diff options
Diffstat (limited to 'kubernetes/aai')
49 files changed, 603 insertions, 48 deletions
diff --git a/kubernetes/aai/charts/aai-babel/values.yaml b/kubernetes/aai/charts/aai-babel/values.yaml index 59c336660c..8e55d49075 100644 --- a/kubernetes/aai/charts/aai-babel/values.yaml +++ b/kubernetes/aai/charts/aai-babel/values.yaml @@ -25,7 +25,7 @@ global: ################################################################# # application image -image: onap/babel:1.3-STAGING-latest +image: onap/babel:1.3.0 flavor: small diff --git a/kubernetes/aai/charts/aai-champ/resources/config/log/logback.xml b/kubernetes/aai/charts/aai-champ/resources/config/log/logback.xml index 1fbd913907..67f6ac34f1 100644 --- a/kubernetes/aai/charts/aai-champ/resources/config/log/logback.xml +++ b/kubernetes/aai/charts/aai-champ/resources/config/log/logback.xml @@ -143,27 +143,12 @@ limitations under the License. <logger name="org.springframework.web" level="WARN" /> <logger name="com.blog.spring.jms" level="WARN" /> - <!-- AJSC Services (bootstrap services) --> - <logger name="ajsc" level="WARN" /> - <logger name="ajsc.RouteMgmtService" level="WARN" /> - <logger name="ajsc.ComputeService" level="WARN" /> - <logger name="ajsc.VandelayService" level="WARN" /> - <logger name="ajsc.FilePersistenceService" level="WARN" /> - <logger name="ajsc.UserDefinedJarService" level="WARN" /> - <logger name="ajsc.UserDefinedBeansDefService" level="WARN" /> - <logger name="ajsc.LoggingConfigurationService" level="WARN" /> - - <!-- AJSC related loggers --> - <logger name="ajsc.restlet" level="WARN" /> - <logger name="ajsc.servlet" level="WARN" /> - <!-- General loggers --> - <logger name="com.att" level="INFO" /> - <logger name="org.onap" level="INFO" /> - <logger name="org.openecomp" level="INFO" /> + <logger name="org.onap" level="WARN" /> <!-- Other Loggers that may help troubleshoot --> <logger name="net.sf" level="WARN" /> + <logger name="org.apache" level="WARN" /> <logger name="org.apache.commons.httpclient" level="WARN" /> <logger name="org.apache.commons" level="WARN" /> <logger name="org.apache.coyote" level="WARN" /> @@ -188,4 +173,4 @@ limitations under the License. <!-- <appender-ref ref="asyncEELFDebug" /> --> </root> -</configuration> +</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-champ/values.yaml b/kubernetes/aai/charts/aai-champ/values.yaml index 9e1c9bd23b..1cf9452e4d 100644 --- a/kubernetes/aai/charts/aai-champ/values.yaml +++ b/kubernetes/aai/charts/aai-champ/values.yaml @@ -25,7 +25,7 @@ global: ################################################################# # application image -image: onap/champ:1.3-STAGING-latest +image: onap/champ:1.3.0 flavor: small diff --git a/kubernetes/aai/charts/aai-data-router/values.yaml b/kubernetes/aai/charts/aai-data-router/values.yaml index c1fa49f3f0..64a0fe1ab4 100644 --- a/kubernetes/aai/charts/aai-data-router/values.yaml +++ b/kubernetes/aai/charts/aai-data-router/values.yaml @@ -21,7 +21,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/data-router:1.3-STAGING-latest +image: onap/data-router:1.3.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000000..dbf4fcacec --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000000..9eec841aa2 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/fproxy.properties b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000000..f512fb71a6 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000000..3a35b76f7b --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/AAF-FPS" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.fproxy" level="trace" additivity="false"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </logger> + +</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/readme.txt b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000000..dbf4fcacec --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000000..99129c145f --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000000..e468b3d7bd --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,99 @@ +[ + { + "uri": "\/not\/allowed\/at\/all$", + "permissions": [ + "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" + ] + }, + { + "uri": "\/one\/auth\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/multi\/auth\/required$", + "permissions": [ + "test.auth.access.aMultipleAuth1", + "test.auth.access.aMultipleAuth2", + "test.auth.access.aMultipleAuth3" + ] + }, + { + "uri": "\/one\/[^\/]+\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/services\/getAAFRequest$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/admin\/getAAFRequest$", + "permissions": [ + "test.auth.access|admin|GET,PUT,POST" + ] + }, + { + "uri": "\/service\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/services\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/$", + "permissions": [ + "\\|services\\|GET", + "test\\.auth\\.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", + "permissions": [ + "test\\.auth\\.access\\|rest\\|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read", + "test.auth.access|vservers|read" + ] + }, + { + "uri": "\/backend$", + "permissions": [ + "test\\.auth\\.access\\|services\\|GET,PUT", + "\\|services\\|GET" + ] + }, + { + "uri": "\/services\/inventory\/.*", + "permissions": [ + "org\\.access\\|\\*\\|\\*" + ] + }, + { + "uri": "\/services\/gizmo\/.*", + "permissions": [ + "org\\.access\\|\\*\\|\\*" + ] + } +] diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000000..a82e38caf6 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties @@ -0,0 +1,25 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG +cadi_keyfile=/opt/app/rproxy/config/security/keyfile + +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# Configure AAF +aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000000..1b58d4235c --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000000..289fe7512c --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/reverse-proxy" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="debug"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.rproxy" level="trace" additivity="false"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </logger> + +</configuration> diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/primary-service.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000000..8ab780edcb --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9520 diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/readme.txt b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000000..8d46e1f429 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile new file mode 100644 index 0000000000..6cd12fcfb4 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile @@ -0,0 +1,27 @@ +bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM +1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 +xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK +BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm +6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 +QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm +zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 +x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf +8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz +FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz +UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r +banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv +6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG +yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB +xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB +lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq +ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE +fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v +1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 +liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc +0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u +PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm +8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv +dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ +-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn +c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J +uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/templates/configmap.yaml b/kubernetes/aai/charts/aai-gizmo/templates/configmap.yaml index 8d8a8fa008..a25dcbc806 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/configmap.yaml @@ -64,3 +64,39 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +{{ end }} + diff --git a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml index 278a8f5ffa..1e68712749 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml @@ -31,6 +31,19 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + {{ if .Values.global.installSidecarSecurity }} + hostAliases: + - ip: {{ .Values.global.aaf.serverIp }} + hostnames: + - {{ .Values.global.aaf.serverHostname }} + + initContainers: + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} containers: - name: {{ .Chart.Name }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -111,6 +124,79 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-data-filebeat + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks + subPath: aaf_truststore.jks + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + volumes: - name: localtime hostPath: @@ -144,5 +230,29 @@ spec: - name: {{ include "common.fullname" . }}-model-config configMap: name: {{ include "common.fullname" . }}-model-configmap + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-fproxy-auth-config + {{ end }} + imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml b/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml index 58d57697da..7db76055d1 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml @@ -40,3 +40,33 @@ type: Opaque data: KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-fproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-security-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} +{{ end }} diff --git a/kubernetes/aai/charts/aai-gizmo/templates/service.yaml b/kubernetes/aai/charts/aai-gizmo/templates/service.yaml index 88948cfdf5..ac34ed9248 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/service.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/service.yaml @@ -27,15 +27,27 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} + {{ if .Values.global.installSidecarSecurity }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.global.rproxy.port }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- end}} + {{ else }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + {{ end }} selector: app: {{ include "common.name" . }} release: {{ .Release.Name }} diff --git a/kubernetes/aai/charts/aai-gizmo/values.yaml b/kubernetes/aai/charts/aai-gizmo/values.yaml index 6ad25c5246..ff2049ba16 100644 --- a/kubernetes/aai/charts/aai-gizmo/values.yaml +++ b/kubernetes/aai/charts/aai-gizmo/values.yaml @@ -23,7 +23,7 @@ global: ################################################################# # application image -image: onap/gizmo:1.3-STAGING-latest +image: onap/gizmo:1.3.0 flavor: small # application configuration config: diff --git a/kubernetes/aai/charts/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/charts/aai-graphadmin/resources/config/application.properties index 75572479b6..81a9c7b27d 100644 --- a/kubernetes/aai/charts/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/charts/aai-graphadmin/resources/config/application.properties @@ -55,6 +55,7 @@ server.ssl.key-store-type=JKS # JMS bind address host port jms.bind.address=tcp://localhost:61649 dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 +dmaap.ribbon.transportType=https # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema diff --git a/kubernetes/aai/charts/aai-graphadmin/resources/config/realm.properties b/kubernetes/aai/charts/aai-graphadmin/resources/config/realm.properties index 8a14f81606..97627eac16 100644 --- a/kubernetes/aai/charts/aai-graphadmin/resources/config/realm.properties +++ b/kubernetes/aai/charts/aai-graphadmin/resources/config/realm.properties @@ -16,7 +16,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= - # format : username: password[,rolename ...] # default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... AAI:OBF:1gfr1ev31gg7,admin diff --git a/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml index 5b23fa6064..869eac0cc7 100644 --- a/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml @@ -96,6 +96,9 @@ spec: - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml name: {{ include "common.fullname" . }}-localhost-access-log-conf subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-realm-conf + subPath: realm.properties - mountPath: /opt/app/aai-graphadmin/resources/application.properties name: {{ include "common.fullname" . }}-springapp-conf subPath: application.properties diff --git a/kubernetes/aai/charts/aai-graphadmin/values.yaml b/kubernetes/aai/charts/aai-graphadmin/values.yaml index b7af3d0bd7..b1fd98e5ee 100644 --- a/kubernetes/aai/charts/aai-graphadmin/values.yaml +++ b/kubernetes/aai/charts/aai-graphadmin/values.yaml @@ -28,7 +28,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/aai-graphadmin:1.0-STAGING-latest +image: onap/aai-graphadmin:1.0.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/charts/aai-modelloader/values.yaml b/kubernetes/aai/charts/aai-modelloader/values.yaml index 1617fc08a7..a2b64f2318 100644 --- a/kubernetes/aai/charts/aai-modelloader/values.yaml +++ b/kubernetes/aai/charts/aai-modelloader/values.yaml @@ -21,7 +21,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/model-loader:1.3-STAGING-latest +image: onap/model-loader:1.3.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/charts/aai-resources/resources/config/aaf/bath_config.csv b/kubernetes/aai/charts/aai-resources/resources/config/aaf/bath_config.csv new file mode 100644 index 0000000000..b926dfd260 --- /dev/null +++ b/kubernetes/aai/charts/aai-resources/resources/config/aaf/bath_config.csv @@ -0,0 +1,33 @@ +# AAI -> aai@aai.onap.org +Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ModelLoader -> aai@aai.onap.org +Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# AaiUI -> aai@aai.onap.org, +Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# MSO -> so@so.onap.org +Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03 + +# SDNC -> sdnc@sdnc.onap.org +Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# DCAE -> dcae@dcae.onap.org +Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjMzNDU2IQ==,2050-03-03 + +# POLICY -> policy@policy.onap.org +Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ASDC -> sdc@sdc.onap.org +Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# VID -> vid@vid.onap.org +Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# APPC -> appc@appc.onap.org +Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# OOF -> oof@oof.onap.org +Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03 + diff --git a/kubernetes/aai/charts/aai-resources/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/charts/aai-resources/resources/config/aaf/org.onap.aai.props index 906f170f56..78e4e71dc6 100644 --- a/kubernetes/aai/charts/aai-resources/resources/config/aaf/org.onap.aai.props +++ b/kubernetes/aai/charts/aai-resources/resources/config/aaf/org.onap.aai.props @@ -10,4 +10,5 @@ cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5 cadi_alias=aai@aai.onap.org cadi_truststore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks cadi_truststore_password=enc:s77wlnZFoQ08NhnU3OSeWO6uKgRwC6sAK-wTvVubNz2 -cadi_loglevel=INFO
\ No newline at end of file +cadi_loglevel=INFO +cadi_bath_convert=/opt/app/aai-resources/resources/aaf/bath_config.csv diff --git a/kubernetes/aai/charts/aai-resources/resources/config/application.properties b/kubernetes/aai/charts/aai-resources/resources/config/application.properties index 29a6d23341..c8648e499e 100644 --- a/kubernetes/aai/charts/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/charts/aai-resources/resources/config/application.properties @@ -50,6 +50,7 @@ server.ssl.key-store-type=JKS # JMS bind address host port jms.bind.address=tcp://localhost:61647 dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 +dmaap.ribbon.transportType=https # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema diff --git a/kubernetes/aai/charts/aai-resources/resources/config/realm.properties b/kubernetes/aai/charts/aai-resources/resources/config/realm.properties index 1efcfbee03..0499b34f1c 100644 --- a/kubernetes/aai/charts/aai-resources/resources/config/realm.properties +++ b/kubernetes/aai/charts/aai-resources/resources/config/realm.properties @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - # format : username: password[,rolename ...] # default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... AAI:OBF:1gfr1ev31gg7,admin diff --git a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml index 60fb645475..001f5ead65 100644 --- a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml @@ -135,3 +135,4 @@ data: {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/truststoreONAPall.jks").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml index 04549dfb94..4dcfa2cf9c 100644 --- a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml @@ -472,9 +472,15 @@ spec: - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml name: {{ include "common.fullname" . }}-localhost-access-log-conf subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-realm-conf + subPath: realm.properties - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile + - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv + name: {{ include "common.fullname" . }}-aaf-certs + subPath: bath_config.csv - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props name: {{ include "common.fullname" . }}-aaf-properties subPath: org.onap.aai.props diff --git a/kubernetes/aai/charts/aai-resources/values.yaml b/kubernetes/aai/charts/aai-resources/values.yaml index 8e50ba0421..770832b16a 100644 --- a/kubernetes/aai/charts/aai-resources/values.yaml +++ b/kubernetes/aai/charts/aai-resources/values.yaml @@ -22,7 +22,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/aai-resources:1.3-STAGING-latest +image: onap/aai-resources:1.3.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/charts/aai-search-data/values.yaml b/kubernetes/aai/charts/aai-search-data/values.yaml index b58350cac4..292e23c59c 100644 --- a/kubernetes/aai/charts/aai-search-data/values.yaml +++ b/kubernetes/aai/charts/aai-search-data/values.yaml @@ -23,7 +23,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/search-data-service:1.3-STAGING-latest +image: onap/search-data-service:1.3.1 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml index 6a992dd618..d622be662d 100644 --- a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml @@ -90,7 +90,7 @@ spec: - mountPath: /opt/app/sparky/config/application-oxm-default.properties name: {{ include "common.fullname" . }}-properties subPath: application-oxm-default.properties - + - mountPath: /opt/app/sparky/config/application-oxm-override.properties name: {{ include "common.fullname" . }}-properties subPath: application-oxm-override.properties @@ -103,10 +103,10 @@ spec: name: {{ include "common.fullname" . }}-properties subPath: roles.config - mountPath: /opt/app/sparky/config/users.config + - mountPath: /opt/app/sparky/config/users.config name: {{ include "common.fullname" . }}-properties subPath: users.config - + ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} diff --git a/kubernetes/aai/charts/aai-sparky-be/values.yaml b/kubernetes/aai/charts/aai-sparky-be/values.yaml index a323d2987a..fdcb2ab6e9 100644 --- a/kubernetes/aai/charts/aai-sparky-be/values.yaml +++ b/kubernetes/aai/charts/aai-sparky-be/values.yaml @@ -28,7 +28,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/sparky-be:1.3-STAGING-latest +image: onap/sparky-be:1.3.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/charts/aai-traversal/resources/config/aaf/bath_config.csv b/kubernetes/aai/charts/aai-traversal/resources/config/aaf/bath_config.csv new file mode 100644 index 0000000000..b926dfd260 --- /dev/null +++ b/kubernetes/aai/charts/aai-traversal/resources/config/aaf/bath_config.csv @@ -0,0 +1,33 @@ +# AAI -> aai@aai.onap.org +Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ModelLoader -> aai@aai.onap.org +Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# AaiUI -> aai@aai.onap.org, +Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# MSO -> so@so.onap.org +Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03 + +# SDNC -> sdnc@sdnc.onap.org +Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# DCAE -> dcae@dcae.onap.org +Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjMzNDU2IQ==,2050-03-03 + +# POLICY -> policy@policy.onap.org +Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ASDC -> sdc@sdc.onap.org +Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# VID -> vid@vid.onap.org +Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# APPC -> appc@appc.onap.org +Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# OOF -> oof@oof.onap.org +Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03 + diff --git a/kubernetes/aai/charts/aai-traversal/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/charts/aai-traversal/resources/config/aaf/org.onap.aai.props index 4596d91cfe..7cb0d492ce 100644 --- a/kubernetes/aai/charts/aai-traversal/resources/config/aaf/org.onap.aai.props +++ b/kubernetes/aai/charts/aai-traversal/resources/config/aaf/org.onap.aai.props @@ -10,4 +10,5 @@ cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5 cadi_alias=aai@aai.onap.org cadi_truststore=/opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks cadi_truststore_password=enc:s77wlnZFoQ08NhnU3OSeWO6uKgRwC6sAK-wTvVubNz2 -cadi_loglevel=INFO
\ No newline at end of file +cadi_loglevel=INFO +cadi_bath_convert=/opt/app/aai-traversal/resources/aaf/bath_config.csv diff --git a/kubernetes/aai/charts/aai-traversal/resources/config/application.properties b/kubernetes/aai/charts/aai-traversal/resources/config/application.properties index 1ad208fd86..8d35e2f5d6 100644 --- a/kubernetes/aai/charts/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/charts/aai-traversal/resources/config/application.properties @@ -50,6 +50,7 @@ server.ssl.key-store-type=JKS # JMS bind address host port jms.bind.address=tcp://localhost:61647 dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905 +dmaap.ribbon.transportType=https # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema diff --git a/kubernetes/aai/charts/aai-traversal/resources/config/realm.properties b/kubernetes/aai/charts/aai-traversal/resources/config/realm.properties index 1efcfbee03..0499b34f1c 100644 --- a/kubernetes/aai/charts/aai-traversal/resources/config/realm.properties +++ b/kubernetes/aai/charts/aai-traversal/resources/config/realm.properties @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - # format : username: password[,rolename ...] # default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... AAI:OBF:1gfr1ev31gg7,admin diff --git a/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml b/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml index 8b93e8b3ae..79d6abd6c0 100644 --- a/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml @@ -134,3 +134,4 @@ data: {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/truststoreONAPall.jks").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml b/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml index 68bd0185f6..834ab322cd 100644 --- a/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml @@ -304,9 +304,15 @@ spec: - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml name: {{ include "common.fullname" . }}-localhost-access-log-conf subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-realm-conf + subPath: realm.properties - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile + - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv + name: {{ include "common.fullname" . }}-aaf-certs + subPath: bath_config.csv - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.props name: {{ include "common.fullname" . }}-aaf-properties subPath: org.onap.aai.props diff --git a/kubernetes/aai/charts/aai-traversal/templates/job.yaml b/kubernetes/aai/charts/aai-traversal/templates/job.yaml index a018ede1a3..c8efed74ae 100644 --- a/kubernetes/aai/charts/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/charts/aai-traversal/templates/job.yaml @@ -58,6 +58,7 @@ spec: - | set -x mkdir -p /opt/aai/logroot/AAI-GQ/misc + until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done; bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh env: - name: LOCAL_USER_ID @@ -77,7 +78,7 @@ spec: - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties name: {{ include "common.fullname" . }}-aaiconfig-conf subPath: aaiconfig.properties - - mountPath: /var/log/onap + - mountPath: /opt/aai/logroot/AAI-GQ/ name: {{ include "common.fullname" . }}-logs - mountPath: /opt/app/aai-traversal/resources/logback.xml name: {{ include "common.fullname" . }}-log-conf diff --git a/kubernetes/aai/charts/aai-traversal/values.yaml b/kubernetes/aai/charts/aai-traversal/values.yaml index 4e651259b3..0cd2117fe3 100644 --- a/kubernetes/aai/charts/aai-traversal/values.yaml +++ b/kubernetes/aai/charts/aai-traversal/values.yaml @@ -23,7 +23,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/aai-traversal:1.3-STAGING-latest +image: onap/aai-traversal:1.3.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index d32db1794c..3f16e25ffd 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -39,7 +39,11 @@ spec: - /root/ready.py args: - --container-name + - aai-resources + - --container-name - aai-traversal + - --container-name + - aai-graphadmin env: - name: NAMESPACE valueFrom: @@ -75,8 +79,17 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: - tcpSocket: + httpGet: + path: /aai/util/echo port: {{ .Values.service.internalPort2 }} + scheme: HTTPS + httpHeaders: + - name: X-FromAppId + value: OOM_ReadinessCheck + - name: X-TransactionId + value: {{ uuidv4 }} + - name: Accept + value: application/json initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index bf1602e330..0bc707e4e5 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -30,6 +30,30 @@ global: # global defaults restartPolicy: Always + installSidecarSecurity: false + + fproxy: + name: forward-proxy + activeSpringProfiles: noHostVerification,cadi + image: onap/fproxy:2.1-STAGING-latest + port: 10680 + + rproxy: + name: reverse-proxy + activeSpringProfiles: noHostVerification,cadi + image: onap/rproxy:2.1-STAGING-latest + port: 10692 + + tproxyConfig: + name: init-tproxy-config + image: onap/tproxy-config:2.1-STAGING-latest + + # AAF server details. Only needed if the AAF DNS does not resolve from the pod + aaf: + serverIp: 10.12.6.214 + serverHostname: aaf.osaaf.org + serverPort: 30247 + cassandra: serviceName: aai-cassandra replicas: 3 @@ -257,4 +281,4 @@ resources: requests: cpu: 2 memory: 2Gi - unlimited: {}
\ No newline at end of file + unlimited: {} |