aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/so/charts
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/so/charts')
-rwxr-xr-xkubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml28
-rwxr-xr-xkubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml1
-rwxr-xr-xkubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml27
-rwxr-xr-xkubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml4
-rwxr-xr-xkubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml1
-rwxr-xr-xkubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml27
-rwxr-xr-xkubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml15
-rwxr-xr-xkubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml1
-rwxr-xr-xkubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml27
-rwxr-xr-xkubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml4
-rwxr-xr-xkubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml1
-rwxr-xr-xkubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml27
-rwxr-xr-xkubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml14
-rwxr-xr-xkubernetes/so/charts/so-sdc-controller/templates/configmap.yaml1
-rwxr-xr-xkubernetes/so/charts/so-sdc-controller/templates/deployment.yaml27
-rwxr-xr-xkubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml10
-rwxr-xr-xkubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml1
-rwxr-xr-xkubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml27
-rw-r--r--kubernetes/so/charts/so-secrets/Chart.yaml17
-rw-r--r--kubernetes/so/charts/so-secrets/templates/secrets.yaml27
-rwxr-xr-xkubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml4
-rwxr-xr-xkubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml1
-rwxr-xr-xkubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml16
-rwxr-xr-xkubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml12
-rwxr-xr-xkubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml3
-rwxr-xr-xkubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml17
26 files changed, 240 insertions, 100 deletions
diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml
index 5930b5d5be..a714ba9328 100755
--- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml
@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
dme2:
timeout: '30000'
endpoint: https://aai.{{ include "common.namespace" . }}:8443
@@ -21,7 +21,7 @@ aai:
cds:
endpoint: cds-blueprints-processor-grpc
port: 9111
- auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ auth: {{ .Values.cds.auth }}
timeout: 600
camunda:
bpm:
@@ -51,10 +51,12 @@ mso:
rainyDay:
retryDurationMultiplier: 2
maxRetries: 5
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ .Values.mso.key }}
correlation:
timeout: 60
logPath: logs
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
async:
core-pool-size: 50
max-pool-size: 50
@@ -64,10 +66,10 @@ mso:
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
db:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
- password: wLg4sjrAFUS8rfVfdvTXeQ==
+ auth: {{ .Values.mso.adapters.db.auth }}
+ password: {{ .Values.mso.adapters.db.password }}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
spring:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
@@ -79,7 +81,7 @@ mso:
db:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
po:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ auth: {{ .Values.mso.adapters.po.auth }}
sdnc:
endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter
rest:
@@ -112,7 +114,7 @@ mso:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
default:
adapter:
namespace: http://org.onap.mso
@@ -129,7 +131,7 @@ mso:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/
rollback: 'true'
sdnc:
- password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+ password: {{ .Values.mso.sdnc.password }}
service:
agnostic:
sniro:
@@ -137,12 +139,12 @@ mso:
host: http://sniro-emulator:80
site-name: CamundaEngine
sniro:
- auth: test:testpwd
+ auth: {{ .Values.mso.sniro.auth }}
callback: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/adapters/rest/SDNCNotify
- endpoint: http://replaceme:28090/optimizationInstance/V1/create
+ endpoint: {{ .Values.mso.sniro.endpoint }}
timeout: PT30M
oof:
- auth: test:testpwd
+ auth: {{ .Values.mso.oof.auth }}
callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698/api/oof/v1/placement
timeout: PT30M
@@ -361,7 +363,7 @@ so:
vnfm:
adapter:
url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
- auth: Basic dm5mbTpwYXNzd29yZDEk
+ auth: {{ .Values.so.vnfm.adapter.auth }}
org:
onap:
so:
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
index 931a89516b..91e9be6376 100755
--- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml
@@ -85,6 +85,22 @@ spec:
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -95,16 +111,7 @@ spec:
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml
index 2ea2cffe27..952642c48a 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml
@@ -19,12 +19,14 @@ ssl-enable: false
mso:
logPath: logs
site-name: onapheat
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
spring:
datasource:
hikari:
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml
index 931a89516b..91e9be6376 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml
@@ -85,6 +85,22 @@ spec:
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -95,16 +111,7 @@ spec:
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml
index 4bf20a683b..4710fea218 100755
--- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml
@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
server:
port: {{ index .Values.containerPort }}
@@ -58,7 +58,7 @@ org:
default_keystone_url_version: /v2.0
default_keystone_reg_ex: "/[vV][0-9]"
vnf:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
checkRequiredParameters: true
addGetFilesOnVolumeReq: false
sockettimeout: 30
@@ -69,7 +69,7 @@ org:
valet_enabled: false
fail_requests_on_valet_failure: false
network:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
sockettimeout: 5
connecttimeout: 5
retrycount: 5
@@ -96,22 +96,21 @@ ecomp:
pollTimeout: 7500
pollInterval: 15
mso:
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
workflow:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ .Values.mso.msoKey }}
config:
- cadi:
- aafId: poBpmn
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
site-name: localDevEnv
async:
core-pool-size: 50
diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml
index 931a89516b..91e9be6376 100755
--- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml
@@ -85,6 +85,22 @@ spec:
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -95,16 +111,7 @@ spec:
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
diff --git a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml
index 6d746ede18..8dde3b7f99 100755
--- a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml
@@ -20,9 +20,11 @@ ssl-enable: false
mso:
logPath: logs
site-name: localSite
+ config:
+ cadi: {{- include "cadi.keys" . | nindent 8}}
adapters:
requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
spring:
datasource:
diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml
index 931a89516b..91e9be6376 100755
--- a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml
@@ -85,6 +85,22 @@ spec:
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -95,16 +111,7 @@ spec:
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
diff --git a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml
index 44544f49e7..8d02cc1f5c 100755
--- a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml
@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{.Values.aai.auth}}
server:
port: {{ index .Values.containerPort }}
spring:
@@ -44,20 +44,22 @@ request:
pool-name: reqdb-pool
registerMbeans: false
mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ index .Values.mso.msoKey }}
logPath: ./logs/sdc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
site-name: onapheat
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
asdc-connections:
@@ -67,7 +69,7 @@ mso:
consumerId: SO-COpenSource-Env11
environmentName: AUTO
asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
pollingInterval: 60
pollingTimeout: 60
relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
@@ -82,7 +84,7 @@ mso:
config:
activity:
endpoint: http://sdc-wfd-be:8080
- key: 566B754875657232314F5548556D3665
+ key: {{ .Values.mso.asdc.config.key }}
components:
count: 3,
componentNames: SO,AAI,SDNC
diff --git a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml
index 931a89516b..91e9be6376 100755
--- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml
@@ -85,6 +85,22 @@ spec:
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -95,16 +111,7 @@ spec:
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml
index 5062a1f8f0..a20d2178ba 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml
@@ -19,12 +19,14 @@ mso:
max-pool-size: 50
queue-capacity: 500
logPath: ./logs/sdnc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 14}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
site-name: onapheat
org:
onap:
@@ -100,7 +102,7 @@ org:
changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
generic-resource:
network-topology-operation:
@@ -139,7 +141,7 @@ org:
myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify
rest:
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
+ sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
sdncconnecttime: 5000
sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:'
sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:'
@@ -159,7 +161,7 @@ org:
'':
query: GET|60000|sdncurl12|
network:
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }}
spring:
security:
usercredentials:
diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml
index ab489160fc..5c7f3ab0ca 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml
@@ -70,6 +70,22 @@ spec:
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -80,16 +96,7 @@ spec:
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
diff --git a/kubernetes/so/charts/so-secrets/Chart.yaml b/kubernetes/so/charts/so-secrets/Chart.yaml
new file mode 100644
index 0000000000..be61d24840
--- /dev/null
+++ b/kubernetes/so/charts/so-secrets/Chart.yaml
@@ -0,0 +1,17 @@
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+description: A Helm chart for so secrets
+name: so-secrets
+version: 5.0.0
diff --git a/kubernetes/so/charts/so-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-secrets/templates/secrets.yaml
new file mode 100644
index 0000000000..9a749638f0
--- /dev/null
+++ b/kubernetes/so/charts/so-secrets/templates/secrets.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-so-client-certs-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
+ keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
+type: Opaque
diff --git a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
index dee73abd41..ea61f502f2 100755
--- a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
@@ -37,12 +37,14 @@ server:
mso:
site-name: localSite
logPath: ./logs/vfc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
adapters:
requestDb:
endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
#Actuator
management:
security:
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
index 931a89516b..44040c2c43 100755
--- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
@@ -85,6 +85,22 @@ spec:
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml
index 5213700df0..ebfbc44685 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml
@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
version: v15
endpoint: https://aai.{{ include "common.namespace" . }}:8443
spring:
@@ -37,15 +37,17 @@ http:
trust-store: classpath:org.onap.so.trust.jks
trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
+ key: {{ .Values.mso.key }}
site-name: localSite
logPath: ./logs/vnfm-adapter
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
sdc:
- username: mso
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
- key: 566B754875657232314F5548556D3665
+ username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
+ password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
+ key: {{ .Values.sdc.key }}
endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
vnfmadapter:
endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml
index c79e58a711..b57205223e 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2019 Nordix Foundation
+# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@ apiVersion: v1
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
index a253a21ecc..c297ac3ce8 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
@@ -39,6 +39,23 @@ spec:
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ env:
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap