diff options
Diffstat (limited to 'kubernetes/aai')
66 files changed, 199 insertions, 3173 deletions
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 9eec841aa2..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index 0637cfb84b..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="info" /> - -</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 99129c145f..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index acc940987c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,93 +0,0 @@ -[ - { - "uri": "\/not\/allowed\/at\/all$", - "permissions": [ - "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" - ] - }, - { - "uri": "\/one\/auth\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/multi\/auth\/required$", - "permissions": [ - "test.auth.access.aMultipleAuth1", - "test.auth.access.aMultipleAuth2", - "test.auth.access.aMultipleAuth3" - ] - }, - { - "uri": "\/one\/[^\/]+\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/services\/getAAFRequest$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/admin\/getAAFRequest$", - "permissions": [ - "test.auth.access|admin|GET,PUT,POST" - ] - }, - { - "uri": "\/service\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/services\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/$", - "permissions": [ - "\\|services\\|GET", - "test\\.auth\\.access\\|services\\|GET,PUT" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", - "permissions": [ - "test\\.auth\\.access\\|rest\\|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read", - "test.auth.access|vservers|read" - ] - }, - { - "uri": "\/backend$", - "permissions": [ - "test\\.auth\\.access\\|services\\|GET,PUT", - "\\|services\\|GET" - ] - }, - { - "uri": "\/services\/babel-service\/.*", - "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] - } -] diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties deleted file mode 100644 index 188c55bee2..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG -cadi_keyfile=/opt/app/rproxy/config/security/keyfile - -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -# Configure AAF -aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 1b58d4235c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 2cd95d4c69..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="info" /> - -</configuration> diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 7055bf5303..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 9516 diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile deleted file mode 100644 index 6cd12fcfb4..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM -1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 -xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK -BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm -6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 -QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm -zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 -x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf -8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz -FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz -UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r -banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv -6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG -yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB -xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB -lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq -ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE -fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v -1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 -liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc -0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u -PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm -8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv -dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ --85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn -c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J -uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml index cdd2a4fefe..baee38c0e2 100644 --- a/kubernetes/aai/components/aai-babel/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,46 +28,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index e75815ecb6..9fe386a3c6 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020,2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,19 +37,6 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - {{ if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - - initContainers: - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true - {{ end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -127,79 +114,6 @@ spec: - mountPath: /usr/share/filebeat/data name: aai-filebeat - {{ if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{ end }} - volumes: - name: localtime hostPath: @@ -226,32 +140,6 @@ spec: emptyDir: {} - name: aai-filebeat emptyDir: {} - {{ if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config - {{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml index 630ce83b31..b81ffa05b9 100644 --- a/kubernetes/aai/components/aai-babel/templates/secrets.yaml +++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -43,48 +44,3 @@ type: Opaque data: KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml index fb7295581c..db54ce14f2 100644 --- a/kubernetes/aai/components/aai-babel/templates/service.yaml +++ b/kubernetes/aai/components/aai-babel/templates/service.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,27 +29,16 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if .Values.global.installSidecarSecurity }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.global.rproxy.port }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- end}} - {{ else }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - {{ end }} + {{- if eq .Values.service.type "NodePort" }} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else }} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end }} + selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index f0a5ec2b78..db1a2eb86b 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -1,6 +1,6 @@ # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020, 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,8 +17,7 @@ ################################################################# # Global configuration defaults. ################################################################# -global: - installSidecarSecurity: false +global: {} ################################################################# # Application configuration defaults. diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index d9fe86e4ec..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore Binary files differdeleted file mode 100644 index f6ebc75ed8..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 9eec841aa2..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index 9a08348b0d..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="info" /> - -</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index 071d407de5..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 Binary files differdeleted file mode 100644 index 023e2eaac6..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 6ad5f51ad3..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index e23c03d833..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,99 +0,0 @@ -[ - { - "uri": "\/not\/allowed\/at\/all$", - "permissions": [ - "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" - ] - }, - { - "uri": "\/one\/auth\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/multi\/auth\/required$", - "permissions": [ - "test.auth.access.aMultipleAuth1", - "test.auth.access.aMultipleAuth2", - "test.auth.access.aMultipleAuth3" - ] - }, - { - "uri": "\/one\/[^\/]+\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/services\/getAAFRequest$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/admin\/getAAFRequest$", - "permissions": [ - "test.auth.access|admin|GET,PUT,POST" - ] - }, - { - "uri": "\/service\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/services\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/$", - "permissions": [ - "\\|services\\|GET", - "test\\.auth\\.access\\|services\\|GET,PUT" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", - "permissions": [ - "test\\.auth\\.access\\|rest\\|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read", - "test.auth.access|vservers|read" - ] - }, - { - "uri": "\/backend$", - "permissions": [ - "test\\.auth\\.access\\|services\\|GET,PUT", - "\\|services\\|GET" - ] - }, - { - "uri": "\/aai\/.*", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - }, - { - "uri": "\/aai\/util\/echo", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - } -] diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties deleted file mode 100644 index fb3d1ccd3e..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG - -# OAuth2 -aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect - -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -# Locate URL (which AAF Env) -aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 - -# AAF URL -aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 - -cadi_keyfile=/opt/app/rproxy/config/security/keyfile -cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 -cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV -cadi_alias=aai@aai.onap.org -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 1b58d4235c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 799fd8689b..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="info" /> - -</configuration> diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 2c89d28180..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 8447 diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile deleted file mode 100644 index 3416d4a737..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf -jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm -4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe -moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf -GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT -74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh -iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb -p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt -3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW -hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 -RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX -xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk -8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q -ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i -5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe -GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE -_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k -zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf -S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU -LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw -hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W -nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP -bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN -JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk -Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y -J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP -mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml index 2927031eb5..f173916104 100644 --- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -49,113 +50,3 @@ data: {{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf-keys - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-aai-policy-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} -{{ end }} diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 84d3df3927..6fbbf1c089 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -2,6 +2,7 @@ # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,1151 +40,38 @@ spec: name: {{ include "common.name" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.global.msbEnabled }} + {{ $values := .Values }} msb.onap.org/service-info: '[ + {{- range $api_endpoint := $values.aai_enpoints -}} + {{- range $api_version := $values.api_list }} { - "serviceName": "_aai-cloudInfrastructure", - "version": "v11", - "url": "/aai/v11/cloud-infrastructure", + "serviceName": "_{{ $api_endpoint.name }}", + "version": "v{{ $api_version }}", + "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8447", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1", - "path": "/aai/v11/cloud-infrastructure" + "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}" }, { - "serviceName": "_aai-cloudInfrastructure", - "version": "v12", - "url": "/aai/v12/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v13", - "url": "/aai/v13/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v14", - "url": "/aai/v14/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v15", - "url": "/aai/v15/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v16", - "url": "/aai/v16/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v17", - "url": "/aai/v17/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v18", - "url": "/aai/v18/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v19", - "url": "/aai/v19/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/cloud-infrastructure" - }, - { - "serviceName": "_aai-business", - "version": "v11", - "url": "/aai/v11/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/business" - }, - { - "serviceName": "_aai-business", - "version": "v12", - "url": "/aai/v12/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/business" - }, - { - "serviceName": "_aai-business", - "version": "v13", - "url": "/aai/v13/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/business" - }, - { - "serviceName": "_aai-business", - "version": "v14", - "url": "/aai/v14/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/business" - }, - { - "serviceName": "_aai-business", - "version": "v15", - "url": "/aai/v15/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/business" - }, - { - "serviceName": "_aai-business", - "version": "v16", - "url": "/aai/v16/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/business" - }, - { - "serviceName": "_aai-business", - "version": "v17", - "url": "/aai/v17/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/business" - }, - { - "serviceName": "_aai-business", - "version": "v18", - "url": "/aai/v18/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/business" - }, - { - "serviceName": "_aai-business", - "version": "v19", - "url": "/aai/v19/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/business" - }, - { - "serviceName": "_aai-actions", - "version": "v11", - "url": "/aai/v11/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v12", - "url": "/aai/v12/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v13", - "url": "/aai/v13/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v14", - "url": "/aai/v14/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v15", - "url": "/aai/v15/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v16", - "url": "/aai/v16/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v17", - "url": "/aai/v17/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v18", - "url": "/aai/v18/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v19", - "url": "/aai/v19/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/actions" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v11", - "url": "/aai/v11/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v12", - "url": "/aai/v12/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v13", - "url": "/aai/v13/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v14", - "url": "/aai/v14/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v15", - "url": "/aai/v15/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v16", - "url": "/aai/v16/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v17", - "url": "/aai/v17/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v18", - "url": "/aai/v18/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v19", - "url": "/aai/v19/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/service-design-and-creation" - }, - { - "serviceName": "_aai-network", - "version": "v11", - "url": "/aai/v11/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/network" - }, - { - "serviceName": "_aai-network", - "version": "v12", - "url": "/aai/v12/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/network" - }, - { - "serviceName": "_aai-network", - "version": "v13", - "url": "/aai/v13/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/network" - }, - { - "serviceName": "_aai-network", - "version": "v14", - "url": "/aai/v14/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/network" - }, - { - "serviceName": "_aai-network", - "version": "v15", - "url": "/aai/v15/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/network" - }, - { - "serviceName": "_aai-network", - "version": "v16", - "url": "/aai/v16/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/network" - }, - { - "serviceName": "_aai-network", - "version": "v17", - "url": "/aai/v17/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/network" - }, - { - "serviceName": "_aai-network", - "version": "v18", - "url": "/aai/v18/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/network" - }, - { - "serviceName": "_aai-network", - "version": "v19", - "url": "/aai/v19/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/network" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v11", - "url": "/aai/v11/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v12", - "url": "/aai/v12/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v13", - "url": "/aai/v13/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v14", - "url": "/aai/v14/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v15", - "url": "/aai/v15/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v16", - "url": "/aai/v16/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v17", - "url": "/aai/v17/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v18", - "url": "/aai/v18/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v19", - "url": "/aai/v19/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/external-system" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v11", - "url": "/aai/v11/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v12", - "url": "/aai/v12/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v13", - "url": "/aai/v13/cloud-infrastructure", + "serviceName": "{{ $api_endpoint.name }}", + "version": "v{{ $api_version }}", + "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8447", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v14", - "url": "/aai/v14/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v15", - "url": "/aai/v15/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v16", - "url": "/aai/v16/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v17", - "url": "/aai/v17/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v18", - "url": "/aai/v18/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v19", - "url": "/aai/v19/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v11", - "url": "/aai/v11/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v12", - "url": "/aai/v12/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v13", - "url": "/aai/v13/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v14", - "url": "/aai/v14/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v15", - "url": "/aai/v15/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v16", - "url": "/aai/v16/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v17", - "url": "/aai/v17/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v18", - "url": "/aai/v18/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v19", - "url": "/aai/v19/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v11", - "url": "/aai/v11/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v12", - "url": "/aai/v12/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v13", - "url": "/aai/v13/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v14", - "url": "/aai/v14/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v15", - "url": "/aai/v15/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v16", - "url": "/aai/v16/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v17", - "url": "/aai/v17/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v18", - "url": "/aai/v18/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v19", - "url": "/aai/v19/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v11", - "url": "/aai/v11/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v12", - "url": "/aai/v12/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v13", - "url": "/aai/v13/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v14", - "url": "/aai/v14/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v15", - "url": "/aai/v15/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v16", - "url": "/aai/v16/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v17", - "url": "/aai/v17/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v18", - "url": "/aai/v18/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v19", - "url": "/aai/v19/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v11", - "url": "/aai/v11/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v12", - "url": "/aai/v12/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v13", - "url": "/aai/v13/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v14", - "url": "/aai/v14/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v15", - "url": "/aai/v15/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v16", - "url": "/aai/v16/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v17", - "url": "/aai/v17/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v18", - "url": "/aai/v18/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v19", - "url": "/aai/v19/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v11", - "url": "/aai/v11/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v12", - "url": "/aai/v12/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v13", - "url": "/aai/v13/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v14", - "url": "/aai/v14/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v15", - "url": "/aai/v15/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v16", - "url": "/aai/v16/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v17", - "url": "/aai/v17/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v18", - "url": "/aai/v18/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v19", - "url": "/aai/v19/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - } + {{- end }} + {{- end }} ]' + {{- end }} spec: hostname: aai-resources - {{- if .Values.global.initContainers.enabled }} - {{- if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - {{- end }} initContainers: - command: {{- if .Values.global.jobs.migration.enabled }} @@ -1191,23 +79,24 @@ spec: args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else if .Values.global.jobs.createSchema.enabled }} + {{- else }} + {{- if .Values.global.jobs.createSchema.enabled }} - /app/ready.py args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} + {{- else }} - /app/ready.py args: - --container-name - {{- if .Values.global.cassandra.localCluster }} + {{- if .Values.global.cassandra.localCluster }} - aai-cassandra - {{- else }} + {{- else }} - cassandra - {{- end }} + {{- end }} - --container-name - aai-schema-service - {{- end }} + {{- end }} env: - name: NAMESPACE valueFrom: @@ -1217,14 +106,7 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - {{- if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true {{- end }} - {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -1234,6 +116,8 @@ spec: value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} + - name: POST_JAVA_OPTS + value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword=changeit' volumeMounts: - mountPath: /etc/localtime name: localtime @@ -1258,11 +142,6 @@ spec: - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties - {{- if .Values.global.installSidecarSecurity }} - - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json - name: {{ include "common.fullname" . }}-aai-policy - subPath: aai_policy.json - {{- end }} - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile @@ -1336,84 +215,6 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.sidecar.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 - subPath: org.onap.aai.p12 - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.sidecar.keyStorePassword }} - - name: TRUST_STORE_PASSWORD - value: {{ .Values.sidecar.trustStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/fproxy_truststore - subPath: fproxy_truststore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{- end }} volumes: - name: aai-common-aai-auth-mount secret: @@ -1445,35 +246,6 @@ spec: - key: {{ . }} path: {{ . }} {{- end }} - {{- if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-aai-policy - configMap: - name: {{ include "common.fullname" . }}-aai-policy-configmap - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config - {{- end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-resources/templates/secret.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml new file mode 100644 index 0000000000..d24149086e --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/secret.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-keys + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index 66dfd493dd..460e0d5b93 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -27,7 +27,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} + {{ if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} @@ -39,7 +39,7 @@ spec: name: {{ .Values.service.portName }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} - {{- end}} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 2685d9a3f5..5210a249d2 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -1,5 +1,6 @@ # Copyright (c) 2018 Amdocs, Bell Canada, AT&T # Copyright (c) 2020 Nokia, Orange +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,9 +24,6 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - rproxy: - name: reverse-proxy - initContainers: enabled: true @@ -116,6 +114,31 @@ global: # global defaults realtime: clients: SDNC,MSO,SO,robot-ete +api_list: + - 11 + - 12 + - 13 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + +aai_enpoints: + - name: aai-cloudInfrastructure + url: cloud-infrastructure + - name: aai-business + url: business + - name: aai-actions + url: actions + - name: aai-service-design-and-creation + url: service-design-and-creation + - name: aai-network + url: network + - name: aai-externalSystem + url: external-system + # application image image: onap/aai-resources:1.7.2 pullPolicy: Always diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index edac199968..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="debug"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="trace" additivity="false"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </logger> - -</configuration> diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index 595d484c37..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,11 +0,0 @@ -[ - { - "uri": "\/services\/search-data-service\/.*", - "method": "GET|PUT|POST|DELETE", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - } - - -] diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties deleted file mode 100644 index fb3d1ccd3e..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG - -# OAuth2 -aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect - -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -# Locate URL (which AAF Env) -aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 - -# AAF URL -aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 - -cadi_keyfile=/opt/app/rproxy/config/security/keyfile -cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 -cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV -cadi_alias=aai@aai.onap.org -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 55a9b4816f..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 289fe7512c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="debug"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="trace" additivity="false"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </logger> - -</configuration> diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 5fddcb240a..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 9509 diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml index 28cf730930..0d76239ef9 100644 --- a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,47 +40,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} -{{ end }} - diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml index eb4aefeeb3..eaa90870b0 100644 --- a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020,2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,14 +38,6 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - {{ if .Values.global.installSidecarSecurity }} - initContainers: - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true - {{ end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -126,85 +118,6 @@ spec: name: {{ include "common.fullname" . }}-service-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-service-filebeat - - {{ if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 - subPath: org.onap.aai.p12 - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: TRUST_STORE_PASSWORD - value: {{ .Values.config.trustStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/fproxy_truststore - subPath: fproxy_truststore - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{ end }} - volumes: - name: localtime hostPath: @@ -228,35 +141,6 @@ spec: - name: {{ include "common.fullname" . }}-service-log-conf configMap: name: {{ include "common.fullname" . }}-service-log - {{ if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - secret: - secretName: aai-rproxy-auth-certs - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: aai-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - secret: - secretName: aai-fproxy-auth-certs - {{ end }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml index eacae25647..3135df6f07 100644 --- a/kubernetes/aai/components/aai-search-data/templates/secret.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,16 +41,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} -{{ end }} - diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml index 940222cd3e..e031410737 100644 --- a/kubernetes/aai/components/aai-search-data/templates/service.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,28 +28,14 @@ metadata: spec: type: {{ .Values.service.type }} ports: -{{ if .Values.global.installSidecarSecurity }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- end}} - {{ else }} - - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} -{{ end }} + {{- if eq .Values.service.type "NodePort" }} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else }} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml index ae61dd761f..4bd535a475 100644 --- a/kubernetes/aai/components/aai-search-data/values.yaml +++ b/kubernetes/aai/components/aai-search-data/values.yaml @@ -55,7 +55,7 @@ readiness: service: type: ClusterIP portName: aai-search-data - internalPort: 9509 + internalPort: "9509" ingress: enabled: false diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index ab1cb309d8..6f5ac8263b 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -2,6 +2,7 @@ # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,304 +40,34 @@ spec: name: {{ include "common.name" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.global.msbEnabled }} + {{ $values := .Values }} msb.onap.org/service-info: '[ + {{- range $api_endpoint := $values.aai_enpoints -}} + {{- range $api_version := $values.api_list }} { - "serviceName": "_aai-generic-query", - "version": "v11", - "url": "/aai/v11/search/generic-query", + "serviceName": "_{{ $api_endpoint.name }}", + "version": "v{{ $api_version }}", + "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8446", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1", - "path": "/aai/v11/search/generic-query" + "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}" }, { - "serviceName": "_aai-generic-query", - "version": "v12", - "url": "/aai/v12/search/generic-query", + "serviceName": "{{ $api_endpoint.name }}", + "version": "v{{ $api_version }}", + "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8446", "enable_ssl": true, "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v13", - "url": "/aai/v13/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v14", - "url": "/aai/v14/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v15", - "url": "/aai/v15/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v16", - "url": "/aai/v16/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v17", - "url": "/aai/v17/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v18", - "url": "/aai/v18/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v19", - "url": "/aai/v19/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/search/generic-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v11", - "url": "/aai/v11/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v12", - "url": "/aai/v12/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v13", - "url": "/aai/v13/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v14", - "url": "/aai/v14/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v15", - "url": "/aai/v15/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v16", - "url": "/aai/v16/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v17", - "url": "/aai/v17/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v18", - "url": "/aai/v18/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v19", - "url": "/aai/v19/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/search/nodes-query" - }, - { - "serviceName": "_aai-query", - "version": "v11", - "url": "/aai/v11/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/query" - }, - { - "serviceName": "_aai-query", - "version": "v12", - "url": "/aai/v12/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/query" - }, - { - "serviceName": "_aai-query", - "version": "v13", - "url": "/aai/v13/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/query" - }, - { - "serviceName": "_aai-query", - "version": "v14", - "url": "/aai/v14/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/query" - }, - { - "serviceName": "_aai-query", - "version": "v15", - "url": "/aai/v15/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/query" - }, - { - "serviceName": "_aai-query", - "version": "v16", - "url": "/aai/v16/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/query" - }, - { - "serviceName": "_aai-query", - "version": "v17", - "url": "/aai/v17/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/query" - }, - { - "serviceName": "_aai-query", - "version": "v18", - "url": "/aai/v18/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/query" - }, - { - "serviceName": "_aai-query", - "version": "v19", - "url": "/aai/v19/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/query" + "visualRange": "1" }, + {{- end }} + {{- end }} { "serviceName": "_aai-named-query", "url": "/aai/search", @@ -348,276 +79,6 @@ spec: "path": "/aai/search" }, { - "serviceName": "aai-generic-query", - "version": "v11", - "url": "/aai/v11/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v12", - "url": "/aai/v12/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v13", - "url": "/aai/v13/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v14", - "url": "/aai/v14/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v15", - "url": "/aai/v15/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v16", - "url": "/aai/v16/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v17", - "url": "/aai/v17/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v18", - "url": "/aai/v18/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v19", - "url": "/aai/v19/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v11", - "url": "/aai/v11/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v12", - "url": "/aai/v12/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v13", - "url": "/aai/v13/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v14", - "url": "/aai/v14/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v15", - "url": "/aai/v15/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v16", - "url": "/aai/v16/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v17", - "url": "/aai/v17/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v18", - "url": "/aai/v18/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v19", - "url": "/aai/v19/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v11", - "url": "/aai/v11/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v12", - "url": "/aai/v12/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v13", - "url": "/aai/v13/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v14", - "url": "/aai/v14/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v15", - "url": "/aai/v15/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v16", - "url": "/aai/v16/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v17", - "url": "/aai/v17/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v18", - "url": "/aai/v18/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v19", - "url": "/aai/v19/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { "serviceName": "aai-named-query", "url": "/aai/search", "protocol": "REST", @@ -627,6 +88,7 @@ spec: "visualRange": "1" } ]' + {{- end }} spec: hostname: aai-traversal {{ if .Values.global.initContainers.enabled }} @@ -653,7 +115,7 @@ spec: {{- end }} - --container-name - aai-schema-service - {{ end }} + {{ end }} env: - name: NAMESPACE valueFrom: diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index fbfcdaed8d..0242cedd0b 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -1,5 +1,6 @@ # Copyright (c) 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright (c) 2020 Nokia +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -129,6 +130,26 @@ pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small + +api_list: + - 11 + - 12 + - 13 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + +aai_enpoints: + - name: aai-generic-query + url: search/generic-query + - name: aai-nodes-query + url: search/nodes-query + - name: aai-nquery + url: query + # application configuration config: diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml index bdab308144..c8970da183 100644 --- a/kubernetes/aai/requirements.yaml +++ b/kubernetes/aai/requirements.yaml @@ -28,6 +28,9 @@ dependencies: # be published independently to a repo (at this point) repository: '@local' condition: global.cassandra.localCluster + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' diff --git a/kubernetes/aai/resources/config/haproxy/aai.pem b/kubernetes/aai/resources/config/haproxy/aai.pem deleted file mode 100644 index 6390db10de..0000000000 --- a/kubernetes/aai/resources/config/haproxy/aai.pem +++ /dev/null @@ -1,88 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFKzCCBBOgAwIBAgIILW/fiLbps3kwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE -BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTIwMDMxNzIwMjg1NloXDTIxMDMxNzIwMjg1Nlow -WTEMMAoGA1UEAwwDYWFpMR0wGwYDVQQLDBRhYWlAYWFpLm9uYXAub3JnOkRFVjEO -MAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAov4ddmOzRCWAU/sx2Q9kcYZZ0r/x -agqwDBcmlS2OP0MAou/f/xY2gzE2ugXXGGEXG6PCUx4YEHGeRxyezEQ/+c+kSjFe -0FTUa8Z1Ojad3VDsJfjfZ1994NpV99KTrrw1Twq9Ei7dpkypUA8kZxEjg7eM11TU -F4jS6x5NEyVsxih5uJjIF7ErGwimSEKsympcsXezYgG9Z/VPBpZWmYlYl5MWjzT6 -F0FgGfSbajWauMifEPajmvn8ZXn6Lyx0RCI25+BCcOhS6UvYXFX+jE/uOoEbKgwz -11tIdryEFrXiLVfD01uhacx02YCrzj1u53RWiD6bCPyatKo1hQsf+aDkEQIDAQAB -o4ICBzCCAgMwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBeAwIAYDVR0lAQH/BBYw -FAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1UdIwRNMEuAFIH3mVsQuciM3vNSXupO -aaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkG -A1UEBhMCVVOCAQcwHQYDVR0OBBYEFP94WTftXhHcz93nBT6jIdMe6h+6MIIBTQYD -VR0RBIIBRDCCAUCBH21hcmsuZC5tYW5hZ2VyQHBlb3BsZS5vc2FhZi5jb22CA2Fh -aYIUYWFpLXNlYXJjaC1kYXRhLm9uYXCCEmFhaS1zcGFya3ktYmUub25hcIIbYWFp -LmFwaS5zaW1wbGVkZW1vLm9uYXAub3JngiVhYWkuZWxhc3RpY3NlYXJjaC5zaW1w -bGVkZW1vLm9uYXAub3JngiVhYWkuZ3JlbWxpbnNlcnZlci5zaW1wbGVkZW1vLm9u -YXAub3Jngh1hYWkuaGJhc2Uuc2ltcGxlZGVtby5vbmFwLm9yZ4IIYWFpLm9uYXCC -JWFhaS5zZWFyY2hzZXJ2aWNlLnNpbXBsZWRlbW8ub25hcC5vcmeCF2FhaS5zaW1w -bGVkZW1vLm9uYXAub3JnghphYWkudWkuc2ltcGxlZGVtby5vbmFwLm9yZzANBgkq -hkiG9w0BAQsFAAOCAQEAVigPPsYd8yscW+U6zpffBc5S6Mg2DQD/gikB0uF//lIq -oa5qTI3yB0wPoRKmxpeEZiJYDkBs3App2sPM2fPb9GGmGncCLkprqTflM2Y4yxX4 -k/a7w8vEwMoCrBgxEdmniAj9TirsISyLqBIXoGT7WtaXBLZarYhJ4P7TplhyWuwe -sV6jxkZLIRLj31ihf32adFIhPZQKxaHbbFnyEylLTdPuZGy3nvdmjajZuomOFF8h -HhDIouSJAtgkuWVsMiX6iR1qG9//6ymnZMvUyDGr8bkZURhMqesAejwP4aKxqDZg -B0uVjapQTJH4ES0M+2PoY9gP8uh0dc3TusOs1QYJiA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN -MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL -neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d -o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 -nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV -v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO -15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw -gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV -M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q -ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl -u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ -+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ -QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht -8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX -kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 -aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky -uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w -tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep -BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= ------END CERTIFICATE----- -Bag Attributes - friendlyName: aai@aai.onap.org - localKeyID: 54 69 6D 65 20 31 35 38 34 34 37 36 39 33 36 35 31 35 -Key Attributes: <No Attributes> ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCi/h12Y7NEJYBT -+zHZD2RxhlnSv/FqCrAMFyaVLY4/QwCi79//FjaDMTa6BdcYYRcbo8JTHhgQcZ5H -HJ7MRD/5z6RKMV7QVNRrxnU6Np3dUOwl+N9nX33g2lX30pOuvDVPCr0SLt2mTKlQ -DyRnESODt4zXVNQXiNLrHk0TJWzGKHm4mMgXsSsbCKZIQqzKalyxd7NiAb1n9U8G -llaZiViXkxaPNPoXQWAZ9JtqNZq4yJ8Q9qOa+fxlefovLHREIjbn4EJw6FLpS9hc -Vf6MT+46gRsqDDPXW0h2vIQWteItV8PTW6FpzHTZgKvOPW7ndFaIPpsI/Jq0qjWF -Cx/5oOQRAgMBAAECggEAVYWGSf9IKYKP0gDkh+LmrhZzfPxPnHddJgrjqLSNha4P -YG8CliK+mZmyAGteECGpcUw8g0YwFDi5dtCSldVdyCLmLjO3bxKDnsUz70aHEIAM -WGQ8PE5Diz6kivMHoFCKnB2jVS4YCNECqco4LIg2nT8q/DU7T9nv6YQtptUlPNdY -OmJRXfUfcBSUINqVi/VbEjHtbZqc6dgvaRNEF0CYtqHm7P51BXGa3pH+6drL+U+a -o3T4yHrEsDKUaQzJZoiJneexwN91x42gcyHzg30UZVgCP+9Zt2GQWXqpENNZjGlI -bwzouvBj266ViBNbuu3tar58MASOCnCKGA0Jrs3P3QKBgQD0ENenvzaqNzV0A47x -+RI76DM2eorY2dxh+4txAt1pXlkbMZuWXjs1ysBPYaGHZRitiCFcaSwdP2T0oCET -ojYEU97bJkKlcuw2scAqznSi7U0uSaStwaWzEviGTsQ51MKghRESMfpt3BxZqyi0 -BV+fPeRk3l3xaw1AuZQ/JTn0qwKBgQCq9msPcbRzKvsmfsAVvjKAodzl6EaM+PcF -YLnJLurjCtdyjj1lRaCBg9bRbaRbt9YPg4VA5oMYm2SuwbJQQHjqaeN+SpnV8GGc -nPsZgoSlfZrnLovyGgC3muiA3uSPREZWUlp+IE8qlQ8VztSWkNyxNej4nhxk2UTH -DOE2ZmNyMwKBgFD+yeKkZUrFuZp/l8+bfb6dx2kb77oZSrbFmLfvYHUYV2/b3atg -KDwoxftSBh39odvs4k1dpcMrB6DbBz8RxOVYxAtsPg/T/KoGASTzkOeE4ukqjVkQ -e6Ha+NjxiNM8VT6aCllEdrxAoLPtRju/0MTy8Dm9ReXZRfOl4pm2C+6zAoGAY2D6 -uu+NxaSmeaoUXo9BLCTrE3oCCNBwR2ACnz/2qiQTOTQV3FitBJxusy7Y67fhZwM8 -4o0ch6FM1Yki7iOMJjeHVlJnOkWReEiIbjvAf7KT6O7VytXytMgHf2IR2nYFrQgS -Ml71pfsf2b1xNlTe9OQxmNPQDY9+u3ZxM/4wsKECgYBPvlYMaZNIOLFf7VXzUYGG -rkXMpbLgLvIHvhF+4nsvspPVSqPeWjh2KMee3tMamy93H4R66G/KfoQw02JuZH+N -HbGnnpyLa2jGjY0NkXEo08o2wsqv2QFtT/SFRoDLkah8rwZUwpxIg0akgrwwTslO -rzAazDQvlb0itUxgU4qgqw== ------END PRIVATE KEY----- diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg index b05ffaeaf2..e605e1886f 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -62,7 +62,7 @@ defaults frontend IST_8443 mode http - bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem + bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem # log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" option httplog diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index ea29c903ba..c8f3670349 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -60,7 +60,7 @@ defaults frontend IST_8443 mode http - bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem + bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem # log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" option httplog diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml index d2735b4882..b0da359ab1 100644 --- a/kubernetes/aai/templates/configmap.yaml +++ b/kubernetes/aai/templates/configmap.yaml @@ -44,36 +44,6 @@ data: {{ else }} {{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }} {{ end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: aai-haproxy-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/haproxy/aai.pem").AsSecrets . | indent 2 }} -# This is a shared key for both resources and traversal ---- -apiVersion: v1 -kind: Secret -metadata: - name: aai-auth-truststore-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }} - {{ if .Values.global.installSidecarSecurity }} --- apiVersion: v1 diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index 83d78238b0..2ca489f2de 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - /app/ready.py args: @@ -75,9 +75,7 @@ spec: subPath: haproxy.cfg {{ end }} name: haproxy-cfg - - mountPath: /etc/ssl/private/aai.pem - name: aai-pem - subPath: aai.pem + {{- include "common.certInitializer.volumeMount" . | nindent 8 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -128,8 +126,6 @@ spec: - name: haproxy-cfg configMap: name: aai-deployment-configmap - - name: aai-pem - secret: - secretName: aai-haproxy-secret + {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 86ecb8b355..516dcc4d70 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -1,6 +1,7 @@ # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,30 +31,8 @@ global: # global defaults restartPolicy: Always - installSidecarSecurity: false aafEnabled: true - - fproxy: - name: forward-proxy - activeSpringProfiles: noHostVerification,cadi - image: onap/fproxy:2.1.13 - port: 10680 - - rproxy: - name: reverse-proxy - activeSpringProfiles: noHostVerification,cadi - image: onap/rproxy:2.1.13 - port: 10692 - - tproxyConfig: - name: init-tproxy-config - image: onap/tproxy-config:2.1.13 - - # AAF server details. Only needed if the AAF DNS does not resolve from the pod - aaf: - serverIp: 10.12.6.214 - serverHostname: aaf.osaaf.org - serverPort: 30247 + msbEnabled: true cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. @@ -295,6 +274,44 @@ global: # global defaults # since when this is enabled, it prints a lot of information to console enabled: false +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: "aai" + app_ns: "org.osaaf.aaf" + fqi_namespace: "org.onap.aai" + fqi: "aai@aai.onap.org" + public_fqdn: "aaf.osaaf.org" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving passwords from AAF" + /opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + export $(grep '^c' {{ .Values.credsPath }}/mycreds.prop | xargs -0) + echo "*** transform AAF certs into pem files" + mkdir -p {{ .Values.credsPath }}/certs + keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ + -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ + -alias ca_local_0 \ + -storepass $cadi_truststore_password + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** generating needed file" + cat {{ .Values.credsPath }}/certs/cert.pem \ + {{ .Values.credsPath }}/certs/cacert.pem \ + {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ + > {{ .Values.credsPath }}/certs/fullchain.pem; + chown 1001 {{ .Values.credsPath }}/certs/* + # application image dockerhubRepository: registry.hub.docker.com image: aaionap/haproxy:1.4.2 @@ -379,4 +396,3 @@ resources: cpu: 2 memory: 2Gi unlimited: {} - |