diff options
Diffstat (limited to 'kubernetes/oof/components')
33 files changed, 301 insertions, 90 deletions
diff --git a/kubernetes/oof/components/Makefile b/kubernetes/oof/components/Makefile index 02371366f6..d62cb0b700 100755 --- a/kubernetes/oof/components/Makefile +++ b/kubernetes/oof/components/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/oof-cmso/Makefile b/kubernetes/oof/components/oof-cmso/Makefile index 48cebe96e7..33d61041cd 100644 --- a/kubernetes/oof/components/oof-cmso/Makefile +++ b/kubernetes/oof/components/oof-cmso/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/oof-cmso/components/Makefile b/kubernetes/oof/components/oof-cmso/components/Makefile index f7a698d0ec..36ea7b6c2b 100755 --- a/kubernetes/oof/components/oof-cmso/components/Makefile +++ b/kubernetes/oof/components/oof-cmso/components/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/oof-has/Makefile b/kubernetes/oof/components/oof-has/Makefile index 48cebe96e7..33d61041cd 100644 --- a/kubernetes/oof/components/oof-has/Makefile +++ b/kubernetes/oof/components/oof-has/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := dist resources templates charts docker +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/kubernetes/oof/components/oof-has/components/Makefile index f7a698d0ec..36ea7b6c2b 100755 --- a/kubernetes/oof/components/oof-has/components/Makefile +++ b/kubernetes/oof/components/oof-has/components/Makefile @@ -18,8 +18,9 @@ PACKAGE_DIR := $(OUTPUT_DIR)/packages SECRET_DIR := $(OUTPUT_DIR)/secrets EXCLUDES := +HELM_BIN := helm HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell helm version --template "{{.Version}}") +HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") .PHONY: $(EXCLUDES) $(HELM_CHARTS) @@ -33,19 +34,19 @@ make-%: @if [ -f $*/Makefile ]; then make -C $*; fi dep-%: make-% - @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi package-%: lint-% @mkdir -p $(PACKAGE_DIR) ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi + @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi else - @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi endif - @helm repo index $(PACKAGE_DIR) + @$(HELM_BIN) repo index $(PACKAGE_DIR) clean: @rm -f */requirements.lock diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml index 1d9792fa5f..90fe5dd732 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: certInitializer version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index 1538b47343..78c054bd28 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -122,13 +122,21 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: log.conf - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} - name: {{ include "common.name" . }}-nginx image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + args: + - "-c" + - | + grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt + cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt + /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh ports: - containerPort: {{ .Values.service.internalPort }} {{- if .Values.liveness.enabled }} @@ -151,6 +159,12 @@ spec: - mountPath: /opt/bitnami/nginx/conf/nginx.conf name: {{ .Values.global.commonConfigPrefix }}-config subPath: nginx.conf + - mountPath: /tmp/AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer + - mountPath: /tmp/intermediate_root_ca.pem + name: {{ include "common.fullname" . }}-onap-certs + subPath: intermediate_root_ca.pem resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -176,7 +190,6 @@ spec: path: conductor.conf - key: log.conf path: log.conf - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index f19ecb61ee..b17eed6b2f 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,16 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' service: type: NodePort diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml index 506ff939e3..53e053aa42 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml @@ -127,8 +127,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -153,7 +153,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index 5fa0f2408e..327a537f41 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml index 2041dd2c9d..3ed74a048a 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml @@ -147,8 +147,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: aai_key.key - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -177,7 +177,6 @@ spec: path: aai_cert.cer - key: aai_key.key path: aai_key.key - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 5fa0f2408e..570c0df5b2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml index 10bba9f61e..4f5067db12 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml @@ -141,8 +141,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -167,8 +167,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer - +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 5fa0f2408e..570c0df5b2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml index 1967814f63..1bb059b173 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: oof-templates + version: ~6.x-0 + repository: 'file://../../../oof-templates' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml index 55c9d362e4..d1e4946ae1 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml @@ -141,8 +141,8 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: AAF_RootCA.cer + name: {{ include "common.fullname" . }}-onap-certs + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -167,7 +167,6 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - - key: AAF_RootCA.cer - path: AAF_RootCA.cer +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 5fa0f2408e..570c0df5b2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -16,7 +16,16 @@ global: readinessImage: onap/oom/readiness:3.0.1 repository: nexus3.onap.org:10001 image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 + +################################################################# +# secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' ingress: enabled: false diff --git a/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer b/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer deleted file mode 100755 index e9a50d7ea0..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/AAF_RootCA.cer +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf index a6790164d8..cbb1b60a58 100644 --- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf @@ -13,9 +13,9 @@ http { listen 8091 ssl; server_name oof; - ssl_certificate /opt/bitnami/nginx/ssl/local/org.onap.oof.crt; + ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt; ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; location / { diff --git a/kubernetes/oof/components/oof-has/templates/secret.yaml b/kubernetes/oof/components/oof-has/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/components/oof-has/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index c7799cdc02..ffd11db2dd 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -23,11 +23,21 @@ global: repository: nexus3.onap.org:10001 commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.1.1 + optf_has: onap/optf-has:2.1.2 filebeat: docker.elastic.co/beats/filebeat:5.5.0 persistence: enabled: true +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: oof-onap-certs + name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + pullPolicy: Always nodePortPrefix: 302 dataRootDir: /dockerdata-nfs @@ -70,12 +80,17 @@ resources: #component overrides oof-has-api: enabled: true + certSecret: *oof-certs oof-has-controller: enabled: true + certSecret: *oof-certs oof-has-data: enabled: true + certSecret: *oof-certs oof-has-reservation: enabled: true + certSecret: *oof-certs oof-has-solver: enabled: true + certSecret: *oof-certs diff --git a/kubernetes/oof/components/oof-templates/Chart.yaml b/kubernetes/oof/components/oof-templates/Chart.yaml new file mode 100755 index 0000000000..885491c1a9 --- /dev/null +++ b/kubernetes/oof/components/oof-templates/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T,VMware +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP OOF helm templates +name: oof-templates +version: 6.0.0 diff --git a/kubernetes/oof/components/oof-templates/requirements.yaml b/kubernetes/oof/components/oof-templates/requirements.yaml new file mode 100755 index 0000000000..b93260a4fa --- /dev/null +++ b/kubernetes/oof/components/oof-templates/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T,VMware +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + diff --git a/kubernetes/oof/components/oof-templates/templates/_certificate.tpl b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl new file mode 100644 index 0000000000..4da128bcbb --- /dev/null +++ b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl @@ -0,0 +1,11 @@ +{{- define "oof.certificate.volume" -}} +- name: {{ include "common.fullname" . }}-onap-certs + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }} + items: + - key: aaf_root_ca.cer + path: aaf_root_ca.cer + - key: intermediate_root_ca.pem + path: intermediate_root_ca.pem +{{- end -}} + diff --git a/kubernetes/oof/components/oof-templates/values.yaml b/kubernetes/oof/components/oof-templates/values.yaml new file mode 100644 index 0000000000..a97238e9af --- /dev/null +++ b/kubernetes/oof/components/oof-templates/values.yaml @@ -0,0 +1,14 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + |