diff options
Diffstat (limited to 'kubernetes/aai/charts')
36 files changed, 103 insertions, 158 deletions
diff --git a/kubernetes/aai/charts/aai-babel/Chart.yaml b/kubernetes/aai/charts/aai-babel/Chart.yaml index d0311c189b..fe1a4ce241 100644 --- a/kubernetes/aai/charts/aai-babel/Chart.yaml +++ b/kubernetes/aai/charts/aai-babel/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v1 description: Babel microservice name: aai-babel -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-babel/requirements.yaml b/kubernetes/aai/charts/aai-babel/requirements.yaml index 6566196ceb..78e822edf8 100644 --- a/kubernetes/aai/charts/aai-babel/requirements.yaml +++ b/kubernetes/aai/charts/aai-babel/requirements.yaml @@ -15,7 +15,7 @@ dependencies: - name: common - version: ~3.0.0 + version: ~4.x-0 # local reference to common chart, as it is # a part of this chart's package and will not # be published independently to a repo (at this point) diff --git a/kubernetes/aai/charts/aai-cassandra/Chart.yaml b/kubernetes/aai/charts/aai-cassandra/Chart.yaml index 1de4ecf177..3987a111c0 100644 --- a/kubernetes/aai/charts/aai-cassandra/Chart.yaml +++ b/kubernetes/aai/charts/aai-cassandra/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v1 description: ONAP AAI Cassandra name: aai-cassandra -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-champ/Chart.yaml b/kubernetes/aai/charts/aai-champ/Chart.yaml index 5276f75fc7..a41a49ea07 100644 --- a/kubernetes/aai/charts/aai-champ/Chart.yaml +++ b/kubernetes/aai/charts/aai-champ/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v1 description: ONAP AAI Champ microservice name: aai-champ -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-champ/requirements.yaml b/kubernetes/aai/charts/aai-champ/requirements.yaml index 6566196ceb..78e822edf8 100644 --- a/kubernetes/aai/charts/aai-champ/requirements.yaml +++ b/kubernetes/aai/charts/aai-champ/requirements.yaml @@ -15,7 +15,7 @@ dependencies: - name: common - version: ~3.0.0 + version: ~4.x-0 # local reference to common chart, as it is # a part of this chart's package and will not # be published independently to a repo (at this point) diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index f3ac0701a2..0000000000 --- a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 99129c145f..0000000000 --- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json index 2865e01cd6..ca34049ec2 100644 --- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json +++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json @@ -82,18 +82,18 @@ "permissions": [ "test\\.auth\\.access\\|services\\|GET,PUT", "\\|services\\|GET" - ] + ] }, { "uri": "\/services\/inventory\/.*", "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] }, { - "uri": "\/services\/champ-service\/.*", - "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] - } + "uri": "\/services\/champ-service\/.*", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + } ] diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties index 33daa73b67..1878a4de70 100644 --- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties +++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties @@ -9,13 +9,27 @@ #hostname=test.aic.cip.att.com cadi_loglevel=DEBUG -cadi_keyfile=/opt/app/rproxy/config/security/keyfile +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 -# Configure AAF -aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} aaf_env=DEV aaf_id=demo@people.osaaf.org diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile deleted file mode 100644 index 6cd12fcfb4..0000000000 --- a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM -1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 -xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK -BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm -6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 -QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm -zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 -x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf -8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz -FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz -UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r -banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv -6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG -yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB -xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB -lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq -ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE -fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v -1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 -liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc -0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u -PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm -8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv -dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ --85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn -c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J -uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-champ/templates/deployment.yaml b/kubernetes/aai/charts/aai-champ/templates/deployment.yaml index aa9157fe47..537763a6db 100644 --- a/kubernetes/aai/charts/aai-champ/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-champ/templates/deployment.yaml @@ -31,12 +31,6 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: - {{ if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - {{ end }} initContainers: - command: - /root/ready.py @@ -163,18 +157,18 @@ spec: - name: {{ include "common.fullname" . }}-rproxy-log-config mountPath: /opt/app/rproxy/config/logback-spring.xml subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/client-cert.p12 subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/uri-authorization.json subPath: uri-authorization.json - #- name: {{ include "common.fullname" . }}-rproxy-auth-config - # mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - # subPath: aaf_truststore.jks - name: {{ include "common.fullname" . }}-rproxy-security-config mountPath: /opt/app/rproxy/config/security/keyfile subPath: keyfile @@ -189,7 +183,9 @@ spec: - name: CONFIG_HOME value: "/opt/app/fproxy/config" - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} + value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} - name: spring_profiles_active value: {{ .Values.global.fproxy.activeSpringProfiles }} volumeMounts: @@ -199,10 +195,13 @@ spec: - name: {{ include "common.fullname" . }}-fproxy-log-config mountPath: /opt/app/fproxy/config/logback-spring.xml subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/client-cert.p12 subPath: client-cert.p12 ports: @@ -251,18 +250,21 @@ spec: - name: {{ include "common.fullname" . }}-rproxy-auth-config secret: secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs - name: {{ include "common.fullname" . }}-rproxy-security-config secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config + secretName: aai-rproxy-security-config - name: {{ include "common.fullname" . }}-fproxy-config configMap: name: {{ include "common.fullname" . }}-fproxy-config - name: {{ include "common.fullname" . }}-fproxy-log-config configMap: name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config + secretName: aai-fproxy-auth-certs {{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/charts/aai-champ/templates/secrets.yaml b/kubernetes/aai/charts/aai-champ/templates/secrets.yaml index a0a1519c26..b0a62f63f6 100644 --- a/kubernetes/aai/charts/aai-champ/templates/secrets.yaml +++ b/kubernetes/aai/charts/aai-champ/templates/secrets.yaml @@ -42,27 +42,9 @@ data: apiVersion: v1 kind: Secret metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: name: {{ include "common.fullname" . }}-rproxy-auth-config namespace: {{ include "common.namespace" . }} type: Opaque data: {{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} {{ end }}
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-champ/values.yaml b/kubernetes/aai/charts/aai-champ/values.yaml index b865b0050e..b1ce34dd1d 100644 --- a/kubernetes/aai/charts/aai-champ/values.yaml +++ b/kubernetes/aai/charts/aai-champ/values.yaml @@ -33,6 +33,7 @@ flavor: small config: keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 # default number of instances replicaCount: 1 diff --git a/kubernetes/aai/charts/aai-data-router/Chart.yaml b/kubernetes/aai/charts/aai-data-router/Chart.yaml index da4de97ffd..47f9f312c7 100644 --- a/kubernetes/aai/charts/aai-data-router/Chart.yaml +++ b/kubernetes/aai/charts/aai-data-router/Chart.yaml @@ -15,4 +15,4 @@ apiVersion: v1 description: ONAP AAI Data-Router name: aai-data-router -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-elasticsearch/Chart.yaml b/kubernetes/aai/charts/aai-elasticsearch/Chart.yaml index 9b832249c1..fbc7abd0d9 100644 --- a/kubernetes/aai/charts/aai-elasticsearch/Chart.yaml +++ b/kubernetes/aai/charts/aai-elasticsearch/Chart.yaml @@ -15,4 +15,4 @@ apiVersion: v1 description: ONAP AAI elasticsearch name: aai-elasticsearch -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-gizmo/Chart.yaml b/kubernetes/aai/charts/aai-gizmo/Chart.yaml index 19ba3f63b6..98dba95bf1 100644 --- a/kubernetes/aai/charts/aai-gizmo/Chart.yaml +++ b/kubernetes/aai/charts/aai-gizmo/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v1 description: Gizmo service name: aai-gizmo -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index 7a4979a7a3..0000000000 --- a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 9eec841aa2..0000000000 --- a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 99129c145f..0000000000 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json index e468b3d7bd..54d5de2721 100644 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json @@ -82,18 +82,18 @@ "permissions": [ "test\\.auth\\.access\\|services\\|GET,PUT", "\\|services\\|GET" - ] + ] }, { "uri": "\/services\/inventory\/.*", "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] }, { "uri": "\/services\/gizmo\/.*", "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] } ] diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties index a82e38caf6..51ac56a88d 100644 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties @@ -9,17 +9,31 @@ #hostname=test.aic.cip.att.com cadi_loglevel=DEBUG -cadi_keyfile=/opt/app/rproxy/config/security/keyfile +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 -# Configure AAF -aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} aaf_env=DEV aaf_id=demo@people.osaaf.org aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz # This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile deleted file mode 100644 index 6cd12fcfb4..0000000000 --- a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM -1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 -xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK -BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm -6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 -QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm -zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 -x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf -8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz -FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz -UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r -banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv -6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG -yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB -xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB -lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq -ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE -fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v -1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 -liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc -0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u -PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm -8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv -dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ --85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn -c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J -uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml index 0a30388279..ba90fdc76b 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml @@ -32,11 +32,6 @@ spec: release: {{ .Release.Name }} spec: {{ if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - initContainers: - name: {{ .Values.global.tproxyConfig.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" @@ -154,18 +149,18 @@ spec: - name: {{ include "common.fullname" . }}-rproxy-log-config mountPath: /opt/app/rproxy/config/logback-spring.xml subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/client-cert.p12 subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/uri-authorization.json subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - name: {{ include "common.fullname" . }}-rproxy-security-config mountPath: /opt/app/rproxy/config/security/keyfile subPath: keyfile @@ -181,6 +176,8 @@ spec: value: "/opt/app/fproxy/config" - name: KEY_STORE_PASSWORD value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} - name: spring_profiles_active value: {{ .Values.global.fproxy.activeSpringProfiles }} volumeMounts: @@ -190,10 +187,13 @@ spec: - name: {{ include "common.fullname" . }}-fproxy-log-config mountPath: /opt/app/fproxy/config/logback-spring.xml subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/client-cert.p12 subPath: client-cert.p12 ports: @@ -245,18 +245,21 @@ spec: - name: {{ include "common.fullname" . }}-rproxy-auth-config secret: secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs - name: {{ include "common.fullname" . }}-rproxy-security-config secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config + secretName: aai-rproxy-security-config - name: {{ include "common.fullname" . }}-fproxy-config configMap: name: {{ include "common.fullname" . }}-fproxy-config - name: {{ include "common.fullname" . }}-fproxy-log-config configMap: name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config + secretName: aai-fproxy-auth-certs {{ end }} imagePullSecrets: diff --git a/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml b/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml index 7db76055d1..96c3424476 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml @@ -46,27 +46,9 @@ data: apiVersion: v1 kind: Secret metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: name: {{ include "common.fullname" . }}-rproxy-auth-config namespace: {{ include "common.namespace" . }} type: Opaque data: {{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} {{ end }} diff --git a/kubernetes/aai/charts/aai-gizmo/values.yaml b/kubernetes/aai/charts/aai-gizmo/values.yaml index 599bc5548f..420e59879e 100644 --- a/kubernetes/aai/charts/aai-gizmo/values.yaml +++ b/kubernetes/aai/charts/aai-gizmo/values.yaml @@ -29,6 +29,7 @@ flavor: small config: keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 # default number of instances replicaCount: 1 diff --git a/kubernetes/aai/charts/aai-graphadmin/Chart.yaml b/kubernetes/aai/charts/aai-graphadmin/Chart.yaml index a052da8046..7772ab0753 100644 --- a/kubernetes/aai/charts/aai-graphadmin/Chart.yaml +++ b/kubernetes/aai/charts/aai-graphadmin/Chart.yaml @@ -20,4 +20,4 @@ apiVersion: v1 description: ONAP AAI GraphAdmin name: aai-graphadmin -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-modelloader/Chart.yaml b/kubernetes/aai/charts/aai-modelloader/Chart.yaml index e2b0027337..908e11b29b 100644 --- a/kubernetes/aai/charts/aai-modelloader/Chart.yaml +++ b/kubernetes/aai/charts/aai-modelloader/Chart.yaml @@ -15,4 +15,4 @@ apiVersion: v1 description: ONAP AAI modelloader name: aai-modelloader -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-resources/Chart.yaml b/kubernetes/aai/charts/aai-resources/Chart.yaml index 2954c7f077..12464b5a49 100644 --- a/kubernetes/aai/charts/aai-resources/Chart.yaml +++ b/kubernetes/aai/charts/aai-resources/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v1 description: ONAP AAI resources name: aai-resources -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-search-data/Chart.yaml b/kubernetes/aai/charts/aai-search-data/Chart.yaml index f0f24db189..9cf35239a0 100644 --- a/kubernetes/aai/charts/aai-search-data/Chart.yaml +++ b/kubernetes/aai/charts/aai-search-data/Chart.yaml @@ -15,4 +15,4 @@ apiVersion: v1 description: ONAP AAI search-data name: aai-search-data -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-sparky-be/Chart.yaml b/kubernetes/aai/charts/aai-sparky-be/Chart.yaml index 5ba96af086..e10a0b917e 100644 --- a/kubernetes/aai/charts/aai-sparky-be/Chart.yaml +++ b/kubernetes/aai/charts/aai-sparky-be/Chart.yaml @@ -15,4 +15,4 @@ apiVersion: v1 description: ONAP AAI sparky-be name: aai-sparky-be -version: 3.0.0 +version: 4.0.0 diff --git a/kubernetes/aai/charts/aai-spike/Chart.yaml b/kubernetes/aai/charts/aai-spike/Chart.yaml index 4f43b242eb..587b84c537 100644 --- a/kubernetes/aai/charts/aai-spike/Chart.yaml +++ b/kubernetes/aai/charts/aai-spike/Chart.yaml @@ -15,4 +15,4 @@ apiVersion: v1 description: ONAP AAI Spike microservice name: aai-spike -version: 3.0.0
\ No newline at end of file +version: 4.0.0
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-spike/requirements.yaml b/kubernetes/aai/charts/aai-spike/requirements.yaml index ebeaffff74..8915b751c5 100644 --- a/kubernetes/aai/charts/aai-spike/requirements.yaml +++ b/kubernetes/aai/charts/aai-spike/requirements.yaml @@ -14,7 +14,7 @@ dependencies: - name: common - version: ~3.0.0 + version: ~4.x-0 # local reference to common chart, as it is # a part of this chart's package and will not # be published independently to a repo (at this point) diff --git a/kubernetes/aai/charts/aai-traversal/Chart.yaml b/kubernetes/aai/charts/aai-traversal/Chart.yaml index f7e6a12bed..0470d0ac7f 100644 --- a/kubernetes/aai/charts/aai-traversal/Chart.yaml +++ b/kubernetes/aai/charts/aai-traversal/Chart.yaml @@ -15,4 +15,4 @@ apiVersion: v1 description: ONAP AAI traversal name: aai-traversal -version: 3.0.0 +version: 4.0.0 |