aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/oom_hardcoded_certificates.rst2
-rw-r--r--kubernetes/sdc/charts/sdc-be/templates/deployment.yaml39
-rw-r--r--kubernetes/sdc/charts/sdc-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-cs/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml40
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml39
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-dt/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml39
-rw-r--r--kubernetes/sdc/charts/sdc-dcae-fe/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml39
-rw-r--r--kubernetes/sdc/charts/sdc-fe/values.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml37
-rw-r--r--kubernetes/sdc/charts/sdc-onboarding-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml11
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml9
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/values.yaml2
-rw-r--r--kubernetes/sdc/resources/cert/org.onap.sdc.p12bin0 -> 4443 bytes
-rw-r--r--kubernetes/sdc/resources/cert/org.onap.sdc.trust.jksbin0 -> 1413 bytes
-rwxr-xr-xkubernetes/sdc/resources/config/environments/AUTO.json4
-rw-r--r--kubernetes/sdc/templates/secrets.yaml16
-rw-r--r--kubernetes/sdc/values.yaml5
23 files changed, 279 insertions, 29 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index 74a292cef4..0745ec0df4 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -24,6 +24,8 @@ Here's the list of these certificates:
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SDC | Yes | No? | No? | kubernetes/sdc/resources/cert |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO/BPMN | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
index cff8e2630b..84f6d0b51d 100644
--- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
@@ -51,6 +51,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -86,8 +110,14 @@ spec:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -116,6 +146,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -128,7 +161,9 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml
index ac904665db..a40b27d2aa 100644
--- a/kubernetes/sdc/charts/sdc-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.3
-backendInitImage: onap/sdc-backend-init:1.6.3
+image: onap/sdc-backend:1.6.4
+backendInitImage: onap/sdc-backend-init:1.6.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml
index ddc194654d..6c63927cf5 100644
--- a/kubernetes/sdc/charts/sdc-cs/values.yaml
+++ b/kubernetes/sdc/charts/sdc-cs/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.3
-cassandraInitImage: onap/sdc-cassandra-init:1.6.3
+image: onap/sdc-cassandra:1.6.4
+cassandraInitImage: onap/sdc-cassandra-init:1.6.4
pullPolicy: Always
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
index 6072148d07..de80c7a0de 100644
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
@@ -59,7 +59,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
-
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -91,8 +114,14 @@ spec:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -132,6 +161,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -144,7 +176,9 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
index 051c076ea1..d1fe131f82 100644
--- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
@@ -27,9 +27,9 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.3
+image: onap/dcae-be:1.3.4
pullPolicy: Always
-backendInitImage: onap/dcae-tools:v1.3.3
+backendInitImage: onap/dcae-tools:1.3.4
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
index f3c44f0e54..77a835ccb7 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
@@ -59,6 +59,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -89,8 +113,14 @@ spec:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -126,6 +156,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -138,7 +171,9 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
index c3a2159d2e..ad46842393 100644
--- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.3
+image: onap/dcae-dt:1.3.4
pullPolicy: IfNotPresent
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
index a70f485153..d5861fadfc 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
@@ -59,6 +59,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -89,8 +113,14 @@ spec:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -130,6 +160,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -142,7 +175,9 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
index 28181d1c6a..b6572f5d3d 100644
--- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.3
+image: onap/dcae-fe:1.3.4
pullPolicy: Always
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
index 8e19489f9a..7a11ef927e 100644
--- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
@@ -46,6 +46,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -79,8 +103,14 @@ spec:
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -112,6 +142,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -128,7 +161,9 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- - name: {{ include "common.fullname" . }}-logs
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
+ - name: {{ include "common.fullname" . }}-logs
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml
index 64ccaa81b1..f5d1956f18 100644
--- a/kubernetes/sdc/charts/sdc-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.3
+image: onap/sdc-frontend:1.6.4
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
index 75779a319c..3db3685b86 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
@@ -46,6 +46,30 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-update-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+ env:
+ - name: KEYSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: keystore_password
+ - name: TRUSTSTORE_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-sdc-cs-secrets
+ key: truststore_password
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /config-input/
+ - name: sdc-environments-output
+ mountPath: /config-output/
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -93,8 +117,14 @@ spec:
- name: SDC_CERT_DIR
value: {{ .Values.cert.certDir }}
volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -125,6 +155,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -137,6 +170,8 @@ spec:
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
+ - name: sdc-environments-output
+ emptyDir: { medium: "Memory" }
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-cert-storage
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
index b15f784dee..946cb3491f 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.3
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3
+image: onap/sdc-onboard-backend:1.6.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 7490b47cef..be2eeb6e96 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -115,5 +115,16 @@ spec:
- name: SERVER_SSL_TRUST_PASSWORD
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
+ volumeMounts:
+ - name: sdc-cert
+ mountPath: /keystore
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /truststore
+ subPath: org.onap.sdc.trust.jks
+ volumes:
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 78fdb32dcc..8bab2c84ea 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.2
-configInitImage: onap/workflow-init:1.6.2
+image: onap/workflow-backend:1.6.4
+configInitImage: onap/workflow-init:1.6.4
pullPolicy: Always
initJob:
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index f419d61291..180c427f1e 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
@@ -90,6 +90,12 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/etc/org.onap.sdc.p12
+ subPath: org.onap.sdc.p12
+ - name: sdc-cert
+ mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks
+ subPath: org.onap.sdc.trust.jks
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -116,6 +122,9 @@ spec:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
+ - name: sdc-cert
+ secret:
+ secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index 6b0669b5b6..359c33ab61 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.2
+image: onap/workflow-frontend:1.6.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12
new file mode 100644
index 0000000000..446856071b
--- /dev/null
+++ b/kubernetes/sdc/resources/cert/org.onap.sdc.p12
Binary files differ
diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks
new file mode 100644
index 0000000000..e6686cc08c
--- /dev/null
+++ b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks
Binary files differ
diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json
index 57d774e59b..2bd165b723 100755
--- a/kubernetes/sdc/resources/config/environments/AUTO.json
+++ b/kubernetes/sdc/resources/config/environments/AUTO.json
@@ -104,6 +104,10 @@
"username": "user1@sdc.com",
"password": "password=="
}
+ },
+ "jetty": {
+ "keystore_pwd": "${KEYSTORE_PASS}",
+ "truststore_pwd": "${TRUSTSTORE_PASS}"
}
}
}
diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml
index ba2ec86951..6187104ce6 100644
--- a/kubernetes/sdc/templates/secrets.yaml
+++ b/kubernetes/sdc/templates/secrets.yaml
@@ -35,4 +35,18 @@ data:
truststore_password: "{{ .Values.global.secrets.truststore_password }}"
keystore_password: "{{ .Values.global.secrets.keystore_password }}"
# workflow
- wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}" \ No newline at end of file
+ wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: sdc-cert
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml
index dfbd8c80df..5701a91f27 100644
--- a/kubernetes/sdc/values.yaml
+++ b/kubernetes/sdc/values.yaml
@@ -23,8 +23,8 @@ global:
#Should be the password of shared cassandra instance/chart
cs_password: Y2Fzc2FuZHJh
cs_truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq
- truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq
- keystore_password: IXBwSi5KdlduMGhHaClvVkZdKFtLdile
+ truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw
+ keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx
wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
ubuntuInitRepository: oomk8s
ubuntuInitImage: ubuntu-init:1.0.0
@@ -41,6 +41,7 @@ global:
dataCenter: Pod
security:
disableHttp: true
+ envsubstImage: dibi/envsubst
config:
logstashServiceName: log-ls
logstashPort: 5044