diff options
Diffstat (limited to 'kubernetes/oof')
42 files changed, 851 insertions, 62 deletions
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties index 9a6b91c602..871341d1fa 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties @@ -17,5 +17,5 @@ # #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=src/main/resources/aaf/org.onap.oof.props +cadi_prop_files=/share/etc/certs/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties index 83ed89a844..6b72dd4360 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties @@ -41,8 +41,8 @@ logging.level.org.hibernate=WARN #------------------------------------------------------------------------------- -cmso.topology.create.request.url=http://${TOPOLOGY_HOST}:${TOPOLOGY_PORT}/topology/v1/current -cmso.ticket.create.request.url=http://${TICKETMGT_HOST}:${TICKETMGT_PORT}/ticketmgt/v1/activetickets +cmso.topology.create.request.url=https://oof-cmso-topology:7998/topology/v1/current +cmso.ticket.create.request.url=https://oof-cmso-ticketmgt:7999/ticketmgt/v1/activetickets cmso.local.policy.folder=data/policies cmso.minizinc.command.exe=/mz-dist/bin/minizinc @@ -51,4 +51,8 @@ cmso.minizinc.command.timelimit=60000 cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn mechid.user=oof@oof.onap.org -mechid.pass=changeit +mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== + +cadi_loglevel=DEBUG +cadi_prop_files=/share/etc/certs/org.onap.oof.props +aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml index 4e418bf756..e28dfca453 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml @@ -66,21 +66,13 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-config mountPath: /share/etc/config - - name: {{ include "common.fullname" . }}-logs + - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - - name: TOPOLOGY_HOST - value: {{ .Values.config.topology_host }}.{{.Release.Namespace}} - - name: TOPOLOGY_PORT - value: {{ .Values.config.topology_port | quote}} - - name: TICKETMGT_HOST - value: {{ .Values.config.ticketmgt_host }}.{{.Release.Namespace}} - - name: TICKETMGT_PORT - value: {{ .Values.config.ticketmgt_port | quote}} - name: DB_HOST value: {{ .Values.config.db_host }}.{{.Release.Namespace}} - name: DB_PORT @@ -94,6 +86,16 @@ spec: secretKeyRef: name: {{ .Release.Name}}-cmso-db key: db-root-password + - name: JAVA_TRUSTSTORE + value: /share/etc/certs/{{ .Values.global.truststoreFile }} + - name: SSL_KEYSTORE + value: /share/etc/certs/{{ .Values.global.keystoreFile }} + - name: JAVA_TRUSTSTORE_PASSWORD + value: {{ .Values.global.truststorePassword }} + - name: SSL_KEYSTORE_PASSWORD + value: {{ .Values.global.keystorePassword }} + - name: AUTHENTICATION + value: {{ .Values.global.authentication }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -116,7 +118,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /share/debug-logs - name: {{ include "common.fullname" . }}-config - mountPath: /share/etc/config + mountPath: /share/etc/config + - name: {{ include "common.fullname" . }}-certs + mountPath: /share/etc/certs + - name: {{ include "common.fullname" . }}-certs + mountPath: /opt/app/cmso/src/main/resources/aaf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -142,5 +148,8 @@ spec: path: liquibase.properties - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-certs + secret: + secretName: {{ .Release.Name }}-{{ .Values.global.commonConfigPrefix }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties index 9a6b91c602..871341d1fa 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties @@ -17,5 +17,5 @@ # #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=src/main/resources/aaf/org.onap.oof.props +cadi_prop_files=/share/etc/certs/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties index ce94f573f6..c6c93eda9c 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties @@ -2,27 +2,27 @@ #------------------------------------------------------------------------------- # Copyright (c) 2017-2018 AT&T Intellectual Property. # Modifications Copyright (c) 2018 IBM. -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# +# +# # Unless otherwise specified, all documentation contained herein is licensed # under the Creative Commons License, Attribution 4.0 Intl. (the ???License???); # you may not use this documentation except in compliance with the License. # You may obtain a copy of the License at -# +# # https://creativecommons.org/licenses/by/4.0/ -# +# # Unless required by applicable law or agreed to in writing, documentation # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -74,7 +74,7 @@ cmso.cm.polling.job.interval.ms=10000 # How many management cmso polling intervals to look ahead to dispatch # (To account for possible latency of the polling job) cmso.cm.polling.job.lookahead.intervals=5 -# Lead time before event time to enable dispatcher to +# Lead time before event time to enable dispatcher to # test that it is safe to dispatch (i.e. meeting reminder lead time) cmso.cm.dispatcher.lead.time.ms=5000 # Lead time to prepare and call VID to dispatch work to MSO @@ -93,11 +93,15 @@ so.polling.interval.ms=10000 #mso.pass=enc:bfodXf8qRfCqMvlxVBYNWQ== ## loopback settings -so.url=http://localhost:8080/cmso/v1/loopbacktest/onap/so/infra/orchestrationRequests/v7 +so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7 so.user=oof@oof.onap.org -so.pass=changeit +so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== mechid.user=oof@oof.onap.org -mechid.pass=changeit +mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== cmso.dispatch.url=http://localhost:8089 + +cadi_loglevel=DEBUG +cadi_prop_files=/share/etc/certs/org.onap.oof.props +aaf.user.roles=/share/etc/certs/AAFUserRoles.properties diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/mock.py b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/mock.py new file mode 100644 index 0000000000..b678a4e8d4 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/mock.py @@ -0,0 +1,83 @@ + # ------------------------------------------------------------------------- + # Copyright (c) 2019 AT&T Intellectual Property + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # ------------------------------------------------------------------------- + # + +from flask import Flask +from flask import request +from flask import Response +from flask import json +from flask import send_from_directory +import requests +from threading import Thread +import time + +import os +import fnmatch +import re +import time +import datetime + +app = Flask(__name__) +ROOT_MOCK_DIR = os.path.dirname(os.path.abspath(__file__)) +DATA_DIR = os.path.join(ROOT_MOCK_DIR, "data") +global requestNum +requestNum = 1 + +######################################################################## +######################################################################## +@app.route('/onap/so/infra/orchestrationRequests/v7/schedule/<VNFNAME>', methods=['GET', 'POST']) +def soSchedule(VNFNAME): + if request.method == 'POST': + testid = request.headers.environ["HTTP_X_TRANSACTIONID"] + response = { + "status" : "202", + "entity" : { + "requestReferences" : { + "requestId" : "000001" + } + } + } + resp = Response(json.dumps(response), 200, mimetype='application/json') + return resp + + + else : + return "Helloooooo!!!!" + +######################################################################## +######################################################################## +@app.route('/onap/so/infra/orchestrationRequests/v7/<REQUESTID>', methods=['GET']) +def soStatus(REQUESTID): + response = {"request" : { "requestStatus" : { + "requestState" : "COMPLETE", + "statusMessage" : "Done.", + "percentProgress" : 100, + "finishTime" : "" + }}} + now = datetime.datetime.utcnow() + #response["finishTime"] = now.strftime("%Y-%m-%dT%H:%M:%SZ") + response["request"]["requestStatus"]["finishTime"] = now.strftime("%a, %d %b %Y %H:%M:%S GMT") + resp = Response(json.dumps(response), 200, mimetype='application/json') + + return resp + +######################################################################## +######################################################################## +if __name__ == "__main__": + app.run(host= '0.0.0.0',port=5000) + #app.run() + diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/msosimulator.sh b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/msosimulator.sh new file mode 100644 index 0000000000..c87a26bb7a --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/msosimulator.sh @@ -0,0 +1,4 @@ +#!/bin/sh +pip install flask +pip install requests +python /share/etc/config/mock.py diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties index 498a1e5870..1e4a8417c4 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties @@ -29,6 +29,6 @@ # limitations under the License. #------------------------------------------------------------------------------- -cmso.optimizer.request.url=$http://${OPTIMIZER_HOST}:${OPTIMIZER_PORT}/optimizer/v1/optimize/schedule -cmso.optimizer.status.url=http://${OPTIMIZER_HOST}:${OPTIMIZER_PORT}/optimizer/v1/optimize/schedule -cmso.optimizer.health.url=http://${OPTIMIZER_HOST}:${OPTIMIZER_PORT}/optimizer/v1/health?checkInterfaces=true
\ No newline at end of file +cmso.optimizer.request.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule +cmso.optimizer.status.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule +cmso.optimizer.health.url=https://oof-cmso-optimizer:7997/optimizer/v1/health?checkInterfaces=true
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties index bfdaec6b8d..bdf483d289 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties @@ -30,9 +30,9 @@ #------------------------------------------------------------------------------- tm.vnfs.per.ticket=1 -tm.getPath=http://localhost:8080/cmso/v1/tm/getChangeRecord -tm.createPath=http://localhost:8080/cmso/v1/tm/createChangeRecord -tm.closePath=http://localhost:8080/cmso/v1/tm/closeCancelChangeRecord -tm.updatePath=http://localhost:8080/cmso/v1/tm/updateChangeRecord +tm.getPath=http://localhost:8089/cmso/v1/tm/getChangeRecord +tm.createPath=http://localhost:8089/cmso/v1/tm/createChangeRecord +tm.closePath=http://localhost:8089/cmso/v1/tm/closeCancelChangeRecord +tm.updatePath=http://localhost:8089/cmso/v1/tm/updateChangeRecord tm.approvalStatus=Approved|Scheduled,Approved|Assigned tm.template.folder=data/templates/tm diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index 350708f078..b26f6dd6c0 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -66,9 +66,38 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-config mountPath: /share/etc/config - - name: {{ include "common.fullname" . }}-logs + - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs containers: + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-filebeat + resources: +{{ include "common.resources" . }} + - name: mso-simulator + image: "{{ .Values.global.pythonRepository }}/{{ .Values.global.pythonImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-config + mountPath: /share/etc/config + command: + - /bin/sh + args: + - -x + - /share/etc/config/msosimulator.sh + ports: + - containerPort: 5000 + resources: +{{ include "common.resources" . }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -86,10 +115,16 @@ spec: secretKeyRef: name: {{ .Release.Name}}-cmso-db key: user-password - - name: OPTIMIZER_HOST - value: {{ .Values.config.optimizer_host }}.{{.Release.Namespace}} - - name: OPTIMIZER_PORT - value: {{ .Values.config.optimizer_port | quote}} + - name: JAVA_TRUSTSTORE + value: /share/etc/certs/{{ .Values.global.truststoreFile }} + - name: SSL_KEYSTORE + value: /share/etc/certs/{{ .Values.global.keystoreFile }} + - name: JAVA_TRUSTSTORE_PASSWORD + value: {{ .Values.global.truststorePassword }} + - name: SSL_KEYSTORE_PASSWORD + value: {{ .Values.global.keystorePassword }} + - name: AUTHENTICATION + value: {{ .Values.global.authentication }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -112,7 +147,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /share/debug-logs - name: {{ include "common.fullname" . }}-config - mountPath: /share/etc/config + mountPath: /share/etc/config + - name: {{ include "common.fullname" . }}-certs + mountPath: /share/etc/certs + - name: {{ include "common.fullname" . }}-certs + mountPath: /opt/app/cmso/src/main/resources/aaf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -140,7 +179,19 @@ spec: path: ticketmgt.properties - key: liquibase.properties path: liquibase.properties + - key: mock.py + path: mock.py + - key: msosimulator.sh + path: msosimulator.sh - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: filebeat-conf + configMap: + name: {{ .Release.Name }}-cmso-filebeat-configmap + - name: {{ include "common.fullname" . }}-certs + secret: + secretName: {{ .Release.Name }}-{{ .Values.global.commonConfigPrefix }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml index 6df3049b1b..f4d3ffb8ff 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml @@ -19,6 +19,8 @@ global: # global defaults nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 + pythonRepository: library + pythonImage: python:3.6-alpine subChartsOnly: enabled: true diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties index 9a6b91c602..871341d1fa 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties @@ -17,5 +17,5 @@ # #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=src/main/resources/aaf/org.onap.oof.props +cadi_prop_files=/share/etc/certs/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties index 5ca252f9bc..d687ab376d 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties @@ -28,3 +28,6 @@ # See the License for the specific language governing permissions and # limitations under the License. #------------------------------------------------------------------------------- +cadi_loglevel=DEBUG +cadi_prop_files=/share/etc/certs/org.onap.oof.props +aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml index e01034e8d2..38a8c929d5 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml @@ -34,6 +34,17 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: JAVA_TRUSTSTORE + value: /share/etc/certs/{{ .Values.global.truststoreFile }} + - name: SSL_KEYSTORE + value: /share/etc/certs/{{ .Values.global.keystoreFile }} + - name: JAVA_TRUSTSTORE_PASSWORD + value: {{ .Values.global.truststorePassword }} + - name: SSL_KEYSTORE_PASSWORD + value: {{ .Values.global.keystorePassword }} + - name: AUTHENTICATION + value: proprietary-auth ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -56,7 +67,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /share/debug-logs - name: {{ include "common.fullname" . }}-config - mountPath: /share/etc/config + mountPath: /share/etc/config + - name: {{ include "common.fullname" . }}-certs + mountPath: /share/etc/certs + - name: {{ include "common.fullname" . }}-certs + mountPath: /opt/app/cmso/src/main/resources/aaf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -80,5 +95,8 @@ spec: path: cadi.properties - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-certs + secret: + secretName: {{ .Release.Name }}-{{ .Values.global.commonConfigPrefix }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml index f19b8e2b1b..7c687f521b 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml @@ -19,7 +19,8 @@ global: # global defaults nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 - + authentication: proprietary-auth + subChartsOnly: enabled: true diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties index 9a6b91c602..871341d1fa 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties @@ -17,5 +17,5 @@ # #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=src/main/resources/aaf/org.onap.oof.props +cadi_prop_files=/share/etc/certs/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties index 5ca252f9bc..d687ab376d 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties @@ -28,3 +28,6 @@ # See the License for the specific language governing permissions and # limitations under the License. #------------------------------------------------------------------------------- +cadi_loglevel=DEBUG +cadi_prop_files=/share/etc/certs/org.onap.oof.props +aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml index 02f398301f..2b36b296cd 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml @@ -34,6 +34,17 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: JAVA_TRUSTSTORE + value: /share/etc/certs/{{ .Values.global.truststoreFile }} + - name: SSL_KEYSTORE + value: /share/etc/certs/{{ .Values.global.keystoreFile }} + - name: JAVA_TRUSTSTORE_PASSWORD + value: {{ .Values.global.truststorePassword }} + - name: SSL_KEYSTORE_PASSWORD + value: {{ .Values.global.keystorePassword }} + - name: AUTHENTICATION + value: {{ .Values.global.authentication }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -56,7 +67,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /share/debug-logs - name: {{ include "common.fullname" . }}-config - mountPath: /share/etc/config + mountPath: /share/etc/config + - name: {{ include "common.fullname" . }}-certs + mountPath: /share/etc/certs + - name: {{ include "common.fullname" . }}-certs + mountPath: /opt/app/cmso/src/main/resources/aaf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -80,5 +95,8 @@ spec: path: topology.properties - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-certs + secret: + secretName: {{ .Release.Name }}-{{ .Values.global.commonConfigPrefix }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties b/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties new file mode 100644 index 0000000000..e7fc221a20 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties @@ -0,0 +1 @@ +/**=org.onap.oof.access|*|get ALL
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props new file mode 100644 index 0000000000..b56c500ffd --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props @@ -0,0 +1,22 @@ + # ------------------------------------------------------------------------- + # Copyright (c) 2019 AT&T Intellectual Property + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # ------------------------------------------------------------------------- + # + +aaf_id=oof@oof.onap.org +aaf_password=demo123456! +cadi_keyfile=/share/etc/certs/org.onap.oof.keyfile +cadi_truststore=/share/etc/certs//truststoreONAPall.jks diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks Binary files differnew file mode 100644 index 0000000000..535abaa92b --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile new file mode 100644 index 0000000000..f85a567981 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile @@ -0,0 +1,27 @@ +liD-IR8Y1MHqPDTUqq3AaTtqnWn5jCpfIRBlyi6xY4A0fbQz8ZPlTZPHkshRt0dHdST3R7TIvTyQ +JpTCeBNBu2df3vBbUzsN0rIpPG9TGjzmE7cRu4V4kfefSqsIj-S7OTAaWaWpwGWJYLLCB2sQALkS +f68VWdupUEw3g9jqCU1QzjKOnLGvhlp6Qrc1xG4Z5Ar8WERw-C3DqTWUKANoEvjWkvH2rAywzj93 +pmspvd5fQfH1rp1ACNvnPrRb_oYNfwPrNpE7Sb4LvM1muoiKMDF64IDO0TkxhjHZ9wpJgVsnowby +qmokqf39dMRRk3S1IEpOiBGyLS_885JDj_XJKYRQsjvkTzjpFJ7wE2-HDZEVWCITvtS9-Xorm5TI +3iU4rjMDew5fkBnjoKuSOS7Lksva4ouZOCiUkDos1jAJ5XMDEQm4BcPHtcW6PpC602-qRcgnNjjP +wOPdF7hCm27ZTai3lAtNGByR7oBr9r5Uma-soORFvg8drV8Rgh0lax-poFVhoEH7RhKPIzYpSco9 +jnpURzi_epTjAhjjup-erTv2GAIllKsSEHZLbfsFWlNUZTOx58PSB0jBN5m_8HxTyNm0zsm0Cb7U +KsjPduQ5ZblsfRIJwqpOBXoof7WerKReMZSOdgjZUNueiuEImVH9_SYOdKZhkluSi4yfEtme7CCP +kZ2JhdiT5km3SeonalhU2MUsx60krxyQ1mnjI4jS9QagUME4mujdvM_L7mtjcPZVSfXUn49whakE +J-NQV6q2iZgN2IxsT_uCnlZYwnE5i-IbQkQAEu13m6ETsMmf0cwPnKaSwRhb8G48EkJhTL-GP9Z0 +-EsIKT7lQt7kfX-mmNoEirTg9gQAaN3uxLmdHvXpeJdlETnnaLYYJJ3h-SL0e_5Yz2SpdsEwZ3Bk +PtR-QvlYKDhG1nhPOna65ctCzn81PZOUP3lsO6MSTOK6D6Taxfh1TYEBAvzCP0BfFBodw4lSglFP +I5IfdiJmomTGARa36nC_O5YzH_jBWLQrgd2gxI5H5bB-5zqzu79SGX9o2_LRVY_LVV0BmI3xSYOI +vziYYC1XyTY6blfdiOM5a5KjraErxSTEFZVFrsx4OQ_dLA0woVtixawrIy1rgfQr49U1oIRe8BgN +j3eis_UQAbPbmdbEe1qtXnvi6T7trHskzt6K-vTgo5ITJkr-F2Sds_QgNdaFBGuES6X5RwRGlbHT +Tl_M8Ja_1K-RMNKJRssoRTKstpwnrhk9IcoSwYcLykbDLgeC0mhSMHOOuWv1RGRaZdzObc5YA1eB +idQmzy5xAHzNxPHHrB-fpjFJRYv_QZY9qZcGvP58d6bHO0upxbj-BBt9zfc7Qt0JLU6EAdYbW5TI +2v4JImikrx6KvtoK8vcjJMTDAanTVB31J65tat0rq9wYKxUdjBJLzkT3psYs_DRtYQc0i02YTD7t +dWya0-3p1Yrt0em3XGb8JAh2PA3BsQKmvKAOc054wf_B8n8saxSFw1WQL30vU5c4-Z_p53HfaUYd +Qg7DZskzgwBRy48sLJNCrn81RtxXfQP1XtPEZs-AAlTUslHoUdoQ1cwrYEgkNT1cjk6sLI_oKSK- +dDICBnlYLrZRBS3sH8K38WaIh1WRY6vbGVDs1tUectUpng_-Khavd0Crw7D_CE6T7Rnfcn0pnTV- +HW1PIXejFsONQn-2c3a9HZ-v6Hg4JL6UWm-qgBPC5118ymO0LfmrviAFAC6Wt3WFiNzrvx9Jggus +lE0qvLVfkQVZXAy-hSPHlYZmtxk5voVsf60qPoDN2-NdpWz62M9PrXd_A03YGxzt0G6J4VXExRES +xqLeGNGB496AfX_vEub97sR8xcbbUXsyt12uVnygifGyND60coikaKrMktv2OLOLEl8AudLp0ZNA +oOoYJZqfUnQqaLt0dNmNa5OtzYjf7f6bYX0V8XLTHlFqZ6QzqYGFMPNhDYjqtet6d--Q8t7_5S5C +RfXP8Wh8CjbEh2_rsr9rvy1nhM_Cptxc0BFXcS5Dt_R4vjd2G4B_LEC4Hy1s_rZThzUVxRCl
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props new file mode 100644 index 0000000000..7e154c4665 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props @@ -0,0 +1,20 @@ + # ------------------------------------------------------------------------- + # Copyright (c) 2019 AT&T Intellectual Property + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # ------------------------------------------------------------------------- + # + +cadi_latitude=0.00 +cadi_longitude=0.00 diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props new file mode 100644 index 0000000000..c96e7f7b04 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props @@ -0,0 +1,26 @@ + # ------------------------------------------------------------------------- + # Copyright (c) 2019 AT&T Intellectual Property + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # ------------------------------------------------------------------------- + # + +aaf_id=oof@oof.onap.org +aaf_locate_url=https://aaf-locate:8095 +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 +cadi_etc_dir=/share/etc/certs/ +cadi_latitude=0.00 +cadi_longitude=0.00 +cadi_prop_files=/share/etc/certs/org.onap.oof.location.props:/share/etc/certs/org.onap.oof.cred.props +cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks Binary files differnew file mode 100644 index 0000000000..ff844b109d --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks diff --git a/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml b/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..50586783e9 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml @@ -0,0 +1,55 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.log.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.log.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml b/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml new file mode 100644 index 0000000000..f906fac23e --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml @@ -0,0 +1,27 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-cmso-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/log/filebeat/*").AsConfig . | indent 2 }} diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml new file mode 100644 index 0000000000..a742914c49 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml index 3c5edb3754..c4985df5a1 100644 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/values.yaml @@ -32,4 +32,19 @@ mariadb-galera: mysqlDatabase: cmso externalConfig: | [mysqld] - lower_case_table_names = 1
\ No newline at end of file + lower_case_table_names = 1 + +global: + commonConfigPrefix: "oof-cmso" + truststoreFile: "truststoreONAPall.jks" + keystoreFile: "org.onap.oof.jks" + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + keystorePassword: N{$tSp*U)RQzjqE;)%4z;Pv[ + truststorePassword: + authentication: aaf-auth + +config: + log: + logstashServiceName: log-ls + logstashPort: 5044
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml index 9940305659..43015c729f 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml @@ -84,15 +84,10 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - python - args: - - /usr/local/bin/conductor-api - - --port={{ .Values.service.internalPort }} - - -- - - --config-file=/usr/local/bin/conductor.conf + command: ["/bin/bash","-c"] + args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /opt/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"] ports: - - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.liveness.periodSeconds }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if .Values.liveness.enabled }} @@ -112,8 +107,11 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /usr/local/bin/conductor.conf - name: {{ .Values.global.commonConfigPrefix }}-config + - mountPath: /etc/nginx/nginx.conf + name: {{ .Values.global.commonConfigPrefix }}-config + subPath: nginx.conf + - mountPath: /usr/local/etc/conductor/conductor.conf + name: {{ .Values.global.commonConfigPrefix }}-config subPath: conductor.conf - mountPath: /usr/local/bin/log.conf name: {{ .Values.global.commonConfigPrefix }}-config @@ -121,6 +119,12 @@ spec: - mountPath: /usr/local/bin/AAF_RootCA.cer name: {{ .Values.global.commonConfigPrefix }}-config subPath: AAF_RootCA.cer + - mountPath: /etc/nginx/ssl/org.onap.oof.crt + name: {{ .Values.global.commonConfigPrefix }}-config + subPath: org.onap.oof.crt + - mountPath: /etc/nginx/ssl/org.onap.oof.key + name: {{ .Values.global.commonConfigPrefix }}-config + subPath: org.onap.oof.key resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -139,11 +143,17 @@ spec: configMap: name: {{ .Values.global.commonConfigPrefix }}-configmap items: + - key: nginx.conf + path: nginx.conf - key: conductor.conf path: conductor.conf - key: log.conf path: log.conf - key: AAF_RootCA.cer path: AAF_RootCA.cer + - key: org.onap.oof.key + path: org.onap.oof.key + - key: org.onap.oof.crt + path: org.onap.oof.crt imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml index c1f18ef048..df13309087 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml @@ -12,6 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: # global defaults + nodePortPrefix: 302 + service: type: NodePort name: oof-has-api diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf index 4db857a898..2b5a0115bb 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf @@ -20,7 +20,7 @@ # # Configuration file for WSGI definition of API. (string value) -#api_paste_config = api_paste.ini +api_paste_config = /usr/local/etc/conductor/api_paste.ini # Music keyspace for content (string value) #keyspace = conductor diff --git a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf new file mode 100644 index 0000000000..3db6a21c3a --- /dev/null +++ b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf @@ -0,0 +1,31 @@ +events { + worker_connections 768; + # multi_accept on; +} + +http { + # ... + upstream conductor_uwsgi { + server 127.0.0.1:80; + } + + server { + + listen 8091 ssl; + server_name oof; + ssl_certificate /etc/nginx/ssl/org.onap.oof.crt; + ssl_certificate_key /etc/nginx/ssl/org.onap.oof.key; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + + location / { + include /etc/nginx/uwsgi_params; + uwsgi_pass conductor_uwsgi; + + uwsgi_param Host $host; + uwsgi_param X-Real-IP $remote_addr; + uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for; + uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto; + } + } +} diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt new file mode 100644 index 0000000000..ddd9b64a36 --- /dev/null +++ b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt @@ -0,0 +1,84 @@ +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIIfDQFJU4qiGIwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp +bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUwOTAzMzYxN1oXDTIwMDUwOTAzMzYxN1ow +fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI +hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T +QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAIVFAR2i+qXd4hYeiXiTgoTyHeZQt0ndSq1aJ/tsiPEz +cH3/egq2nYGzC9zccDip8Vyd8uP54hw6OD8ulgssuxrRUppR0TcNp7TPzNIYbnOI +hjxU4XHCUQbhH4lt8+KVZDGCeWuDOTKXMZ2ZDj/WUcHXJA+2XDpUY6Gdg4K8+Mgu +CIOzqTkLl0Nz1a0FopZkSjf8nF0R1hf7XtbQorywLz7RL++nEh1a+vDkmVcSmLyW +fhI2uteuRFg3v9Y+Ebkp37QZ4oTpAjSyUKbvKuE0dhRvoTSRmjIxKFxiGrQBrMyJ +S3eQJR6USuRhxk2fZx9jTTPiVS5QotoTOO0C2xw9sBsCAwEAAaOCAUgwggFEMAkG +A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w +LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH +MB0GA1UdDgQWBBSaLxp34n5RCgXcMF4JKn+Z+HqMRTCBjwYDVR0RBIGHMIGEghtv +b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku +c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m +LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi5vbmFwMA0GCSqGSIb3DQEBCwUA +A4IBAQBarLs2rX/Av0CevlVcvGi73CsvBCtS18jz4Bj/cxuIDZzEHXtOoUmJ8FrI +9sG2cyZlqCBcND67VJfXsd34amhORnAwzzOjZGWgqvNfP9ayT/Ai1IAeBC0q33vu +h7v7wgV/cbZ+uNeU6ubN47JaW0pw6q7IBIhbTtnmBC+JmM0MLXt/zdU+/mbHEq7N +X+1AHDfM7VTzGrDTLt9DEX2tpBlj7l46Xp6UXWlbXUk2cHVzhNrhdgGDPHVs1MRT +ts3PvNAKyo1zHBRRS0asLVSes0Fge1O6x4RD5vbvFQxhawZsrvS2RRrLiCJNoMP3 +BiU0GD9vLvQy2SB+xBER57WuBsas +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key new file mode 100644 index 0000000000..848db05de7 --- /dev/null +++ b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCFRQEdovql3eIW +Hol4k4KE8h3mULdJ3UqtWif7bIjxM3B9/3oKtp2Bswvc3HA4qfFcnfLj+eIcOjg/ +LpYLLLsa0VKaUdE3Dae0z8zSGG5ziIY8VOFxwlEG4R+JbfPilWQxgnlrgzkylzGd +mQ4/1lHB1yQPtlw6VGOhnYOCvPjILgiDs6k5C5dDc9WtBaKWZEo3/JxdEdYX+17W +0KK8sC8+0S/vpxIdWvrw5JlXEpi8ln4SNrrXrkRYN7/WPhG5Kd+0GeKE6QI0slCm +7yrhNHYUb6E0kZoyMShcYhq0AazMiUt3kCUelErkYcZNn2cfY00z4lUuUKLaEzjt +AtscPbAbAgMBAAECggEAUSSNpFzaXel2Qd9/9kFiQ84jNFtK7hdl45y0IVqZGrsm +MCFATouX5SN+ApDZZzbZ9XlaLUK1UFiGbLnRs6Ydmht/PuS4DNwsk2O+ouErRv8G +NG++AIS+zwB9MjEXQIuTQK3fff2c8tep5voM+gNlLi/vDf4Ls5w0OW/tZcnndAHp +qpepSMd29gIwi9nViCD11k32UdQ7oAb7pB+RXleol1181945reuuvzIqfGamvfhl +TXdGO3GT7bSiy0q2iFGiAeEBfCNqYs3ptJrDrUSiPD7CZOybUFxGfI8lnrW/yvya +FrwIZuOkLdnCDssXsFzWz08NJ8sr2/HZZBgl9nbFoQKBgQDHVwq244eyUtNalRvZ +HPiRewSwp4A1pYBzk5DmcYLgKrXUlukYy7pKr8VoH899iWVPzWKqNkHavV2KvcSr +4dyNnEytAKiBqcb4piAzajgWG+m27WvITDF2zJhzx+91E1tngtyjKNzAHWG57A/W +S3H4Cm2eidXe6lKURL0RJ4QLcQKBgQCrJlnyPCf3qfcHkXW/EYlzmJMDSasgLEBl +/dthVZ8QRshooyzJTCckN2PXO+mbuarwmnjtb8ZS/PzPSZ7cAKfZOHgzWOPM5I45 +n0axJmrSZ+dUz270q8R1sVfqd0/jH4LjwuCQMKZmN+UpTijA2hKVWUCxcML7KtXT +QP3TQSy2SwKBgDlPgxsVy3uvaGiQmhMPyz84WR7Y6XmC/a087dnzJKeCYAig4p9o +Y0T5yA2pp6P2DpSk/grl0oUrEGvFJ3grVZe5KipLGCc/Qp9WU8e0cC+bEtSu6eAK +V+ZJ6ELRZr0INa1K6FhYdS8ew2wKvHrl8fxYMy/zfPO79sX+BUWbUNFhAoGAK5FQ +tkw/9FjM7J1HtwLU1ZtSWTTongEFx7DOpsFwA2mxXImlPfznvd1nygOTXTPvYt4/ +yFl6x+dkx7O6/9Ae6jnox1Fqc97+oYZ9LV1VNgiDJ+DCIwCSu08QzTvgFzYPUMFr +/uiTg1PZPyGJWEZrEp+syz6kM+HcmrFhq+RcaG8CgYEAtgHnJWL3v9r1jTP1YLRm +C7tXJ5a/xs3+KuM6vmSpAwkDvV50RK07ypGZqWsG2ewjUqxpAOeoiMn0dRRGP324 +yNCXUWjTVFbzdtzOQuOZVnEeje3K8xHUS3kv9zm1TgMbCRJgvc1THXhderiBShOK +ATP2Y7+WNByxs+TXGI//cFQ= +-----END PRIVATE KEY-----
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml index d223f4b9a2..69e24c7176 100755 --- a/kubernetes/oof/charts/oof-has/values.yaml +++ b/kubernetes/oof/charts/oof-has/values.yaml @@ -25,7 +25,7 @@ global: commonConfigPrefix: onap-oof-has image: readiness: oomk8s/readiness-check:2.0.0 - optf_has: onap/optf-has:1.2.5 + optf_has: onap/optf-has:1.3.0-SNAPSHOT-latest filebeat: docker.elastic.co/beats/filebeat:5.5.0 pullPolicy: Always diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/common_config.yaml new file mode 100644 index 0000000000..03972a7e1f --- /dev/null +++ b/kubernetes/oof/resources/config/common_config.yaml @@ -0,0 +1,82 @@ +osdf_system: + libpath: /opt/app/osdf/libs + osdf_ports: + internal: 8699 # inside the Docker container, the app listens to this port + external: 8698 # clients use this port on DockerHost + osdf_ip_default: 0.0.0.0 +# # Important Note: At deployment time, we need to ensure the port mapping is done + ssl_context: ['/opt/app/ssl_cert/org.onap.oof.crt', '/opt/app/ssl_cert/org.onap.oof.key'] + +osdf_temp: # special configuration required for "workarounds" or testing + local_policies: + global_disabled: True + local_placement_policies_enabled: True + placement_policy_dir_vcpe: "./test/policy-local-files/" + placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components) + - Affinity_vCPE_1.json + #- Capacity_vGMuxInfra.json + #- Capacity_vG_1.json + - Distance_vG_1.json + - Distance_vGMuxInfra_1.json + - hpa_policy_vG_1.json + - hpa_policy_vGMuxInfra_1.json + - Placement_Optimization_1.json + - QueryPolicy_vCPE.json + - vnfPolicy_vG.json + - vnfPolicy_vGMuxInfra.json + placement_policy_dir_vfw: "./test/policy-local-files/" + placement_policy_files_vfw: # workaroud for policy platform glitches (or "work-arounds" for other components) + #- Capacity_vFW_1.json + - Distance_vFW_1.json + - hpa_policy_vFW_1.json + - Placement_Optimization_1.json + - QueryPolicy_vFW.json + - vnfPolicy_vFW.json + placement_policy_dir_vfw_td: "./test/policy-local-files/" + placement_policy_files_vfw_td: + - vnfPolicy_vFW_TD.json + - vnfPolicy_vPGN_TD.json + - affinity_vFW_TD.json + - QueryPolicy_vFW_TD.json +service_info: + vCPE: + vcpeHostName: requestParameters.vcpeHostName + e2eVpnKey: requestParameters.e2eVpnKey + vFW: + vcpeHostName: requestParameters.vcpeHostName + e2eVpnKey: requestParameters.e2eVpnKey + +references: + service_name: + source: request + value: serviceInfo.serviceName + subscriber_role: + source: SubscriberPolicy + value: content.properties.subscriberRole + +policy_info: + prioritization_attributes: + policy_type: + - content.policyType + resources: + - content.resources + - content.objectiveParameter.parameterAttributes.resources + service_name: + - content.serviceName + + placement: + policy_fetch: by_scope + policy_scope: + default_scope: OSDF_CASABLANCA + vcpe_scope: OSDF_CASABLANCA + vfw_scope: OSDF_DUBLIN + secondary_scopes: + - + - get_param: service_name + - US + # - + # - get_param: service_name + # - get_param: subscriber_role + default: # if no explicit service related information is needed + policy_fetch: by_name + policy_scope: none diff --git a/kubernetes/oof/resources/config/org.onap.oof.crt b/kubernetes/oof/resources/config/org.onap.oof.crt new file mode 100644 index 0000000000..224d39375b --- /dev/null +++ b/kubernetes/oof/resources/config/org.onap.oof.crt @@ -0,0 +1,86 @@ +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIIfDQFJU4qiGIwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp +bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUwOTAzMzYxN1oXDTIwMDUwOTAzMzYxN1ow +fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI +hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T +QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAIVFAR2i+qXd4hYeiXiTgoTyHeZQt0ndSq1aJ/tsiPEz +cH3/egq2nYGzC9zccDip8Vyd8uP54hw6OD8ulgssuxrRUppR0TcNp7TPzNIYbnOI +hjxU4XHCUQbhH4lt8+KVZDGCeWuDOTKXMZ2ZDj/WUcHXJA+2XDpUY6Gdg4K8+Mgu +CIOzqTkLl0Nz1a0FopZkSjf8nF0R1hf7XtbQorywLz7RL++nEh1a+vDkmVcSmLyW +fhI2uteuRFg3v9Y+Ebkp37QZ4oTpAjSyUKbvKuE0dhRvoTSRmjIxKFxiGrQBrMyJ +S3eQJR6USuRhxk2fZx9jTTPiVS5QotoTOO0C2xw9sBsCAwEAAaOCAUgwggFEMAkG +A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w +LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH +MB0GA1UdDgQWBBSaLxp34n5RCgXcMF4JKn+Z+HqMRTCBjwYDVR0RBIGHMIGEghtv +b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku +c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m +LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi5vbmFwMA0GCSqGSIb3DQEBCwUA +A4IBAQBarLs2rX/Av0CevlVcvGi73CsvBCtS18jz4Bj/cxuIDZzEHXtOoUmJ8FrI +9sG2cyZlqCBcND67VJfXsd34amhORnAwzzOjZGWgqvNfP9ayT/Ai1IAeBC0q33vu +h7v7wgV/cbZ+uNeU6ubN47JaW0pw6q7IBIhbTtnmBC+JmM0MLXt/zdU+/mbHEq7N +X+1AHDfM7VTzGrDTLt9DEX2tpBlj7l46Xp6UXWlbXUk2cHVzhNrhdgGDPHVs1MRT +ts3PvNAKyo1zHBRRS0asLVSes0Fge1O6x4RD5vbvFQxhawZsrvS2RRrLiCJNoMP3 +BiU0GD9vLvQy2SB+xBER57WuBsas +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- + + diff --git a/kubernetes/oof/resources/config/org.onap.oof.key b/kubernetes/oof/resources/config/org.onap.oof.key new file mode 100644 index 0000000000..a261fda9ed --- /dev/null +++ b/kubernetes/oof/resources/config/org.onap.oof.key @@ -0,0 +1,29 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCFRQEdovql3eIW +Hol4k4KE8h3mULdJ3UqtWif7bIjxM3B9/3oKtp2Bswvc3HA4qfFcnfLj+eIcOjg/ +LpYLLLsa0VKaUdE3Dae0z8zSGG5ziIY8VOFxwlEG4R+JbfPilWQxgnlrgzkylzGd +mQ4/1lHB1yQPtlw6VGOhnYOCvPjILgiDs6k5C5dDc9WtBaKWZEo3/JxdEdYX+17W +0KK8sC8+0S/vpxIdWvrw5JlXEpi8ln4SNrrXrkRYN7/WPhG5Kd+0GeKE6QI0slCm +7yrhNHYUb6E0kZoyMShcYhq0AazMiUt3kCUelErkYcZNn2cfY00z4lUuUKLaEzjt +AtscPbAbAgMBAAECggEAUSSNpFzaXel2Qd9/9kFiQ84jNFtK7hdl45y0IVqZGrsm +MCFATouX5SN+ApDZZzbZ9XlaLUK1UFiGbLnRs6Ydmht/PuS4DNwsk2O+ouErRv8G +NG++AIS+zwB9MjEXQIuTQK3fff2c8tep5voM+gNlLi/vDf4Ls5w0OW/tZcnndAHp +qpepSMd29gIwi9nViCD11k32UdQ7oAb7pB+RXleol1181945reuuvzIqfGamvfhl +TXdGO3GT7bSiy0q2iFGiAeEBfCNqYs3ptJrDrUSiPD7CZOybUFxGfI8lnrW/yvya +FrwIZuOkLdnCDssXsFzWz08NJ8sr2/HZZBgl9nbFoQKBgQDHVwq244eyUtNalRvZ +HPiRewSwp4A1pYBzk5DmcYLgKrXUlukYy7pKr8VoH899iWVPzWKqNkHavV2KvcSr +4dyNnEytAKiBqcb4piAzajgWG+m27WvITDF2zJhzx+91E1tngtyjKNzAHWG57A/W +S3H4Cm2eidXe6lKURL0RJ4QLcQKBgQCrJlnyPCf3qfcHkXW/EYlzmJMDSasgLEBl +/dthVZ8QRshooyzJTCckN2PXO+mbuarwmnjtb8ZS/PzPSZ7cAKfZOHgzWOPM5I45 +n0axJmrSZ+dUz270q8R1sVfqd0/jH4LjwuCQMKZmN+UpTijA2hKVWUCxcML7KtXT +QP3TQSy2SwKBgDlPgxsVy3uvaGiQmhMPyz84WR7Y6XmC/a087dnzJKeCYAig4p9o +Y0T5yA2pp6P2DpSk/grl0oUrEGvFJ3grVZe5KipLGCc/Qp9WU8e0cC+bEtSu6eAK +V+ZJ6ELRZr0INa1K6FhYdS8ew2wKvHrl8fxYMy/zfPO79sX+BUWbUNFhAoGAK5FQ +tkw/9FjM7J1HtwLU1ZtSWTTongEFx7DOpsFwA2mxXImlPfznvd1nygOTXTPvYt4/ +yFl6x+dkx7O6/9Ae6jnox1Fqc97+oYZ9LV1VNgiDJ+DCIwCSu08QzTvgFzYPUMFr +/uiTg1PZPyGJWEZrEp+syz6kM+HcmrFhq+RcaG8CgYEAtgHnJWL3v9r1jTP1YLRm +C7tXJ5a/xs3+KuM6vmSpAwkDvV50RK07ypGZqWsG2ewjUqxpAOeoiMn0dRRGP324 +yNCXUWjTVFbzdtzOQuOZVnEeje3K8xHUS3kv9zm1TgMbCRJgvc1THXhderiBShOK +ATP2Y7+WNByxs+TXGI//cFQ= +-----END PRIVATE KEY----- + diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml index fea3d908cf..4dd3097918 100755 --- a/kubernetes/oof/resources/config/osdf_config.yaml +++ b/kubernetes/oof/resources/config/osdf_config.yaml @@ -60,7 +60,7 @@ osdfCMSchedulerUsername: {{ .Values.config.osdfCMSchedulerUsername }} osdfCMSchedulerPassword: {{ .Values.config.osdfCMSchedulerPassword }} is_aaf_enabled: {{ .Values.config.is_aaf_enabled }} -aaf_cache_expiry_hrs: {{ .Values.config.aaf_cache_expiry_hrs }} +aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }} aaf_url: {{ .Values.config.aaf_url }} aaf_user_roles: {{- range .Values.config.aaf_user_roles }} diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index d4558b72dd..3c5306e644 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -95,6 +95,15 @@ spec: - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer name: {{ include "common.fullname" . }}-config subPath: aaf_root_ca.cer + - mountPath: /opt/app/ssl_cert/org.onap.oof.crt + name: {{ include "common.fullname" . }}-config + subPath: org.onap.oof.crt + - mountPath: /opt/app/ssl_cert/org.onap.oof.key + name: {{ include "common.fullname" . }}-config + subPath: org.onap.oof.key + - mountPath: /opt/osdf/config/common_config.yaml + name: {{ include "common.fullname" . }}-config + subPath: common_config.yaml resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -118,5 +127,11 @@ spec: path: osdf_config.yaml - key: aaf_root_ca.cer path: aaf_root_ca.cer + - key: common_config.yaml + path: common_config.yaml + - key: org.onap.oof.crt + path: org.onap.oof.crt + - key: org.onap.oof.key + path: org.onap.oof.key imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 24a0333e5a..5099091b4a 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/optf-osdf:1.2.4 +image: onap/optf-osdf:1.3.0-SNAPSHOT-latest pullPolicy: Always # flag to enable debugging - application support required @@ -49,7 +49,7 @@ config: soUsername: "" # SO username for call back. soPassword: "" # SO password for call back. # Url and credentials for Conductor. - conductorUrl: http://oof-has-api:8091/v1/plans/ + conductorUrl: https://oof-has-api:8091/v1/plans/ conductorUsername: admin1 conductorPassword: plan.15 conductorPingWaitTime: 60 @@ -87,10 +87,11 @@ config: osdfCMSchedulerPassword: testpwd1 #AAF Authentication is_aaf_enabled: False - aaf_cache_expiry_hrs: 3 + aaf_cache_expiry_mins: 5 aaf_url: https://aaf-service:8100 aaf_user_roles: - - '/api/oof/v1/placement:org.onap.osdf.access|*|read ALL' + - '/placement:org.onap.oof.access|*|read ALL' + - '/pci:org.onap.oof.access|*|read ALL' # Secret Management Service from AAF aaf_sms_url: https://aaf-sms aaf_sms_port: 10443 |