diff options
Diffstat (limited to 'kubernetes')
18 files changed, 271 insertions, 87 deletions
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties index 8bd4494a2b..7c82d1f90d 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties @@ -25,6 +25,6 @@ resources.trust-store-password=${TRUSTSTORE_PASSWORD} resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 resources.client-cert-password=${KEYSTORE_PASSWORD} {{ else }} -resources.port=8080 +resources.port=80 resources.authType=HTTP_NOAUTH {{ end }} diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index a724129018..31ea946d9b 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -147,18 +147,19 @@ spec: subPath: logback.xml ports: - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPlainPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: diff --git a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml index 457b3576a0..9e3ffd6f56 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml @@ -25,16 +25,13 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} + - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} + port: {{ .Values.service.externalPort }} + targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }} + {{- if eq .Values.service.type "NodePort" }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ ternary "s" "" (eq "true" (include "common.needTLS" .)) }} - {{- end }} + {{- end }} + type: {{ .Values.service.type }} selector: app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index ee3c5c41d9..29953b4b66 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -119,7 +119,9 @@ readiness: service: type: NodePort portName: http + externalPort: 8000 internalPort: 8000 + internalPlainPort: 9517 nodePort: 20 ingress: diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 4fc2e4b1c9..d8a944712a 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -14,13 +14,56 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} +{{/* + Create the hostname as concatination <baseaddr>.<baseurl> + - baseaddr: from component values: ingress.service.baseaddr + - baseurl: from values: global.ingress.virtualhost.baseurl + which van be overwritten in the component via: ingress.baseurlOverride +*/}} {{- define "ingress.config.host" -}} {{- $dot := default . .dot -}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} +{{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}} {{ printf "%s.%s" $baseaddr $burl }} {{- end -}} +{{/* + Helper function to add the tls route +*/}} +{{- define "ingress.config.tls" -}} +{{- $dot := default . .dot -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.ssl }} +{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} + tls: + httpsRedirect: true + - port: + number: 443 + name: https + protocol: HTTPS + tls: +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.tls }} + credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} + mode: SIMPLE + hosts: + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* + Helper function to add the route to the service +*/}} {{- define "ingress.config.port" -}} {{- $dot := default . .dot -}} {{ range .Values.ingress.service }} @@ -44,9 +87,11 @@ {{- end }} {{- end -}} +{{/* + Helper function to add the route to the service +*/}} {{- define "istio.config.route" -}} {{- $dot := default . .dot -}} -{{ range .Values.ingress.service }} http: - route: - destination: @@ -66,8 +111,10 @@ {{- end }} host: {{ .name }} {{- end -}} -{{- end -}} +{{/* + Helper function to add ssl annotations +*/}} {{- define "ingress.config.annotations.ssl" -}} {{- if .Values.ingress.config -}} {{- if .Values.ingress.config.ssl -}} @@ -85,6 +132,9 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end -}} +{{/* + Helper function to add annotations +*/}} {{- define "ingress.config.annotations" -}} {{- if .Values.ingress -}} {{- if .Values.ingress.annotations -}} @@ -94,6 +144,9 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{ include "ingress.config.annotations.ssl" . | indent 4 | trim }} {{- end -}} +{{/* + Helper function to check the existance of an override value +*/}} {{- define "common.ingress._overrideIfDefined" -}} {{- $currValue := .currVal }} {{- $parent := .parent }} @@ -109,20 +162,38 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end -}} {{- end -}} -{{- define "common.ingress" -}} +{{/* + Helper function to check, if Ingress is enabled +*/}} +{{- define "common.ingress._enabled" -}} {{- $dot := default . .dot -}} -{{- if .Values.ingress -}} - {{- $ingressEnabled := default false .Values.ingress.enabled -}} - {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }} - {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }} -{{- if $ingressEnabled }} -{{- if (include "common.onServiceMesh" .) }} -{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} - {{- $dot := default . .dot -}} +{{- if $dot.Values.ingress -}} +{{- if $dot.Values.global.ingress -}} +{{- if (default false $dot.Values.global.ingress.enabled) -}} +{{- if (default false $dot.Values.global.ingress.enable_all) -}} +true +{{- else -}} +{{- if $dot.Values.ingress.enabled -}} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* + Create Istio Ingress resources per defined service +*/}} +{{- define "common.istioIngress" -}} +{{- $dot := default . .dot -}} +{{ range $dot.Values.ingress.service }} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} +--- apiVersion: networking.istio.io/v1beta1 kind: Gateway metadata: - name: {{ include "common.fullname" . }}-gateway + name: {{ $baseaddr }}-gateway spec: selector: istio: ingressgateway # use Istio default gateway implementation @@ -132,80 +203,87 @@ spec: name: http protocol: HTTP hosts: - {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} -{{- if .Values.global.ingress.config }} -{{- if .Values.global.ingress.config.ssl }} -{{- if eq .Values.global.ingress.config.ssl "redirect" }} - tls: - httpsRedirect: true - - port: - number: 443 - name: https - protocol: HTTPS - tls: -{{- if .Values.global.ingress.config }} -{{- if .Values.global.ingress.config.tls }} - credentialName: {{ default "ingress-tls-secret" .Values.global.ingress.config.tls.secret }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} - mode: SIMPLE - hosts: - {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} + {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }} --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: - name: {{ include "common.fullname" . }}-service + name: {{ $baseaddr }}-service spec: hosts: - {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} gateways: - - {{ include "common.fullname" . }}-gateway + - {{ $baseaddr }}-gateway {{ include "istio.config.route" . | trim }} +{{- end -}} {{- end -}} -{{- else -}} + +{{/* + Create default Ingress resource +*/}} +{{- define "common.nginxIngress" -}} +{{- $dot := default . .dot -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ include "common.fullname" . }}-ingress + name: {{ include "common.fullname" $dot }}-ingress annotations: - {{ include "ingress.config.annotations" . }} + {{ include "ingress.config.annotations" $dot }} labels: - app: {{ .Chart.Name }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + app: {{ $dot.Chart.Name }} + chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }} + release: {{ include "common.release" $dot }} + heritage: {{ $dot.Release.Service }} spec: rules: - {{ include "ingress.config.port" . | trim }} -{{- if .Values.ingress.tls }} + {{ include "ingress.config.port" $dot | trim }} +{{- if $dot.Values.ingress.tls }} tls: -{{ toYaml .Values.ingress.tls | indent 4 }} +{{ toYaml $dot.Values.ingress.tls | indent 4 }} {{- end -}} -{{- if .Values.ingress.config -}} -{{- if .Values.ingress.config.tls -}} +{{- if $dot.Values.ingress.config -}} +{{- if $dot.Values.ingress.config.tls -}} tls: - hosts: - {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} - secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }} -{{- end -}} -{{- end -}} -{{- end -}} + {{- end }} + secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }} +{{- end -}} {{- end -}} {{- end -}} + +{{/* + Create ingress template + Will create ingress template depending on the following values: + - .Values.global.ingress.enabled : enables Ingress globally + - .Values.global.ingress.enable_all : override default Ingress for all charts + - .Values.ingress.enabled : sets Ingress per chart basis + + | global.ingress.enabled | global.ingress.enable_all |ingress.enabled | result | + |------------------------|---------------------------|----------------|------------| + | false | any | any | no ingress | + | true | false | false | no ingress | + | true | true | any | ingress | + | true | false | true | ingress | + + If ServiceMesh (Istio) is enabled the respective resources are created: + - Gateway + - VirtualService + + If ServiceMesh is disabled the standard Ingress resource is creates: + - Ingress +*/}} +{{- define "common.ingress" -}} +{{- $dot := default . .dot -}} +{{- if (include "common.ingress._enabled" (dict "dot" $dot)) }} +{{- if (include "common.onServiceMesh" .) }} +{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }} +{{ include "common.istioIngress" (dict "dot" $dot) }} +{{- end -}} +{{- else -}} +{{ include "common.nginxIngress" (dict "dot" $dot) }} +{{- end -}} +{{- end -}} {{- end -}} diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 379992eae8..7b88af02aa 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -242,7 +242,7 @@ spec: {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} {{- if and (include "common.onServiceMesh" $dot) (eq $serviceType "NodePort") }} -{{- $serviceType = "ClusterIP" }} +{{- $serviceType = "ClusterIP" }} {{- end }} {{- if (and (include "common.needTLS" $dot) $both_tls_and_plain) }} diff --git a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json index cf818798d4..4a08322634 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json +++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json @@ -27,15 +27,11 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", - "messageBusAddress": [ - "message-router.{{ include "common.namespace" . }}" - ], + "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", "user": "multicloud", "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", "pollingInterval":20, "pollingTimeout":30, - "consumerId": "multicloud-k8s-id", "artifactTypes": [ "TOSCA_CSAR", "HEAT", @@ -48,13 +44,13 @@ "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT", "HELM" ], - "consumerGroup": "multicloud-k8s-group", + "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}", + "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}", "environmentName": "AUTO", "keystorePath": "null", "keystorePassword": "null", "activeserverTlsAuth": false, "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": false, "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, "httpsproxyHost": "null", "httpproxyHost": "null", diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml index c9912ffd17..45494e1730 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml @@ -86,6 +86,13 @@ spec: subPath: config.json - mountPath: /data name: artifact-data + env: + - name: SECURITY_PROTOCOL + value: {{ .Values.config.kafka.securityProtocol }} + - name: SASL_MECHANISM + value: {{ .Values.config.kafka.saslMechanism }} + - name: SASL_JAAS_CONFIG + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "multicloud-k8s-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml new file mode 100644 index 0000000000..7600facb08 --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml @@ -0,0 +1,36 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: {{ .Values.config.kafka.saslMechanism | lower }} + authorization: + type: {{ .Values.config.kafka.authType }} + acls: + - resource: + type: group + name: {{ .Values.config.kafka.sdcTopic.consumerGroup }} + operation: All + - resource: + type: topic + patternType: prefix + name: {{ .Values.config.kafka.sdcTopic.pattern }} + operation: All diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml new file mode 100644 index 0000000000..bb5091f01a --- /dev/null +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index 36cb701a9b..cae151ae58 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -18,7 +18,20 @@ global: nodePortPrefixExt: 304 persistence: {} - artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 + multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: multicloud-k8s-sdc-kafka-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate ################################################################# # Application configuration defaults. @@ -27,6 +40,17 @@ global: image: onap/multicloud/k8s:0.10.1 pullPolicy: Always +config: + someConfig: blah + kafka: + securityProtocol: SASL_PLAINTEXT + saslMechanism: SCRAM-SHA-512 + authType: simple + sdcTopic: + pattern: SDC-DIST + consumerGroup: multicloud + clientId: multicloud-k8s + # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml index 1232c3b79a..1fe7775aed 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml @@ -17,7 +17,7 @@ ################################################################# global: nodePortPrefixExt: 304 - artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 ################################################################# # Application configuration defaults. diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml index 33802937cd..a328daedc6 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 persistence: {} ################################################################# diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index 9ea62aa98f..21e6a61cf5 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -18,11 +18,12 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.9.0 prometheus: enabled: false persistence: {} centralizedLoggingEnabled: true + multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user ################################################################# # Application configuration defaults. @@ -39,6 +40,8 @@ multicloud-fcaps: logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' multicloud-k8s: enabled: true + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}' multicloud-pike: enabled: true logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud' diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml index 9b85bd9dff..c78ac8abd2 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml @@ -19,6 +19,8 @@ global: ingress: enabled: true + # enable all component's Ingress interfaces + enable_all: true # All http requests via ingress will be redirected config: ssl: "redirect" diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index 37d6844436..9a090c1a41 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -19,6 +19,7 @@ global: ingress: enabled: true + enable_all: true addTestingComponents: &testing true centralizedLoggingEnabled: ¢ralizedLogging false cassandra: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 48f14895a1..bdbf5ab323 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -146,9 +146,26 @@ global: # Global ingress configuration ingress: + # generally enable ingress for ONAP components enabled: false + # enable all component's Ingress interfaces + enable_all: false + # default Ingress base URL + # can be overwritten in component vy setting ingress.baseurlOverride virtualhost: baseurl: "simpledemo.onap.org" + # All http requests via ingress will be redirected on Ingress controller + # only valid for Istio Gateway (ServiceMesh enabled) + config: + ssl: "redirect" + # you can set an own Secret containing a certificate + # only valid for Istio Gateway (ServiceMesh enabled) + # tls: + # secret: 'my-ingress-cert' + + # optional: Namespace of the Istio IngressGateway + # only valid for Istio Gateway (ServiceMesh enabled) + namespace: istio-ingress # Global Service Mesh configuration # POC Mode, don't use it in production diff --git a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml index 348609b8da..dc9a4f2dad 100644 --- a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml @@ -9,6 +9,9 @@ server: keyStorePassword: ${KEYSTORE_PASSWORD} trustStore: ${TRUSTSTORE} trustStorePassword: ${TRUSTSTORE_PASSWORD} + {{- else }} + ssl: + enabled: false {{- end }} tomcat: max-threads: 50 |