diff options
Diffstat (limited to 'kubernetes/sdnc')
13 files changed, 243 insertions, 18 deletions
diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 5378d64e9f..b37b2be590 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.0.5 +image: onap/sdnc-dmaap-listener-image:2.1.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 6c32c9036e..f9c8ca4401 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.0.5 +image: onap/sdnc-ansible-server-image:2.1.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh index 5a53fa1ca2..feb6662196 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh @@ -17,7 +17,7 @@ */}} debugLog(){ - if [ "$enableDebugLogging" == true ]; then + if [ "$enableDebugLogging" = true ]; then if [ $# -eq 0 ]; then echo "" >> $LOGFILE else diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh index 9c81069812..94858339e7 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh @@ -17,7 +17,7 @@ */}} debugLog(){ - if [ "$enableDebugLogging" == true ]; then + if [ "$enableDebugLogging" = true ]; then if [ $# -eq 0 ]; then echo "" >> $LOGFILE else diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh index 7764d00cc2..fa76a9ee40 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh @@ -24,7 +24,7 @@ fi # should PROM start as passive? state=$( bin/sdnc.cluster ) -if [ "$state" == "standby" ]; then +if [ "$state" = "standby" ]; then echo "Starting PROM in passive mode" passive="-p" fi diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh index 091643f174..c36d2e3e9f 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh @@ -1,6 +1,6 @@ -{{/* -#/bin/sh +#!/bin/sh +{{/* # Copyright © 2018 Amdocs # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -26,7 +26,7 @@ LOGFILE="/app/geo.log" enableDebugLogging=true debugLog(){ - if [ "$enableDebugLogging" == true ]; then + if [ "$enableDebugLogging" = true ]; then if [ $# -eq 0 ]; then echo "" >> $LOGFILE else diff --git a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml index a2e3a48e25..7b04773ec5 100644 --- a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml @@ -85,7 +85,10 @@ spec: - name: TILEURL value: {{ .Values.config.topologyserver.tileserverUrl }} {{ end }} - + - name: ENABLE_OAUTH + value: "{{ .Values.config.oauth.enabled | default "false" }}" + - name: ENABLE_ODLUX_RBAC + value: "{{ .Values.config.oauth.odluxRbac.enabled | default "false" }}" volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index 8648ac4dcc..acd21ae8b9 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.0.5" +image: "onap/sdnc-web-image:2.1.5" pullPolicy: Always config: @@ -36,6 +36,10 @@ config: sslCertDir: "/opt/app/osaaf/local/certs" sslCertiticate: "cert.pem" sslCertKey: "key.pem" + oauth: + enabled: false + odluxRbac: + enabled: false transportpce: enabled: false transportpceUrl: http://transportpce.transportpce:8181 diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index 96b37092f9..b5c062945b 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.0.5 +image: onap/sdnc-ueb-listener-image:2.1.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/conf/oauth-provider.config.json b/kubernetes/sdnc/resources/config/conf/oauth-provider.config.json new file mode 100644 index 0000000000..8d3c106bb9 --- /dev/null +++ b/kubernetes/sdnc/resources/config/conf/oauth-provider.config.json @@ -0,0 +1,8 @@ +{ + "tokenSecret": "${OAUTH_TOKEN_SECRET}", + "tokenIssuer": {{ .Values.config.sdnr.oauth.tokenIssuer | quote }}, + "publicUrl": {{ .Values.config.sdnr.oauth.publicUrl | quote }}, + "redirectUri": "{{ .Values.config.sdnr.oauth.redirectUri | quote | default "null" }}", + "supportOdlUsers": "{{ .Values.config.sdnr.oauth.supportOdlUsers | default "true" }}", + "providers": {{ .Values.config.sdnr.oauth.providers | toJson }} +}
\ No newline at end of file diff --git a/kubernetes/sdnc/resources/geo/bin/switchVoting.sh b/kubernetes/sdnc/resources/geo/bin/switchVoting.sh index 076f1ea35f..65b76265fc 100755 --- a/kubernetes/sdnc/resources/geo/bin/switchVoting.sh +++ b/kubernetes/sdnc/resources/geo/bin/switchVoting.sh @@ -16,7 +16,7 @@ # limitations under the License. */}} -function usage() +usage () { echo usage: switchVoting.sh primary\|secondary exit 1 diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 48776c9961..152337ee52 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -41,6 +41,36 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }} - name: AAI_CLIENT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }} + - name: AAI_TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-truststore-password" "key" "password") | indent 10 }} + - name: ANSIBLE_TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-truststore-password" "key" "password") | indent 10 }} + - name: SO_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "login") | indent 10 }} + - name: SO_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "password") | indent 10 }} + - name: NENG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "login") | indent 10 }} + - name: NENG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "password") | indent 10 }} + - name: CDS_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "login") | indent 10 }} + - name: CDS_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "password") | indent 10 }} + - name: HONEYCOMB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "login") | indent 10 }} + - name: HONEYCOMB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "password") | indent 10 }} + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 10 }} + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }} + - name: DMAAP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "login") | indent 10 }} + - name: DMAAP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "password") | indent 10 }} + - name: DMAAP_AUTHKEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-authkey" "key" "password") | indent 10 }} - name: MODELSERVICE_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }} - name: MODELSERVICE_PASSWORD @@ -63,16 +93,33 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SDNC_DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - name: ODL_ADMIN_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + - name: ODL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} - name: ODL_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + - name: ODL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} {{ if and .Values.config.sdnr.dmaapProxy.enabled .Values.config.sdnr.dmaapProxy.usepwd }} - name: DMAAP_HTTP_PROXY_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "login") | indent 10 }} - name: DMAAP_HTTP_PROXY_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }} {{- end }} + {{ if .Values.config.sdnr.oauth.enabled }} + - name: OAUTH_TOKEN_SECRET + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oauth-token-secret" "key" "password") | indent 10 }} + - name: KEYCLOAK_SECRET + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keycloak-secret" "key" "password") | indent 10 }} + + - name: ENABLE_ODLUX_RBAC + value: "{{ .Values.config.sdnr.oauth.odluxRbac.enabled | default "true" }}" + {{ end }} volumeMounts: @@ -90,6 +137,8 @@ spec: {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}} - --container-name - {{ include "common.mariadbService" . }} + - --job-name + - {{ include "common.fullname" . }}-dbinit-job {{ end -}} {{ if .Values.config.sdnr.enabled -}} - --container-name @@ -153,14 +202,58 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} - name: ODL_ADMIN_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} + - name: ODL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} - name: ODL_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }} + - name: ODL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }} - name: SDNC_DB_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SDNC_DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: MYSQL_DATABASE + value: "{{ .Values.config.dbSdnctlDatabase }}" - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" + - name: AAI_CLIENT_NAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 12 }} + - name: AAI_CLIENT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 12 }} + - name: AAI_TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-truststore-password" "key" "password") | indent 12 }} + - name: ANSIBLE_TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-truststore-password" "key" "password") | indent 12 }} + - name: SO_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "login") | indent 12 }} + - name: SO_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "password") | indent 12 }} + - name: NENG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "login") | indent 12 }} + - name: NENG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "password") | indent 12 }} + - name: CDS_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "login") | indent 12 }} + - name: CDS_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "password") | indent 12 }} + - name: HONEYCOMB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "login") | indent 12 }} + - name: HONEYCOMB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: DMAAP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "login") | indent 12 }} + - name: DMAAP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "password") | indent 12 }} + - name: DMAAP_AUTHKEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-authkey" "key" "password") | indent 12 }} - name: ENABLE_ODL_CLUSTER value: "{{ .Values.config.enableClustering }}" - name: MY_ODL_CLUSTER @@ -210,7 +303,8 @@ spec: - name: ODL_CERT_DIR value: {{ (mustFirst (.Values.certificates)).mountPath }} {{- end }} - + - name: ENABLE_OAUTH + value: "{{ .Values.config.sdnr.oauth.enabled | default "false" }}" volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} {{ include "common.certServiceClient.volumeMounts" . | indent 10 }} @@ -278,6 +372,11 @@ spec: - mountPath: {{ .Values.config.odl.etcDir }}/org.opendaylight.daexim.cfg name: properties subPath: org.opendaylight.daexim.cfg + {{- if .Values.config.sdnr.oauth.enabled }} + - mountPath: {{ .Values.config.odl.etcDir }}/oauth-provider.config.json + name: properties + subPath: oauth-provider.config.json + {{ end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 802722f400..43201fef4b 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -86,12 +86,67 @@ secrets: externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}' password: '{{ .Values.config.netboxApikey }}' passwordPolicy: required + - uid: aai-truststore-password + type: password + externalSecret: '{{ .Values.config.aaiTruststoreExternalSecret }}' + password: '{{ .Values.config.aaiTruststorePassword }}' + passwordPolicy: required + - uid: ansible-truststore-password + type: password + externalSecret: '{{ .Values.config.ansibleTruststoreExternalSecret }}' + password: '{{ .Values.config.ansibleTruststorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ .Values.config.truststoreExternalSecret }}' + password: '{{ .Values.config.truststorePassword }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ .Values.config.keystoreExternalSecret }}' + password: '{{ .Values.config.keystorePassword }}' + passwordPolicy: required + - uid: dmaap-authkey + type: password + externalSecret: '{{ .Values.config.dmaapAuthKeyExternalSecret }}' + password: '{{ .Values.config.dmaapAuthKey }}' + passwordPolicy: required - uid: aai-user-creds type: basicAuth externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}' login: '{{ .Values.config.aaiUser }}' password: '{{ .Values.config.aaiPassword }}' passwordPolicy: required + - uid: so-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.soCredsExternalSecret}}' + login: '{{ .Values.config.soUser }}' + password: '{{ .Values.config.soPassword }}' + passwordPolicy: required + - uid: neng-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.nengCredsExternalSecret}}' + login: '{{ .Values.config.nengUser }}' + password: '{{ .Values.config.nengPassword }}' + passwordPolicy: required + - uid: cds-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.cdsCredsExternalSecret}}' + login: '{{ .Values.config.cdsUser }}' + password: '{{ .Values.config.cdsPassword }}' + passwordPolicy: required + - uid: honeycomb-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.honeycombCredsExternalSecret}}' + login: '{{ .Values.config.honeycombUser }}' + password: '{{ .Values.config.honeycombPassword }}' + passwordPolicy: required + - uid: dmaap-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.dmaapCredsExternalSecret}}' + login: '{{ .Values.config.dmaapUser }}' + password: '{{ .Values.config.dmaapPassword }}' + passwordPolicy: required - uid: modeling-user-creds type: basicAuth externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}' @@ -117,6 +172,17 @@ secrets: login: '{{ .Values.config.scaleoutUser }}' password: '{{ .Values.config.scaleoutPassword }}' passwordPolicy: required + - uid: oauth-token-secret + type: password + externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.tokenExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}' + password: '{{ .Values.config.sdnr.oauth.tokenSecret }}' + passwordPolicy: required + - uid: keycloak-secret + type: password + externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.providersSecrets.keycloakExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}' + password: '{{ .Values.config.sdnr.oauth.providersSecrets.keycloak }}' + passwordPolicy: required + ################################################################# # Certificates ################################################################# @@ -129,6 +195,7 @@ certificates: outputType: - jks passwordSecretRef: + create: true name: sdnc-cmpv2-keystore-password key: password issuer: @@ -141,7 +208,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.0.5 +image: onap/sdnc-image:2.1.5 # flag to enable debugging - application support required debugEnabled: false @@ -155,9 +222,34 @@ config: # odlCredsExternalSecret: some secret netboxApikey: onceuponatimeiplayedwithnetbox20180814 # netboxApikeyExternalSecret: some secret + aaiTruststorePassword: changeit + # aaiTruststoreExternalSecret: some secret + ansibleTruststorePassword: changeit + # ansibleTruststoreExternalSecret: some secret + truststorePassword: adminadmin + # truststoreExternalSecret: some secret + keystorePassword: adminadmin + # keystoreExternalSecret: some secret aaiUser: sdnc@sdnc.onap.org aaiPassword: demo123456! # aaiCredsExternalSecret: some secret + soUser: sdncaBpmn + soPassword: password1$ + # soCredsExternalSecret: some secret + nengUser: ccsdkapps + nengPassword: ccsdkapps + # nengCredsExternalSecret: some secret + cdsUser: ccsdkapps + cdsPassword: ccsdkapps + # cdsCredsExternalSecret: some secret + honeycombUser: admin + honeycombPassword: admin + # honeycombCredsExternalSecret: some secret + dmaapUser: admin + dmaapPassword: admin + dmaapAuthKey: "fs20cKwalJ6ry4kX:7Hqm6BDZK47IKxGRkOPFk33qMYs=" + # dmaapCredsExternalSecret: some secret + # dmaapAuthKeyExternalSecret: some secret modelingUser: ccsdkapps modelingPassword: ccsdkapps # modelingCredsExternalSecret: some secret @@ -231,6 +323,7 @@ config: sdnrdbTrustAllCerts: true mountpointRegistrarEnabled: false mountpointStateProviderEnabled: false + # # enable and set dmaap-proxy for mountpointRegistrar dmaapProxy: enabled: false @@ -238,10 +331,28 @@ config: user: addUserHere password: addPasswordHere url: addProxyUrlHere - - - - + oauth: + enabled: false + tokenIssuer: ONAP SDNC + tokenSecret: secret + supportOdlusers: true + redirectUri: null + publicUrl: none + odluxRbac: + enabled: true + # example definition for a oauth provider + providersSecrets: + keycloak: d8d7ed52-0691-4353-9ac6-5383e72e9c46 + providers: + - id: keycloak + type: KEYCLOAK + host: http://keycloak:8080 + clientId: odlux.app + secret: ${KEYCLOAK_SECRET} + scope: openid + title: ONAP Keycloak Provider + roleMapping: + mykeycloak: admin # dependency / sub-chart configuration certInitializer: |