diff options
Diffstat (limited to 'kubernetes/so/charts')
60 files changed, 1268 insertions, 321 deletions
diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index 5930b5d5be..02947c6643 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} dme2: timeout: '30000' endpoint: https://aai.{{ include "common.namespace" . }}:8443 @@ -21,7 +21,7 @@ aai: cds: endpoint: cds-blueprints-processor-grpc port: 9111 - auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + auth: {{ .Values.cds.auth }} timeout: 600 camunda: bpm: @@ -51,10 +51,12 @@ mso: rainyDay: retryDurationMultiplier: 2 maxRetries: 5 - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + msoKey: {{ .Values.mso.key }} correlation: timeout: 60 logPath: logs + config: + cadi: {{ include "cadi.keys" . | nindent 8}} async: core-pool-size: 50 max-pool-size: 50 @@ -64,10 +66,10 @@ mso: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}} db: - auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF - password: wLg4sjrAFUS8rfVfdvTXeQ== + auth: {{ .Values.mso.adapters.db.auth }} + password: {{ .Values.mso.adapters.db.password }} endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter spring: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 @@ -79,7 +81,7 @@ mso: db: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter po: - auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF + auth: {{ .Values.mso.adapters.po.auth }} sdnc: endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter rest: @@ -112,7 +114,7 @@ mso: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} default: adapter: namespace: http://org.onap.mso @@ -129,7 +131,7 @@ mso: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/ rollback: 'true' sdnc: - password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F + password: {{ .Values.mso.sdnc.password }} service: agnostic: sniro: @@ -137,12 +139,12 @@ mso: host: http://sniro-emulator:80 site-name: CamundaEngine sniro: - auth: test:testpwd + auth: {{ .Values.mso.sniro.auth }} callback: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/adapters/rest/SDNCNotify - endpoint: http://replaceme:28090/optimizationInstance/V1/create + endpoint: {{ .Values.mso.sniro.endpoint }} timeout: PT30M oof: - auth: test:testpwd + auth: {{ .Values.mso.oof.auth }} callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698/api/oof/v1/placement timeout: PT30M @@ -287,6 +289,15 @@ sdnc: si: svc: types: PORT-MIRROR,PPROBE + dmaap: + host: http://message-router.{{ include "common.namespace" . }}:3904 + timeout: 30000 + lcm: + path: '/restconf/operations/LCM:' + actionTimeout: 300000 + dmapp: + readTopic: SDNC-LCM-WRITE + writeTopic: SDNC-LCM-READ appc: client: topic: @@ -361,7 +372,7 @@ so: vnfm: adapter: url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/ - auth: Basic dm5mbTpwYXNzd29yZDEk + auth: {{ .Values.so.vnfm.adapter.auth }} org: onap: so: diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml index d873beb62c..a2e27548ba 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap @@ -37,3 +38,12 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} + diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml index 931a89516b..dcb80c65b3 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -66,54 +66,75 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename - - name: DB_ADMIN_PASSWORD + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index a7925b79e5..1d2c5f17b1 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -24,12 +24,46 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.5.3 +image: onap/so/bpmn-infra:1.6.0 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret replicaCount: 1 minReadySeconds: 10 containerPort: 8081 diff --git a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml index 2ea2cffe27..fb83e4e26b 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml @@ -19,12 +19,14 @@ ssl-enable: false mso: logPath: logs site-name: onapheat + config: + cadi: {{ include "cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}} spring: datasource: hikari: @@ -67,7 +69,7 @@ cloud_config: admin_tenant: "{{ .Values.config.openStackServiceTenantName }}" member_role: "admin" tenant_metadata: true - identity_server_type: "KEYSTONE" + identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}" identity_authentication_type: "USERNAME_PASSWORD" project_domain_name: "{{ .Values.config.openStackProjectDomainName }}" user_domain_name: "{{ .Values.config.openStackUserDomainName }}" diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml index 931a89516b..7edd53cf94 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -66,50 +66,45 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename - - name: DB_ADMIN_PASSWORD + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 4685fd166a..b616abcc06 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -24,12 +24,47 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.5.3 +image: onap/so/catalog-db-adapter:1.6.0 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 8082 @@ -83,6 +118,8 @@ config: openStackTenantId: "d570c718cbc545029f40e50b75eb13df" openStackProjectDomainName: "openStackProjectDomainName" openStackUserDomainName: "openStackUserDomainName" + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh index b6d30e405b..08adb4a407 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh @@ -23,12 +23,12 @@ echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 -DROP DATABASE IF EXISTS `camundabpmn`; -CREATE DATABASE `camundabpmn`; -DROP USER IF EXISTS 'camundauser'; -CREATE USER 'camundauser'; -GRANT ALL on camundabpmn.* to 'camundauser' identified by 'camunda123' with GRANT OPTION; +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP DATABASE IF EXISTS camundabpmn; +CREATE DATABASE camundabpmn; +DROP USER IF EXISTS '${CAMUNDA_DB_USER}'; +CREATE USER '${CAMUNDA_DB_USER}'; +GRANT ALL on camundabpmn.* to '${CAMUNDA_DB_USER}' identified by '${CAMUNDA_DB_PASSWORD}' with GRANT OPTION; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh index b27760552d..0f404466ca 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh @@ -23,12 +23,12 @@ echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 -DROP DATABASE IF EXISTS `requestdb`; -CREATE DATABASE /*!32312 IF NOT EXISTS*/ `requestdb` /*!40100 DEFAULT CHARACTER SET latin1 */; -DROP USER IF EXISTS 'requestuser'; -CREATE USER 'requestuser'; -GRANT ALL on requestdb.* to 'requestuser' identified by 'request123' with GRANT OPTION; +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP DATABASE IF EXISTS requestdb; +CREATE DATABASE /*!32312 IF NOT EXISTS*/ requestdb /*!40100 DEFAULT CHARACTER SET latin1 */; +DROP USER IF EXISTS '${REQUEST_DB_USER}'; +CREATE USER '${REQUEST_DB_USER}'; +GRANT ALL on requestdb.* to '${REQUEST_DB_USER}' identified by '${REQUEST_DB_PASSWORD}' with GRANT OPTION; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh index 10fb4b18db..3115ec6199 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh @@ -23,12 +23,12 @@ echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 -DROP DATABASE IF EXISTS `catalogdb`; -CREATE DATABASE /*!32312 IF NOT EXISTS*/ `catalogdb` /*!40100 DEFAULT CHARACTER SET latin1 */; -DROP USER IF EXISTS 'cataloguser'; -CREATE USER 'cataloguser'; -GRANT ALL on catalogdb.* to 'cataloguser' identified by 'catalog123' with GRANT OPTION; +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP DATABASE IF EXISTS catalogdb; +CREATE DATABASE /*!32312 IF NOT EXISTS*/ catalogdb /*!40100 DEFAULT CHARACTER SET latin1 */; +DROP USER IF EXISTS '${CATALOG_DB_USER}'; +CREATE USER '${CATALOG_DB_USER}'; +GRANT ALL on catalogdb.* to '${CATALOG_DB_USER}' identified by '${CATALOG_DB_PASSWORD}' with GRANT OPTION; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh index 9c96720775..c4048002cf 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-so-user.sh @@ -23,13 +23,13 @@ echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 -DROP USER IF EXISTS 'so_user'; -CREATE USER 'so_user'; -GRANT USAGE ON *.* TO 'so_user'@'%' IDENTIFIED BY 'so_User123'; -GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `requestdb`.* TO 'so_user'@'%'; -GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `catalogdb`.* TO 'so_user'@'%'; -GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `camundabpmn`.* TO 'so_user'@'%'; +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP USER IF EXISTS '${DB_USER}'; +CREATE USER '${DB_USER}'; +GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%'; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh index 6eb3baaffa..e9d7c6fefa 100755 --- a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh +++ b/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/05-create-so-admin.sh @@ -23,13 +23,13 @@ echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1 -mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1 -DROP USER IF EXISTS 'so_admin'; -CREATE USER 'so_admin'; -GRANT USAGE ON *.* TO 'so_admin'@'%' IDENTIFIED BY 'so_Admin123'; -GRANT ALL PRIVILEGES ON `camundabpmn`.* TO 'so_admin'@'%' WITH GRANT OPTION; -GRANT ALL PRIVILEGES ON `requestdb`.* TO 'so_admin'@'%' WITH GRANT OPTION; -GRANT ALL PRIVILEGES ON `catalogdb`.* TO 'so_admin'@'%' WITH GRANT OPTION; +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP USER IF EXISTS '${DB_ADMIN}'; +CREATE USER '${DB_ADMIN}'; +GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}'; +GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; FLUSH PRIVILEGES; EOF diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/charts/so-mariadb/templates/job.yaml index 68c6017b91..ec589ea33e 100644 --- a/kubernetes/so/charts/so-mariadb/templates/job.yaml +++ b/kubernetes/so/charts/so-mariadb/templates/job.yaml @@ -43,14 +43,11 @@ spec: - name: DB_HOST value: {{ .Values.global.migration.dbHost }} - name: DB_USER - value: {{ .Values.global.migration.dbUser }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }} - name: DB_PORT value: "{{ .Values.global.migration.dbPort }}" - name: DB_PASS - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-migration - key: db-root-password-backup + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }} command: - /bin/bash - -c @@ -138,10 +135,27 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }} + - name: DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + - name: CAMUNDA_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "login") | indent 10 }} + - name: CAMUNDA_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "password") | indent 10 }} + - name: REQUEST_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "login") | indent 10 }} + - name: REQUEST_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "password") | indent 10 }} + - name: CATALOG_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }} + - name: CATALOG_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml index 1c309faffb..7c7d4f9fe5 100644 --- a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml +++ b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,36 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.global.mariadbGalera.mariadbRootPassword | b64enc | quote }} -{{- if .Values.global.migration.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-migration - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": pre-upgrade,pre-install - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": before-hook-creation -type: Opaque -data: - db-root-password-backup: {{ .Values.global.migration.dbPassword | b64enc | quote }} -{{- end }} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml index acf9cb4f33..5e7b2fef76 100755 --- a/kubernetes/so/charts/so-mariadb/values.yaml +++ b/kubernetes/so/charts/so-mariadb/values.yaml @@ -26,6 +26,55 @@ global: ubuntuInitRepository: registry.hub.docker.com ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-pass + name: '{{ include "common.release" . }}-so-mariadb-root-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.db.rootPasswordExternalSecret) . }}' + password: '{{ .Values.db.rootPassword }}' + passwordPolicy: required + - uid: db-backup-creds + name: '{{ include "common.release" . }}-so-mariadb-backup-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.backupCredsExternalSecret) . }}' + login: '{{ .Values.db.backupUser }}' + password: '{{ .Values.db.backupPassword }}' + passwordPolicy: required + annotations: + helm.sh/hook: pre-upgrade,pre-install + helm.sh/hook-weight: "0" + helm.sh/hook-delete-policy: before-hook-creation + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + - uid: camunda-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.camunda.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.camunda.userName }}' + password: '{{ .Values.db.camunda.password }}' + - uid: request-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.request.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.request.userName }}' + password: '{{ .Values.db.request.password }}' + - uid: catalog-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.catalog.userName }}' + password: '{{ .Values.db.catalog.password }}' + + + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -34,6 +83,32 @@ image: mariadb:10.1.38 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 +# db config +db: + rootPassword: secretpassword + # rootPasswordExternalSecret: some secret + backupPassword: secretpassword + backupUser: root + # backupCredsExternalSecret: some secret + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + camunda: + userName: camundauser + password: camunda123 + # dbCredsExternalSecret: some secret + request: + userName: requestuser + password: request123 + # dbCredsExternalSecret: some secret + catalog: + userName: cataloguser + password: catalog123 + # dbCredsExternalSecret: some secret + # application configuration config: # gerrit branch where the latest heat code is checked in diff --git a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml index 9afcddde36..aebd249c29 100644 --- a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml +++ b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - name: so-chown image: alpine:3.6 volumeMounts: @@ -65,30 +65,18 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -111,7 +99,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config @@ -119,5 +107,3 @@ spec: name: {{ include "common.fullname" . }}-app-configmap imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - - diff --git a/kubernetes/so/charts/so-monitoring/templates/secret.yaml b/kubernetes/so/charts/so-monitoring/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-monitoring/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index 240ca1511d..910b694245 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -29,19 +29,53 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.5.3 +image: onap/so/so-monitoring:1.6.0 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 9091 logPath: app/logs/ app: so-monitoring service: - type: NodePort +#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis... + type: ClusterIP nodePort: 24 internalPort: 9091 externalPort: 9091 @@ -90,4 +124,4 @@ ingress: ssl: "none" nodeSelector: {} tolerations: [] -affinity: {}
\ No newline at end of file +affinity: {} diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml index 4bf20a683b..117d270ab0 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} endpoint: https://aai.{{ include "common.namespace" . }}:8443 server: port: {{ index .Values.containerPort }} @@ -58,7 +58,7 @@ org: default_keystone_url_version: /v2.0 default_keystone_reg_ex: "/[vV][0-9]" vnf: - bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E + bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} checkRequiredParameters: true addGetFilesOnVolumeReq: false sockettimeout: 30 @@ -69,7 +69,7 @@ org: valet_enabled: false fail_requests_on_valet_failure: false network: - bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E + bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} sockettimeout: 5 connecttimeout: 5 retrycount: 5 @@ -96,22 +96,27 @@ ecomp: pollTimeout: 7500 pollInterval: 15 mso: - auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} logPath: ./logs/openstack msb-ip: msb-iag.{{ include "common.namespace" . }} - msb-port: 80 + msb-port: 443 + msb-scheme: https workflow: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + msoKey: {{ .Values.mso.msoKey }} config: + {{ if eq .Values.global.security.aaf.enabled true }} + cadi: {{ include "cadi.keys" . | nindent 8}} + {{- else }} cadi: - aafId: poBpmn + aafId: {{ .Values.mso.basicUser }} + {{- end }} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} site-name: localDevEnv async: core-pool-size: 50 diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml index d873beb62c..21544798cf 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap @@ -37,3 +38,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml index 931a89516b..e1c2069a44 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -66,54 +66,75 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename - - name: DB_ADMIN_PASSWORD + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index 8dc7e830d2..ea8dd0d45d 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -24,12 +24,45 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.5.3 +image: onap/so/openstack-adapter:1.6.0 pullPolicy: Always repository: nexus3.onap.org:10001 +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 8087 diff --git a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml index 6d746ede18..8dde3b7f99 100755 --- a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml @@ -20,9 +20,11 @@ ssl-enable: false mso: logPath: logs site-name: localSite + config: + cadi: {{- include "cadi.keys" . | nindent 8}} adapters: requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 spring: datasource: diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml index 931a89516b..7edd53cf94 100755 --- a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -66,50 +66,45 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename - - name: DB_ADMIN_PASSWORD + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index 58e6412847..2f890421e6 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -24,12 +24,45 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.5.3 +image: onap/so/request-db-adapter:1.6.0 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 8083 diff --git a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml index 44544f49e7..8d02cc1f5c 100755 --- a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + auth: {{.Values.aai.auth}} server: port: {{ index .Values.containerPort }} spring: @@ -44,20 +44,22 @@ request: pool-name: reqdb-pool registerMbeans: false mso: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + msoKey: {{ index .Values.mso.msoKey }} logPath: ./logs/sdc + config: + cadi: {{ include "cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} site-name: onapheat camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} aai: endpoint: https://aai.{{ include "common.namespace" . }}:8443 asdc-connections: @@ -67,7 +69,7 @@ mso: consumerId: SO-COpenSource-Env11 environmentName: AUTO asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443 - password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }} pollingInterval: 60 pollingTimeout: 60 relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL @@ -82,7 +84,7 @@ mso: config: activity: endpoint: http://sdc-wfd-be:8080 - key: 566B754875657232314F5548556D3665 + key: {{ .Values.mso.asdc.config.key }} components: count: 3, componentNames: SO,AAI,SDNC diff --git a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml index d873beb62c..104daae051 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap @@ -37,3 +38,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml index 931a89516b..e1c2069a44 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -66,54 +66,75 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename - - name: DB_ADMIN_PASSWORD + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml b/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index 2cce8bb2dd..a38e256615 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -24,12 +24,45 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.5.3 +image: onap/so/sdc-controller:1.6.0 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 8085 diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml index 5062a1f8f0..7a1358cc88 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -19,12 +19,14 @@ mso: max-pool-size: 50 queue-capacity: 500 logPath: ./logs/sdnc + config: + cadi: {{ include "cadi.keys" . | nindent 14}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} site-name: onapheat org: onap: @@ -100,8 +102,13 @@ org: changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf - bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100 + bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}} bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService + opticalservice: + optical-service-create: + create: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service + optical-service-delete: + delete: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service generic-resource: network-topology-operation: create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource @@ -139,16 +146,18 @@ org: myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify rest: bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage - sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135 + sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} sdncconnecttime: 5000 sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:' sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:' sdncurl12: 'http://sdnc.{{ include "common.namespace" . }}:8282/' + sdncurl13: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/opticalservice:' sdncurl5: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config' sdncurl6: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:' sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:' sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:' sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation' + sdncurl20: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/LCM:' service: infra: service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1 @@ -158,8 +167,14 @@ org: vfmodule: '': query: GET|60000|sdncurl12| + lcm: + download-n-e-sw: POST|1800000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + activate-n-e-sw: POST|300000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + upgrade-pre-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + upgrade-post-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + default: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm network: - encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 + encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }} spring: security: usercredentials: diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml index d873beb62c..104daae051 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap @@ -37,3 +38,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml index ab489160fc..401e803cc0 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml @@ -34,6 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} @@ -51,54 +52,75 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename - - name: DB_ADMIN_PASSWORD + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index d1be03b541..a4b2496662 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -24,12 +24,45 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.5.3 +image: onap/so/sdnc-adapter:1.6.0 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 8086 diff --git a/kubernetes/so/charts/so-secrets/Chart.yaml b/kubernetes/so/charts/so-secrets/Chart.yaml new file mode 100644 index 0000000000..be61d24840 --- /dev/null +++ b/kubernetes/so/charts/so-secrets/Chart.yaml @@ -0,0 +1,17 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +description: A Helm chart for so secrets +name: so-secrets +version: 5.0.0 diff --git a/kubernetes/so/charts/so-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-secrets/templates/secrets.yaml new file mode 100644 index 0000000000..9a749638f0 --- /dev/null +++ b/kubernetes/so/charts/so-secrets/templates/secrets.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-so-client-certs-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }} + keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}} +type: Opaque diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml new file mode 100755 index 0000000000..9ea7a7efc2 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP SO VE VNFM Adapter (SOL002) +name: so-ve-vnfm-adapter +version: 5.0.0 diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..88d805d81e --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,25 @@ +# Copyright © 2020 Samsung# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +server: + port: {{ (index .Values.service.ports 0).port }} + +vevnfmadapter: + endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 + +aai: + endpoint: https://aai.{{ include "common.namespace" . }}:8443 + +dmaap: + endpoint: http://message-router.{{ include "common.namespace" . }}:3904 diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..e940811883 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml @@ -0,0 +1,31 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +data: + APP: {{ include "common.name" . }} +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | nindent 2 }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..380b52fda0 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml @@ -0,0 +1,69 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + - name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - aai + - --container-name + - message-router + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: {{- include "common.containerPorts" . | nindent 10 }} + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml new file mode 100755 index 0000000000..f3ef1138b8 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml new file mode 100755 index 0000000000..1d9854c191 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml @@ -0,0 +1,87 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +image: onap/so/ve-vnfm-adapter:1.6.0 +pullPolicy: Always +replicaCount: 1 +service: + name: ve-vnfm-adapter + type: ClusterIP + annotations: + msb.onap.org/service-info: | + {{ if not .Values.global.msbDisabled -}}[ + { + "serviceName": "{{ include "common.servicename" . }}", + "version": "v1", + "url": "/", + "protocol": "REST", + "port": "{{ (index .Values.service.ports 0).port }}", + "visualRange": "1" + } + ]{{ end }} + ports: + - name: http + port: 9098 +flavor: small +resources: + small: + limits: + memory: 512Mi + cpu: 500m + requests: + memory: 256Mi + cpu: 250m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + port: 9098 + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml index dee73abd41..ea61f502f2 100755 --- a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml @@ -37,12 +37,14 @@ server: mso: site-name: localSite logPath: ./logs/vfc + config: + cadi: {{ include "cadi.keys" . | nindent 8}} msb-ip: msb-iag.{{ include "common.namespace" . }} msb-port: 80 adapters: requestDb: endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} #Actuator management: security: diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml index 931a89516b..2addd7b184 100755 --- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -66,30 +66,34 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename - - name: DB_ADMIN_PASSWORD + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD valueFrom: secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -109,7 +113,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index b15a67ffe8..aa4923a9bd 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -24,12 +24,45 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.5.3 +image: onap/so/vfc-adapter:1.6.0 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 8084 diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml index 5213700df0..ebfbc44685 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} version: v15 endpoint: https://aai.{{ include "common.namespace" . }}:8443 spring: @@ -37,15 +37,17 @@ http: trust-store: classpath:org.onap.so.trust.jks trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H' mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 + key: {{ .Values.mso.key }} site-name: localSite logPath: ./logs/vnfm-adapter + config: + cadi: {{ include "cadi.keys" . | nindent 8}} msb-ip: msb-iag.{{ include "common.namespace" . }} msb-port: 80 sdc: - username: mso - password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F - key: 566B754875657232314F5548556D3665 + username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}} + password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}} + key: {{ .Values.sdc.key }} endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 vnfmadapter: endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092 diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml index c79e58a711..b57205223e 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml @@ -1,4 +1,4 @@ -# Copyright © 2019 Nordix Foundation +# Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml index a253a21ecc..00b36a838e 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml @@ -34,16 +34,34 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | indent 12 }} + {{- if eq .Values.global.security.aaf.enabled true }} + env: + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -60,7 +78,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml index 78333767f6..72efcb4b78 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml @@ -23,10 +23,24 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.5.3 +image: onap/so/vnfm-adapter:1.6.0 pullPolicy: Always replicaCount: 1 @@ -80,4 +94,4 @@ ingress: ssl: "redirect" nodeSelector: {} tolerations: [] -affinity: {}
\ No newline at end of file +affinity: {} |