diff options
Diffstat (limited to 'kubernetes/so/components')
10 files changed, 14 insertions, 470 deletions
diff --git a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml index 69178fd6c7..661ed64b0e 100644 --- a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml @@ -22,7 +22,7 @@ server: mso: logPath: ./logs/soappcorch auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}} - msoKey: {{ .Values.mso.msoKey }} + msoKey: {{ .Values.global.app.msoKey }} config: {{ if .Values.global.security.aaf.enabled }} cadi: {{ include "so.cadi.keys" . | nindent 8}} diff --git a/kubernetes/so/components/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-appc-orchestrator/values.yaml index e63838d3b1..7570116fd5 100644 --- a/kubernetes/so/components/so-appc-orchestrator/values.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/values.yaml @@ -30,7 +30,8 @@ global: security: aaf: enabled: false - + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 ################################################################# # Secrets metaconfig ################################################################# @@ -73,7 +74,6 @@ db: adminName: so_admin adminPassword: so_Admin123 # adminCredsExternalSecret: some secret - server: actuator: username: mso_admin @@ -87,8 +87,8 @@ service: name: so-appc-orchestrator type: ClusterIP ports: - - port: *containerPort - name: http + - port: *containerPort + name: http updateStrategy: type: RollingUpdate maxUnavailable: 1 @@ -96,6 +96,7 @@ updateStrategy: # Resource Limit flavor -By Default using small flavor: small + ################################################################# # soHelper part ################################################################# @@ -127,14 +128,14 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - port: 8083 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + port: 8083 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} @@ -148,7 +149,6 @@ auth: mso: auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 basicUser: poBpmn - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 appc: client: diff --git a/kubernetes/so/components/so-cnf-adapter/Chart.yaml b/kubernetes/so/components/so-cnf-adapter/Chart.yaml deleted file mode 100755 index f2ccd6a707..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -appVersion: "1.7.1" -description: A Helm chart for Kubernetes -name: so-cnf-adapter -version: 6.0.0 diff --git a/kubernetes/so/components/so-cnf-adapter/requirements.yaml b/kubernetes/so/components/so-cnf-adapter/requirements.yaml deleted file mode 100755 index b0bda362dd..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/requirements.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - - name: readinessCheck - version: ~6.x-0 - repository: '@local' - - name: soHelpers - version: ~6.x-0 - repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml deleted file mode 100755 index 37024d4d4d..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -aai: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 -logging: - path: logs -spring: - security: - usercredentials: - - username: ${ACTUATOR_USERNAME} - password: ${ACTUATOR_PASSWORD} - role: ACTUATOR -server: - port: {{ index .Values.containerPort }} - tomcat: - max-threads: 50 - -mso: - site-name: localSite - logPath: ./logs/cnf - msb-ip: msb-iag.{{ include "common.namespace" . }} - msb-port: 80 -#Actuator -management: - endpoints: - web: - base-path: /manage - exposure: - include: "*" - metrics: - se-global-registry: false - export: - prometheus: - enabled: true # Whether exporting of metrics to Prometheus is enabled. - step: 1m # Step size (i.e. reporting frequency) to use. diff --git a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml deleted file mode 100755 index fcdd381e72..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }} -data: - LOG_PATH: {{ index .Values.logPath }} - APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml deleted file mode 100755 index dfff4341f5..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{/* -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ index .Values.replicaCount }} - minReadySeconds: {{ index .Values.minReadySeconds }} - strategy: - type: {{ index .Values.updateStrategy.type }} - rollingUpdate: - maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} - maxSurge: {{ index .Values.updateStrategy.maxSurge }} - template: - metadata: - labels: {{- include "common.labels" . | nindent 8 }} - spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} - - name: {{ include "common.name" . }}-encrypter - command: - - sh - args: - - -c - - | - java Crypto "${AAI_USERNAME}:${AAI_PASSWORD}" "${MSO_KEY}" > /output/.aai_creds - env: - - name: AAI_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "login") | indent 14 }} - - name: AAI_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "password") | indent 14 }} - - name: MSO_KEY - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnf-adapter-mso-key" "key" "password") | indent 14 }} - image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.soCryptoImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: encoder - mountPath: /output - {{ include "common.readinessCheck.waitFor" . | indent 8 | trim }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - command: - - sh - args: - - -c - - | - export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64) - export AAF_AUTH=$(echo "Basic ${AAF_BASE64}") - export AAI_AUTH=$(cat /input/.aai_creds) - {{- if .Values.global.aafEnabled }} - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" - {{- end }} - {{- end }} - ./start-app.sh - resources: {{ include "common.resources" . | nindent 12 }} - ports: {{- include "common.containerPorts" . | nindent 12 }} - env: - - name: AAF_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }} - - name: AAF_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }} - - name: ACTUATOR_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} - - name: ACTUATOR_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} - {{ include "so.certificates.env" . | indent 12 | trim }} - envFrom: - - configMapRef: - name: {{ include "common.fullname" . }}-env - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} - - name: logs - mountPath: /app/logs - - name: config - mountPath: /app/config - readOnly: true - - name: encoder - mountPath: /input - livenessProbe: - httpGet: - path: {{ index .Values.livenessProbe.path}} - port: {{ index .Values.containerPort }} - scheme: {{ index .Values.livenessProbe.scheme}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} - volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - - name: logs - emptyDir: {} - - name: config - configMap: - name: {{ include "common.fullname" . }} - - name: encoder - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml deleted file mode 100644 index cc40499c76..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-cnf-adapter/templates/service.yaml b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml deleted file mode 100755 index 665601d832..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml deleted file mode 100755 index 66703f2597..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/values.yaml +++ /dev/null @@ -1,182 +0,0 @@ -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessImage: oomk8s/readiness-check:2.2.2 - soCryptoImage: sdesbure/so_crypto:latest - dockerHubRepository: docker.io - persistence: - mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - header: ${AAF_AUTH} - -readinessCheck: - wait_for: - - so-mariadb-config - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-user-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' - login: '{{ .Values.db.userName }}' - password: '{{ .Values.db.userPassword }}' - passwordPolicy: required - - uid: db-admin-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' - login: '{{ .Values.db.adminName }}' - password: '{{ .Values.db.adminPassword }}' - passwordPolicy: required - - uid: server-actuator-creds - name: '{{ include "common.release" . }}-so-cnf-actuator-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' - login: '{{ .Values.server.actuator.username }}' - password: '{{ .Values.server.actuator.password }}' - passwordPolicy: required - - uid: so-aaf-creds - name: '{{ include "common.release" . }}-so-cnf-aaf-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}' - login: '{{ .Values.server.aaf.username }}' - password: '{{ .Values.server.aaf.password }}' - passwordPolicy: required - - uid: so-aai-creds - name: '{{ include "common.release" . }}-so-cnf-aai-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}' - login: '{{ .Values.server.aai.username }}' - password: '{{ .Values.server.aai.password }}' - passwordPolicy: required - - uid: cnf-adapter-mso-key - name: '{{ include "common.release" . }}-so-cnf-mso-key' - type: password - externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}' - password: '{{ .Values.mso.msoKey }}' - -#secretsFilePaths: | -# - 'my file 1' -# - '{{ include "templateThatGeneratesFileName" . }}' - -################################################################# -# Application configuration defaults. -################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/mso-cnf-adapter:1.7.1 -pullPolicy: Always - -db: - userName: so_user - userPassword: so_User123 - # userCredsExternalSecret: some secret - adminName: so_admin - adminPassword: so_Admin123 - # adminCredsExternalSecret: some secret - -server: - aaf: - username: so@so.onap.org - password: demo123456 - # aafCredsExternalSecret: some secret - aai: - username: aai@aai.onap.org - password: demo123456! - auth: ${AAI_AUTH} - # aaiCredsExternalSecret: some secret - actuator: - username: mso_admin - password: password1$ - # actuatorCredsExternalSecret: some secret - -mso: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 - # msoKeySecret: some secret - adapters: - requestDb: - auth: ${REQUEST_AUTH} - -replicaCount: 1 -minReadySeconds: 10 -containerPort: &containerPort 8090 -logPath: ./logs/cnf/ -app: cnf-adapter -service: - type: ClusterIP - ports: - - name: http-api - port: *containerPort -updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 - -soHelpers: - nameOverride: so-cnf-cert-init - certInitializer: - nameOverride: so-cnf-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.openStackAdapterPerm - containerPort: *containerPort - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - memory: 4Gi - cpu: 2000m - requests: - memory: 1Gi - cpu: 500m - large: - limits: - memory: 8Gi - cpu: 4000m - requests: - memory: 2Gi - cpu: 1000m - unlimited: {} - -livenessProbe: - path: /manage/health - port: 8090 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - -ingress: - enabled: false - -nodeSelector: {} - -tolerations: [] - -affinity: {} |