summaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf/charts
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/aaf/charts')
-rw-r--r--kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml44
-rw-r--r--kubernetes/aaf/charts/aaf-cm/values.yaml5
-rw-r--r--kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml6
-rw-r--r--kubernetes/aaf/charts/aaf-cs/values.yaml4
-rw-r--r--kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml44
-rw-r--r--kubernetes/aaf/charts/aaf-fs/values.yaml5
-rw-r--r--kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml44
-rw-r--r--kubernetes/aaf/charts/aaf-gui/values.yaml6
-rw-r--r--kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml45
-rw-r--r--kubernetes/aaf/charts/aaf-hello/values.yaml5
-rw-r--r--kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml45
-rw-r--r--kubernetes/aaf/charts/aaf-locate/values.yaml5
-rw-r--r--kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml46
-rw-r--r--kubernetes/aaf/charts/aaf-oauth/values.yaml5
-rw-r--r--kubernetes/aaf/charts/aaf-service/templates/deployment.yaml44
-rw-r--r--kubernetes/aaf/charts/aaf-service/values.yaml5
-rw-r--r--kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml2
-rw-r--r--kubernetes/aaf/charts/aaf-sms/values.yaml2
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/Chart.yaml18
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/README.md24
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml18
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml32
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml87
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml93
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml60
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml18
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml32
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml105
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml41
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml51
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml69
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml18
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml130
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml61
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/requirements.yaml18
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd1
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle1
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/pv.yaml57
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/pvc.yaml79
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml22
-rw-r--r--kubernetes/aaf/charts/aaf-sshsm/values.yaml65
41 files changed, 1293 insertions, 169 deletions
diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml
index 39544258fd..8655054660 100644
--- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml
@@ -31,20 +31,27 @@ spec:
release: {{ .Release.Name }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-job-complete
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ .Release.Name }}-create-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - name: {{ include "common.name" . }}-config-container
+ image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.name" . }}-config-vol
+ env:
+ - name: HOSTNAME
+ value: "{{ .Values.global.cadi.hostname }}"
+ - name: AAF_ENV
+ value: "{{ .Values.global.cadi.aaf_env }}"
+ - name: AAF_REGISTER_AS
+ value: "{{ .Values.aaf_register_as }}"
+ - name: LATITUDE
+ value: "{{ .Values.global.cadi.cadi_latitude }}"
+ - name: LONGITUDE
+ value: "{{ .Values.global.cadi.cadi_longitude }}"
+ - name: CASS_HOST
+ value: "{{ .Values.global.cadi.cass_host }}"
+ - name: AAF_LOCATOR_AS
+ value: "{{ .Values.global.cadi.cadi_locator_as }}"
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
@@ -66,7 +73,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: "/opt/app/osaaf"
- name: shared-config-volume
+ name: {{ include "common.name" . }}-config-vol
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -96,12 +103,7 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: shared-config-volume
- {{- if .Values.global.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ .Release.Name }}-config
- {{- else }}
+ - name: {{ include "common.name" . }}-config-vol
emptyDir: {}
- {{- end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml
index 9ddb366064..6897898b40 100644
--- a/kubernetes/aaf/charts/aaf-cm/values.yaml
+++ b/kubernetes/aaf/charts/aaf-cm/values.yaml
@@ -25,7 +25,8 @@ flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_cm:2.1.2-SNAPSHOT
+image: onap/aaf/aaf_cm:2.1.5
+aaf_register_as: "aaf-cm.onap"
pullPolicy: Always
@@ -76,4 +77,4 @@ resources:
requests:
cpu: 40m
memory: 600Mi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml
index e0d500c420..3abdcb3c7f 100644
--- a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml
@@ -63,8 +63,8 @@ spec:
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
- exec:
- command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","wait"]
+ tcpSocket:
+ port: {{ .Values.service.internalPort3 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources:
@@ -89,4 +89,4 @@ spec:
emptyDir: {}
{{- end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-cs/values.yaml b/kubernetes/aaf/charts/aaf-cs/values.yaml
index a914b542f4..61c0808102 100644
--- a/kubernetes/aaf/charts/aaf-cs/values.yaml
+++ b/kubernetes/aaf/charts/aaf-cs/values.yaml
@@ -24,7 +24,7 @@ flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_cass:2.1.2-SNAPSHOT
+image: onap/aaf/aaf_cass:2.1.5-SNAPSHOT
pullPolicy: Always
# application configuration
@@ -94,4 +94,4 @@ persistence:
volumeReclaimPolicy: Retain
accessMode: ReadWriteOnce
size: 10Gi
- storageClass: "manual" \ No newline at end of file
+ storageClass: "manual"
diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml
index 5125eb161e..cfafba7088 100644
--- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml
@@ -31,20 +31,27 @@ spec:
release: {{ .Release.Name }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-job-complete
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ .Release.Name }}-create-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - name: {{ include "common.name" . }}-config-container
+ image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.name" . }}-config-vol
+ env:
+ - name: HOSTNAME
+ value: "{{ .Values.global.cadi.hostname }}"
+ - name: AAF_ENV
+ value: "{{ .Values.global.cadi.aaf_env }}"
+ - name: AAF_REGISTER_AS
+ value: "{{ .Values.aaf_register_as }}"
+ - name: LATITUDE
+ value: "{{ .Values.global.cadi.cadi_latitude }}"
+ - name: LONGITUDE
+ value: "{{ .Values.global.cadi.cadi_longitude }}"
+ - name: CASS_HOST
+ value: "{{ .Values.global.cadi.cass_host }}"
+ - name: AAF_LOCATOR_AS
+ value: "{{ .Values.global.cadi.cadi_locator_as }}"
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
@@ -66,7 +73,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: "/opt/app/osaaf"
- name: shared-config-volume
+ name: {{ include "common.name" . }}-config-vol
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -96,12 +103,7 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: shared-config-volume
- {{- if .Values.global.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ .Release.Name }}-config
- {{- else }}
+ - name: {{ include "common.name" . }}-config-vol
emptyDir: {}
- {{- end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/charts/aaf-fs/values.yaml
index 0f0d7c47e7..bfa95760e1 100644
--- a/kubernetes/aaf/charts/aaf-fs/values.yaml
+++ b/kubernetes/aaf/charts/aaf-fs/values.yaml
@@ -25,7 +25,8 @@ flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_fs:2.1.2-SNAPSHOT
+image: onap/aaf/aaf_fs:2.1.5
+aaf_register_as: "aaf-fs.onap"
pullPolicy: Always
@@ -76,4 +77,4 @@ resources:
requests:
cpu: 100m
memory: 400Mi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml
index 24c8e68cec..03424125e4 100644
--- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml
@@ -31,20 +31,27 @@ spec:
release: {{ .Release.Name }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-job-complete
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ .Release.Name }}-create-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - name: {{ include "common.name" . }}-config-container
+ image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.name" . }}-config-vol
+ env:
+ - name: HOSTNAME
+ value: "{{ .Values.global.cadi.hostname }}"
+ - name: AAF_ENV
+ value: "{{ .Values.global.cadi.aaf_env }}"
+ - name: AAF_REGISTER_AS
+ value: "{{ .Values.aaf_register_as }}"
+ - name: LATITUDE
+ value: "{{ .Values.global.cadi.cadi_latitude }}"
+ - name: LONGITUDE
+ value: "{{ .Values.global.cadi.cadi_longitude }}"
+ - name: CASS_HOST
+ value: "{{ .Values.global.cadi.cass_host }}"
+ - name: AAF_LOCATOR_AS
+ value: "{{ .Values.global.cadi.cadi_locator_as }}"
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
@@ -66,7 +73,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: "/opt/app/osaaf"
- name: shared-config-volume
+ name: {{ include "common.name" . }}-config-vol
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -96,12 +103,7 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: shared-config-volume
- {{- if .Values.global.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ .Release.Name }}-config
- {{- else }}
+ - name: {{ include "common.name" . }}-config-vol
emptyDir: {}
- {{- end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml
index d44ac5ed46..50315db339 100644
--- a/kubernetes/aaf/charts/aaf-gui/values.yaml
+++ b/kubernetes/aaf/charts/aaf-gui/values.yaml
@@ -1,3 +1,4 @@
+
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -25,7 +26,8 @@ flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_gui:2.1.2-SNAPSHOT
+image: onap/aaf/aaf_gui:2.1.5
+aaf_register_as: "aaf-gui.onap"
pullPolicy: Always
@@ -77,4 +79,4 @@ resources:
requests:
cpu: 100m
memory: 500Mi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml
index f932228cd9..d3049e0239 100644
--- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml
@@ -31,20 +31,28 @@ spec:
release: {{ .Release.Name }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-job-complete
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ .Release.Name }}-create-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - name: {{ include "common.name" . }}-config-container
+ image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.name" . }}-config-vol
+ env:
+ - name: HOSTNAME
+ value: "{{ .Values.global.cadi.hostname }}"
+ - name: AAF_ENV
+ value: "{{ .Values.global.cadi.aaf_env }}"
+ - name: AAF_REGISTER_AS
+ value: "{{ .Values.aaf_register_as }}"
+ - name: LATITUDE
+ value: "{{ .Values.global.cadi.cadi_latitude }}"
+ - name: LONGITUDE
+ value: "{{ .Values.global.cadi.cadi_longitude }}"
+ - name: CASS_HOST
+ value: "{{ .Values.global.cadi.cass_host }}"
+ - name: AAF_LOCATOR_AS
+ value: "{{ .Values.global.cadi.cadi_locator_as }}"
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
@@ -66,7 +74,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: "/opt/app/osaaf"
- name: shared-config-volume
+ name: {{ include "common.name" . }}-config-vol
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -96,12 +104,7 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: shared-config-volume
- {{- if .Values.global.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ .Release.Name }}-config
- {{- else }}
+ - name: {{ include "common.name" . }}-config-vol
emptyDir: {}
- {{- end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml
index 9f694be8b8..35a697b6d3 100644
--- a/kubernetes/aaf/charts/aaf-hello/values.yaml
+++ b/kubernetes/aaf/charts/aaf-hello/values.yaml
@@ -25,7 +25,8 @@ flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_hello:2.1.2-SNAPSHOT
+image: onap/aaf/aaf_hello:2.1.5
+aaf_register_as: "aaf-hello.onap"
pullPolicy: Always
@@ -76,4 +77,4 @@ resources:
requests:
cpu: 20m
memory: 500Mi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml
index a3a9e285cf..ea4e3e8a47 100644
--- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml
@@ -31,20 +31,28 @@ spec:
release: {{ .Release.Name }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-job-complete
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ .Release.Name }}-create-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - name: {{ include "common.name" . }}-config-container
+ image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.name" . }}-config-vol
+ env:
+ - name: HOSTNAME
+ value: "{{ .Values.global.cadi.hostname }}"
+ - name: AAF_ENV
+ value: "{{ .Values.global.cadi.aaf_env }}"
+ - name: AAF_REGISTER_AS
+ value: "{{ .Values.aaf_register_as }}"
+ - name: LATITUDE
+ value: "{{ .Values.global.cadi.cadi_latitude }}"
+ - name: LONGITUDE
+ value: "{{ .Values.global.cadi.cadi_longitude }}"
+ - name: CASS_HOST
+ value: "{{ .Values.global.cadi.cass_host }}"
+ - name: AAF_LOCATOR_AS
+ value: "{{ .Values.global.cadi.cadi_locator_as }}"
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
@@ -66,7 +74,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: "/opt/app/osaaf"
- name: shared-config-volume
+ name: {{ include "common.name" . }}-config-vol
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -96,12 +104,7 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: shared-config-volume
- {{- if .Values.global.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ .Release.Name }}-config
- {{- else }}
+ - name: {{ include "common.name" . }}-config-vol
emptyDir: {}
- {{- end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml
index ba1e56373c..63843956a4 100644
--- a/kubernetes/aaf/charts/aaf-locate/values.yaml
+++ b/kubernetes/aaf/charts/aaf-locate/values.yaml
@@ -25,7 +25,8 @@ flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_locate:2.1.2-SNAPSHOT
+image: onap/aaf/aaf_locate:2.1.5
+aaf_register_as: "aaf-locate.onap"
pullPolicy: Always
@@ -76,4 +77,4 @@ resources:
requests:
cpu: 40m
memory: 500Mi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml
index 06cf2736ef..aed0bbe785 100644
--- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml
@@ -31,23 +31,30 @@ spec:
release: {{ .Release.Name }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-job-complete
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ .Release.Name }}-create-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - name: {{ include "common.name" . }}-config-container
+ image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.name" . }}-config-vol
+ env:
+ - name: HOSTNAME
+ value: "{{ .Values.global.cadi.hostname }}"
+ - name: AAF_ENV
+ value: "{{ .Values.global.cadi.aaf_env }}"
+ - name: AAF_REGISTER_AS
+ value: "{{ .Values.aaf_register_as }}"
+ - name: LATITUDE
+ value: "{{ .Values.global.cadi.cadi_latitude }}"
+ - name: LONGITUDE
+ value: "{{ .Values.global.cadi.cadi_longitude }}"
+ - name: CASS_HOST
+ value: "{{ .Values.global.cadi.cass_host }}"
+ - name: AAF_LOCATOR_AS
+ value: "{{ .Values.global.cadi.cadi_locator_as }}"
- name: {{ include "common.name" . }}-readiness
command:
- - /root/ready.py
+ - /root/ready.py
args:
- --container-name
- aaf-locate
@@ -66,7 +73,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: "/opt/app/osaaf"
- name: shared-config-volume
+ name: {{ include "common.name" . }}-config-vol
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -96,12 +103,7 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: shared-config-volume
- {{- if .Values.global.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ .Release.Name }}-config
- {{- else }}
+ - name: {{ include "common.name" . }}-config-vol
emptyDir: {}
- {{- end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml
index e52075a447..874b50694d 100644
--- a/kubernetes/aaf/charts/aaf-oauth/values.yaml
+++ b/kubernetes/aaf/charts/aaf-oauth/values.yaml
@@ -25,7 +25,8 @@ flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_oauth:2.1.2-SNAPSHOT
+image: onap/aaf/aaf_oauth:2.1.5
+aaf_register_as: "aaf-oauth.onap"
pullPolicy: Always
@@ -76,4 +77,4 @@ resources:
requests:
cpu: 40m
memory: 200Mi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml
index c3c140a35d..35b17ba5a5 100644
--- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml
@@ -31,20 +31,27 @@ spec:
release: {{ .Release.Name }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-job-complete
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ .Release.Name }}-create-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ - name: {{ include "common.name" . }}-config-container
+ image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.name" . }}-config-vol
+ env:
+ - name: HOSTNAME
+ value: "{{ .Values.global.cadi.hostname }}"
+ - name: AAF_ENV
+ value: "{{ .Values.global.cadi.aaf_env }}"
+ - name: AAF_REGISTER_AS
+ value: "{{ .Values.aaf_register_as }}"
+ - name: LATITUDE
+ value: "{{ .Values.global.cadi.cadi_latitude }}"
+ - name: LONGITUDE
+ value: "{{ .Values.global.cadi.cadi_longitude }}"
+ - name: CASS_HOST
+ value: "{{ .Values.global.cadi.cass_host }}"
+ - name: AAF_LOCATOR_AS
+ value: "{{ .Values.global.cadi.cadi_locator_as }}"
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
@@ -66,7 +73,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: "/opt/app/osaaf"
- name: shared-config-volume
+ name: {{ include "common.name" . }}-config-vol
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -96,12 +103,7 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: shared-config-volume
- {{- if .Values.global.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ .Release.Name }}-config
- {{- else }}
+ - name: {{ include "common.name" . }}-config-vol
emptyDir: {}
- {{- end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key" \ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml
index 7ec6364f3c..5921ff676b 100644
--- a/kubernetes/aaf/charts/aaf-service/values.yaml
+++ b/kubernetes/aaf/charts/aaf-service/values.yaml
@@ -25,7 +25,8 @@ flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_service:2.1.2-SNAPSHOT
+image: onap/aaf/aaf_service:2.1.5
+aaf_register_as: "aaf-service.onap"
pullPolicy: Always
@@ -77,4 +78,4 @@ resources:
requests:
cpu: 40m
memory: 300Mi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
index d6ac1cb881..7a24eb7d47 100644
--- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/smsquorumclient:latest
+image: onap/aaf/smsquorumclient:3.0.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml
index 7a25581908..5f27f055de 100644
--- a/kubernetes/aaf/charts/aaf-sms/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/values.yaml
@@ -28,7 +28,7 @@ flavor: small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/sms:latest
+image: onap/aaf/sms:3.0.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml
new file mode 100644
index 0000000000..78b10c5764
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Hardware Security Components
+name: aaf-sshsm
+version: 3.0.0
diff --git a/kubernetes/aaf/charts/aaf-sshsm/README.md b/kubernetes/aaf/charts/aaf-sshsm/README.md
new file mode 100644
index 0000000000..a6f2e62cb9
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/README.md
@@ -0,0 +1,24 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Helm Chart for ONAP Hardware Security Components
+
+This includes the following Kubernetes services:
+
+1. dist-center - A service that is used to create and distribute private keys
+2. abrmd - A service that manages access to the TPM device
+
+# Service Dependencies
+
+All services depend on AAF \ No newline at end of file
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml
new file mode 100644
index 0000000000..9e8b16af04
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Trusted Platform Module Resource Manager
+name: aaf-sshsm-abrmd
+version: 3.0.0
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml
new file mode 100644
index 0000000000..61aa095e3b
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
new file mode 100644
index 0000000000..8b2e0b8162
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
@@ -0,0 +1,87 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-init
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 2
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ .Release.Name }}
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/abrmd/bin/initialize_tpm.sh"]
+ workingDir: /abrmd/bin
+ securityContext:
+ privileged: true
+ env:
+ - name: TPM_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: ABRMD_DATA
+ value: /abrmd/data
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /abrmd/data
+ - name: {{ include "common.fullname" . }}-tpm-device
+ mountPath: /dev/tpm0
+ - name: {{ include "common.fullname" . }}-tpmconfig
+ mountPath: "/abrmd/cred/"
+ readOnly: true
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ nodeSelector:
+ {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.global.tpm.enabled }}
+ {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-data
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-aaf-sshsm-data
+ - name: {{ include "common.fullname" . }}-tpm-device
+ hostPath:
+ path: /dev/tpm0
+ - name: {{ include "common.fullname" . }}-tpmconfig
+ secret:
+ secretName: {{ .Release.Name }}-aaf-sshsm
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
new file mode 100644
index 0000000000..a3a2004216
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
@@ -0,0 +1,93 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
+
+apiVersion: apps/v1beta1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ serviceName:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-job-complete
+ command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ include "common.fullname" . }}-init"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ name: {{ include "common.name" . }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/abrmd/bin/run_abrmd.sh"]
+ workingDir: /abrmd/bin
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-dbus
+ mountPath: /var/run/dbus
+ - name: {{ include "common.fullname" . }}-tpm-device
+ mountPath: /dev/tpm0
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ nodeSelector:
+ {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.global.tpm.enabled }}
+ {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-dbus
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-aaf-sshsm-dbus
+ - name: {{ include "common.fullname" . }}-tpm-device
+ hostPath:
+ path: /dev/tpm0
+
+{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml
new file mode 100644
index 0000000000..bf64c6d120
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-abrmd/values.yaml
@@ -0,0 +1,60 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aaf/abrmd:3.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+# default number of instances
+replicaCount: 1
+
+# TPM specific node selection is done at parent chart aaf-sshsm
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml
new file mode 100644
index 0000000000..3bb88466ef
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Trusted Platform Module Distribution Center
+name: aaf-sshsm-distcenter
+version: 3.0.0
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml
new file mode 100644
index 0000000000..ea0ea6062d
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.distcenter.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
new file mode 100644
index 0000000000..69a9956611
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
@@ -0,0 +1,105 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.distcenter.enabled -}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ serviceName:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+{{- if .Values.global.tpm.enabled }}
+ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-aaf-sshsm-abrmd-init"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+{{ else }}
+ - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-gen-passphrase
+ command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"]
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /distcenter/data
+{{- end }}
+ containers:
+ - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ name: {{ include "common.name" . }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/entrypoint.sh"]
+ workingDir: /distcenter
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /distcenter/data
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-data
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-aaf-sshsm-data
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml
new file mode 100644
index 0000000000..fa5fd16c7f
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pv.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.distcenter.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml
new file mode 100644
index 0000000000..6497639a77
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/pvc.yaml
@@ -0,0 +1,51 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.distcenter.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml
new file mode 100644
index 0000000000..3993cfc281
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-distcenter/values.yaml
@@ -0,0 +1,69 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aaf/distcenter:3.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 10Mi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sshsm/distcenter/data
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml
new file mode 100644
index 0000000000..3855b04f2c
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Trusted Platform Module Test CA Service
+name: aaf-sshsm-testca
+version: 3.0.0
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
new file mode 100644
index 0000000000..304f974d9d
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
@@ -0,0 +1,130 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.testca.enabled -}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ serviceName:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-distcenter-ready
+ command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-aaf-sshsm-distcenter"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+{{- if .Values.global.tpm.enabled }}
+ - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-abrmd-ready
+ command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"]
+ workingDir: /testca/bin
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-dbus
+ mountPath: /var/run/dbus
+{{- end }}
+ containers:
+ - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ name: {{ include "common.name" . }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["./import.sh"]
+ workingDir: /testca/bin
+ env:
+{{- if .Values.global.tpm.enabled }}
+ - name: TPM_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: DATA_FOLDER
+ value: /testca/data/host_$(TPM_NODE_NAME)
+{{ else }}
+ - name: DATA_FOLDER
+ value: /testca/data
+{{- end }}
+ - name: SECRETS_FOLDER
+ value: /testca/secrets
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-data
+ mountPath: /testca/data
+ - name: {{ include "common.fullname" . }}-dbus
+ mountPath: /var/run/dbus
+ - name: {{ include "common.fullname" . }}-secrets
+ mountPath: /testca/secrets
+ readOnly: true
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ nodeSelector:
+ {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.global.tpm.enabled }}
+ {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-data
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-aaf-sshsm-data
+ - name: {{ include "common.fullname" . }}-dbus
+ persistentVolumeClaim:
+ claimName: {{ .Release.Name }}-aaf-sshsm-dbus
+ - name: {{ include "common.fullname" . }}-secrets
+ secret:
+ secretName: {{ .Release.Name }}-aaf-sshsm
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml
new file mode 100644
index 0000000000..3fd53d28cb
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/charts/aaf-sshsm-testca/values.yaml
@@ -0,0 +1,61 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+enabled: true
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aaf/testcaservice:3.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml b/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml
new file mode 100644
index 0000000000..3192c43776
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
diff --git a/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd b/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd
new file mode 100644
index 0000000000..640b325898
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/resources/config/prk_passwd
@@ -0,0 +1 @@
+cHJpbWFyeXBhc3N3b3JkCg==
diff --git a/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle b/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle
new file mode 100644
index 0000000000..b8b9d8ddb0
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/resources/config/srk_handle
@@ -0,0 +1 @@
+MHg4MTAwMDAyMwo=
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pv.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pv.yaml
new file mode 100644
index 0000000000..b4d283f1c7
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pv.yaml
@@ -0,0 +1,57 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}-data
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.dataMountSubPath }}
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-dbus
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}-dbus
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.dbusMountSubPath }}
+{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc.yaml
new file mode 100644
index 0000000000..c50a0bc587
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/pvc.yaml
@@ -0,0 +1,79 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}-data
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-dbus
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}-dbus
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml b/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml
new file mode 100644
index 0000000000..50b6f36cd3
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/templates/secret.yaml
@@ -0,0 +1,22 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ (.Files.Glob "resources/config/*").AsSecrets | indent 2 }} \ No newline at end of file
diff --git a/kubernetes/aaf/charts/aaf-sshsm/values.yaml b/kubernetes/aaf/charts/aaf-sshsm/values.yaml
new file mode 100644
index 0000000000..d06884652d
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sshsm/values.yaml
@@ -0,0 +1,65 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ ubuntuInitRepository: oomk8s
+ ubuntuInitImage: ubuntu-init:1.0.0
+ tpm:
+ enabled: false
+ # if enabled, nodeselector will use the below
+ # values in the nodeselector section of the pod
+ nodeLabel: "tpm-node"
+ nodeLabelValue: "true"
+ abrmd:
+ enabled: true
+ distcenter:
+ enabled: true
+ testca:
+ enabled: true
+ persistence: {}
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 10Mi
+ mountPath: /dockerdata-nfs
+ dataMountSubPath: sshsm/data
+ dbusMountSubPath: sshsm/dbus
+
+# Configure resource requests and limits
+resources:
+ small:
+ limits:
+ cpu: 200m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
+ large:
+ limits:
+ cpu: 400m
+ memory: 1Gi
+ requests:
+ cpu: 10m
+ memory: 100Mi
+ unlimited: {} \ No newline at end of file