14 files changed, 57 insertions, 28 deletions

diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12 b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12
new file mode 100644
index 0000000000..df2f4f6cd3
--- /dev/null
+++ b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12
diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties
index 088dbc104b..06726702f0 100755
--- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties
+++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/portal.properties
@@ -19,7 +19,7 @@ max.idle.time = 5
 user.attribute.name = user_attribute
 
 # for single sign on
-ecomp_redirect_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/login.htm
+ecomp_redirect_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/login.htm
 
 # URL of the ECOMP Portal REST API
 ecomp_rest_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/auxapi
diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
index c4a27603ea..8d21859b29 100755
--- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -58,7 +58,7 @@ log_cron                      = 0 * * * * ? *
 sessiontimeout_feed_cron	  = 0 0/5 * * * ? *
 
 #Front end URL
-frontend_url                  = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/applicationsHome
+frontend_url                  = https://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/applicationsHome
 
 
 # An Unqiue 128-bit value defined to indentify a specific version of
@@ -112,13 +112,13 @@ auditlog_del_day_from = 365
 external_system_notification_url= https://jira.onap.org/browse/
 
 # External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = m00468@portal.onap.org
-ext_central_access_password = ByC0BEX2v5+4HBv2GA4S+Mi2iML+GrGNJ5Gxo/V/iWM=
-ext_central_access_url = https://aaftest.test.onap.org:8095/proxy/authz/
-ext_central_access_user_domain = @csp.onap.org
+ext_central_access_user_name = aaf_admin@people.osaaf.org
+ext_central_access_password = VTCIC7wfMI0Zy61wkqKQC0bF0EK2YmL2JLl1fQU2YC4=
+ext_central_access_url = https://aaf-service:8100/authz/
+ext_central_access_user_domain = @people.osaaf.org
 
 # External Central Auth system access
-remote_centralized_system_access = false
+remote_centralized_system_access = true
 
 #cookie domain
 cookie_domain = onap.org
diff --git a/kubernetes/portal/charts/portal-app/templates/NOTES.txt b/kubernetes/portal/charts/portal-app/templates/NOTES.txt
index 1aa4c41458..9a67a4c9bb 100644
--- a/kubernetes/portal/charts/portal-app/templates/NOTES.txt
+++ b/kubernetes/portal/charts/portal-app/templates/NOTES.txt
@@ -13,7 +13,7 @@
   export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

   echo http://$SERVICE_IP:{{ .Values.service.externalPort }}

 {{- else if contains "ClusterIP" .Values.service.type }}

-  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "so.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")

+  export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")

   echo "Visit http://127.0.0.1:8080 to use your application"

   kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}

 {{- end }}

diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
index fb9f35ba19..5503328df4 100644
--- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
@@ -56,6 +56,12 @@ spec:
           - -n
           - ""
         env:
+          - name: CATALINA_OPTS
+            value: >
+              -Djavax.net.ssl.keyStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
+              -Djavax.net.ssl.keyStorePassword={{ .Values.global.trustpass }}
+              -Djavax.net.ssl.trustStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
+              -Djavax.net.ssl.trustStorePassword={{ .Values.global.trustpass }}
           - name: javax.net.ssl.keyStore
             value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} 
           - name: javax.net.ssl.keyStorePassword
diff --git a/kubernetes/portal/charts/portal-app/templates/service.yaml b/kubernetes/portal/charts/portal-app/templates/service.yaml
index 9d7073243d..0813682d95 100644
--- a/kubernetes/portal/charts/portal-app/templates/service.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/service.yaml
@@ -36,7 +36,7 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    {{- if or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer") }}
+    {{ if or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer") -}}
     - port: {{ .Values.service.externalPort }}
       targetPort: {{ .Values.service.internalPort }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml
index d34a08bb45..13d0138719 100644
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -28,7 +28,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/portal-app:2.3.0-STAGING-latest
+image: onap/portal-app:2.3.0
 pullPolicy: Always
 
 # default number of instances
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 6b9e8a957c..964e3e8cdd 100644
--- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -23,19 +23,40 @@ while the OOM K8s version has these service split up.
 */

 -- app_url is the FE, app_rest_endpoint is the BE

 --portal-sdk => TODO: doesn't open a node port yet

-update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8990/ONAPPORTALSDK/api/v2' where app_name = 'xDemo App';

+update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';

 --dmaap-bc => the dmaap-bc doesn't open a node port..

 update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';

 --sdc-be => 8443:30204, 8080:30205

 --sdc-fe => 8181:30206, 9443:30207

-update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v2' where app_name = 'SDC';

+update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v3' where app_name = 'SDC';

 --pap => 8443:30219

-update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v2' where app_name = 'Policy';

+update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v3' where app_name = 'Policy';

 --vid => 8080:30200

-update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v2' where app_name = 'Virtual Infrastructure Deployment';

+update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v3' where app_name = 'Virtual Infrastructure Deployment';

 --sparky => TODO: sparky doesn't open a node port yet

 update fn_app set app_url = 'http://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'http://aai-sparky-be.{{.Release.Namespace}}:9517/api/v2' where app_name = 'A&AI UI';

 --cli => 8080:30260

 update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';

---msb-discovery => 10081:30281  this is clearly incorrect

-update fn_app set app_url = 'http://{{.Values.config.msbDiscoveryHostName}}:{{.Values.config.msbDiscoveryPort}}/iui/microservices/default.html' where app_name = 'MSB';

+--msb-iag => 80:30280

+update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';

+

+

+/*

+Additionally, some more update statments; these should be refactored to another SQL file in future releases 

+*/

+

+-- portal

+update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.portal' where app_id = 1;

+-- portal-sdk

+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key' where app_id = 2;

+-- SDC

+update fn_app set app_username='sdc', app_password='j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', ueb_key='ueb_key' where app_id = 4;

+-- policy

+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key_5', auth_central = 'Y' , auth_namespace = 'org.onap.policy' where app_id = 5;

+-- vid

+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='2Re7Pvdkgw5aeAUD', auth_central = 'Y' , auth_namespace = 'org.onap.vid' where app_id = 6;

+-- aai sparky

+update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key' where app_id = 7;

+

+

+

diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml
index bd68f9aaec..c9acba5d9f 100644
--- a/kubernetes/portal/charts/portal-mariadb/values.yaml
+++ b/kubernetes/portal/charts/portal-mariadb/values.yaml
@@ -24,11 +24,11 @@ global: # global defaults
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/portal-db:2.3.0-STAGING-latest
+image: onap/portal-db:2.3.0
 pullPolicy: Always
 
 readinessImage: readiness-check:2.0.0
-mariadbInitImage: "mariadb-client-init:2.0.0"
+mariadbInitImage: "mariadb-client-init:3.0.0"
 
 # application configuration
 config:
@@ -64,10 +64,10 @@ config:
   dmaapBcPort: "" # TODO: populate with
   # application's front end hostname.  Must be resolvable on the client side environment
   dmaapBcHostName: "dmaap-bc.simpledemo.onap.org"
-  # msb discovery ui assignment for port ?
-  msbDiscoveryPort: "30281"
+  # msb IAG ui assignment for port 80
+  msbPort: "30280"
   # application's front end hostname.  Must be resolvable on the client side environment
-  msbDiscoveryHostName: "msb.api.discovery.simpledemo.onap.org"
+  msbHostName: "msb.api.simpledemo.onap.org"
 
 # default number of instances
 replicaCount: 1
diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties
index e9d1c93990..2ccace545a 100755
--- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties
+++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/portal.properties
@@ -35,7 +35,7 @@ use_rest_for_functional_menu=true
 portal.api.impl.class = org.onap.portalapp.service.OnBoardingApiServiceImpl
 
 # CSP Global Log On for single sign on
-ecomp_redirect_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/login.htm
+ecomp_redirect_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/login.htm
 
 # URL of the ECOMP Portal REST API
 
diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml
index 89d2e77182..772f191929 100644
--- a/kubernetes/portal/charts/portal-sdk/values.yaml
+++ b/kubernetes/portal/charts/portal-sdk/values.yaml
@@ -28,7 +28,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/portal-sdk:2.3.0-STAGING-latest
+image: onap/portal-sdk:2.3.0
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -58,6 +58,7 @@ service:
   name: portal-sdk
   portName: portal-sdk
   internalPort: 8080
+  externalPort: 8080
   nodePort: 12
 
 mariadb:
diff --git a/kubernetes/portal/charts/portal-widget/values.yaml b/kubernetes/portal/charts/portal-widget/values.yaml
index 0724653b43..f6581dbeff 100644
--- a/kubernetes/portal/charts/portal-widget/values.yaml
+++ b/kubernetes/portal/charts/portal-widget/values.yaml
@@ -29,7 +29,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/portal-wms:2.3.0-STAGING-latest
+image: onap/portal-wms:2.3.0
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/portal/docker/init/mariadb-client/Dockerfile b/kubernetes/portal/docker/init/mariadb-client/Dockerfile
index a656d39b02..5eb5ad1843 100644
--- a/kubernetes/portal/docker/init/mariadb-client/Dockerfile
+++ b/kubernetes/portal/docker/init/mariadb-client/Dockerfile
@@ -14,14 +14,14 @@
 
 FROM boxfuse/flyway:5.0.7-alpine
 
-ARG branch=2.0.0-ONAP
+ARG branch=master
 ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
 # Setup Corporate proxy
 ENV https_proxy ${HTTP_PROXY}
 ENV http_proxy ${HTTPS_PROXY}
 
 RUN apk add --update \
-    mariadb-client=10.1.28-r1 \
+    mariadb-client=10.1.32-r0 \
     git \
   && rm -rf /var/cache/apk/*
 
diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml
index 719116b7dd..f8eccf7b27 100644
--- a/kubernetes/portal/values.yaml
+++ b/kubernetes/portal/values.yaml
@@ -18,11 +18,12 @@ global:
     tomcatDir: "/opt/apache-tomcat-8.0.37"
   # portal frontend port
   portalPort: "8989"
+  portalFEPort: "30225"
   # application's front end hostname.  Must be resolvable on the client side environment
   portalHostName: "portal.api.simpledemo.onap.org"
-  keystoreFile: "keystoreONAPPortal.jks"
+  keystoreFile: "keystoreONAPPortal.p12"
   truststoreFile: "truststoreONAPall.jks"
-  keypass: "changeit"
+  keypass: ",@{9!OOv%HO@#c+0Z}axu!xV"
   trustpass: "changeit"
 
 config: