diff options
Diffstat (limited to 'kubernetes')
48 files changed, 644 insertions, 97 deletions
diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 1b28e45136d5096ef4c07f4142c76b45224b3cf +Subproject e67a94e6be333271c8237d6ebd5fb0f48940135 diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index 9b0c3469d6..1b383fb9f9 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -38,7 +38,7 @@ config: baseUrl: http://cds-controller-blueprints:8080/api/v1 authToken: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== processor: - baseUrl: http://cds-blueprints-processor:8080/api/v1 + baseUrl: http://cds-blueprints-processor-http:8080/api/v1 authToken: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== # default number of instances diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml index 0dc99193eb..6c5bb9a3bd 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml @@ -90,7 +90,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.15 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.16 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json index 74abbb0664..1db11ad476 100644 --- a/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-policy-handler/resources/config/config.json @@ -11,15 +11,15 @@ "interval": 600 }, "policy_engine": { - "url": "https://{{ .Values.config.address.policy_pdp }}.{{include "common.namespace" . }}:8081", - "path_decision": "/decision/v1", + "url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969", + "path_decision": "/policy/pdpx/v1/decision" "path_notifications": "/pdp/notifications", "path_api": "/pdp/api/", "headers": { "Accept": "application/json", "Content-Type": "application/json", "ClientAuth": "cHl0aG9uOnRlc3Q=", - "Authorization": "Basic dGVzdHBkcDphbHBoYTEyMw==", + "Authorization": "Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0", "Environment": "TEST" }, "target_entity": "policy_engine", diff --git a/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml index fa52f6f784..3b15c55118 100644 --- a/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-policy-handler/values.yaml @@ -40,6 +40,7 @@ config: consul: host: consul-server port: 8500 + policy_xacml_pdp: policy-xacml-pdp ################################################################# # Application configuration defaults. diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 5406ade930..6b974141d0 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -30,7 +30,7 @@ pullPolicy: Always # application images repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-bc:1.1.4-STAGING-latest +image: onap/dmaap/dmaap-bc:1.1.5 # application configuration diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index 1c18bb2673..aa5165d443 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -22,7 +22,7 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - clientImage: onap/dmaap/dbc-client:1.0.8-STAGING-latest + clientImage: onap/dmaap/dbc-client:1.0.9 # application configuration config: logstashServiceName: log-ls diff --git a/kubernetes/esr/charts/esr-gui/values.yaml b/kubernetes/esr/charts/esr-gui/values.yaml index 3db8bcba22..952dd0ab48 100644 --- a/kubernetes/esr/charts/esr-gui/values.yaml +++ b/kubernetes/esr/charts/esr-gui/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aai/esr-gui:1.4.0-STAGING-latest +image: onap/aai/esr-gui:1.4.0 pullPolicy: Always msbaddr: msb-iag.{{ include "common.namespace" . }}:80 diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/charts/esr-server/values.yaml index d6ac88f131..98203fc12f 100644 --- a/kubernetes/esr/charts/esr-server/values.yaml +++ b/kubernetes/esr/charts/esr-server/values.yaml @@ -27,7 +27,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/aai/esr-server:1.4.0-STAGING-latest +image: onap/aai/esr-server:1.4.0 pullPolicy: Always msbaddr: msb-iag.{{ include "common.namespace" . }}:80 diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties index 9a6b91c602..871341d1fa 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/cadi.properties @@ -17,5 +17,5 @@ # #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=src/main/resources/aaf/org.onap.oof.props +cadi_prop_files=/share/etc/certs/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties index 83ed89a844..6b72dd4360 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/resources/config/optimizer.properties @@ -41,8 +41,8 @@ logging.level.org.hibernate=WARN #------------------------------------------------------------------------------- -cmso.topology.create.request.url=http://${TOPOLOGY_HOST}:${TOPOLOGY_PORT}/topology/v1/current -cmso.ticket.create.request.url=http://${TICKETMGT_HOST}:${TICKETMGT_PORT}/ticketmgt/v1/activetickets +cmso.topology.create.request.url=https://oof-cmso-topology:7998/topology/v1/current +cmso.ticket.create.request.url=https://oof-cmso-ticketmgt:7999/ticketmgt/v1/activetickets cmso.local.policy.folder=data/policies cmso.minizinc.command.exe=/mz-dist/bin/minizinc @@ -51,4 +51,8 @@ cmso.minizinc.command.timelimit=60000 cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn mechid.user=oof@oof.onap.org -mechid.pass=changeit +mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== + +cadi_loglevel=DEBUG +cadi_prop_files=/share/etc/certs/org.onap.oof.props +aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml index 4e418bf756..e28dfca453 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-optimizer/templates/deployment.yaml @@ -66,21 +66,13 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-config mountPath: /share/etc/config - - name: {{ include "common.fullname" . }}-logs + - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - - name: TOPOLOGY_HOST - value: {{ .Values.config.topology_host }}.{{.Release.Namespace}} - - name: TOPOLOGY_PORT - value: {{ .Values.config.topology_port | quote}} - - name: TICKETMGT_HOST - value: {{ .Values.config.ticketmgt_host }}.{{.Release.Namespace}} - - name: TICKETMGT_PORT - value: {{ .Values.config.ticketmgt_port | quote}} - name: DB_HOST value: {{ .Values.config.db_host }}.{{.Release.Namespace}} - name: DB_PORT @@ -94,6 +86,16 @@ spec: secretKeyRef: name: {{ .Release.Name}}-cmso-db key: db-root-password + - name: JAVA_TRUSTSTORE + value: /share/etc/certs/{{ .Values.global.truststoreFile }} + - name: SSL_KEYSTORE + value: /share/etc/certs/{{ .Values.global.keystoreFile }} + - name: JAVA_TRUSTSTORE_PASSWORD + value: {{ .Values.global.truststorePassword }} + - name: SSL_KEYSTORE_PASSWORD + value: {{ .Values.global.keystorePassword }} + - name: AUTHENTICATION + value: {{ .Values.global.authentication }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -116,7 +118,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /share/debug-logs - name: {{ include "common.fullname" . }}-config - mountPath: /share/etc/config + mountPath: /share/etc/config + - name: {{ include "common.fullname" . }}-certs + mountPath: /share/etc/certs + - name: {{ include "common.fullname" . }}-certs + mountPath: /opt/app/cmso/src/main/resources/aaf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -142,5 +148,8 @@ spec: path: liquibase.properties - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-certs + secret: + secretName: {{ .Release.Name }}-{{ .Values.global.commonConfigPrefix }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties index 9a6b91c602..871341d1fa 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cadi.properties @@ -17,5 +17,5 @@ # #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=src/main/resources/aaf/org.onap.oof.props +cadi_prop_files=/share/etc/certs/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties index ce94f573f6..c6c93eda9c 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/cmso.properties @@ -2,27 +2,27 @@ #------------------------------------------------------------------------------- # Copyright (c) 2017-2018 AT&T Intellectual Property. # Modifications Copyright (c) 2018 IBM. -# +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# +# +# # Unless otherwise specified, all documentation contained herein is licensed # under the Creative Commons License, Attribution 4.0 Intl. (the ???License???); # you may not use this documentation except in compliance with the License. # You may obtain a copy of the License at -# +# # https://creativecommons.org/licenses/by/4.0/ -# +# # Unless required by applicable law or agreed to in writing, documentation # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -74,7 +74,7 @@ cmso.cm.polling.job.interval.ms=10000 # How many management cmso polling intervals to look ahead to dispatch # (To account for possible latency of the polling job) cmso.cm.polling.job.lookahead.intervals=5 -# Lead time before event time to enable dispatcher to +# Lead time before event time to enable dispatcher to # test that it is safe to dispatch (i.e. meeting reminder lead time) cmso.cm.dispatcher.lead.time.ms=5000 # Lead time to prepare and call VID to dispatch work to MSO @@ -93,11 +93,15 @@ so.polling.interval.ms=10000 #mso.pass=enc:bfodXf8qRfCqMvlxVBYNWQ== ## loopback settings -so.url=http://localhost:8080/cmso/v1/loopbacktest/onap/so/infra/orchestrationRequests/v7 +so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7 so.user=oof@oof.onap.org -so.pass=changeit +so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== mechid.user=oof@oof.onap.org -mechid.pass=changeit +mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== cmso.dispatch.url=http://localhost:8089 + +cadi_loglevel=DEBUG +cadi_prop_files=/share/etc/certs/org.onap.oof.props +aaf.user.roles=/share/etc/certs/AAFUserRoles.properties diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/mock.py b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/mock.py new file mode 100644 index 0000000000..b678a4e8d4 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/mock.py @@ -0,0 +1,83 @@ + # ------------------------------------------------------------------------- + # Copyright (c) 2019 AT&T Intellectual Property + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # ------------------------------------------------------------------------- + # + +from flask import Flask +from flask import request +from flask import Response +from flask import json +from flask import send_from_directory +import requests +from threading import Thread +import time + +import os +import fnmatch +import re +import time +import datetime + +app = Flask(__name__) +ROOT_MOCK_DIR = os.path.dirname(os.path.abspath(__file__)) +DATA_DIR = os.path.join(ROOT_MOCK_DIR, "data") +global requestNum +requestNum = 1 + +######################################################################## +######################################################################## +@app.route('/onap/so/infra/orchestrationRequests/v7/schedule/<VNFNAME>', methods=['GET', 'POST']) +def soSchedule(VNFNAME): + if request.method == 'POST': + testid = request.headers.environ["HTTP_X_TRANSACTIONID"] + response = { + "status" : "202", + "entity" : { + "requestReferences" : { + "requestId" : "000001" + } + } + } + resp = Response(json.dumps(response), 200, mimetype='application/json') + return resp + + + else : + return "Helloooooo!!!!" + +######################################################################## +######################################################################## +@app.route('/onap/so/infra/orchestrationRequests/v7/<REQUESTID>', methods=['GET']) +def soStatus(REQUESTID): + response = {"request" : { "requestStatus" : { + "requestState" : "COMPLETE", + "statusMessage" : "Done.", + "percentProgress" : 100, + "finishTime" : "" + }}} + now = datetime.datetime.utcnow() + #response["finishTime"] = now.strftime("%Y-%m-%dT%H:%M:%SZ") + response["request"]["requestStatus"]["finishTime"] = now.strftime("%a, %d %b %Y %H:%M:%S GMT") + resp = Response(json.dumps(response), 200, mimetype='application/json') + + return resp + +######################################################################## +######################################################################## +if __name__ == "__main__": + app.run(host= '0.0.0.0',port=5000) + #app.run() + diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/msosimulator.sh b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/msosimulator.sh new file mode 100644 index 0000000000..c87a26bb7a --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/msosimulator.sh @@ -0,0 +1,4 @@ +#!/bin/sh +pip install flask +pip install requests +python /share/etc/config/mock.py diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties index 498a1e5870..1e4a8417c4 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/optimizer.properties @@ -29,6 +29,6 @@ # limitations under the License. #------------------------------------------------------------------------------- -cmso.optimizer.request.url=$http://${OPTIMIZER_HOST}:${OPTIMIZER_PORT}/optimizer/v1/optimize/schedule -cmso.optimizer.status.url=http://${OPTIMIZER_HOST}:${OPTIMIZER_PORT}/optimizer/v1/optimize/schedule -cmso.optimizer.health.url=http://${OPTIMIZER_HOST}:${OPTIMIZER_PORT}/optimizer/v1/health?checkInterfaces=true
\ No newline at end of file +cmso.optimizer.request.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule +cmso.optimizer.status.url=https://oof-cmso-optimizer:7997/optimizer/v1/optimize/schedule +cmso.optimizer.health.url=https://oof-cmso-optimizer:7997/optimizer/v1/health?checkInterfaces=true
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties index bfdaec6b8d..bdf483d289 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/resources/config/ticketmgt.properties @@ -30,9 +30,9 @@ #------------------------------------------------------------------------------- tm.vnfs.per.ticket=1 -tm.getPath=http://localhost:8080/cmso/v1/tm/getChangeRecord -tm.createPath=http://localhost:8080/cmso/v1/tm/createChangeRecord -tm.closePath=http://localhost:8080/cmso/v1/tm/closeCancelChangeRecord -tm.updatePath=http://localhost:8080/cmso/v1/tm/updateChangeRecord +tm.getPath=http://localhost:8089/cmso/v1/tm/getChangeRecord +tm.createPath=http://localhost:8089/cmso/v1/tm/createChangeRecord +tm.closePath=http://localhost:8089/cmso/v1/tm/closeCancelChangeRecord +tm.updatePath=http://localhost:8089/cmso/v1/tm/updateChangeRecord tm.approvalStatus=Approved|Scheduled,Approved|Assigned tm.template.folder=data/templates/tm diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml index 350708f078..b26f6dd6c0 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/templates/deployment.yaml @@ -66,9 +66,38 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-config mountPath: /share/etc/config - - name: {{ include "common.fullname" . }}-logs + - name: {{ include "common.fullname" . }}-logs mountPath: /share/logs containers: + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-filebeat + resources: +{{ include "common.resources" . }} + - name: mso-simulator + image: "{{ .Values.global.pythonRepository }}/{{ .Values.global.pythonImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-config + mountPath: /share/etc/config + command: + - /bin/sh + args: + - -x + - /share/etc/config/msosimulator.sh + ports: + - containerPort: 5000 + resources: +{{ include "common.resources" . }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -86,10 +115,16 @@ spec: secretKeyRef: name: {{ .Release.Name}}-cmso-db key: user-password - - name: OPTIMIZER_HOST - value: {{ .Values.config.optimizer_host }}.{{.Release.Namespace}} - - name: OPTIMIZER_PORT - value: {{ .Values.config.optimizer_port | quote}} + - name: JAVA_TRUSTSTORE + value: /share/etc/certs/{{ .Values.global.truststoreFile }} + - name: SSL_KEYSTORE + value: /share/etc/certs/{{ .Values.global.keystoreFile }} + - name: JAVA_TRUSTSTORE_PASSWORD + value: {{ .Values.global.truststorePassword }} + - name: SSL_KEYSTORE_PASSWORD + value: {{ .Values.global.keystorePassword }} + - name: AUTHENTICATION + value: {{ .Values.global.authentication }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -112,7 +147,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /share/debug-logs - name: {{ include "common.fullname" . }}-config - mountPath: /share/etc/config + mountPath: /share/etc/config + - name: {{ include "common.fullname" . }}-certs + mountPath: /share/etc/certs + - name: {{ include "common.fullname" . }}-certs + mountPath: /opt/app/cmso/src/main/resources/aaf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -140,7 +179,19 @@ spec: path: ticketmgt.properties - key: liquibase.properties path: liquibase.properties + - key: mock.py + path: mock.py + - key: msosimulator.sh + path: msosimulator.sh - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: filebeat-conf + configMap: + name: {{ .Release.Name }}-cmso-filebeat-configmap + - name: {{ include "common.fullname" . }}-certs + secret: + secretName: {{ .Release.Name }}-{{ .Values.global.commonConfigPrefix }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml index 6df3049b1b..f4d3ffb8ff 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml @@ -19,6 +19,8 @@ global: # global defaults nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 + pythonRepository: library + pythonImage: python:3.6-alpine subChartsOnly: enabled: true diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties index 9a6b91c602..871341d1fa 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/cadi.properties @@ -17,5 +17,5 @@ # #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=src/main/resources/aaf/org.onap.oof.props +cadi_prop_files=/share/etc/certs/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties index 5ca252f9bc..d687ab376d 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/resources/config/ticketmgt.properties @@ -28,3 +28,6 @@ # See the License for the specific language governing permissions and # limitations under the License. #------------------------------------------------------------------------------- +cadi_loglevel=DEBUG +cadi_prop_files=/share/etc/certs/org.onap.oof.props +aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml index e01034e8d2..38a8c929d5 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/templates/deployment.yaml @@ -34,6 +34,17 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: JAVA_TRUSTSTORE + value: /share/etc/certs/{{ .Values.global.truststoreFile }} + - name: SSL_KEYSTORE + value: /share/etc/certs/{{ .Values.global.keystoreFile }} + - name: JAVA_TRUSTSTORE_PASSWORD + value: {{ .Values.global.truststorePassword }} + - name: SSL_KEYSTORE_PASSWORD + value: {{ .Values.global.keystorePassword }} + - name: AUTHENTICATION + value: proprietary-auth ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -56,7 +67,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /share/debug-logs - name: {{ include "common.fullname" . }}-config - mountPath: /share/etc/config + mountPath: /share/etc/config + - name: {{ include "common.fullname" . }}-certs + mountPath: /share/etc/certs + - name: {{ include "common.fullname" . }}-certs + mountPath: /opt/app/cmso/src/main/resources/aaf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -80,5 +95,8 @@ spec: path: cadi.properties - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-certs + secret: + secretName: {{ .Release.Name }}-{{ .Values.global.commonConfigPrefix }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml index f19b8e2b1b..7c687f521b 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-ticketmgt/values.yaml @@ -19,7 +19,8 @@ global: # global defaults nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 - + authentication: proprietary-auth + subChartsOnly: enabled: true diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties index 9a6b91c602..871341d1fa 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/cadi.properties @@ -17,5 +17,5 @@ # #------------------------------------------------------------------------------- cadi_loglevel=DEBUG -cadi_prop_files=src/main/resources/aaf/org.onap.oof.props +cadi_prop_files=/share/etc/certs/org.onap.oof.props diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties index 5ca252f9bc..d687ab376d 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/resources/config/topology.properties @@ -28,3 +28,6 @@ # See the License for the specific language governing permissions and # limitations under the License. #------------------------------------------------------------------------------- +cadi_loglevel=DEBUG +cadi_prop_files=/share/etc/certs/org.onap.oof.props +aaf.user.roles=/share/etc/certs/AAFUserRoles.properties
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml index 02f398301f..2b36b296cd 100644 --- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-topology/templates/deployment.yaml @@ -34,6 +34,17 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: JAVA_TRUSTSTORE + value: /share/etc/certs/{{ .Values.global.truststoreFile }} + - name: SSL_KEYSTORE + value: /share/etc/certs/{{ .Values.global.keystoreFile }} + - name: JAVA_TRUSTSTORE_PASSWORD + value: {{ .Values.global.truststorePassword }} + - name: SSL_KEYSTORE_PASSWORD + value: {{ .Values.global.keystorePassword }} + - name: AUTHENTICATION + value: {{ .Values.global.authentication }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -56,7 +67,11 @@ spec: - name: {{ include "common.fullname" . }}-logs mountPath: /share/debug-logs - name: {{ include "common.fullname" . }}-config - mountPath: /share/etc/config + mountPath: /share/etc/config + - name: {{ include "common.fullname" . }}-certs + mountPath: /share/etc/certs + - name: {{ include "common.fullname" . }}-certs + mountPath: /opt/app/cmso/src/main/resources/aaf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -80,5 +95,8 @@ spec: path: topology.properties - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-certs + secret: + secretName: {{ .Release.Name }}-{{ .Values.global.commonConfigPrefix }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties b/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties new file mode 100644 index 0000000000..e7fc221a20 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/AAFUserRoles.properties @@ -0,0 +1 @@ +/**=org.onap.oof.access|*|get ALL
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props new file mode 100644 index 0000000000..b56c500ffd --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.cred.props @@ -0,0 +1,22 @@ + # ------------------------------------------------------------------------- + # Copyright (c) 2019 AT&T Intellectual Property + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # ------------------------------------------------------------------------- + # + +aaf_id=oof@oof.onap.org +aaf_password=demo123456! +cadi_keyfile=/share/etc/certs/org.onap.oof.keyfile +cadi_truststore=/share/etc/certs//truststoreONAPall.jks diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks Binary files differnew file mode 100644 index 0000000000..535abaa92b --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.jks diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile new file mode 100644 index 0000000000..f85a567981 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.keyfile @@ -0,0 +1,27 @@ +liD-IR8Y1MHqPDTUqq3AaTtqnWn5jCpfIRBlyi6xY4A0fbQz8ZPlTZPHkshRt0dHdST3R7TIvTyQ +JpTCeBNBu2df3vBbUzsN0rIpPG9TGjzmE7cRu4V4kfefSqsIj-S7OTAaWaWpwGWJYLLCB2sQALkS +f68VWdupUEw3g9jqCU1QzjKOnLGvhlp6Qrc1xG4Z5Ar8WERw-C3DqTWUKANoEvjWkvH2rAywzj93 +pmspvd5fQfH1rp1ACNvnPrRb_oYNfwPrNpE7Sb4LvM1muoiKMDF64IDO0TkxhjHZ9wpJgVsnowby +qmokqf39dMRRk3S1IEpOiBGyLS_885JDj_XJKYRQsjvkTzjpFJ7wE2-HDZEVWCITvtS9-Xorm5TI +3iU4rjMDew5fkBnjoKuSOS7Lksva4ouZOCiUkDos1jAJ5XMDEQm4BcPHtcW6PpC602-qRcgnNjjP +wOPdF7hCm27ZTai3lAtNGByR7oBr9r5Uma-soORFvg8drV8Rgh0lax-poFVhoEH7RhKPIzYpSco9 +jnpURzi_epTjAhjjup-erTv2GAIllKsSEHZLbfsFWlNUZTOx58PSB0jBN5m_8HxTyNm0zsm0Cb7U +KsjPduQ5ZblsfRIJwqpOBXoof7WerKReMZSOdgjZUNueiuEImVH9_SYOdKZhkluSi4yfEtme7CCP +kZ2JhdiT5km3SeonalhU2MUsx60krxyQ1mnjI4jS9QagUME4mujdvM_L7mtjcPZVSfXUn49whakE +J-NQV6q2iZgN2IxsT_uCnlZYwnE5i-IbQkQAEu13m6ETsMmf0cwPnKaSwRhb8G48EkJhTL-GP9Z0 +-EsIKT7lQt7kfX-mmNoEirTg9gQAaN3uxLmdHvXpeJdlETnnaLYYJJ3h-SL0e_5Yz2SpdsEwZ3Bk +PtR-QvlYKDhG1nhPOna65ctCzn81PZOUP3lsO6MSTOK6D6Taxfh1TYEBAvzCP0BfFBodw4lSglFP +I5IfdiJmomTGARa36nC_O5YzH_jBWLQrgd2gxI5H5bB-5zqzu79SGX9o2_LRVY_LVV0BmI3xSYOI +vziYYC1XyTY6blfdiOM5a5KjraErxSTEFZVFrsx4OQ_dLA0woVtixawrIy1rgfQr49U1oIRe8BgN +j3eis_UQAbPbmdbEe1qtXnvi6T7trHskzt6K-vTgo5ITJkr-F2Sds_QgNdaFBGuES6X5RwRGlbHT +Tl_M8Ja_1K-RMNKJRssoRTKstpwnrhk9IcoSwYcLykbDLgeC0mhSMHOOuWv1RGRaZdzObc5YA1eB +idQmzy5xAHzNxPHHrB-fpjFJRYv_QZY9qZcGvP58d6bHO0upxbj-BBt9zfc7Qt0JLU6EAdYbW5TI +2v4JImikrx6KvtoK8vcjJMTDAanTVB31J65tat0rq9wYKxUdjBJLzkT3psYs_DRtYQc0i02YTD7t +dWya0-3p1Yrt0em3XGb8JAh2PA3BsQKmvKAOc054wf_B8n8saxSFw1WQL30vU5c4-Z_p53HfaUYd +Qg7DZskzgwBRy48sLJNCrn81RtxXfQP1XtPEZs-AAlTUslHoUdoQ1cwrYEgkNT1cjk6sLI_oKSK- +dDICBnlYLrZRBS3sH8K38WaIh1WRY6vbGVDs1tUectUpng_-Khavd0Crw7D_CE6T7Rnfcn0pnTV- +HW1PIXejFsONQn-2c3a9HZ-v6Hg4JL6UWm-qgBPC5118ymO0LfmrviAFAC6Wt3WFiNzrvx9Jggus +lE0qvLVfkQVZXAy-hSPHlYZmtxk5voVsf60qPoDN2-NdpWz62M9PrXd_A03YGxzt0G6J4VXExRES +xqLeGNGB496AfX_vEub97sR8xcbbUXsyt12uVnygifGyND60coikaKrMktv2OLOLEl8AudLp0ZNA +oOoYJZqfUnQqaLt0dNmNa5OtzYjf7f6bYX0V8XLTHlFqZ6QzqYGFMPNhDYjqtet6d--Q8t7_5S5C +RfXP8Wh8CjbEh2_rsr9rvy1nhM_Cptxc0BFXcS5Dt_R4vjd2G4B_LEC4Hy1s_rZThzUVxRCl
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props new file mode 100644 index 0000000000..7e154c4665 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.location.props @@ -0,0 +1,20 @@ + # ------------------------------------------------------------------------- + # Copyright (c) 2019 AT&T Intellectual Property + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # ------------------------------------------------------------------------- + # + +cadi_latitude=0.00 +cadi_longitude=0.00 diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props new file mode 100644 index 0000000000..c96e7f7b04 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/org.onap.oof.props @@ -0,0 +1,26 @@ + # ------------------------------------------------------------------------- + # Copyright (c) 2019 AT&T Intellectual Property + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # + # ------------------------------------------------------------------------- + # + +aaf_id=oof@oof.onap.org +aaf_locate_url=https://aaf-locate:8095 +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 +cadi_etc_dir=/share/etc/certs/ +cadi_latitude=0.00 +cadi_longitude=0.00 +cadi_prop_files=/share/etc/certs/org.onap.oof.location.props:/share/etc/certs/org.onap.oof.cred.props +cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 diff --git a/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks b/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks Binary files differnew file mode 100644 index 0000000000..ff844b109d --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/certs/truststoreONAPall.jks diff --git a/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml b/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..50586783e9 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/resources/log/filebeat/filebeat.yml @@ -0,0 +1,55 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.log.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.log.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml b/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml new file mode 100644 index 0000000000..f906fac23e --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/templates/configmap.yaml @@ -0,0 +1,27 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-cmso-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/log/filebeat/*").AsConfig . | indent 2 }} diff --git a/kubernetes/oof/charts/oof-cmso/templates/secret.yaml b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml new file mode 100644 index 0000000000..a742914c49 --- /dev/null +++ b/kubernetes/oof/charts/oof-cmso/templates/secret.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/oof/charts/oof-cmso/values.yaml b/kubernetes/oof/charts/oof-cmso/values.yaml index 3c5edb3754..c4985df5a1 100644 --- a/kubernetes/oof/charts/oof-cmso/values.yaml +++ b/kubernetes/oof/charts/oof-cmso/values.yaml @@ -32,4 +32,19 @@ mariadb-galera: mysqlDatabase: cmso externalConfig: | [mysqld] - lower_case_table_names = 1
\ No newline at end of file + lower_case_table_names = 1 + +global: + commonConfigPrefix: "oof-cmso" + truststoreFile: "truststoreONAPall.jks" + keystoreFile: "org.onap.oof.jks" + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + keystorePassword: N{$tSp*U)RQzjqE;)%4z;Pv[ + truststorePassword: + authentication: aaf-auth + +config: + log: + logstashServiceName: log-ls + logstashPort: 5044
\ No newline at end of file diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties new file mode 100644 index 0000000000..f4b4f93756 --- /dev/null +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties @@ -0,0 +1,53 @@ +# +# Properties that the embedded PDP engine uses to configure and load +# +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +# +# ONAP PDP Implementation Factories +# +xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory + +# +# Use a root combining algorithm +# +xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides + +# +# PIP Engine Definitions +# +count-recent-operations.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip +count-recent-operations.issuer=urn:org:onap:xacml:guard:count-recent-operations +count-recent-operations.name=CountRecentOperations +count-recent-operations.description=Returns operation counts based on time window +count-recent-operations.persistenceunit=OperationsHistoryPU + +get-operation-outcome.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.GetOperationOutcomePip +get-operation-outcome.issuer=urn:org:onap:xacml:guard:get-operation-outcome +get-operation-outcome.name=GetOperationOutcome +get-operation-outcome.description=Returns operation outcome +get-operation-outcome.persistenceunit=OperationsHistoryPU + +# +# Make pips available to finder +# +xacml.pip.engines=count-recent-operations,get-operation-outcome + +# +# JPA Properties +# +javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver +javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.nameOverride }}:3306/operationshistory +javax.persistence.jdbc.user=policy_user +javax.persistence.jdbc.password=cG9saWN5X3VzZXI=
\ No newline at end of file diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh index a59e3b6a33..5d42f048cd 100755 --- a/kubernetes/robot/ete-k8s.sh +++ b/kubernetes/robot/ete-k8s.sh @@ -15,44 +15,43 @@ #!/bin/bash # -# Run the testsuite for the passed tag. Valid tags are ete, health, closedloop, instantiate +# Run the testsuite for the passed tag. Valid tags are listed in usage help # Please clean up logs when you are done... -# Note: Do not run multiple concurrent ete.sh as the --display is not parameterized and tests will collide # if [ "$1" == "" ] || [ "$2" == "" ]; then - echo "Usage: ete-k8s.sh [namespace] [ health | healthdist | distribute | instantiate | instantiateVFWCL | instantiateDemoVFWCL | | portal ]" + echo "Usage: ete-k8s.sh [namespace] [tag]" + echo "" + echo " List of test case tags (filename for intent: tag)" + echo "" + echo " cds.robot: cds" + echo "" + echo " clamp.robot: clamp" + echo "" + echo " demo.robot: InitDemo, InitCustomer, APPCCDTPreloadDemo, APPCMountPointDemo, DistributeDemoVFWDT, DistributeVFWNG," + echo " InitDistribution, PreloadDemo, deleteVNF, heatbridge, instantiateDemoVFWCL, instantiateVFW, instantiateVFWCL, instantiateVFWDT" + echo "" + echo " health-check.robot: health, core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai, health-appc," + echo " health-clamp, health-cli, health-dcae, health-dmaap, health-log, health-modeling, health-msb," + echo " health-multicloud, health-oof, health-policy, health-pomba, health-portal, health-sdc, health-sdnc," + echo " health-so, health-uui, health-vfc, health-vid, health-vnfsdk, healthdist, healthlogin, healthmr," + echo " healthportalapp, multicloud, oom" + echo "" + echo " hvves.robot: HVVES, ete" + echo "" + echo " model-distribution-vcpe.robot: distributevCPEResCust" + echo "" + echo " model-distribution.robot: distribute, distributeVFWDT, distributeVLB" + echo "" + echo " oof-*.robot: cmso, has, homing" + echo "" + echo " pnf-registration.robot: ete, pnf_registrate" echo "" - echo " List of test case tags (filename for intent: tag) " - echo " " - echo " cds.robot: cds " - echo " " - echo " clamp.robot: clamp " - echo " " - echo " demo.robot: InitDemo, InitCustomer , APPCCDTPreloadDemo, APPCMountPointDemo, DistributeDemoVFWDT, DistributeVFWNG, " - echo " InitDistribution, PreloadDemo, deleteVNF, heatbridge, instantiateDemoVFWCL, instantiateVFW, instantiateVFWCL, instantiateVFWDT " - echo " " - echo " health-check.robot: health , core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai, health-appc, " - echo " health-clamp, health-cli, health-dcae, health-dmaap, health-log, health-modeling, health-msb, " - echo " health-multicloud, health-oof, health-policy, health-pomba, health-portal, health-sdc, health-sdnc, " - echo " health-so, health-uui, health-vfc, health-vid, health-vnfsdk, healthdist, healthlogin, healthmr, " - echo " healthportalapp, multicloud, oom " - echo " " - echo " hvves.robot: :HVVES, ete " - echo " " - echo " model-distribution-vcpe.robot: distributevCPEResCust " - echo " " - echo " model-distribution.robot: distribute, distributeVFWDT, distributeVLB " - echo " " - echo " oof-*.robot: cmso , has, homing " - echo " " - echo " pnf-registration.robot: ete, pnf_registrate " - echo " " echo " post-install-tests.robot dmaapacl, postinstall" - echo " " - echo " update_onap_page.robot: UpdateWebPage " - echo " " - echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso " - echo " " + echo "" + echo " update_onap_page.robot: UpdateWebPage" + echo "" + echo " vnf-orchestration-direct-so.robot: instantiateVFWdirectso" + echo "" echo " vnf-orchestration.robot: instantiate, instantiateNoDelete, stability72hr" exit fi @@ -63,7 +62,6 @@ export NAMESPACE="$1" POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot) - TAGS="-i $2" ETEHOME=/var/opt/ONAP diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh index 02b79f35d6..c58d8a8775 100755 --- a/kubernetes/robot/eteHelm-k8s.sh +++ b/kubernetes/robot/eteHelm-k8s.sh @@ -15,13 +15,12 @@ #!/bin/bash # -# Run the testsuite for the passed tag. Valid tags are ete, health, closedloop, instantiate +# Run the health-check testsuites for the tags discovered by helm list # Please clean up logs when you are done... -# Note: Do not run multiple concurrent ete.sh as the --display is not parameterized and tests will collide # if [ "$1" == "" ] ; then - echo "Usage: eteHelm-k8s.sh namespace " - echo " list projects via helm list and runs health-check with those tags except dev and dev-consul " + echo "Usage: eteHelm-k8s.sh [namespace]" + echo " list projects via helm list and runs health-check with those tags except dev and dev-consul" exit fi diff --git a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py index c109892329..453af8374e 100644 --- a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py @@ -50,11 +50,22 @@ GLOBAL_DCAE_SERVER_PROTOCOL = "http" GLOBAL_DCAE_HEALTH_SERVER_PORT = "80" GLOBAL_DCAE_USERNAME = '{{ .Values.dcaeUsername }}' GLOBAL_DCAE_PASSWORD = '{{ .Values.dcaePassword}}' +# dcae hv-ves info +GLOBAL_DCAE_HVVES_SERVER_NAME = 'dcae-hv-ves-collector.{{include "common.namespace" .}}' +GLOBAL_DCAE_HVVES_SERVER_PORT = "6061" # data router info - everything is from the private oam network (also called onap private network) GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = "http" GLOBAL_DMAAP_DR_PROV_SERVER_PORT = "8080" GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = "http" GLOBAL_DMAAP_DR_NODE_SERVER_PORT = "8080" +# dmaap message router info +GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME = 'message-router.{{include "common.namespace" .}}' +GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT = "3904" +# dmaap kafka info +GLOBAL_DMAAP_KAFKA_SERVER_NAME = 'message-router-kafka.{{include "common.namespace" .}}' +GLOBAL_DMAAP_KAFKA_SERVER_PORT = "9092" +GLOBAL_DMAAP_KAFKA_JAAS_USERNAME = '{{ .Values.kafkaJaasUsername }}' +GLOBAL_DMAAP_KAFKA_JAAS_PASSWORD = '{{ .Values.kafkaJaasPassword }}' # DROOL server port and credentials GLOBAL_DROOLS_SERVER_PORT = "9696" GLOBAL_DROOLS_USERNAME = '{{ .Values.droolsUsername }}' @@ -115,10 +126,10 @@ GLOBAL_OOF_HOMING_SERVER_PORT = "8091" # oof-sniro info - everything is from the private oam network (also called onap private network) GLOBAL_OOF_SNIRO_SERVER_PORT = "8698" # oof cmso global info - everything is from the private oam network (also called onap private network) -GLOBAL_OOF_CMSO_PROTOCOL = "http" +GLOBAL_OOF_CMSO_PROTOCOL = "https" GLOBAL_OOF_CMSO_SERVER_PORT = "8080" -GLOBAL_OOF_CMSO_USERNAME = "none" -GLOBAL_OOF_CMSO_PASSWORD = "none" +GLOBAL_OOF_CMSO_USERNAME = "{{ .Values.oofCmsoUsername }}" +GLOBAL_OOF_CMSO_PASSWORD = "{{ .Values.oofCmsoPassword }}" # openstack info - info to select right info in environment # packet generate vnf info - everything is from the private oam network (also called onap private network) GLOBAL_PACKET_GENERATOR_PORT = "8183" diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index 4e2a1ed464..6a73d5bbfd 100755 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -118,6 +118,9 @@ dcaePassword: "ZjJkYjllMjljMTI2M2Iz" # DROOLS droolsUsername: "demo@people.osaaf.org" droolsPassword: "demo123456!" +# OOF +oofCmsoUsername: "oof@oof.onap.org" +oofCmsoPassword: "demo123456!" # POLICY policyAuth: "dGVzdHBkcDphbHBoYTEyMw==" policyClientAuth: "cHl0aG9uOnRlc3Q=" @@ -144,6 +147,9 @@ vidHealthPassword: "AppPassword!1" # DMAAP BC bcUsername: "dmaap-bc@dmaap-bc.onap.org" bcPassword: "demo123456!" +# DMAAP KAFKA JAAS +kafkaJaasUsername: "admin" +kafkaJaasPassword: "admin_secret" # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml index c284f2dfd0..c1babf3063 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml @@ -70,7 +70,45 @@ spec: value: {{ .Values.config.javaOptions }} - name: BACKEND value: {{ .Values.config.backendServerURL }} + - name: IS_HTTPS + value: "{{ .Values.config.isHttpsEnabled}}" + {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + - name: KEYSTORE_PASS + {{- if .Values.global.security.keysFromCa }} + valueFrom: + secretKeyRef: + name: mft-sdc + key: keystore-password.txt + {{ else }} + value: {{ .Values.global.security.keyStorePass}} + {{- end }} + - name: TRUSTSTORE_PASS + {{- if .Values.global.security.keysFromCa }} + valueFrom: + secretKeyRef: + name: mft-catruststore + key: keystore-password.txt + {{ else }} + value: {{ .Values.global.security.trustStorePass}} + {{- end }} + - name: TRUSTSTORE_PATH + value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}" + - name: KEYSTORE_PATH + value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}" + - name: TRUSTSTORE_TYPE + value: {{ .Values.security.truststore.type }} + - name: KEYSTORE_TYPE + value: {{ .Values.security.keystore.type }} + {{ end }} volumeMounts: + {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + - name: {{ include "common.fullname" . }}-jetty-https-truststore + mountPath: /var/lib/jetty/{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }} + subPath: {{ .Values.security.truststoreFilename }} + - name: {{ include "common.fullname" . }}-jetty-https-keystore + mountPath: /var/lib/jetty/etc/{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }} + subPath: {{ .Values.security.keystoreFilename }} + {{ end }} - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml index 2990de3f1a..87ca3607d7 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml @@ -40,10 +40,16 @@ spec: - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName | default "http" }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 | default "https" }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName | default "http" }} + - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 | default "https" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index d0ff53718e..a217de5e4b 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -17,6 +17,7 @@ ################################################################# global: nodePortPrefix: 302 + nodePortPrefixExt: 304 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co @@ -36,6 +37,16 @@ debugEnabled: false config: javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7000,server=y,suspend=n -Xmx256m -Xms256m" backendServerURL: "http://sdc-wfd-be:8080" + isHttpsEnabled: false + +# https relevant settings. Change in case you have other trust files then default ones. +security: + isDefaultStore: true + truststoreType: "JKS" + keystoreType: "JKS" + truststoreFilename: "truststore" + keystoreFilename: "keystore" + storePath: "etc" # default number of instances replicaCount: 1 @@ -62,6 +73,10 @@ service: externalPort: 8080 portName: sdc-wfd-fe nodePort: "56" + portName2: sdc-wfd-fe2 + internalPort2: 8443 + externalPort2: 8443 + nodePort2: "31" ingress: enabled: false diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index 3ae042b48c..f8cfc4cffc 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -19,7 +19,7 @@ aai: workflowAaiDistributionDelay: PT30S pnfEntryNotificationTimeout: P14D cds: - endpoint: cds-blueprints-processor + endpoint: cds-blueprints-processor-grpc port: 9111 auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== timeout: 600 diff --git a/kubernetes/uui/charts/uui-server/templates/service.yaml b/kubernetes/uui/charts/uui-server/templates/service.yaml index 2abe7fd9f8..346c0370f9 100644 --- a/kubernetes/uui/charts/uui-server/templates/service.yaml +++ b/kubernetes/uui/charts/uui-server/templates/service.yaml @@ -27,7 +27,7 @@ metadata: { "serviceName": "usecaseui-server", "version": "v1", - "url": "/api/usecaseui/server/v1", + "url": "/api/usecaseui-server/v1", "protocol": "REST", "port": "{{.Values.service.internalPort}}", "visualRange":"1" |