summaryrefslogtreecommitdiffstats
path: root/kubernetes/so/components/soHelpers
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/so/components/soHelpers')
-rwxr-xr-xkubernetes/so/components/soHelpers/Chart.yaml17
-rwxr-xr-xkubernetes/so/components/soHelpers/requirements.yaml23
-rw-r--r--kubernetes/so/components/soHelpers/templates/_cadiValues.tpl21
-rw-r--r--kubernetes/so/components/soHelpers/templates/_certificates.tpl58
-rw-r--r--kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl20
-rw-r--r--kubernetes/so/components/soHelpers/templates/_profileProperty.tpl3
-rwxr-xr-xkubernetes/so/components/soHelpers/values.yaml98
7 files changed, 240 insertions, 0 deletions
diff --git a/kubernetes/so/components/soHelpers/Chart.yaml b/kubernetes/so/components/soHelpers/Chart.yaml
new file mode 100755
index 0000000000..a91111a33a
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/Chart.yaml
@@ -0,0 +1,17 @@
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+description: A Helm chart for SO helpers
+name: soHelpers
+version: 6.0.0
diff --git a/kubernetes/so/components/soHelpers/requirements.yaml b/kubernetes/so/components/soHelpers/requirements.yaml
new file mode 100755
index 0000000000..aa972a525b
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/requirements.yaml
@@ -0,0 +1,23 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
new file mode 100644
index 0000000000..d16b4f7cf8
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
@@ -0,0 +1,21 @@
+{{- define "so.cadi.keys" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+cadiLoglevel: {{ $initRoot.cadi.logLevel }}
+cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }}
+cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }}
+cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
+cadiLatitude: {{ $initRoot.cadi.latitude }}
+cadiLongitude: {{ $initRoot.cadi.longitude }}
+aafEnv: {{ $initRoot.cadi.aafEnv }}
+aafApiVersion: {{ $initRoot.cadi.aafApiVersion }}
+aafRootNs: {{ $initRoot.cadi.aafRootNs }}
+aafId: {{ $initRoot.cadi.aafId }}
+aafPassword: {{ $initRoot.cadi.aafPassword }}
+aafLocateUrl: {{ $initRoot.cadi.aafLocateUrl }}
+aafUrl: {{ $initRoot.cadi.aafUrl }}
+apiEnforcement: {{ $initRoot.cadi.apiEnforcement }}
+{{- if ($initRoot.cadi.noAuthn) }}
+noAuthn: {{ $initRoot.cadi.noAuthn }}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
new file mode 100644
index 0000000000..fa25ba5177
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
@@ -0,0 +1,58 @@
+{{- define "so.certificate.container_importer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.initContainer" $subchartDot }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: {{ include "common.name" $dot }}-msb-cert-importer
+ image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.aafAgentImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ command:
+ - "/bin/sh"
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ keytool -import -trustcacerts -alias msb_root -file \
+ /certificates/msb-ca.crt -keystore \
+ "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+ -keypass $cadi_truststore_password -noprompt
+ volumeMounts:
+ {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
+ - name: {{ include "common.name" $dot }}-msb-certificate
+ mountPath: /certificates
+{{- end }}
+{{- end -}}
+
+{{- define "so.certificate.volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.volumes" $subchartDot }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: {{ include "common.name" $dot }}-msb-certificate
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }}
+{{- end }}
+{{- end -}}
+
+{{- define "so.certificate.volumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.volumeMount" $subchartDot }}
+{{- end -}}
+
+{{- define "so.certificates.env" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: TRUSTSTORE
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
+{{- if $dot.Values.global.security.aaf.enabled }}
+- name: KEYSTORE
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.jks
+{{- end }}
+{{- end }}
+{{- end -}}
diff --git a/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl
new file mode 100644
index 0000000000..cde94742c6
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl
@@ -0,0 +1,20 @@
+{{- define "so.helpers.livenessProbe" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+livenessProbe:
+ httpGet:
+ path: {{ $subchartDot.Values.livenessProbe.path }}
+ port: {{ $subchartDot.Values.containerPort }}
+ scheme: {{ $subchartDot.Values.livenessProbe.scheme }}
+ {{- if $subchartDot.Values.global.security.aaf.enabled }}
+ httpHeaders:
+ - name: Authorization
+ value: {{ $subchartDot.Values.global.aaf.auth.header }}
+ {{- end }}
+ initialDelaySeconds: {{ $subchartDot.Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ $subchartDot.Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ $subchartDot.Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ $subchartDot.Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ $subchartDot.Values.livenessProbe.failureThreshold }}
+{{- end -}}
diff --git a/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl
new file mode 100644
index 0000000000..56910ebebd
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl
@@ -0,0 +1,3 @@
+{{- define "so.helpers.profileProperty" -}}
+ {{ if .condition }}{{ .value1 }}{{ else }}{{ .value2 }}{{ end }}
+{{- end -}}
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
new file mode 100755
index 0000000000..5dbe46cf9e
--- /dev/null
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -0,0 +1,98 @@
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ soBaseImage: onap/so/base-image:1.0
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ msbEnabled: true
+ security:
+ aaf:
+ enabled: false
+ app:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ client:
+ certs:
+ truststore: /app/client/org.onap.so.trust.jks
+ keystore: /app/client/org.onap.so.jks
+ trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
+ keyStorePassword: c280b25hcA==
+ certificates:
+ path: /etc/ssl/certs
+ share_path: /usr/local/share/ca-certificates/
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "so-onap-certs"
+ name: '{{ include "common.release" . }}-so-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certificates/msb-ca.crt
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: so
+ fqi: so@so.onap.org
+ public_fqdn: so.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+aafConfig:
+ permission_user: 1000
+ permission_group: 999
+
+aaf:
+ trustore: org.onap.so.trust.jks
+ keyFile: org.onap.so.keyfile
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+livenessProbe:
+ path: /manage/health
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+cadi:
+ logLevel: DEBUG
+ latitude: 38.4329
+ longitude: -90.43248
+ aafEnv: IST
+ aafApiVersion: 2.1
+ aafRootNs: org.onap.so
+ aafLocateUrl: https://aaf-locate.onap:8095
+ aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.apihPerm
+ noAuthn: /manage/health