diff options
Diffstat (limited to 'kubernetes/so')
11 files changed, 94 insertions, 24 deletions
diff --git a/kubernetes/so/.helmignore b/kubernetes/so/.helmignore index f0c1319444..7ddbad7ef4 100755 --- a/kubernetes/so/.helmignore +++ b/kubernetes/so/.helmignore @@ -19,3 +19,4 @@ .project .idea/ *.tmproj +components/ diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index 4429bd9f46..6aa2356bed 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -92,7 +92,7 @@ mso: vnf: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter rest: - endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/{{ .Values.vnf.api.version }}/vnfs volume-groups: rest: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index b6f315aa3d..034e269d6a 100755 --- a/kubernetes/so/components/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -56,8 +56,6 @@ secrets: # - 'my file 1' # - '{{ include "templateThatGeneratesFileName" . }}' - - ################################################################# # Application configuration defaults. ################################################################# @@ -102,6 +100,10 @@ so: sniro: endpoint: http://replaceme:28090/optimizationInstance/V1/create +vnf: + api: + version: v2 + replicaCount: 1 minReadySeconds: 10 containerPort: &containerPort 8081 @@ -129,7 +131,6 @@ soHelpers: apiEnforcement: org.onap.so.bpmnPerm containerPort: *containerPort - # Resource Limit flavor -By Default using small flavor: large # Segregation for Different environment (Small and Large) @@ -150,13 +151,13 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml index 64fd243a27..322fd4142f 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -17,6 +17,22 @@ aai: version: v19 endpoint: https://aai.{{ include "common.namespace" . }}:8443 spring: + datasource: + hikari: + camunda: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: bpmn-pool + registerMbeans: true + nfvo: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/nfvo + username: ${DB_ADMIN_USERNAME} + password: ${DB_ADMIN_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: nfvo-pool + registerMbeans: true security: usercredentials: - username: ${ETSI_NFVO_USERNAME} @@ -45,3 +61,10 @@ etsi-catalog-manager: {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api {{- end }} +camunda: + bpm: + history-level: full + job-execution: + max-pool-size: 30 + core-pool-size: 3 + deployment-aware: true diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml index fbba76f13f..bc36fc1f46 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -39,6 +39,7 @@ spec: {{- if .Values.global.aafEnabled }} export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export TRUSTSTORE="file:/${TRUSTSTORE}" {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password}" {{- end }} @@ -51,6 +52,24 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }} - name: ETSI_NFVO_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }} + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }} {{ include "so.certificates.env" . | indent 12 | trim }} envFrom: - configMapRef: @@ -64,7 +83,7 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-truststore mountPath: /app/client - readonly: true + readOnly: true livenessProbe: tcpSocket: port: {{ index .Values.livenessProbe.port }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml index 79a8276df4..6af61820db 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml @@ -40,6 +40,18 @@ secrets: externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}' login: '{{ .Values.etsi.nfvo.nslcm.username }}' password: '{{ .Values.etsi.nfvo.nslcm.password }}' + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -50,6 +62,13 @@ pullPolicy: Always aai: auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret etsi: nfvo: nslcm: diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml index d07f58e84e..f37c8b2166 100755 --- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml @@ -89,7 +89,7 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} - name: ACTUATOR_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} - {{ include "so.certificates.env" . | indent 8 | trim }} + {{ include "so.certificates.env" . | nindent 12 }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-env diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml index e6b96a6b8f..4431ca5513 100755 --- a/kubernetes/so/components/so-oof-adapter/values.yaml +++ b/kubernetes/so/components/so-oof-adapter/values.yaml @@ -73,7 +73,7 @@ secrets: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-oof-adapter:1.7.2 +image: onap/so/so-oof-adapter:1.7.4 pullPolicy: Always mso: diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl index fa25ba5177..ef3b0768f5 100644 --- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -16,7 +16,11 @@ keytool -import -trustcacerts -alias msb_root -file \ /certificates/msb-ca.crt -keystore \ "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ - -keypass $cadi_truststore_password -noprompt + -storepass $cadi_truststore_password -noprompt + keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \ + -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \ + -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ + -deststorepass $cadi_truststore_password -noprompt volumeMounts: {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }} - name: {{ include "common.name" $dot }}-msb-certificate diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml index 5dbe46cf9e..391938199e 100755 --- a/kubernetes/so/components/soHelpers/values.yaml +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -37,7 +37,7 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: "so-onap-certs" + - uid: 'so-onap-certs' name: '{{ include "common.release" . }}-so-certs' externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic @@ -54,10 +54,11 @@ certInitializer: fqdn: so fqi: so@so.onap.org public_fqdn: so.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" + cadi_longitude: '0.0' + cadi_latitude: '0.0' app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local + trustStoreAllPass: changeit aaf_add_config: > /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 0d3b3927ec..0a9dbf4f4e 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -26,7 +26,7 @@ global: mariadbGalera: nameOverride: mariadb-galera serviceName: mariadb-galera - servicePort: "3306" + servicePort: '3306' # mariadbRootPassword: secretpassword # rootPasswordExternalSecret: some secret #This flag allows SO to instantiate its own mariadb-galera cluster, @@ -87,7 +87,7 @@ secrets: passwordPolicy: required annotations: helm.sh/hook: pre-upgrade,pre-install - helm.sh/hook-weight: "0" + helm.sh/hook-weight: '0' helm.sh/hook-delete-policy: before-hook-creation - uid: db-user-creds name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds' @@ -103,7 +103,7 @@ secrets: login: '{{ .Values.dbCreds.adminName }}' password: '{{ .Values.dbCreds.adminPassword }}' passwordPolicy: generate - - uid: "so-onap-certs" + - uid: 'so-onap-certs' name: &so-certs '{{ include "common.release" . }}-so-certs' externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic @@ -219,11 +219,11 @@ mariadb-galera: ingress: enabled: false service: - - baseaddr: "so.api" - name: "so" + - baseaddr: 'so.api' + name: 'so' port: 8080 config: - ssl: "none" + ssl: 'none' mso: adapters: @@ -261,6 +261,8 @@ so-catalog-db-adapter: so-etsi-nfvo-ns-lcm: enabled: true + db: + <<: *dbSecrets so-monitoring: enabled: true |