summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/.gitignore1
-rw-r--r--kubernetes/cli/requirements.yaml3
-rw-r--r--kubernetes/cli/templates/deployment.yaml2
-rw-r--r--kubernetes/cli/values.yaml2
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml4
-rw-r--r--kubernetes/common/music/Makefile51
-rw-r--r--kubernetes/common/music/charts/music-cassandra-job/values.yaml71
-rw-r--r--kubernetes/common/music/charts/music/values.yaml177
-rw-r--r--kubernetes/common/music/components/Makefile51
-rw-r--r--kubernetes/common/music/components/music-cassandra/.helmignore (renamed from kubernetes/common/music/charts/music-cassandra-job/.helmignore)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/Chart.yaml (renamed from kubernetes/common/music/charts/music-cassandra/Chart.yaml)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/requirements.yaml (renamed from kubernetes/common/music/charts/music-cassandra/requirements.yaml)3
-rw-r--r--kubernetes/common/music/components/music-cassandra/resources/LICENSE.txt (renamed from kubernetes/common/music/charts/music-cassandra-job/resources/LICENSE.txt)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/resources/cql/admin.cql (renamed from kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin.cql)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/resources/cql/admin_pw.cql (renamed from kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin_pw.cql)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/resources/cql/extra/check.cql (renamed from kubernetes/common/music/charts/music-cassandra-job/resources/cql/extra/check.cql)0
-rwxr-xr-xkubernetes/common/music/components/music-cassandra/templates/configmap.yaml (renamed from kubernetes/common/music/charts/music-cassandra-job/templates/configmap.yaml)0
-rwxr-xr-xkubernetes/common/music/components/music-cassandra/templates/configmap_extra.yaml (renamed from kubernetes/common/music/charts/music-cassandra-job/templates/configmap_extra.yaml)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/templates/job.yaml (renamed from kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml)8
-rw-r--r--kubernetes/common/music/components/music-cassandra/templates/pv.yaml (renamed from kubernetes/common/music/charts/music-cassandra/templates/pv.yaml)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/templates/service.yaml (renamed from kubernetes/common/music/charts/music-cassandra/templates/service.yaml)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml (renamed from kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml)2
-rw-r--r--kubernetes/common/music/components/music-cassandra/values.yaml (renamed from kubernetes/common/music/charts/music-cassandra/values.yaml)44
-rw-r--r--kubernetes/common/music/requirements.yaml6
-rwxr-xr-xkubernetes/common/music/resources/config/logback.xml (renamed from kubernetes/common/music/charts/music/resources/config/logback.xml)0
-rwxr-xr-xkubernetes/common/music/resources/config/music-sb.properties (renamed from kubernetes/common/music/charts/music/resources/config/music-sb.properties)0
-rwxr-xr-xkubernetes/common/music/resources/config/music.properties (renamed from kubernetes/common/music/charts/music/resources/config/music.properties)0
-rwxr-xr-xkubernetes/common/music/resources/config/startup.sh (renamed from kubernetes/common/music/charts/music/resources/config/startup.sh)0
-rw-r--r--kubernetes/common/music/resources/keys/org.onap.music.jks (renamed from kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks)bin3635 -> 3635 bytes
-rw-r--r--kubernetes/common/music/resources/keys/truststoreONAPall.jks (renamed from kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks)bin117990 -> 117990 bytes
-rw-r--r--kubernetes/common/music/templates/configmap.yaml (renamed from kubernetes/common/music/charts/music/templates/configmap.yaml)0
-rw-r--r--kubernetes/common/music/templates/deployment.yaml (renamed from kubernetes/common/music/charts/music/templates/deployment.yaml)8
-rw-r--r--kubernetes/common/music/templates/secrets.yaml (renamed from kubernetes/common/music/charts/music/templates/secrets.yaml)0
-rw-r--r--kubernetes/common/music/templates/service.yaml (renamed from kubernetes/common/music/charts/music/templates/service.yaml)0
-rw-r--r--kubernetes/common/music/values.yaml139
-rw-r--r--kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml179
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json4
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml4
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml2
-rw-r--r--kubernetes/onap/Chart.yaml2
-rwxr-xr-xkubernetes/onap/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/templates/job-onboard.yaml2
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/.helmignore (renamed from kubernetes/common/music/charts/music-cassandra/.helmignore)1
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml (renamed from kubernetes/common/music/charts/music/Chart.yaml)6
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml138
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml (renamed from kubernetes/common/music/charts/music-cassandra-job/Chart.yaml)12
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml34
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml71
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml167
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml38
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/values.yaml79
-rw-r--r--kubernetes/platform/components/oom-cert-service/.gitignore5
-rw-r--r--kubernetes/platform/components/oom-cert-service/.helmignore1
-rw-r--r--kubernetes/platform/components/oom-cert-service/Makefile36
-rw-r--r--kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json2
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/secret.yaml15
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml9
-rw-r--r--kubernetes/platform/requirements.yaml5
-rw-r--r--kubernetes/sdnc/values.yaml2
61 files changed, 1066 insertions, 326 deletions
diff --git a/kubernetes/.gitignore b/kubernetes/.gitignore
new file mode 100644
index 0000000000..bc3a4f1ee0
--- /dev/null
+++ b/kubernetes/.gitignore
@@ -0,0 +1 @@
+chartstorage/
diff --git a/kubernetes/cli/requirements.yaml b/kubernetes/cli/requirements.yaml
index f5931d50ed..1e08aaf3cd 100644
--- a/kubernetes/cli/requirements.yaml
+++ b/kubernetes/cli/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml
index 0823daffb6..74b2d2df37 100644
--- a/kubernetes/cli/templates/deployment.yaml
+++ b/kubernetes/cli/templates/deployment.yaml
@@ -37,7 +37,7 @@ spec:
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index bf3ba5b099..6e711c51c0 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -17,12 +17,10 @@
#################################################################
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: onap/cli:6.0.0
pullPolicy: Always
flavor: small
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index f6feee6e06..c22f9731b5 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -14,7 +14,7 @@
global:
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
secretName: oom-cert-service-client-tls-secret
envVariables:
# Certificate related
@@ -29,5 +29,5 @@ global:
keystorePassword: "secret"
truststorePassword: "secret"
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.1
diff --git a/kubernetes/common/music/Makefile b/kubernetes/common/music/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/common/music/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/common/music/charts/music-cassandra-job/values.yaml b/kubernetes/common/music/charts/music-cassandra-job/values.yaml
deleted file mode 100644
index eee1a3a522..0000000000
--- a/kubernetes/common/music/charts/music-cassandra-job/values.yaml
+++ /dev/null
@@ -1,71 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for cassandra.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global:
- pullPolicy: Always
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessImage: onap/oom/readiness:3.0.1
- # Set default to 4 hrs.
- # On slow environments dealys this long have been seen.
- readinessTimeout: 240
- # logging agent
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
- replicaCount: 3
-
-job:
- host: music-cassandra
- port: 9042
- busybox:
- image: library/busybox:latest
- cassandra:
- image: onap/music/cassandra_job:3.0.24
- timeout: 30
- delay: 120
-cql:
- keyspace:
- replicationClass: "SimpleStrategy"
- replicationFactor: 3
- adminUser:
- username: nelson24
- password: nelson24
- passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6
-
-podManagementPolicy: OrderedReady
-updateStrategy:
- type: OnDelete
-
-ingress:
- enabled: false
-
-tolerations: []
-
-affinity: {}
-
-persistence:
- enabled: true
-
-resources:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 1
- memory: 1Gi
diff --git a/kubernetes/common/music/charts/music/values.yaml b/kubernetes/common/music/charts/music/values.yaml
deleted file mode 100644
index bf3ad2279c..0000000000
--- a/kubernetes/common/music/charts/music/values.yaml
+++ /dev/null
@@ -1,177 +0,0 @@
-# Copyright © 2020 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
-
- envsubstImage: dibi/envsubst
-
- # readiness check
- readinessImage: onap/oom/readiness:3.0.1
-
- # logging agent
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
- truststore: truststoreONAPall.jks
-
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: music-certs
- name: keystore.jks
- type: generic
- filePaths:
- - resources/keys/org.onap.music.jks
- - uid: music-keystore-pw
- name: keystore-pw
- type: password
- password: '{{ .Values.keystorePassword }}'
- passwordPolicy: required
- - uid: cassa-secret
- type: basicAuth
- login: '{{ .Values.properties.cassandraUser }}'
- password: '{{ .Values.properties.cassandraPassword }}'
- passwordPolicy: required
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/music/music_sb:3.2.40
-pullPolicy: Always
-
-job:
- host: cassandra
- port: 9042
- busybox:
- image: library/busybox:latest
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 6
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
- port: 8443
-
-
-# Java options that need to be passed to jave on CLI
-#javaOpts: -Xms256m -Xmx2048m
-javaOpts:
-# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV
-springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties
-# Resource Limit flavor -By Default using small
-flavor: large
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1000m
- memory: 1G
- requests:
- cpu: 300m
- memory: 512Mi
- large:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: 1000m
- memory: 2Gi
- unlimited: {}
-
-readiness:
- initialDelaySeconds: 350
- periodSeconds: 120
- port: 8443
-
-service:
- useNodePortExt: true
- type: NodePort
- name: music
- ports:
- - name: https-api
- port: 8443
- nodePort: '07'
-
-# Turn on Debugging true/false
-debug: false
-ingress:
- enabled: false
-
-keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew"
-
-properties:
- lockUsing: "cassandra"
- # Comma dilimited list of hosts
- cassandraHost: "music-cassandra"
- cassandraUser: "nelson24"
- cassandraPassword: "nelson24"
- cassandraConnecttimeoutms: 12000
- cassandraPort: 9042
- # Connection Timeout for Cassandra in ms
- # Read Timeout for Cassandra in ms
- cassandraReadtimeoutms: 12000
- keyspaceActive: true
- # Enable CADI
- cadi: false
- # Special headers that may be passed and if they are required.
- # With the ability to add a Prefix if required.
- transIdRequired: false
- transIdPrefix: X-ATT-
- conversationRequired: false
- conversationPrefix: X-CSI-
- clientIdRequired: false
- clientIdPrefix:
- messageIdRequired: false
- messageIdPrefix:
-
- # sleep time for lock cleanup daemon, negative values turn off daemon
-##### Lock settings
- retryCount: 3
- lockLeasePeriod: 6000
- # sleep time for lock cleanup daemon, negative values turn off daemon
- lockDaemonSleeptimeMs: 30000
- #comma separated list of keyspace names
- keyspaceForLockCleanup:
-
-
-logback:
- errorLogLevel: info
- securityLogLevel: info
- applicationLogLevel: info
- metricsLogLevel: info
- auditLogLevel: info
- # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
- rootLogLevel: INFO
-
diff --git a/kubernetes/common/music/components/Makefile b/kubernetes/common/music/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/common/music/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/common/music/charts/music-cassandra-job/.helmignore b/kubernetes/common/music/components/music-cassandra/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/.helmignore
+++ b/kubernetes/common/music/components/music-cassandra/.helmignore
diff --git a/kubernetes/common/music/charts/music-cassandra/Chart.yaml b/kubernetes/common/music/components/music-cassandra/Chart.yaml
index ed2488cc36..ed2488cc36 100644
--- a/kubernetes/common/music/charts/music-cassandra/Chart.yaml
+++ b/kubernetes/common/music/components/music-cassandra/Chart.yaml
diff --git a/kubernetes/common/music/charts/music-cassandra/requirements.yaml b/kubernetes/common/music/components/music-cassandra/requirements.yaml
index 58fe07b90b..3d71e307d6 100644
--- a/kubernetes/common/music/charts/music-cassandra/requirements.yaml
+++ b/kubernetes/common/music/components/music-cassandra/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
- name: common
version: ~7.x-0
repository: 'file://../../../common'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: 'file://../../../repositoryGenerator'
diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/LICENSE.txt b/kubernetes/common/music/components/music-cassandra/resources/LICENSE.txt
index 7f60913d26..7f60913d26 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/resources/LICENSE.txt
+++ b/kubernetes/common/music/components/music-cassandra/resources/LICENSE.txt
diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin.cql b/kubernetes/common/music/components/music-cassandra/resources/cql/admin.cql
index a76d774bd3..a76d774bd3 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin.cql
+++ b/kubernetes/common/music/components/music-cassandra/resources/cql/admin.cql
diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin_pw.cql b/kubernetes/common/music/components/music-cassandra/resources/cql/admin_pw.cql
index 24f2ad77f7..24f2ad77f7 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin_pw.cql
+++ b/kubernetes/common/music/components/music-cassandra/resources/cql/admin_pw.cql
diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/extra/check.cql b/kubernetes/common/music/components/music-cassandra/resources/cql/extra/check.cql
index a516be857b..a516be857b 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/extra/check.cql
+++ b/kubernetes/common/music/components/music-cassandra/resources/cql/extra/check.cql
diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap.yaml b/kubernetes/common/music/components/music-cassandra/templates/configmap.yaml
index 011dccda25..011dccda25 100755
--- a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/configmap.yaml
diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap_extra.yaml b/kubernetes/common/music/components/music-cassandra/templates/configmap_extra.yaml
index 72733b3088..72733b3088 100755
--- a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap_extra.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/configmap_extra.yaml
diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml b/kubernetes/common/music/components/music-cassandra/templates/job.yaml
index 2c6c3379c2..3cf1ae34fd 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/job.yaml
@@ -34,13 +34,13 @@ spec:
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /app/ready.py
args:
- --timeout
- - "{{ .Values.global.readinessTimeout }}"
+ - "{{ .Values.readinessTimeout }}"
- --container-name
- music-cassandra
env:
@@ -51,7 +51,7 @@ spec:
fieldPath: metadata.namespace
containers:
- name: {{ include "common.name" . }}-update-job
- image: "{{ .Values.global.repository }}/{{ .Values.job.cassandra.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.job.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: CASS_HOSTNAME
@@ -64,7 +64,7 @@ spec:
value: "{{ .Values.cql.adminUser.password }}"
- name: TIMEOUT
value: "{{ .Values.job.timeout }}"
- - name: DELAY
+ - name: DELAY
value: "{{ .Values.job.delay }}"
volumeMounts:
# Admin cql Files that setup Admin Keyspace and Change Admin user.
diff --git a/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml b/kubernetes/common/music/components/music-cassandra/templates/pv.yaml
index 8399bff77d..8399bff77d 100644
--- a/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/pv.yaml
diff --git a/kubernetes/common/music/charts/music-cassandra/templates/service.yaml b/kubernetes/common/music/components/music-cassandra/templates/service.yaml
index 5a26d6701c..5a26d6701c 100644
--- a/kubernetes/common/music/charts/music-cassandra/templates/service.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/service.yaml
diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml
index 5ae944a568..665cdaad0a 100644
--- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml
@@ -43,7 +43,7 @@ spec:
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ .Values.global.repository }}/{{ .Values.image.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/common/music/charts/music-cassandra/values.yaml b/kubernetes/common/music/components/music-cassandra/values.yaml
index 0402a3207c..317087cf24 100644
--- a/kubernetes/common/music/charts/music-cassandra/values.yaml
+++ b/kubernetes/common/music/components/music-cassandra/values.yaml
@@ -16,16 +16,7 @@
# Declare variables to be passed into your templates.
global:
nodePortPrefix: 302
-
- pullPolicy: Always
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessImage: onap/oom/readiness:3.0.1
-
- # logging agent
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
+ persistence: {}
replicaCount: 3
@@ -33,9 +24,8 @@ replicaCount: 3
# Docker Hub where the Security has been turned on.
# When logging into DB the default username and password are 'cassandra'
# kubectl exec -it <cassandra-n> -n <namespace> cqlsh -u cassandra -p cassandra
-image:
- image: onap/music/cassandra_3_11:3.0.24
- pullPolicy: Always
+image: onap/music/cassandra_3_11:3.0.24
+pullPolicy: Always
# Cassandra ENV configuration
config:
@@ -48,22 +38,38 @@ config:
rackName: Rack1
autoBootstrap: true
ports:
- cql: 9042
- thrift: 9160
+ cql: &cqlPort 9042
+ thrift: &thriftPort 9160
# If a JVM Agent is in place
# agent: 61621
service:
expose: true
type: ClusterIP
- name: music-cassandra
- internalPort: 9042
+ name: &cassandraService music-cassandra
+ internalPort: *cqlPort
portName: cql
- internalPort2: 9160
+ internalPort2: *thriftPort
portName2: thrift
internalPort3: 61621
portName3: agent
+job:
+ host: *cassandraService
+ port: *cqlPort
+ timeout: 30
+ delay: 120
+ image: onap/music/cassandra_job:3.0.24
+
+cql:
+ keyspace:
+ replicationClass: "SimpleStrategy"
+ replicationFactor: 3
+ adminUser:
+ username: nelson24
+ password: nelson24
+ passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6
+
# probe configuration parameters
liveness:
initialDelaySeconds: 120
@@ -72,6 +78,8 @@ liveness:
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+readinessTimeout: 240
+
readiness:
initialDelaySeconds: 10
periodSeconds: 10
diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml
index f16f6df288..a9566c1811 100644
--- a/kubernetes/common/music/requirements.yaml
+++ b/kubernetes/common/music/requirements.yaml
@@ -13,6 +13,12 @@
# limitations under the License.
dependencies:
+ - name: music-cassandra
+ version: ~7.x-0
+ repository: 'file://components/music-cassandra'
- name: common
version: ~7.x-0
repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/music/charts/music/resources/config/logback.xml b/kubernetes/common/music/resources/config/logback.xml
index 51423e547d..51423e547d 100755
--- a/kubernetes/common/music/charts/music/resources/config/logback.xml
+++ b/kubernetes/common/music/resources/config/logback.xml
diff --git a/kubernetes/common/music/charts/music/resources/config/music-sb.properties b/kubernetes/common/music/resources/config/music-sb.properties
index 751a351737..751a351737 100755
--- a/kubernetes/common/music/charts/music/resources/config/music-sb.properties
+++ b/kubernetes/common/music/resources/config/music-sb.properties
diff --git a/kubernetes/common/music/charts/music/resources/config/music.properties b/kubernetes/common/music/resources/config/music.properties
index a7681d0a02..a7681d0a02 100755
--- a/kubernetes/common/music/charts/music/resources/config/music.properties
+++ b/kubernetes/common/music/resources/config/music.properties
diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/resources/config/startup.sh
index 37bb84de8b..37bb84de8b 100755
--- a/kubernetes/common/music/charts/music/resources/config/startup.sh
+++ b/kubernetes/common/music/resources/config/startup.sh
diff --git a/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks b/kubernetes/common/music/resources/keys/org.onap.music.jks
index 35d27c3ef7..35d27c3ef7 100644
--- a/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks
+++ b/kubernetes/common/music/resources/keys/org.onap.music.jks
Binary files differ
diff --git a/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks b/kubernetes/common/music/resources/keys/truststoreONAPall.jks
index ff844b109d..ff844b109d 100644
--- a/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks
+++ b/kubernetes/common/music/resources/keys/truststoreONAPall.jks
Binary files differ
diff --git a/kubernetes/common/music/charts/music/templates/configmap.yaml b/kubernetes/common/music/templates/configmap.yaml
index d42cf2e7e0..d42cf2e7e0 100644
--- a/kubernetes/common/music/charts/music/templates/configmap.yaml
+++ b/kubernetes/common/music/templates/configmap.yaml
diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/templates/deployment.yaml
index 63b5ab0974..cf0ce8f899 100644
--- a/kubernetes/common/music/charts/music/templates/deployment.yaml
+++ b/kubernetes/common/music/templates/deployment.yaml
@@ -25,13 +25,13 @@ spec:
spec:
initContainers:
- name: {{ include "common.name" . }}-cassandra-readiness
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /app/ready.py
args:
- -j
- - "{{ include "common.release" . }}-music-cassandra-job-config"
+ - "{{ include "common.release" . }}-music-cassandra-config"
env:
- name: NAMESPACE
valueFrom:
@@ -55,13 +55,13 @@ spec:
name: properties-music-scrubbed
- mountPath: /config
name: properties-music
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
containers:
# MUSIC Container
- name: "{{ include "common.name" . }}-springboot"
- image: "{{ .Values.repository }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/templates/secrets.yaml
index 15791a85d7..15791a85d7 100644
--- a/kubernetes/common/music/charts/music/templates/secrets.yaml
+++ b/kubernetes/common/music/templates/secrets.yaml
diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/templates/service.yaml
index 3bd32a9419..3bd32a9419 100644
--- a/kubernetes/common/music/charts/music/templates/service.yaml
+++ b/kubernetes/common/music/templates/service.yaml
diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml
index 7e89b02e02..31df352de7 100644
--- a/kubernetes/common/music/values.yaml
+++ b/kubernetes/common/music/values.yaml
@@ -17,17 +17,45 @@
#################################################################
global:
nodePortPrefix: 302
- repository: nexus3.onap.org:10001
+ nodePortPrefixExt: 304
+ truststore: truststoreONAPall.jks
- readinessImage: onap/oom/readiness:3.0.1
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-# flag to enable debugging - application support required
-debugEnabled: false
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: music-certs
+ name: keystore.jks
+ type: generic
+ filePaths:
+ - resources/keys/org.onap.music.jks
+ - uid: music-keystore-pw
+ name: keystore-pw
+ type: password
+ password: '{{ .Values.keystorePassword }}'
+ passwordPolicy: required
+ - uid: cassa-secret
+ type: basicAuth
+ login: '{{ .Values.properties.cassandraUser }}'
+ password: '{{ .Values.properties.cassandraPassword }}'
+ passwordPolicy: required
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/music/music_sb:3.2.40
+pullPolicy: Always
+
+job:
+ host: cassandra
+ port: 9042
+
# default number of instances
-replicaCount: 3
+replicaCount: 1
nodeSelector: {}
@@ -35,15 +63,100 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 30
+ periodSeconds: 6
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- enabled: true
+ enabled: false
+ port: 8443
+
+
+# Java options that need to be passed to jave on CLI
+#javaOpts: -Xms256m -Xmx2048m
+javaOpts:
+# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV
+springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties
+# Resource Limit flavor -By Default using small
+flavor: large
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1000m
+ memory: 1G
+ requests:
+ cpu: 300m
+ memory: 512Mi
+ large:
+ limits:
+ cpu: 1500m
+ memory: 3Gi
+ requests:
+ cpu: 1000m
+ memory: 2Gi
+ unlimited: {}
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 350
+ periodSeconds: 120
+ port: 8443
+
+service:
+ useNodePortExt: true
+ type: NodePort
+ name: music
+ ports:
+ - name: https-api
+ port: 8443
+ nodePort: '07'
+
+# Turn on Debugging true/false
+debug: false
+ingress:
+ enabled: false
+
+keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew"
+
+properties:
+ lockUsing: "cassandra"
+ # Comma dilimited list of hosts
+ cassandraHost: "music-cassandra"
+ cassandraUser: "nelson24"
+ cassandraPassword: "nelson24"
+ cassandraConnecttimeoutms: 12000
+ cassandraPort: 9042
+ # Connection Timeout for Cassandra in ms
+ # Read Timeout for Cassandra in ms
+ cassandraReadtimeoutms: 12000
+ keyspaceActive: true
+ # Enable CADI
+ cadi: false
+ # Special headers that may be passed and if they are required.
+ # With the ability to add a Prefix if required.
+ transIdRequired: false
+ transIdPrefix: X-ATT-
+ conversationRequired: false
+ conversationPrefix: X-CSI-
+ clientIdRequired: false
+ clientIdPrefix:
+ messageIdRequired: false
+ messageIdPrefix:
+
+ # sleep time for lock cleanup daemon, negative values turn off daemon
+##### Lock settings
+ retryCount: 3
+ lockLeasePeriod: 6000
+ # sleep time for lock cleanup daemon, negative values turn off daemon
+ lockDaemonSleeptimeMs: 30000
+ #comma separated list of keyspace names
+ keyspaceForLockCleanup:
-resources: {}
+logback:
+ errorLogLevel: info
+ securityLogLevel: info
+ applicationLogLevel: info
+ metricsLogLevel: info
+ auditLogLevel: info
+ # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
+ rootLogLevel: INFO \ No newline at end of file
diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
index 19d872fe12..ec51a80d5e 100644
--- a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
+++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
@@ -60,19 +60,19 @@
<int>1</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>3</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>0</int>
@@ -354,6 +354,33 @@
<void method="add">
<int>1802</int>
</void>
+ <void method="add">
+ <int>1700</int>
+ </void>
+ <void method="add">
+ <int>1701</int>
+ </void>
+ <void method="add">
+ <int>1702</int>
+ </void>
+ <void method="add">
+ <int>1900</int>
+ </void>
+ <void method="add">
+ <int>1901</int>
+ </void>
+ <void method="add">
+ <int>1902</int>
+ </void>
+ <void method="add">
+ <int>2100</int>
+ </void>
+ <void method="add">
+ <int>2101</int>
+ </void>
+ <void method="add">
+ <int>2102</int>
+ </void>
</object>
</void>
<void method="put">
@@ -570,7 +597,7 @@
</void>
<void method="put">
<int>37</int>
- <string>-1501801709</string>
+ <string>-29939301</string>
</void>
<void method="put">
<int>20037</int>
@@ -932,5 +959,149 @@
<int>30218</int>
<boolean>true</boolean>
</void>
+ <void method="put">
+ <int>17</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20017</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10017</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30017</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>117</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20117</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10117</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30117</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>217</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20217</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10217</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30217</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>19</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20019</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10019</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30019</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>119</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20119</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10119</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30119</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>219</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20219</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10219</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30219</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>21</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20021</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10021</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30021</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>121</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20121</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10121</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30121</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>221</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20221</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10221</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30221</int>
+ <boolean>true</boolean>
+ </void>
</object>
</java>
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
index 568d6f77c9..5e37856d19 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
@@ -54,7 +54,7 @@
"keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
"truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
},
- "truststore_merger": {
+ "cert_post_processor": {
"image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
}
-} \ No newline at end of file
+}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
index 08a3c357ba..0108d9a8ce 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
@@ -25,6 +25,6 @@ use_tls: true
security_ssl_disable: false
external_cert_ca_name: "RA"
external_cert_common_name: "dcae-hv-ves-collector"
-external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves"
+external_cert_sans: "dcae-hv-ves-collector,hv-ves-collector,hv-ves"
external_cert_cert_type: "JKS"
external_cert_use_external_tls: false
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
index e09e37dd31..c284612c79 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
@@ -40,6 +40,6 @@ ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.me
user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
external_cert_ca_name: "RA"
external_cert_common_name: "dcae-ves-collector"
-external_cert_sans: "dcae-ves-collector:ves-collector:ves"
+external_cert_sans: "dcae-ves-collector,ves-collector,ves"
external_cert_cert_type: "JKS"
external_cert_use_external_tls: false
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 668dcc7e18..a3bff07fb2 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -103,7 +103,7 @@ mongo:
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.8
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.1
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
@@ -115,7 +115,7 @@ componentImages:
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.1
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index fd4e1217c4..c13d3cebe6 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -49,7 +49,7 @@ config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.4
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.1
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml
index a9be436ae5..fceda43e73 100644
--- a/kubernetes/onap/Chart.yaml
+++ b/kubernetes/onap/Chart.yaml
@@ -15,7 +15,7 @@
apiVersion: v1
name: onap
version: 7.0.0
-appVersion: Frankfurt
+appVersion: Guilin
description: Open Network Automation Platform (ONAP)
home: https://www.onap.org/
sources:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 3c8b1e9d90..5b29afc194 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -164,7 +164,7 @@ global:
cmpv2Enabled: true
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
diff --git a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml
index a60372f30a..e63aeb369a 100755
--- a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml
+++ b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml
@@ -53,7 +53,7 @@ spec:
- /app/ready.py
args:
- -j
- - "{{ include "common.release" . }}-music-cassandra-job-config"
+ - "{{ include "common.release" . }}-music-cassandra-config"
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/common/music/charts/music-cassandra/.helmignore b/kubernetes/platform/components/cmpv2-cert-provider/.helmignore
index f0c1319444..50af031725 100644
--- a/kubernetes/common/music/charts/music-cassandra/.helmignore
+++ b/kubernetes/platform/components/cmpv2-cert-provider/.helmignore
@@ -19,3 +19,4 @@
.project
.idea/
*.tmproj
+.vscode/
diff --git a/kubernetes/common/music/charts/music/Chart.yaml b/kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml
index 105f447bd3..38446f1bfa 100644
--- a/kubernetes/common/music/charts/music/Chart.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,6 +13,6 @@
# limitations under the License.
apiVersion: v1
-description: MUSIC api as a Service API Spring boot container.
-name: music
+description: ONAP CMPv2 certificate external provider for cert-manager
+name: cmpv2-cert-provider
version: 7.0.0
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
new file mode 100644
index 0000000000..0bc24afe86
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
@@ -0,0 +1,138 @@
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: cmpv2issuers.certmanager.onap.org
+spec:
+ group: certmanager.onap.org
+ names:
+ kind: CMPv2Issuer
+ listKind: CMPv2IssuerList
+ plural: cmpv2issuers
+ singular: cmpv2issuer
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ description: CMPv2Issuer is the Schema for the cmpv2issuers API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CMPv2IssuerSpec defines the desired state of CMPv2Issuer
+ properties:
+ url:
+ description: URL to CertService API.
+ type: string
+ healthEndpoint:
+ description: Path of health check endpoint.
+ type: string
+ certEndpoint:
+ description: Path of cerfificate signing enpoint.
+ type: string
+ caName:
+ description: Name of the external CA server configured on CertService API side.
+ type: string
+ certSecretRef:
+ description: Reference to K8s secret which contains certificate, private key and CA certificate
+ needed to connect to CertService API (which requires client certificate authentication)
+ properties:
+ name:
+ description: The name of K8s secret to select certificates from. Secret must be in the same
+ namespace as CMPv2Issuer.
+ type: string
+ keyRef:
+ description: The key of the secret to select private key from. Must be a
+ valid secret key.
+ type: string
+ certRef:
+ description: The key of the secret to select cert from. Must be a
+ valid secret key.
+ type: string
+ cacertRef:
+ description: The key of the secret to select cacert from. Must be a
+ valid secret key.
+ type: string
+ required:
+ - name
+ - keyRef
+ - certRef
+ - cacertRef
+ type: object
+ required:
+ - url
+ - healthEndpoint
+ - certEndpoint
+ - caName
+ - certSecretRef
+ type: object
+ status:
+ description: CMPv2IssuerStatus defines the observed state of CMPv2Issuer
+ properties:
+ conditions:
+ items:
+ description: CMPv2IssuerCondition contains condition information for
+ the certservice issuer.
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
+ type: string
+ message:
+ description: Message is a human readable description of the details
+ of the last transition, complementing reason.
+ type: string
+ reason:
+ description: Reason is a brief machine readable explanation for
+ the condition's last transition.
+ type: string
+ status:
+ allOf:
+ - enum:
+ - "True"
+ - "False"
+ - Unknown
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
+ type: string
+ type:
+ description: Type of the condition, currently ('Ready').
+ enum:
+ - Ready
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ type: object
+ type: object
diff --git a/kubernetes/common/music/charts/music-cassandra-job/Chart.yaml b/kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml
index b4feb7114b..def35866d7 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/Chart.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml
@@ -1,5 +1,4 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
+# Copyright © 2020 Nokia
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -12,8 +11,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-description: Cassandra Job - Run CQL Scripts after Cassandra Starts.
-name: music-cassandra-job
-version: 7.0.0
-
+ dependencies:
+ - name: common
+ version: ~7.x-0
+ repository: '@local'
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
new file mode 100644
index 0000000000..9ba61a5f57
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
@@ -0,0 +1,34 @@
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: certmanager.onap.org/v1
+kind: CMPv2Issuer
+metadata:
+ name: {{ .Values.cmpv2issuer.name }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ url: {{ .Values.cmpv2issuer.url }}
+ healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }}
+ certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }}
+ caName: {{ .Values.cmpv2issuer.caName }}
+ certSecretRef:
+ name: {{ .Values.cmpv2issuer.certSecretRef.name }}
+ keyRef: {{ .Values.cmpv2issuer.certSecretRef.keyRef }}
+ certRef: {{ .Values.cmpv2issuer.certSecretRef.certRef }}
+ cacertRef: {{ .Values.cmpv2issuer.certSecretRef.cacertRef }}
+{{ end }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
new file mode 100644
index 0000000000..3f0027f1be
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
@@ -0,0 +1,71 @@
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ labels:
+ control-plane: controller-manager
+ spec:
+ containers:
+ - name: {{ .Values.deploymentProxy.name }}
+ image: {{ .Values.deploymentProxy.image }}
+ imagePullPolicy: {{ .Values.deploymentProxy.pullPolicy }}
+ args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=10
+ ports:
+ - containerPort: 8443
+ name: https
+ resources:
+ limits:
+ cpu: {{ .Values.deploymentProxy.resources.limits.cpu }}
+ memory: {{ .Values.deploymentProxy.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.deploymentProxy.resources.requests.cpu }}
+ memory: {{ .Values.deploymentProxy.resources.requests.memory }}
+ - name: provider
+ image: {{ .Values.global.repository }}{{if .Values.global.repository }}/{{ end }}{{ .Values.deployment.image }}
+ imagePullPolicy: {{ .Values.deployment.pullPolicy }}
+ command:
+ - /oom-certservice-cmpv2issuer
+ args:
+ - --metrics-addr=127.0.0.1:8080
+ - --log-level={{ .Values.deployment.logLevel }}
+ resources:
+ limits:
+ cpu: {{ .Values.deployment.resources.limits.cpu }}
+ memory: {{ .Values.deployment.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.deployment.resources.requests.cpu }}
+ memory: {{ .Values.deployment.resources.requests.memory }}
+ terminationGracePeriodSeconds: 10
+{{ end }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml
new file mode 100644
index 0000000000..add5622f41
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml
@@ -0,0 +1,167 @@
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: cmpv2-issuer-leader-election-role
+ namespace: {{ include "common.namespace" . }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cmpv2-issuer-manager-role
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - cert-manager.io
+ resources:
+ - certificaterequests
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - cert-manager.io
+ resources:
+ - certificaterequests/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - certmanager.onap.org
+ resources:
+ - cmpv2issuers
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - certmanager.onap.org
+ resources:
+ - cmpv2issuers/status
+ verbs:
+ - get
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cmpv2-issuer-proxy-role
+rules:
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: cmpv2-issuer-leader-election-rolebinding
+ namespace: {{ include "common.namespace" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: cmpv2-issuer-leader-election-role
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ include "common.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cmpv2-issuer-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmpv2-issuer-manager-role
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ include "common.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cmpv2-issuer-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmpv2-issuer-proxy-role
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ include "common.namespace" . }}
+{{ end }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
new file mode 100644
index 0000000000..152bd68ba6
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
@@ -0,0 +1,38 @@
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ prometheus.io/port: "8443"
+ prometheus.io/scheme: https
+ prometheus.io/scrape: "true"
+ labels:
+ control-plane: controller-manager
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.ports.name }}
+ port: {{ .Values.service.ports.port }}
+ targetPort: {{ .Values.service.ports.targetPort }}
+ selector:
+ control-plane: controller-manager
+{{ end }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
new file mode 100644
index 0000000000..5ea763a812
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -0,0 +1,79 @@
+# Copyright © 2020, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Global
+global:
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
+ repository: "nexus3.onap.org:10001"
+ CMPv2CertManagerIntegration: false
+
+namespace: onap
+
+# Service configuration
+service:
+ name: oom-certservice-cmpv2issuer-metrics-service
+ type: ClusterIP
+ ports:
+ name: https
+ port: 8443
+ targetPort: https
+
+# Deployment configuration
+deployment:
+ name: oom-certservice-cmpv2issuer
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.0
+ proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
+ # fol local development use IfNotPresent
+ pullPolicy: Always
+ logLevel: debug
+ resources:
+ limits:
+ cpu: 250m
+ memory: 128Mi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+deploymentProxy:
+ name: kube-rbac-proxy
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
+ pullPolicy: IfNotPresent
+ resources:
+ limits:
+ cpu: 250m
+ memory: 128Mi
+ requests:
+ cpu: 50m
+ memory: 32Mi
+
+# CMPv2Issuer
+cmpv2issuer:
+ name: cmpv2-issuer-onap
+ url: https://oom-cert-service:8443
+ healthcheckEndpoint: actuator/health
+ certEndpoint: v1/certificate
+ caName: RA
+ certSecretRef:
+ name: cmpv2-issuer-secret
+ certRef: certServiceServer-cert.pem
+ keyRef: certServiceServer-key.pem
+ cacertRef: truststore.pem
+
+
+
+
diff --git a/kubernetes/platform/components/oom-cert-service/.gitignore b/kubernetes/platform/components/oom-cert-service/.gitignore
new file mode 100644
index 0000000000..d5e121c17d
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/.gitignore
@@ -0,0 +1,5 @@
+resources/*.jks
+resources/*.pem
+resources/*.p12
+resources/*.crt
+resources/*.csr
diff --git a/kubernetes/platform/components/oom-cert-service/.helmignore b/kubernetes/platform/components/oom-cert-service/.helmignore
index 50af031725..5d9272cd5d 100644
--- a/kubernetes/platform/components/oom-cert-service/.helmignore
+++ b/kubernetes/platform/components/oom-cert-service/.helmignore
@@ -20,3 +20,4 @@
.idea/
*.tmproj
.vscode/
+
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile
index 736a19fbd4..ea0cb8aae4 100644
--- a/kubernetes/platform/components/oom-cert-service/Makefile
+++ b/kubernetes/platform/components/oom-cert-service/Makefile
@@ -19,6 +19,10 @@ all: start_docker \
server_import_root_certificate \
server_convert_certificate_to_jks \
server_convert_certificate_to_p12 \
+ convert_truststore_to_p12 \
+ convert_truststore_to_pem \
+ server_export_certificate_to_pem \
+ server_export_key_to_pem \
clear_unused_files \
stop_docker
@@ -32,7 +36,7 @@ start_docker:
$(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
$(eval USERNAME :=$(shell id -u))
$(eval GROUP :=$(shell id -g))
- docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
+ docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
stop_docker:
@@ -46,7 +50,7 @@ clear_all:
#Clear certificates
clear_existing_certificates:
@echo "Clear certificates"
- ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+ ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 truststore.pem certServiceServer-cert.pem certServiceServer-key.pem
@echo "#####done#####"
#Generate root private and public keys
@@ -146,8 +150,34 @@ server_convert_certificate_to_p12:
-destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
@echo "#####done#####"
+#Convert truststore(.jks) to PCKS12 format(.p12)
+convert_truststore_to_p12:
+ @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+ ${DOCKER_EXEC} keytool -importkeystore -srckeystore truststore.jks -srcstorepass secret \
+ -destkeystore truststore.p12 -deststoretype PKCS12 -deststorepass secret
+ @echo "#####done#####"
+
+#Convert truststore(.p12) to PEM format(.pem)
+convert_truststore_to_pem:
+ @echo "Convert certServiceServer-keystore(.p12) to PEM format(.pem)"
+ ${DOCKER_EXEC} openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:secret
+ @echo "#####done#####"
+
+#Export certificates from certServiceServer-keystore(.p12) to PEM format(.pem)
+server_export_certificate_to_pem:
+ @echo "Export certificates from certServiceClient-keystore(.p12) to PEM format(.pem)"
+ ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nokeys -out certServiceServer-cert.pem
+ @echo "#####done#####"
+
+#Export keys from certServiceServer-keystore(.p12) to PEM format(.pem)
+server_export_key_to_pem:
+ @echo "Export keys from certServiceClient-keystore(.p12) to PEM format(.pem)"
+ ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nocerts -out certServiceServer-key.pem
+ @echo "#####done#####"
+
+
#Clear unused certificates
clear_unused_files:
@echo "Clear unused certificates"
- ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
+ ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr truststore.p12
@echo "#####done#####"
diff --git a/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json
index 358f2a82c7..c6d76c1f57 100644
--- a/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json
+++ b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json
@@ -1,3 +1,3 @@
{
"cmpv2Servers": []
-} \ No newline at end of file
+}
diff --git a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
index 280922a014..2d47e6f57c 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
@@ -53,4 +53,17 @@ data:
{{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
root.crt:
{{ (.Files.Glob "resources/root.crt").AsSecrets }}
-{{ end -}} \ No newline at end of file
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.tls.provider.secret.name }}
+type: Opaque
+data:
+ certServiceServer-key.pem:
+ {{ (.Files.Glob "resources/certServiceServer-key.pem").AsSecrets }}
+ certServiceServer-cert.pem:
+ {{ (.Files.Glob "resources/certServiceServer-cert.pem").AsSecrets }}
+ truststore.pem:
+ {{ (.Files.Glob "resources/truststore.pem").AsSecrets }}
+{{ end -}}
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index ee51ec7a7d..bd415c06b1 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -34,11 +34,11 @@ service:
port_protocol: http
# Certificates generation configuration
-certificateGenerationImage: onap/integration-java11:7.1.0
+certificateGenerationImage: onap/integration-java11:7.2.0
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.1
pullPolicy: Always
replicaCount: 1
@@ -88,14 +88,19 @@ tls:
client:
secret:
defaultName: oom-cert-service-client-tls-secret
+ provider:
+ secret:
+ name: cmpv2-issuer-secret
envs:
keystore:
jksName: certServiceServer-keystore.jks
p12Name: certServiceServer-keystore.p12
+ pemName: certServiceServer-keystore.pem
truststore:
jksName: truststore.jks
crtName: root.crt
+ pemName: truststore.pem
httpsPort: 8443
# External secrets with credentials can be provided to override default credentials defined below,
diff --git a/kubernetes/platform/requirements.yaml b/kubernetes/platform/requirements.yaml
index a7ff4de4e1..7ddef473db 100644
--- a/kubernetes/platform/requirements.yaml
+++ b/kubernetes/platform/requirements.yaml
@@ -18,4 +18,7 @@
dependencies:
- name: oom-cert-service
version: ~7.x-0
- repository: 'file://components/oom-cert-service' \ No newline at end of file
+ repository: 'file://components/oom-cert-service'
+ - name: cmpv2-cert-provider
+ version: ~7.x-0
+ repository: 'file://components/cmpv2-cert-provider'
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index edac61b24e..7282f305c5 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -33,7 +33,7 @@ global:
cmpv2Enabled: true
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/