupCredsSecretName userCredsExternalSecret: *dbUserCredsSecretName adminCredsExternalSecret: *dbAdminCredsSecretName +so-appc-orchestrator: + certSecret: *so-certs + db: + <<: *dbSecrets + mso: + basicUser: poBpmn + auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.openStackAdapterPerm + noAuthn: /manage/health + appc: + client: + topic: + read: + name: APPC-LCM-WRITE + timeout: 360000 + write: APPC-LCM-READ + sdnc: + read: SDNC-LCM-WRITE + write: SDNC-LCM-READ + response: + timeout: 3600000 + key: VIlbtVl6YLhNUrtU + secret: 64AG2hF4pYeG2pq7CT6XwUOT + service: ueb + auth: + rest: + aaf: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 |