diff options
Diffstat (limited to 'kubernetes/so')
65 files changed, 255 insertions, 1113 deletions
diff --git a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml index 69178fd6c7..661ed64b0e 100644 --- a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml @@ -22,7 +22,7 @@ server: mso: logPath: ./logs/soappcorch auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}} - msoKey: {{ .Values.mso.msoKey }} + msoKey: {{ .Values.global.app.msoKey }} config: {{ if .Values.global.security.aaf.enabled }} cadi: {{ include "so.cadi.keys" . | nindent 8}} diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml index 50d42ca44d..24592ba50a 100644 --- a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml @@ -58,7 +58,7 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} {{- end }} /app/start-app.sh diff --git a/kubernetes/so/components/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-appc-orchestrator/values.yaml index e63838d3b1..7570116fd5 100644 --- a/kubernetes/so/components/so-appc-orchestrator/values.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/values.yaml @@ -30,7 +30,8 @@ global: security: aaf: enabled: false - + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 ################################################################# # Secrets metaconfig ################################################################# @@ -73,7 +74,6 @@ db: adminName: so_admin adminPassword: so_Admin123 # adminCredsExternalSecret: some secret - server: actuator: username: mso_admin @@ -87,8 +87,8 @@ service: name: so-appc-orchestrator type: ClusterIP ports: - - port: *containerPort - name: http + - port: *containerPort + name: http updateStrategy: type: RollingUpdate maxUnavailable: 1 @@ -96,6 +96,7 @@ updateStrategy: # Resource Limit flavor -By Default using small flavor: small + ################################################################# # soHelper part ################################################################# @@ -127,14 +128,14 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - port: 8083 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + port: 8083 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} @@ -148,7 +149,6 @@ auth: mso: auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 basicUser: poBpmn - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 appc: client: diff --git a/kubernetes/so/components/so-bpmn-infra/requirements.yaml b/kubernetes/so/components/so-bpmn-infra/requirements.yaml index 1feea23842..b0bda362dd 100755 --- a/kubernetes/so/components/so-bpmn-infra/requirements.yaml +++ b/kubernetes/so/components/so-bpmn-infra/requirements.yaml @@ -18,6 +18,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' - name: soHelpers version: ~6.x-0 repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index cf448cc9cd..11128dd68c 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -382,7 +382,7 @@ spring: so: vnfm: adapter: - url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/ + url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/ auth: {{ .Values.so.vnfm.adapter.auth }} org: onap: diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml index e7cb3aa782..ac335c859a 100755 --- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml @@ -39,21 +39,9 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} @@ -67,21 +55,15 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index 034e269d6a..2bb7d7b44c 100755 --- a/kubernetes/so/components/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -32,6 +32,13 @@ global: aaf: auth: encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -60,7 +67,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.6.4 +image: onap/so/bpmn-infra:1.7.10 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml index 1feea23842..b0bda362dd 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml @@ -18,6 +18,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' - name: soHelpers version: ~6.x-0 repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml index d58fd86194..0aac5f4b48 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml @@ -39,21 +39,9 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} @@ -67,21 +55,15 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml index 2fadf41e01..b27566d336 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml @@ -31,6 +31,13 @@ global: header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= app: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -59,7 +66,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.6.4 +image: onap/so/catalog-db-adapter:1.7.10 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-cnf-adapter/Chart.yaml b/kubernetes/so/components/so-cnf-adapter/Chart.yaml deleted file mode 100755 index f2ccd6a707..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -appVersion: "1.7.1" -description: A Helm chart for Kubernetes -name: so-cnf-adapter -version: 6.0.0 diff --git a/kubernetes/so/components/so-cnf-adapter/requirements.yaml b/kubernetes/so/components/so-cnf-adapter/requirements.yaml deleted file mode 100755 index 1feea23842..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/requirements.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' - - name: soHelpers - version: ~6.x-0 - repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml deleted file mode 100755 index 37024d4d4d..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -aai: - auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }} - endpoint: https://aai.{{ include "common.namespace" . }}:8443 -logging: - path: logs -spring: - security: - usercredentials: - - username: ${ACTUATOR_USERNAME} - password: ${ACTUATOR_PASSWORD} - role: ACTUATOR -server: - port: {{ index .Values.containerPort }} - tomcat: - max-threads: 50 - -mso: - site-name: localSite - logPath: ./logs/cnf - msb-ip: msb-iag.{{ include "common.namespace" . }} - msb-port: 80 -#Actuator -management: - endpoints: - web: - base-path: /manage - exposure: - include: "*" - metrics: - se-global-registry: false - export: - prometheus: - enabled: true # Whether exporting of metrics to Prometheus is enabled. - step: 1m # Step size (i.e. reporting frequency) to use. diff --git a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml deleted file mode 100755 index fcdd381e72..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/templates/configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }} -data: - LOG_PATH: {{ index .Values.logPath }} - APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml deleted file mode 100755 index 63e36a6c2c..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml +++ /dev/null @@ -1,136 +0,0 @@ -{{/* -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - selector: {{- include "common.selectors" . | nindent 4 }} - replicas: {{ index .Values.replicaCount }} - minReadySeconds: {{ index .Values.minReadySeconds }} - strategy: - type: {{ index .Values.updateStrategy.type }} - rollingUpdate: - maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} - maxSurge: {{ index .Values.updateStrategy.maxSurge }} - template: - metadata: - labels: {{- include "common.labels" . | nindent 8 }} - spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} - - name: {{ include "common.name" . }}-encrypter - command: - - sh - args: - - -c - - | - java Crypto "${AAI_USERNAME}:${AAI_PASSWORD}" "${MSO_KEY}" > /output/.aai_creds - env: - - name: AAI_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "login") | indent 14 }} - - name: AAI_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aai-creds" "key" "password") | indent 14 }} - - name: MSO_KEY - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnf-adapter-mso-key" "key" "password") | indent 14 }} - image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.soCryptoImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: encoder - mountPath: /output - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - command: - - sh - args: - - -c - - | - export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64) - export AAF_AUTH=$(echo "Basic ${AAF_BASE64}") - export AAI_AUTH=$(cat /input/.aai_creds) - {{- if .Values.global.aafEnabled }} - export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" - {{- end }} - {{- end }} - ./start-app.sh - resources: {{ include "common.resources" . | nindent 12 }} - ports: {{- include "common.containerPorts" . | nindent 12 }} - env: - - name: AAF_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }} - - name: AAF_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }} - - name: ACTUATOR_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} - - name: ACTUATOR_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} - {{ include "so.certificates.env" . | indent 12 | trim }} - envFrom: - - configMapRef: - name: {{ include "common.fullname" . }}-env - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} - - name: logs - mountPath: /app/logs - - name: config - mountPath: /app/config - readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readOnly: true - - name: encoder - mountPath: /input - livenessProbe: - httpGet: - path: {{ index .Values.livenessProbe.path}} - port: {{ index .Values.containerPort }} - scheme: {{ index .Values.livenessProbe.scheme}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} - volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - - name: logs - emptyDir: {} - - name: config - configMap: - name: {{ include "common.fullname" . }} - - name: encoder - emptyDir: - medium: Memory - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml b/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml deleted file mode 100644 index cc40499c76..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-cnf-adapter/templates/service.yaml b/kubernetes/so/components/so-cnf-adapter/templates/service.yaml deleted file mode 100755 index 665601d832..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml deleted file mode 100755 index 195d62d4b7..0000000000 --- a/kubernetes/so/components/so-cnf-adapter/values.yaml +++ /dev/null @@ -1,178 +0,0 @@ -# Copyright © 2020 Huawei Technologies Co., Ltd. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - readinessImage: oomk8s/readiness-check:2.2.2 - soCryptoImage: sdesbure/so_crypto:latest - dockerHubRepository: docker.io - persistence: - mountPath: /dockerdata-nfs - security: - aaf: - enabled: false - aaf: - auth: - header: ${AAF_AUTH} - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-user-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' - login: '{{ .Values.db.userName }}' - password: '{{ .Values.db.userPassword }}' - passwordPolicy: required - - uid: db-admin-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' - login: '{{ .Values.db.adminName }}' - password: '{{ .Values.db.adminPassword }}' - passwordPolicy: required - - uid: server-actuator-creds - name: '{{ include "common.release" . }}-so-cnf-actuator-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' - login: '{{ .Values.server.actuator.username }}' - password: '{{ .Values.server.actuator.password }}' - passwordPolicy: required - - uid: so-aaf-creds - name: '{{ include "common.release" . }}-so-cnf-aaf-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}' - login: '{{ .Values.server.aaf.username }}' - password: '{{ .Values.server.aaf.password }}' - passwordPolicy: required - - uid: so-aai-creds - name: '{{ include "common.release" . }}-so-cnf-aai-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}' - login: '{{ .Values.server.aai.username }}' - password: '{{ .Values.server.aai.password }}' - passwordPolicy: required - - uid: cnf-adapter-mso-key - name: '{{ include "common.release" . }}-so-cnf-mso-key' - type: password - externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}' - password: '{{ .Values.mso.msoKey }}' - -#secretsFilePaths: | -# - 'my file 1' -# - '{{ include "templateThatGeneratesFileName" . }}' - -################################################################# -# Application configuration defaults. -################################################################# -repository: nexus3.onap.org:10001 -image: onap/so/mso-cnf-adapter:1.7.1 -pullPolicy: Always - -db: - userName: so_user - userPassword: so_User123 - # userCredsExternalSecret: some secret - adminName: so_admin - adminPassword: so_Admin123 - # adminCredsExternalSecret: some secret - -server: - aaf: - username: so@so.onap.org - password: demo123456 - # aafCredsExternalSecret: some secret - aai: - username: aai@aai.onap.org - password: demo123456! - auth: ${AAI_AUTH} - # aaiCredsExternalSecret: some secret - actuator: - username: mso_admin - password: password1$ - # actuatorCredsExternalSecret: some secret - -mso: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 - # msoKeySecret: some secret - adapters: - requestDb: - auth: ${REQUEST_AUTH} - -replicaCount: 1 -minReadySeconds: 10 -containerPort: &containerPort 8090 -logPath: ./logs/cnf/ -app: cnf-adapter -service: - type: ClusterIP - ports: - - name: http-api - port: *containerPort -updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 - -soHelpers: - nameOverride: so-cnf-cert-init - certInitializer: - nameOverride: so-cnf-cert-init - credsPath: /opt/app/osaaf/local - cadi: - apiEnforcement: org.onap.so.openStackAdapterPerm - containerPort: *containerPort - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - memory: 4Gi - cpu: 2000m - requests: - memory: 1Gi - cpu: 500m - large: - limits: - memory: 8Gi - cpu: 4000m - requests: - memory: 2Gi - cpu: 1000m - unlimited: {} - -livenessProbe: - path: /manage/health - port: 8090 - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - -ingress: - enabled: false - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/kubernetes/so/components/so-db-secrets/Chart.yaml b/kubernetes/so/components/so-db-secrets/Chart.yaml deleted file mode 100755 index 1739d1fe36..0000000000 --- a/kubernetes/so/components/so-db-secrets/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -description: A Helm chart for DB secrets -name: so-db-secrets -version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-db-secrets/requirements.yaml b/kubernetes/so/components/so-db-secrets/requirements.yaml deleted file mode 100755 index 2eb32d00ed..0000000000 --- a/kubernetes/so/components/so-db-secrets/requirements.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/so/components/so-db-secrets/templates/secrets.yaml b/kubernetes/so/components/so-db-secrets/templates/secrets.yaml deleted file mode 100755 index 0ada38595e..0000000000 --- a/kubernetes/so/components/so-db-secrets/templates/secrets.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{/* -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.release" . }}-so-db-secrets - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - mariadb.readwrite.host : {{ .Values.global.mariadbGalera.serviceName | b64enc | quote }} - mariadb.readwrite.port : {{ .Values.global.mariadbGalera.servicePort | b64enc | quote }} - mariadb.readwrite.rolename: {{ .Values.db_username | b64enc | quote }} - mariadb.readwrite.password: {{ .Values.db_password | b64enc | quote }} - mariadb.admin.rolename: {{ .Values.db_admin_username| b64enc | quote }} - mariadb.admin.password: {{ .Values.db_admin_password | b64enc | quote }} -type: Opaque diff --git a/kubernetes/so/components/so-db-secrets/values.yaml b/kubernetes/so/components/so-db-secrets/values.yaml deleted file mode 100644 index 7e51e3ce5d..0000000000 --- a/kubernetes/so/components/so-db-secrets/values.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -global: - mariadbGalera: - serviceName: mariadb-galera - servicePort: "3306" -db_admin_username: so_admin -db_admin_password: so_Admin123 -db_username: so_user -db_password: so_User123 diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml index c9aa5823bf..20a4284c67 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -49,7 +49,7 @@ mso: so: adapters: sol003-adapter: - url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1 + url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1 auth: {{ .Values.so.sol003.adapter.auth }} etsi-catalog-manager: base: @@ -58,7 +58,7 @@ etsi-catalog-manager: http: client: ssl: - trust-store: ${TRUSTSTORE} + trust-store: file:${TRUSTSTORE} trust-store-password: ${TRUSTSTORE_PASSWORD} {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml index 9408c1f556..fa5f42d5ab 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -41,9 +41,8 @@ spec: {{- if .Values.global.aafEnabled }} export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" - export TRUSTSTORE="file:/${TRUSTSTORE}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} {{- end }} ./start-app.sh @@ -55,15 +54,9 @@ spec: - name: ETSI_NFVO_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }} - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }} - name: DB_PASSWORD @@ -83,9 +76,6 @@ spec: - name: config mountPath: /app/config readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readOnly: true livenessProbe: tcpSocket: port: {{ index .Values.livenessProbe.port }} @@ -100,8 +90,5 @@ spec: - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml index 6af61820db..0612f506c5 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml @@ -29,6 +29,9 @@ global: aaf: auth: header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' ################################################################# # Secrets metaconfig @@ -57,7 +60,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-etsi-nfvo-ns-lcm:1.7.4 +image: onap/so/so-etsi-nfvo-ns-lcm:1.7.7 pullPolicy: Always aai: @@ -91,13 +94,13 @@ service: annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' msb.onap.org/service-info: | - {{ if not .Values.global.msbDisabled -}}[ + {{ if .Values.global.msbEnabled -}}[ { "serviceName": "{{ include "common.servicename" . }}", "version": "v1", "url": "/so/so-etsi-nfvo-ns-lcm/v1", "protocol": "REST", - "port": "{{ include "common.getPort" (dict "global" . "name" "nfvo-nslcm-port") }}", + "port": "{{ include "common.getPort" (dict "global" . "name" "http-api") }}", "visualRange":"1" } ]{{ end }} diff --git a/kubernetes/so/components/so-mariadb/requirements.yaml b/kubernetes/so/components/so-mariadb/requirements.yaml index 2eb32d00ed..22d6333253 100755 --- a/kubernetes/so/components/so-mariadb/requirements.yaml +++ b/kubernetes/so/components/so-mariadb/requirements.yaml @@ -18,3 +18,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/so/components/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml index 36481d461f..b3bacc1ed4 100644 --- a/kubernetes/so/components/so-mariadb/templates/job.yaml +++ b/kubernetes/so/components/so-mariadb/templates/job.yaml @@ -95,23 +95,9 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - {{ .Values.global.mariadbGalera.nameOverride }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - - name: {{ include "common.name" . }} + - name: {{ include "common.name" . }}-config image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: @@ -127,15 +113,9 @@ spec: {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }} - name: DB_USER diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml index 9ecf3b0ca6..809dff77a7 100755 --- a/kubernetes/so/components/so-mariadb/values.yaml +++ b/kubernetes/so/components/so-mariadb/values.yaml @@ -24,7 +24,7 @@ global: readinessImage: onap/oom/readiness:3.0.1 ubuntuInitRepository: registry.hub.docker.com mariadbGalera: - nameOverride: mariadb-galera + nameOverride: &mariadbName mariadb-galera serviceName: mariadb-galera servicePort: "3306" migration: @@ -33,6 +33,11 @@ global: dbPort: 3306 dbUser: root dbPassword: secretpassword + +readinessCheck: + wait_for: + - *mariadbName + ################################################################# # Secrets metaconfig ################################################################# diff --git a/kubernetes/so/components/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml index 7875893dc8..03eccc2d02 100644 --- a/kubernetes/so/components/so-monitoring/templates/deployment.yaml +++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml @@ -75,15 +75,9 @@ spec: /app/start-app.sh env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD diff --git a/kubernetes/so/components/so-monitoring/values.yaml b/kubernetes/so/components/so-monitoring/values.yaml index 9ba1d7b7d8..31ad9d072c 100644 --- a/kubernetes/so/components/so-monitoring/values.yaml +++ b/kubernetes/so/components/so-monitoring/values.yaml @@ -37,6 +37,9 @@ global: aaf: auth: header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' ################################################################# # Secrets metaconfig diff --git a/kubernetes/so/components/so-nssmf-adapter/requirements.yaml b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml index 1feea23842..b0bda362dd 100755 --- a/kubernetes/so/components/so-nssmf-adapter/requirements.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml @@ -18,6 +18,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' - name: soHelpers version: ~6.x-0 repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml index f1ec31adf1..3b28c5bbdd 100755 --- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml @@ -29,21 +29,9 @@ spec: metadata: labels: {{- include "common.labels" . | nindent 8 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} command: @@ -57,7 +45,7 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} {{- end }} ./start-app.sh @@ -66,15 +54,9 @@ spec: ports: {{- include "common.containerPorts" . | nindent 12 }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }} - name: DB_PASSWORD @@ -102,9 +84,6 @@ spec: - name: config mountPath: /app/config readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readOnly: true livenessProbe: httpGet: path: {{ index .Values.livenessProbe.path}} @@ -121,8 +100,5 @@ spec: - name: config configMap: name: {{ include "common.fullname" . }} - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml index 3bfe1b212f..40a55c6c0b 100755 --- a/kubernetes/so/components/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -29,6 +29,14 @@ global: aaf: auth: header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config + ################################################################# # Secrets metaconfig @@ -71,7 +79,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/nssmf-adapter:1.6.4 +image: onap/so/nssmf-adapter:1.7.10 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml index f2eae394e7..72799d1f5f 100755 --- a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml @@ -37,15 +37,9 @@ spec: {{ include "common.resources" . | indent 10 }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml index 4431ca5513..6bddf29032 100755 --- a/kubernetes/so/components/so-oof-adapter/values.yaml +++ b/kubernetes/so/components/so-oof-adapter/values.yaml @@ -31,6 +31,10 @@ global: aaf: auth: header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + # Secrets metaconfig ################################################################# db: diff --git a/kubernetes/so/components/so-openstack-adapter/requirements.yaml b/kubernetes/so/components/so-openstack-adapter/requirements.yaml index 1feea23842..b0bda362dd 100755 --- a/kubernetes/so/components/so-openstack-adapter/requirements.yaml +++ b/kubernetes/so/components/so-openstack-adapter/requirements.yaml @@ -18,6 +18,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' - name: soHelpers version: ~6.x-0 repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml index e7cb3aa782..ac335c859a 100755 --- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml @@ -39,21 +39,9 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} @@ -67,21 +55,15 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml index 16bbac2afd..129ad59385 100755 --- a/kubernetes/so/components/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -29,6 +29,13 @@ global: aaf: auth: encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -54,7 +61,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.6.4 +image: onap/so/openstack-adapter:1.7.10 pullPolicy: Always repository: nexus3.onap.org:10001 diff --git a/kubernetes/so/components/so-request-db-adapter/requirements.yaml b/kubernetes/so/components/so-request-db-adapter/requirements.yaml index 1feea23842..b0bda362dd 100755 --- a/kubernetes/so/components/so-request-db-adapter/requirements.yaml +++ b/kubernetes/so/components/so-request-db-adapter/requirements.yaml @@ -18,6 +18,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' - name: soHelpers version: ~6.x-0 repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml index d58fd86194..0aac5f4b48 100755 --- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml @@ -39,21 +39,9 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} @@ -67,21 +55,15 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml index 5a3721abbe..e221870306 100755 --- a/kubernetes/so/components/so-request-db-adapter/values.yaml +++ b/kubernetes/so/components/so-request-db-adapter/values.yaml @@ -29,6 +29,13 @@ global: aaf: auth: header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -55,7 +62,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.6.4 +image: onap/so/request-db-adapter:1.7.10 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-sdc-controller/requirements.yaml b/kubernetes/so/components/so-sdc-controller/requirements.yaml index 1feea23842..b0bda362dd 100755 --- a/kubernetes/so/components/so-sdc-controller/requirements.yaml +++ b/kubernetes/so/components/so-sdc-controller/requirements.yaml @@ -18,6 +18,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' - name: soHelpers version: ~6.x-0 repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index e7cb3aa782..ac335c859a 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -39,21 +39,9 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} @@ -67,21 +55,15 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index 24de2c6862..be3be26bc3 100755 --- a/kubernetes/so/components/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -29,6 +29,13 @@ global: aaf: auth: header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -55,7 +62,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.6.4 +image: onap/so/sdc-controller:1.7.10 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml index 5797007243..5186523ba1 100755 --- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml @@ -53,21 +53,15 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml index 4b36815d3d..cabd60e011 100755 --- a/kubernetes/so/components/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -32,6 +32,9 @@ global: aaf: auth: header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' ################################################################# # Secrets metaconfig @@ -58,7 +61,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.6.4 +image: onap/so/sdnc-adapter:1.7.10 pullPolicy: Always org: diff --git a/kubernetes/so/components/so-secrets/Chart.yaml b/kubernetes/so/components/so-secrets/Chart.yaml deleted file mode 100644 index d96245d752..0000000000 --- a/kubernetes/so/components/so-secrets/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -description: A Helm chart for so secrets -name: so-secrets -version: 6.0.0 diff --git a/kubernetes/so/components/so-secrets/requirements.yaml b/kubernetes/so/components/so-secrets/requirements.yaml deleted file mode 100755 index 2eb32d00ed..0000000000 --- a/kubernetes/so/components/so-secrets/requirements.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks Binary files differdeleted file mode 100644 index 31ea6ba650..0000000000 --- a/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks +++ /dev/null diff --git a/kubernetes/so/components/so-secrets/templates/secrets.yaml b/kubernetes/so/components/so-secrets/templates/secrets.yaml deleted file mode 100644 index 9388ecbf38..0000000000 --- a/kubernetes/so/components/so-secrets/templates/secrets.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -# Copyright © 2018 AT&T USA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-so-client-certs-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }} - keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}} -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.release" . }}-so-truststore-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/so/components/so-secrets/values.yaml b/kubernetes/so/components/so-secrets/values.yaml deleted file mode 100644 index 602ea79084..0000000000 --- a/kubernetes/so/components/so-secrets/values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2020 Orange -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - client: - certs: - trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml index 1feea23842..b0bda362dd 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml @@ -18,6 +18,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' - name: soHelpers version: ~6.x-0 repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml index 55177031e4..7c528b0290 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml @@ -24,23 +24,8 @@ spec: metadata: labels: {{- include "common.labels" . | nindent 8 }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - aai - - --container-name - - message-router - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} envFrom: diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml index 6511af320b..9237b994ac 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml @@ -22,6 +22,11 @@ global: persistence: mountPath: /dockerdata-nfs +readinessCheck: + wait_for: + - aai + - message-router + ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/so/components/so-vfc-adapter/requirements.yaml b/kubernetes/so/components/so-vfc-adapter/requirements.yaml index 1feea23842..b0bda362dd 100755 --- a/kubernetes/so/components/so-vfc-adapter/requirements.yaml +++ b/kubernetes/so/components/so-vfc-adapter/requirements.yaml @@ -18,6 +18,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' - name: soHelpers version: ~6.x-0 repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml index a85ce0cded..94759ced65 100755 --- a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml @@ -39,21 +39,9 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} @@ -67,21 +55,15 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD diff --git a/kubernetes/so/components/so-vfc-adapter/values.yaml b/kubernetes/so/components/so-vfc-adapter/values.yaml index d0e1d20e75..f88e117fae 100755 --- a/kubernetes/so/components/so-vfc-adapter/values.yaml +++ b/kubernetes/so/components/so-vfc-adapter/values.yaml @@ -28,6 +28,13 @@ global: aaf: auth: header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + mariadbGalera: + serviceName: mariadb-galera + servicePort: '3306' + +readinessCheck: + wait_for: + - so-mariadb-config ################################################################# # Secrets metaconfig @@ -54,7 +61,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.6.4 +image: onap/so/vfc-adapter:1.7.10 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml index 7fc4b95b27..d780a76876 100755 --- a/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -29,15 +29,7 @@ spring: server: port: {{ index .Values.containerPort }} ssl: - key-alias: so@so.onap.org - key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L' - key-store: classpath:so-vnfm-adapter.p12 - key-store-type: PKCS12 -http: - client: - ssl: - trust-store: classpath:org.onap.so.trust.jks - trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H' + enabled: false mso: key: {{ .Values.mso.key }} site-name: localSite @@ -52,7 +44,7 @@ sdc: key: {{ .Values.sdc.key }} endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 vnfmadapter: - endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092 + endpoint: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092 etsi-catalog-manager: vnfpkgm: {{- if .Values.global.msbEnabled }} @@ -60,7 +52,7 @@ etsi-catalog-manager: http: client: ssl: - trust-store: ${TRUSTSTORE} + trust-store: file:${TRUSTSTORE} trust-store-password: ${TRUSTSTORE_PASSWORD} {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1 diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml index 4f73fb39e7..24dd3d6d21 100755 --- a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml @@ -52,9 +52,8 @@ spec: - | export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" - {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" - {{- end }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12" /app/start-app.sh {{- end }} env: @@ -69,9 +68,6 @@ spec: - name: config mountPath: /app/config readOnly: true - - name: {{ include "common.fullname" . }}-truststore - mountPath: /app/client - readOnly: true livenessProbe: tcpSocket: port: {{ index .Values.livenessProbe.port }} @@ -89,8 +85,5 @@ spec: - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap - - name: {{ include "common.fullname" . }}-truststore - secret: - secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-vnfm-adapter/values.yaml b/kubernetes/so/components/so-vnfm-adapter/values.yaml index f15fffb055..f8fa7c93be 100755 --- a/kubernetes/so/components/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/values.yaml @@ -33,7 +33,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.6.4 +image: onap/so/vnfm-adapter:1.7.10 pullPolicy: Always aaf: diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl index ef3b0768f5..d148a1cd60 100644 --- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -5,7 +5,7 @@ {{ include "common.certInitializer.initContainer" $subchartDot }} {{- if $dot.Values.global.aafEnabled }} - name: {{ include "common.name" $dot }}-msb-cert-importer - image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.aafAgentImage }}" + image: "{{ include "common.repository" $subchartDot }}/{{ $dot.Values.global.aafAgentImage }}" imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} command: - "/bin/sh" @@ -56,7 +56,7 @@ value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }} {{- if $dot.Values.global.security.aaf.enabled }} - name: KEYSTORE - value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.jks + value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12 {{- end }} {{- end }} {{- end -}} diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml index c982bffa9d..bbd84cfcfd 100755 --- a/kubernetes/so/requirements.yaml +++ b/kubernetes/so/requirements.yaml @@ -17,47 +17,42 @@ dependencies: # local reference to common chart, as it is # a part of this chart's package and will not # be published independently to a repo (at this point) - repository: "@local" + repository: '@local' + - name: readinessCheck + version: ~6.x-0 + repository: '@local' - name: mariadb-galera version: ~6.x-0 - repository: "@local" + repository: '@local' condition: global.mariadbGalera.localCluster - name: soHelpers version: ~6.x-0 - repository: "file://components/soHelpers" + repository: 'file://components/soHelpers' - name: so-appc-orchestrator version: ~6.x-0 - repository: "file://components/so-appc-orchestrator" + repository: 'file://components/so-appc-orchestrator' condition: so-appc-orchestrator.enabled - name: so-bpmn-infra version: ~6.x-0 - repository: "file://components/so-bpmn-infra" + repository: 'file://components/so-bpmn-infra' - name: so-catalog-db-adapter version: ~6.x-0 - repository: "file://components/so-catalog-db-adapter" + repository: 'file://components/so-catalog-db-adapter' condition: so-catalog-db-adapter.enabled - - name: so-cnf-adapter - version: ~6.x-0 - repository: "file://components/so-cnf-adapter" - condition: so-cnf-adapter.enabled - - name: so-db-secrets - version: ~6.x-0 - repository: "file://components/so-db-secrets" - condition: so-etsi-nfvo-ns-lcm.enabled - name: so-etsi-nfvo-ns-lcm version: ~6.x-0 repository: 'file://components/so-etsi-nfvo-ns-lcm' condition: so-etsi-nfvo-ns-lcm.enabled - name: so-mariadb version: ~6.x-0 - repository: "file://components/so-mariadb" + repository: 'file://components/so-mariadb' - name: so-monitoring version: ~6.x-0 - repository: "file://components/so-monitoring" + repository: 'file://components/so-monitoring' condition: so-monitoring.enabled - name: so-nssmf-adapter version: ~6.x-0 - repository: "file://components/so-nssmf-adapter" + repository: 'file://components/so-nssmf-adapter' condition: so-nssmf-adapter.enabled - name: so-oof-adapter version: ~6.x-0 @@ -65,30 +60,27 @@ dependencies: condition: so-oof-adapter.enabled - name: so-openstack-adapter version: ~6.x-0 - repository: "file://components/so-openstack-adapter" + repository: 'file://components/so-openstack-adapter' condition: so-openstack-adapter.enabled - name: so-request-db-adapter version: ~6.x-0 - repository: "file://components/so-request-db-adapter" + repository: 'file://components/so-request-db-adapter' - name: so-sdc-controller version: ~6.x-0 - repository: "file://components/so-sdc-controller" + repository: 'file://components/so-sdc-controller' - name: so-sdnc-adapter version: ~6.x-0 - repository: "file://components/so-sdnc-adapter" + repository: 'file://components/so-sdnc-adapter' condition: so-sdnc-adapter.enabled - - name: so-secrets - version: ~6.x-0 - repository: "file://components/so-secrets" - name: so-ve-vnfm-adapter version: ~6.x-0 - repository: "file://components/so-ve-vnfm-adapter" + repository: 'file://components/so-ve-vnfm-adapter' condition: so-ve-vnfm-adapter.enabled - name: so-vfc-adapter version: ~6.x-0 - repository: "file://components/so-vfc-adapter" + repository: 'file://components/so-vfc-adapter' condition: so-vfc-adapter.enabled - name: so-vnfm-adapter version: ~6.x-0 - repository: "file://components/so-vnfm-adapter" + repository: 'file://components/so-vnfm-adapter' condition: so-vnfm-adapter.enabled diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index 8ed9fd6401..efcf029fbc 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -124,4 +124,4 @@ org: cloud-owner: CloudOwner adapters: network: - encryptionKey: {{ .Values.mso.msoKey }} + encryptionKey: {{ .Values.global.app.msoKey }} diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 1ff897e051..ac335c859a 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -41,20 +41,7 @@ spec: spec: initContainers: {{ include "so.certificate.container_importer" . | indent 6 | trim }} - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} @@ -68,21 +55,15 @@ spec: export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" {{- if .Values.global.security.aaf.enabled }} - export KEYSTORE_PASSWORD="${cadi_keystore_password}" + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" {{- end }} /app/start-app.sh {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 3e196ceda2..05df60bb0b 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -27,6 +27,8 @@ global: nameOverride: mariadb-galera serviceName: mariadb-galera servicePort: '3306' + service: mariadb-galera + internalPort: '3306' # mariadbRootPassword: secretpassword # rootPasswordExternalSecret: some secret #This flag allows SO to instantiate its own mariadb-galera cluster, @@ -58,6 +60,7 @@ global: siteName: onapheat auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 defaultCloudOwner: onap + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 client: certs: truststore: /app/client/org.onap.so.trust.jks @@ -68,6 +71,10 @@ global: path: /etc/ssl/certs share_path: /usr/local/share/ca-certificates/ +readinessCheck: + wait_for: + - so-mariadb-config + ################################################################# # Secrets metaconfig ################################################################# @@ -108,44 +115,16 @@ secrets: type: generic filePaths: - resources/config/certificates/msb-ca.crt - - uid: 'mso-key' + - uid: "mso-key" name: &mso-key '{{ include "common.release" . }}-mso-key' type: password - password: '{{ .Values.mso.msoKey }}' + password: '{{ .Values.global.app.msoKey }}' - uid: mso-oof-auth name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth' type: basicAuth login: '{{ .Values.mso.oof.login }}' password: '{{ .Values.mso.oof.password }}' passwordPolicy: required - - uid: server-actuator-creds - name: &actuator-secrets '{{ include "common.release" . }}-so-server-actuator-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' - login: '{{ .Values.server.actuator.username }}' - password: '{{ .Values.server.actuator.password }}' - passwordPolicy: required - - uid: server-bpel-creds - name: &bpel-secrets '{{ include "common.release" . }}-so-server-bpel-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}' - login: '{{ .Values.server.bpel.username }}' - password: '{{ .Values.server.bpel.password }}' - passwordPolicy: required - - uid: so-aaf-creds - name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}' - login: '{{ .Values.server.aaf.username }}' - password: '{{ .Values.server.aaf.password }}' - passwordPolicy: required - - uid: so-aai-creds - name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.server.aaiCredsExternalSecret) . }}' - login: '{{ .Values.server.aai.username }}' - password: '{{ .Values.server.aai.password }}' - passwordPolicy: required aafConfig: permission_user: 1000 @@ -167,44 +146,20 @@ dbCreds: userName: so_user adminName: so_admin -server: - aaf: - username: so@so.onap.org - password: demo123456 - # aafCredsExternalSecret: some secret - aai: - username: aai@aai.onap.org - password: demo123456! - # aaiCredsExternalSecret: some secret - actuator: - username: mso_admin - password: password1$ - # actuatorCredsExternalSecret: some secret - bpel: - username: bpel - password: password1$ - # bpelCredsExternalSecret: some secret - repository: nexus3.onap.org:10001 -image: onap/so/api-handler-infra:1.6.4 +image: onap/so/api-handler-infra:1.7.10 pullPolicy: Always - replicaCount: 1 minReadySeconds: 10 - containerPort: &containerPort 8080 - logPath: ./logs/apih/ - app: api-handler-infra - service: type: NodePort nodePort: 77 internalPort: *containerPort externalPort: *containerPort portName: so-apih-port - updateStrategy: type: RollingUpdate maxUnavailable: 1 @@ -281,7 +236,6 @@ mso: requestDb: auth: Basic YnBlbDpwYXNzd29yZDEk camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 sdc: client: auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24 @@ -298,9 +252,7 @@ mso: auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ= so-appc-orchestrator: - enabled: true - server: - actuatorCredsExternalSecret: *actuator-secrets + enabled: false db: <<: *dbSecrets @@ -313,51 +265,16 @@ so-catalog-db-adapter: db: <<: *dbSecrets -so-cnf-adapter: - enabled: true - server: - aafCredsExternalSecret: *aaf-secrets - aaiCredsExternalSecret: *aai-secrets - actuatorCredsExternalSecret: *actuator-secrets - mso: - msoKeySecret: *mso-key - so-etsi-nfvo-ns-lcm: enabled: true db: <<: *dbSecrets -so-mariadb: - db: - rootPasswordExternalSecretLocalDb: *dbRootPassSecretName - rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}' - backupCredsExternalSecret: *dbBackupCredsSecretName - userCredsExternalSecret: *dbUserCredsSecretName - adminCredsExternalSecret: *dbAdminCredsSecretName - so-monitoring: enabled: true db: <<: *dbSecrets -so-nssmf-adapter: - enabled: true - server: - actuatorCredsExternalSecret: *actuator-secrets - bpelCredsExternalSecret: *bpel-secrets - db: - <<: *dbSecrets - -so-oof-adapter: - enabled: true - db: - <<: *dbSecrets - mso: - msoKeySecret: *mso-key - camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A - oof: - authSecret: *mso-oof-auth - so-openstack-adapter: enabled: true db: @@ -377,12 +294,35 @@ so-sdnc-adapter: <<: *dbSecrets so-ve-vnfm-adapter: - enabled: true + enabled: false so-vfc-adapter: enabled: true db: <<: *dbSecrets +so-nssmf-adapter: + enabled: true + db: + <<: *dbSecrets + +so-oof-adapter: + enabled: true + db: + <<: *dbSecrets + mso: + msoKeySecret: *mso-key + camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A + oof: + authSecret: *mso-oof-auth + so-vnfm-adapter: enabled: true + +so-mariadb: + db: + rootPasswordExternalSecretLocalDb: *dbRootPassSecretName + rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}' + backupCredsExternalSecret: *dbBackupCredsSecretName + userCredsExternalSecret: *dbUserCredsSecretName + adminCredsExternalSecret: *dbAdminCredsSecretName |