summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat4
-rw-r--r--kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12bin2556 -> 0 bytes
-rw-r--r--kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystorebin2214 -> 0 bytes
-rw-r--r--kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties2
-rw-r--r--kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml45
-rw-r--r--kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12bin2556 -> 0 bytes
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystorebin3594 -> 0 bytes
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json93
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties27
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties4
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml45
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties3
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties1
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile27
-rw-r--r--kubernetes/aai/components/aai-babel/templates/configmap.yaml44
-rw-r--r--kubernetes/aai/components/aai-babel/templates/deployment.yaml114
-rw-r--r--kubernetes/aai/components/aai-babel/templates/secrets.yaml46
-rw-r--r--kubernetes/aai/components/aai-babel/templates/service.yaml32
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml5
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12bin3617 -> 0 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststorebin4639 -> 0 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystorebin2214 -> 0 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties2
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml45
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12bin4291 -> 0 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12bin4158 -> 0 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystorebin4943 -> 0 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json99
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties41
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties4
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml45
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties3
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties1
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile27
-rw-r--r--kubernetes/aai/components/aai-resources/templates/configmap.yaml111
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml1274
-rw-r--r--kubernetes/aai/components/aai-resources/templates/secret.yaml31
-rw-r--r--kubernetes/aai/components/aai-resources/templates/service.yaml4
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml29
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties2
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml48
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json11
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties41
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties4
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml48
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties3
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties1
-rw-r--r--kubernetes/aai/components/aai-search-data/templates/configmap.yaml45
-rw-r--r--kubernetes/aai/components/aai-search-data/templates/deployment.yaml118
-rw-r--r--kubernetes/aai/components/aai-search-data/templates/secret.yaml14
-rw-r--r--kubernetes/aai/components/aai-search-data/templates/service.yaml31
-rw-r--r--kubernetes/aai/components/aai-search-data/values.yaml2
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/deployment.yaml572
-rw-r--r--kubernetes/aai/components/aai-traversal/values.yaml21
-rw-r--r--kubernetes/aai/requirements.yaml3
-rw-r--r--kubernetes/aai/resources/config/haproxy/aai.pem88
-rw-r--r--kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg2
-rw-r--r--kubernetes/aai/resources/config/haproxy/haproxy.cfg2
-rw-r--r--kubernetes/aai/templates/configmap.yaml30
-rw-r--r--kubernetes/aai/templates/deployment.yaml10
-rw-r--r--kubernetes/aai/values.yaml64
-rw-r--r--kubernetes/common/certManagerCertificate/Chart.yaml18
-rw-r--r--kubernetes/common/certManagerCertificate/requirements.yaml18
-rw-r--r--kubernetes/common/certManagerCertificate/templates/_certificate.tpl219
-rw-r--r--kubernetes/common/certManagerCertificate/values.yaml29
-rw-r--r--kubernetes/common/common/templates/_certificate.tpl192
-rw-r--r--kubernetes/common/common/templates/_ingress.tpl20
-rw-r--r--kubernetes/common/etcd/templates/statefulset.yaml4
-rw-r--r--kubernetes/common/music/requirements.yaml3
-rwxr-xr-xkubernetes/common/music/resources/config/music-sb.properties2
-rw-r--r--kubernetes/common/music/resources/keys/org.onap.music.jksbin3635 -> 0 bytes
-rw-r--r--kubernetes/common/music/resources/keys/truststoreONAPall.jksbin117990 -> 0 bytes
-rw-r--r--kubernetes/common/music/templates/deployment.yaml16
-rw-r--r--kubernetes/common/music/values.yaml32
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml4
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml43
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml24
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml10
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml4
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/dmaap-plugin.json (renamed from kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json)0
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json (renamed from kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json)1
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml10
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml21
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml8
-rw-r--r--kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml2
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml2
-rwxr-xr-xkubernetes/onap/values.yaml19
-rw-r--r--kubernetes/sdnc/requirements.yaml3
-rw-r--r--kubernetes/sdnc/templates/certificates.yaml6
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml6
-rw-r--r--kubernetes/sdnc/values.yaml20
101 files changed, 603 insertions, 3520 deletions
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
index cbe9864f1b..6fc63e47d7 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
@@ -3,8 +3,8 @@ aaf@aaf.osaaf.org|aaf|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|
aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file'}
aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'}
aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'}
-aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'}
+aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
+aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'}
aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'}
clamp@clamp.onap.org|clamp|local|/opt/app/osaaf/local||mailto:|org.onap.clamp|root|30|{'clamp', 'clamp-onap', 'clamp.api.simpledemo.onap.org', 'clamp.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12
deleted file mode 100644
index dbf4fcacec..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 9eec841aa2..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties
deleted file mode 100644
index f512fb71a6..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml
deleted file mode 100644
index 0637cfb84b..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="info" />
-
-</configuration> \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt
deleted file mode 100644
index 79cf29e73c..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12
deleted file mode 100644
index dbf4fcacec..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 99129c145f..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json
deleted file mode 100644
index acc940987c..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json
+++ /dev/null
@@ -1,93 +0,0 @@
-[
- {
- "uri": "\/not\/allowed\/at\/all$",
- "permissions": [
- "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
- ]
- },
- {
- "uri": "\/one\/auth\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/multi\/auth\/required$",
- "permissions": [
- "test.auth.access.aMultipleAuth1",
- "test.auth.access.aMultipleAuth2",
- "test.auth.access.aMultipleAuth3"
- ]
- },
- {
- "uri": "\/one\/[^\/]+\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/services\/getAAFRequest$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/admin\/getAAFRequest$",
- "permissions": [
- "test.auth.access|admin|GET,PUT,POST"
- ]
- },
- {
- "uri": "\/service\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/services\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/$",
- "permissions": [
- "\\|services\\|GET",
- "test\\.auth\\.access\\|services\\|GET,PUT"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
- "permissions": [
- "test\\.auth\\.access\\|rest\\|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read",
- "test.auth.access|vservers|read"
- ]
- },
- {
- "uri": "\/backend$",
- "permissions": [
- "test\\.auth\\.access\\|services\\|GET,PUT",
- "\\|services\\|GET"
- ]
- },
- {
- "uri": "\/services\/babel-service\/.*",
- "permissions": [
- "org\\.access\\|\\*\\|\\*"
- ]
- }
-]
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties
deleted file mode 100644
index 188c55bee2..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties
+++ /dev/null
@@ -1,27 +0,0 @@
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-# Configure AAF
-aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties
deleted file mode 100644
index 1b58d4235c..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml
deleted file mode 100644
index 2cd95d4c69..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="info" />
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties
deleted file mode 100644
index 7055bf5303..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 9516
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt
deleted file mode 100644
index 79cf29e73c..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties
deleted file mode 100644
index 8d46e1f429..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties
+++ /dev/null
@@ -1 +0,0 @@
-transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile
deleted file mode 100644
index 6cd12fcfb4..0000000000
--- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
-1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
-xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
-BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
-6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
-QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
-zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
-x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
-8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
-FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
-UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
-banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
-6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
-yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
-xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
-lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
-ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
-fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
-1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
-liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
-0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
-PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
-8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
-dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
--85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
-c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
-uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
index cdd2a4fefe..baee38c0e2 100644
--- a/kubernetes/aai/components/aai-babel/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,46 +28,3 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
-{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index e75815ecb6..9fe386a3c6 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -37,19 +37,6 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
-
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -127,79 +114,6 @@ spec:
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
volumes:
- name: localtime
hostPath:
@@ -226,32 +140,6 @@ spec:
emptyDir: {}
- name: aai-filebeat
emptyDir: {}
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
index 630ce83b31..b81ffa05b9 100644
--- a/kubernetes/aai/components/aai-babel/templates/secrets.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -43,48 +44,3 @@ type: Opaque
data:
KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
-{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml
index fb7295581c..db54ce14f2 100644
--- a/kubernetes/aai/components/aai-babel/templates/service.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,27 +29,16 @@ metadata:
spec:
type: {{ .Values.service.type }}
ports:
- {{ if .Values.global.installSidecarSecurity }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.global.rproxy.port }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ else }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ end }}
+ {{- if eq .Values.service.type "NodePort" }}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else }}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end }}
+
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index f0a5ec2b78..db1a2eb86b 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -1,6 +1,6 @@
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020, 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,8 +17,7 @@
#################################################################
# Global configuration defaults.
#################################################################
-global:
- installSidecarSecurity: false
+global: {}
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12
deleted file mode 100644
index d9fe86e4ec..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore
deleted file mode 100644
index f6ebc75ed8..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 9eec841aa2..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties
deleted file mode 100644
index f512fb71a6..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml
deleted file mode 100644
index 9a08348b0d..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="info" />
-
-</configuration> \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt
deleted file mode 100644
index 79cf29e73c..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12
deleted file mode 100644
index 071d407de5..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
deleted file mode 100644
index 023e2eaac6..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore
deleted file mode 100644
index 6ad5f51ad3..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json
deleted file mode 100644
index e23c03d833..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json
+++ /dev/null
@@ -1,99 +0,0 @@
-[
- {
- "uri": "\/not\/allowed\/at\/all$",
- "permissions": [
- "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
- ]
- },
- {
- "uri": "\/one\/auth\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/multi\/auth\/required$",
- "permissions": [
- "test.auth.access.aMultipleAuth1",
- "test.auth.access.aMultipleAuth2",
- "test.auth.access.aMultipleAuth3"
- ]
- },
- {
- "uri": "\/one\/[^\/]+\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/services\/getAAFRequest$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/admin\/getAAFRequest$",
- "permissions": [
- "test.auth.access|admin|GET,PUT,POST"
- ]
- },
- {
- "uri": "\/service\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/services\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/$",
- "permissions": [
- "\\|services\\|GET",
- "test\\.auth\\.access\\|services\\|GET,PUT"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
- "permissions": [
- "test\\.auth\\.access\\|rest\\|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read",
- "test.auth.access|vservers|read"
- ]
- },
- {
- "uri": "\/backend$",
- "permissions": [
- "test\\.auth\\.access\\|services\\|GET,PUT",
- "\\|services\\|GET"
- ]
- },
- {
- "uri": "\/aai\/.*",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- },
- {
- "uri": "\/aai\/util\/echo",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- }
-]
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties
deleted file mode 100644
index fb3d1ccd3e..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties
+++ /dev/null
@@ -1,41 +0,0 @@
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
-cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
-cadi_alias=aai@aai.onap.org
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties
deleted file mode 100644
index 1b58d4235c..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml
deleted file mode 100644
index 799fd8689b..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="info" />
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties
deleted file mode 100644
index 2c89d28180..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 8447
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt
deleted file mode 100644
index 79cf29e73c..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties
deleted file mode 100644
index 8d46e1f429..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties
+++ /dev/null
@@ -1 +0,0 @@
-transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile
deleted file mode 100644
index 3416d4a737..0000000000
--- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
-jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
-4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
-moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
-GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
-74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
-iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
-p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
-3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
-hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
-RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
-xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
-8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
-ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
-5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
-GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
-_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
-zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
-S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
-LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
-hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
-nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
-bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
-JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
-Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
-J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
-mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
index 2927031eb5..f173916104 100644
--- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -49,113 +50,3 @@ data:
{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-keys
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-aai-policy-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
-{{ end }}
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 09e9607de7..6fbbf1c089 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -2,6 +2,7 @@
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -39,1151 +40,38 @@ spec:
name: {{ include "common.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- if .Values.global.msbEnabled }}
+ {{ $values := .Values }}
msb.onap.org/service-info: '[
+ {{- range $api_endpoint := $values.aai_enpoints -}}
+ {{- range $api_version := $values.api_list }}
{
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v11",
- "url": "/aai/v11/cloud-infrastructure",
+ "serviceName": "_{{ $api_endpoint.name }}",
+ "version": "v{{ $api_version }}",
+ "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
"protocol": "REST",
"port": "8447",
"enable_ssl": true,
"lb_policy":"ip_hash",
"visualRange": "1",
- "path": "/aai/v11/cloud-infrastructure"
+ "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
},
{
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v12",
- "url": "/aai/v12/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v13",
- "url": "/aai/v13/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v14",
- "url": "/aai/v14/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v15",
- "url": "/aai/v15/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v16",
- "url": "/aai/v16/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v17",
- "url": "/aai/v17/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v18",
- "url": "/aai/v18/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v19",
- "url": "/aai/v19/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-business",
- "version": "v11",
- "url": "/aai/v11/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v12",
- "url": "/aai/v12/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v13",
- "url": "/aai/v13/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v14",
- "url": "/aai/v14/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v15",
- "url": "/aai/v15/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v16",
- "url": "/aai/v16/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v17",
- "url": "/aai/v17/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v18",
- "url": "/aai/v18/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v19",
- "url": "/aai/v19/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/business"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v11",
- "url": "/aai/v11/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v12",
- "url": "/aai/v12/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v13",
- "url": "/aai/v13/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v14",
- "url": "/aai/v14/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v15",
- "url": "/aai/v15/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v16",
- "url": "/aai/v16/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v17",
- "url": "/aai/v17/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v18",
- "url": "/aai/v18/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v19",
- "url": "/aai/v19/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/actions"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v11",
- "url": "/aai/v11/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v12",
- "url": "/aai/v12/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v13",
- "url": "/aai/v13/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v14",
- "url": "/aai/v14/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v15",
- "url": "/aai/v15/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v16",
- "url": "/aai/v16/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v17",
- "url": "/aai/v17/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v18",
- "url": "/aai/v18/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v19",
- "url": "/aai/v19/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/service-design-and-creation"
- },
- {
- "serviceName": "_aai-network",
- "version": "v11",
- "url": "/aai/v11/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v12",
- "url": "/aai/v12/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v13",
- "url": "/aai/v13/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v14",
- "url": "/aai/v14/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v15",
- "url": "/aai/v15/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v16",
- "url": "/aai/v16/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v17",
- "url": "/aai/v17/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v18",
- "url": "/aai/v18/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v19",
- "url": "/aai/v19/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/network"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v11",
- "url": "/aai/v11/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v12",
- "url": "/aai/v12/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v13",
- "url": "/aai/v13/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v14",
- "url": "/aai/v14/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v15",
- "url": "/aai/v15/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v16",
- "url": "/aai/v16/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v17",
- "url": "/aai/v17/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v18",
- "url": "/aai/v18/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v19",
- "url": "/aai/v19/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/external-system"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v11",
- "url": "/aai/v11/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v12",
- "url": "/aai/v12/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v13",
- "url": "/aai/v13/cloud-infrastructure",
+ "serviceName": "{{ $api_endpoint.name }}",
+ "version": "v{{ $api_version }}",
+ "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
"protocol": "REST",
"port": "8447",
"enable_ssl": true,
"lb_policy":"ip_hash",
"visualRange": "1"
},
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v14",
- "url": "/aai/v14/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v15",
- "url": "/aai/v15/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v16",
- "url": "/aai/v16/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v17",
- "url": "/aai/v17/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v18",
- "url": "/aai/v18/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v19",
- "url": "/aai/v19/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v11",
- "url": "/aai/v11/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v12",
- "url": "/aai/v12/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v13",
- "url": "/aai/v13/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v14",
- "url": "/aai/v14/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v15",
- "url": "/aai/v15/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v16",
- "url": "/aai/v16/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v17",
- "url": "/aai/v17/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v18",
- "url": "/aai/v18/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v19",
- "url": "/aai/v19/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v11",
- "url": "/aai/v11/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v12",
- "url": "/aai/v12/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v13",
- "url": "/aai/v13/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v14",
- "url": "/aai/v14/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v15",
- "url": "/aai/v15/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v16",
- "url": "/aai/v16/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v17",
- "url": "/aai/v17/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v18",
- "url": "/aai/v18/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v19",
- "url": "/aai/v19/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v11",
- "url": "/aai/v11/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v12",
- "url": "/aai/v12/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v13",
- "url": "/aai/v13/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v14",
- "url": "/aai/v14/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v15",
- "url": "/aai/v15/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v16",
- "url": "/aai/v16/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v17",
- "url": "/aai/v17/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v18",
- "url": "/aai/v18/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v19",
- "url": "/aai/v19/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v11",
- "url": "/aai/v11/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v12",
- "url": "/aai/v12/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v13",
- "url": "/aai/v13/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v14",
- "url": "/aai/v14/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v15",
- "url": "/aai/v15/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v16",
- "url": "/aai/v16/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v17",
- "url": "/aai/v17/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v18",
- "url": "/aai/v18/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v19",
- "url": "/aai/v19/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v11",
- "url": "/aai/v11/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v12",
- "url": "/aai/v12/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v13",
- "url": "/aai/v13/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v14",
- "url": "/aai/v14/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v15",
- "url": "/aai/v15/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v16",
- "url": "/aai/v16/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v17",
- "url": "/aai/v17/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v18",
- "url": "/aai/v18/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v19",
- "url": "/aai/v19/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- }
+ {{- end }}
+ {{- end }}
]'
+ {{- end }}
spec:
hostname: aai-resources
- {{- if .Values.global.initContainers.enabled }}
- {{- if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
- {{- end }}
initContainers:
- command:
{{- if .Values.global.jobs.migration.enabled }}
@@ -1191,23 +79,24 @@ spec:
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-migration
- {{- else if .Values.global.jobs.createSchema.enabled }}
+ {{- else }}
+ {{- if .Values.global.jobs.createSchema.enabled }}
- /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-create-db-schema
- {{- else }}
+ {{- else }}
- /app/ready.py
args:
- --container-name
- {{- if .Values.global.cassandra.localCluster }}
+ {{- if .Values.global.cassandra.localCluster }}
- aai-cassandra
- {{- else }}
+ {{- else }}
- cassandra
- {{- end }}
+ {{- end }}
- --container-name
- aai-schema-service
- {{- end }}
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
@@ -1217,14 +106,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
{{- end }}
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -1260,11 +142,6 @@ spec:
- mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-config
subPath: realm.properties
- {{- if .Values.global.installSidecarSecurity }}
- - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
- name: {{ include "common.fullname" . }}-aai-policy
- subPath: aai_policy.json
- {{- end }}
- mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.keyfile
@@ -1338,84 +215,6 @@ spec:
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.sidecar.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
- subPath: org.onap.aai.p12
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.sidecar.keyStorePassword }}
- - name: TRUST_STORE_PASSWORD
- value: {{ .Values.sidecar.trustStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
- subPath: fproxy_truststore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{- end }}
volumes:
- name: aai-common-aai-auth-mount
secret:
@@ -1447,35 +246,6 @@ spec:
- key: {{ . }}
path: {{ . }}
{{- end }}
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-aai-policy
- configMap:
- name: {{ include "common.fullname" . }}-aai-policy-configmap
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{- end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-resources/templates/secret.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml
new file mode 100644
index 0000000000..d24149086e
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/templates/secret.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-keys
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
index 66dfd493dd..460e0d5b93 100644
--- a/kubernetes/aai/components/aai-resources/templates/service.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -27,7 +27,7 @@ metadata:
spec:
type: {{ .Values.service.type }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
+ {{ if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
@@ -39,7 +39,7 @@ spec:
name: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 2685d9a3f5..5210a249d2 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -1,5 +1,6 @@
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,9 +24,6 @@ global: # global defaults
#Override it to aai-cassandra if localCluster is enabled.
serviceName: cassandra
- rproxy:
- name: reverse-proxy
-
initContainers:
enabled: true
@@ -116,6 +114,31 @@ global: # global defaults
realtime:
clients: SDNC,MSO,SO,robot-ete
+api_list:
+ - 11
+ - 12
+ - 13
+ - 14
+ - 15
+ - 16
+ - 17
+ - 18
+ - 19
+
+aai_enpoints:
+ - name: aai-cloudInfrastructure
+ url: cloud-infrastructure
+ - name: aai-business
+ url: business
+ - name: aai-actions
+ url: actions
+ - name: aai-service-design-and-creation
+ url: service-design-and-creation
+ - name: aai-network
+ url: network
+ - name: aai-externalSystem
+ url: external-system
+
# application image
image: onap/aai-resources:1.7.2
pullPolicy: Always
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties
deleted file mode 100644
index f512fb71a6..0000000000
--- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml
deleted file mode 100644
index edac199968..0000000000
--- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="debug">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </logger>
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt
deleted file mode 100644
index 79cf29e73c..0000000000
--- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json
deleted file mode 100644
index 595d484c37..0000000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json
+++ /dev/null
@@ -1,11 +0,0 @@
-[
- {
- "uri": "\/services\/search-data-service\/.*",
- "method": "GET|PUT|POST|DELETE",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- }
-
-
-]
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties
deleted file mode 100644
index fb3d1ccd3e..0000000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties
+++ /dev/null
@@ -1,41 +0,0 @@
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
-cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
-cadi_alias=aai@aai.onap.org
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties
deleted file mode 100644
index 55a9b4816f..0000000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties
+++ /dev/null
@@ -1,4 +0,0 @@
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml
deleted file mode 100644
index 289fe7512c..0000000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="debug">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </logger>
-
-</configuration>
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties
deleted file mode 100644
index 5fddcb240a..0000000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 9509
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt
deleted file mode 100644
index 79cf29e73c..0000000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties
deleted file mode 100644
index 8d46e1f429..0000000000
--- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties
+++ /dev/null
@@ -1 +0,0 @@
-transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
index 28cf730930..0d76239ef9 100644
--- a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -39,47 +40,3 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
-{{ end }}
-
diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
index eb4aefeeb3..eaa90870b0 100644
--- a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,14 +38,6 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -126,85 +118,6 @@ spec:
name: {{ include "common.fullname" . }}-service-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-service-filebeat
-
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
- subPath: org.onap.aai.p12
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: TRUST_STORE_PASSWORD
- value: {{ .Values.config.trustStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
- subPath: fproxy_truststore
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
volumes:
- name: localtime
hostPath:
@@ -228,35 +141,6 @@ spec:
- name: {{ include "common.fullname" . }}-service-log-conf
configMap:
name: {{ include "common.fullname" . }}-service-log
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- secret:
- secretName: aai-rproxy-auth-certs
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: aai-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- secret:
- secretName: aai-fproxy-auth-certs
- {{ end }}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml
index eacae25647..3135df6f07 100644
--- a/kubernetes/aai/components/aai-search-data/templates/secret.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -40,16 +41,3 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
-{{ end }}
-
diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml
index 940222cd3e..e031410737 100644
--- a/kubernetes/aai/components/aai-search-data/templates/service.yaml
+++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,28 +28,14 @@ metadata:
spec:
type: {{ .Values.service.type }}
ports:
-{{ if .Values.global.installSidecarSecurity }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ else }}
-
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
-{{ end }}
+ {{- if eq .Values.service.type "NodePort" }}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else }}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml
index ae61dd761f..4bd535a475 100644
--- a/kubernetes/aai/components/aai-search-data/values.yaml
+++ b/kubernetes/aai/components/aai-search-data/values.yaml
@@ -55,7 +55,7 @@ readiness:
service:
type: ClusterIP
portName: aai-search-data
- internalPort: 9509
+ internalPort: "9509"
ingress:
enabled: false
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index ab1cb309d8..6f5ac8263b 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -2,6 +2,7 @@
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -39,304 +40,34 @@ spec:
name: {{ include "common.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- if .Values.global.msbEnabled }}
+ {{ $values := .Values }}
msb.onap.org/service-info: '[
+ {{- range $api_endpoint := $values.aai_enpoints -}}
+ {{- range $api_version := $values.api_list }}
{
- "serviceName": "_aai-generic-query",
- "version": "v11",
- "url": "/aai/v11/search/generic-query",
+ "serviceName": "_{{ $api_endpoint.name }}",
+ "version": "v{{ $api_version }}",
+ "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
"protocol": "REST",
"port": "8446",
"enable_ssl": true,
"lb_policy":"ip_hash",
"visualRange": "1",
- "path": "/aai/v11/search/generic-query"
+ "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
},
{
- "serviceName": "_aai-generic-query",
- "version": "v12",
- "url": "/aai/v12/search/generic-query",
+ "serviceName": "{{ $api_endpoint.name }}",
+ "version": "v{{ $api_version }}",
+ "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
"protocol": "REST",
"port": "8446",
"enable_ssl": true,
"lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v13",
- "url": "/aai/v13/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v14",
- "url": "/aai/v14/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v15",
- "url": "/aai/v15/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v16",
- "url": "/aai/v16/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v17",
- "url": "/aai/v17/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v18",
- "url": "/aai/v18/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v19",
- "url": "/aai/v19/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/search/generic-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v11",
- "url": "/aai/v11/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v12",
- "url": "/aai/v12/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v13",
- "url": "/aai/v13/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v14",
- "url": "/aai/v14/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v15",
- "url": "/aai/v15/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v16",
- "url": "/aai/v16/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v17",
- "url": "/aai/v17/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v18",
- "url": "/aai/v18/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v19",
- "url": "/aai/v19/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/search/nodes-query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v11",
- "url": "/aai/v11/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v12",
- "url": "/aai/v12/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v13",
- "url": "/aai/v13/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v14",
- "url": "/aai/v14/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v15",
- "url": "/aai/v15/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v16",
- "url": "/aai/v16/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v17",
- "url": "/aai/v17/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v18",
- "url": "/aai/v18/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v19",
- "url": "/aai/v19/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/query"
+ "visualRange": "1"
},
+ {{- end }}
+ {{- end }}
{
"serviceName": "_aai-named-query",
"url": "/aai/search",
@@ -348,276 +79,6 @@ spec:
"path": "/aai/search"
},
{
- "serviceName": "aai-generic-query",
- "version": "v11",
- "url": "/aai/v11/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v12",
- "url": "/aai/v12/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v13",
- "url": "/aai/v13/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v14",
- "url": "/aai/v14/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v15",
- "url": "/aai/v15/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v16",
- "url": "/aai/v16/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v17",
- "url": "/aai/v17/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v18",
- "url": "/aai/v18/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v19",
- "url": "/aai/v19/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v11",
- "url": "/aai/v11/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v12",
- "url": "/aai/v12/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v13",
- "url": "/aai/v13/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v14",
- "url": "/aai/v14/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v15",
- "url": "/aai/v15/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v16",
- "url": "/aai/v16/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v17",
- "url": "/aai/v17/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v18",
- "url": "/aai/v18/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v19",
- "url": "/aai/v19/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v11",
- "url": "/aai/v11/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v12",
- "url": "/aai/v12/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v13",
- "url": "/aai/v13/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v14",
- "url": "/aai/v14/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v15",
- "url": "/aai/v15/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v16",
- "url": "/aai/v16/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v17",
- "url": "/aai/v17/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v18",
- "url": "/aai/v18/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v19",
- "url": "/aai/v19/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
"serviceName": "aai-named-query",
"url": "/aai/search",
"protocol": "REST",
@@ -627,6 +88,7 @@ spec:
"visualRange": "1"
}
]'
+ {{- end }}
spec:
hostname: aai-traversal
{{ if .Values.global.initContainers.enabled }}
@@ -653,7 +115,7 @@ spec:
{{- end }}
- --container-name
- aai-schema-service
- {{ end }}
+ {{ end }}
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index fbfcdaed8d..0242cedd0b 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -1,5 +1,6 @@
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -129,6 +130,26 @@ pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
+
+api_list:
+ - 11
+ - 12
+ - 13
+ - 14
+ - 15
+ - 16
+ - 17
+ - 18
+ - 19
+
+aai_enpoints:
+ - name: aai-generic-query
+ url: search/generic-query
+ - name: aai-nodes-query
+ url: search/nodes-query
+ - name: aai-nquery
+ url: query
+
# application configuration
config:
diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml
index bdab308144..c8970da183 100644
--- a/kubernetes/aai/requirements.yaml
+++ b/kubernetes/aai/requirements.yaml
@@ -28,6 +28,9 @@ dependencies:
# be published independently to a repo (at this point)
repository: '@local'
condition: global.cassandra.localCluster
+ - name: certInitializer
+ version: ~7.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~7.x-0
repository: '@local'
diff --git a/kubernetes/aai/resources/config/haproxy/aai.pem b/kubernetes/aai/resources/config/haproxy/aai.pem
deleted file mode 100644
index 6390db10de..0000000000
--- a/kubernetes/aai/resources/config/haproxy/aai.pem
+++ /dev/null
@@ -1,88 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFKzCCBBOgAwIBAgIILW/fiLbps3kwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTIwMDMxNzIwMjg1NloXDTIxMDMxNzIwMjg1Nlow
-WTEMMAoGA1UEAwwDYWFpMR0wGwYDVQQLDBRhYWlAYWFpLm9uYXAub3JnOkRFVjEO
-MAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAov4ddmOzRCWAU/sx2Q9kcYZZ0r/x
-agqwDBcmlS2OP0MAou/f/xY2gzE2ugXXGGEXG6PCUx4YEHGeRxyezEQ/+c+kSjFe
-0FTUa8Z1Ojad3VDsJfjfZ1994NpV99KTrrw1Twq9Ei7dpkypUA8kZxEjg7eM11TU
-F4jS6x5NEyVsxih5uJjIF7ErGwimSEKsympcsXezYgG9Z/VPBpZWmYlYl5MWjzT6
-F0FgGfSbajWauMifEPajmvn8ZXn6Lyx0RCI25+BCcOhS6UvYXFX+jE/uOoEbKgwz
-11tIdryEFrXiLVfD01uhacx02YCrzj1u53RWiD6bCPyatKo1hQsf+aDkEQIDAQAB
-o4ICBzCCAgMwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBeAwIAYDVR0lAQH/BBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1UdIwRNMEuAFIH3mVsQuciM3vNSXupO
-aaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkG
-A1UEBhMCVVOCAQcwHQYDVR0OBBYEFP94WTftXhHcz93nBT6jIdMe6h+6MIIBTQYD
-VR0RBIIBRDCCAUCBH21hcmsuZC5tYW5hZ2VyQHBlb3BsZS5vc2FhZi5jb22CA2Fh
-aYIUYWFpLXNlYXJjaC1kYXRhLm9uYXCCEmFhaS1zcGFya3ktYmUub25hcIIbYWFp
-LmFwaS5zaW1wbGVkZW1vLm9uYXAub3JngiVhYWkuZWxhc3RpY3NlYXJjaC5zaW1w
-bGVkZW1vLm9uYXAub3JngiVhYWkuZ3JlbWxpbnNlcnZlci5zaW1wbGVkZW1vLm9u
-YXAub3Jngh1hYWkuaGJhc2Uuc2ltcGxlZGVtby5vbmFwLm9yZ4IIYWFpLm9uYXCC
-JWFhaS5zZWFyY2hzZXJ2aWNlLnNpbXBsZWRlbW8ub25hcC5vcmeCF2FhaS5zaW1w
-bGVkZW1vLm9uYXAub3JnghphYWkudWkuc2ltcGxlZGVtby5vbmFwLm9yZzANBgkq
-hkiG9w0BAQsFAAOCAQEAVigPPsYd8yscW+U6zpffBc5S6Mg2DQD/gikB0uF//lIq
-oa5qTI3yB0wPoRKmxpeEZiJYDkBs3App2sPM2fPb9GGmGncCLkprqTflM2Y4yxX4
-k/a7w8vEwMoCrBgxEdmniAj9TirsISyLqBIXoGT7WtaXBLZarYhJ4P7TplhyWuwe
-sV6jxkZLIRLj31ihf32adFIhPZQKxaHbbFnyEylLTdPuZGy3nvdmjajZuomOFF8h
-HhDIouSJAtgkuWVsMiX6iR1qG9//6ymnZMvUyDGr8bkZURhMqesAejwP4aKxqDZg
-B0uVjapQTJH4ES0M+2PoY9gP8uh0dc3TusOs1QYJiA==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
-Bag Attributes
- friendlyName: aai@aai.onap.org
- localKeyID: 54 69 6D 65 20 31 35 38 34 34 37 36 39 33 36 35 31 35
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCi/h12Y7NEJYBT
-+zHZD2RxhlnSv/FqCrAMFyaVLY4/QwCi79//FjaDMTa6BdcYYRcbo8JTHhgQcZ5H
-HJ7MRD/5z6RKMV7QVNRrxnU6Np3dUOwl+N9nX33g2lX30pOuvDVPCr0SLt2mTKlQ
-DyRnESODt4zXVNQXiNLrHk0TJWzGKHm4mMgXsSsbCKZIQqzKalyxd7NiAb1n9U8G
-llaZiViXkxaPNPoXQWAZ9JtqNZq4yJ8Q9qOa+fxlefovLHREIjbn4EJw6FLpS9hc
-Vf6MT+46gRsqDDPXW0h2vIQWteItV8PTW6FpzHTZgKvOPW7ndFaIPpsI/Jq0qjWF
-Cx/5oOQRAgMBAAECggEAVYWGSf9IKYKP0gDkh+LmrhZzfPxPnHddJgrjqLSNha4P
-YG8CliK+mZmyAGteECGpcUw8g0YwFDi5dtCSldVdyCLmLjO3bxKDnsUz70aHEIAM
-WGQ8PE5Diz6kivMHoFCKnB2jVS4YCNECqco4LIg2nT8q/DU7T9nv6YQtptUlPNdY
-OmJRXfUfcBSUINqVi/VbEjHtbZqc6dgvaRNEF0CYtqHm7P51BXGa3pH+6drL+U+a
-o3T4yHrEsDKUaQzJZoiJneexwN91x42gcyHzg30UZVgCP+9Zt2GQWXqpENNZjGlI
-bwzouvBj266ViBNbuu3tar58MASOCnCKGA0Jrs3P3QKBgQD0ENenvzaqNzV0A47x
-+RI76DM2eorY2dxh+4txAt1pXlkbMZuWXjs1ysBPYaGHZRitiCFcaSwdP2T0oCET
-ojYEU97bJkKlcuw2scAqznSi7U0uSaStwaWzEviGTsQ51MKghRESMfpt3BxZqyi0
-BV+fPeRk3l3xaw1AuZQ/JTn0qwKBgQCq9msPcbRzKvsmfsAVvjKAodzl6EaM+PcF
-YLnJLurjCtdyjj1lRaCBg9bRbaRbt9YPg4VA5oMYm2SuwbJQQHjqaeN+SpnV8GGc
-nPsZgoSlfZrnLovyGgC3muiA3uSPREZWUlp+IE8qlQ8VztSWkNyxNej4nhxk2UTH
-DOE2ZmNyMwKBgFD+yeKkZUrFuZp/l8+bfb6dx2kb77oZSrbFmLfvYHUYV2/b3atg
-KDwoxftSBh39odvs4k1dpcMrB6DbBz8RxOVYxAtsPg/T/KoGASTzkOeE4ukqjVkQ
-e6Ha+NjxiNM8VT6aCllEdrxAoLPtRju/0MTy8Dm9ReXZRfOl4pm2C+6zAoGAY2D6
-uu+NxaSmeaoUXo9BLCTrE3oCCNBwR2ACnz/2qiQTOTQV3FitBJxusy7Y67fhZwM8
-4o0ch6FM1Yki7iOMJjeHVlJnOkWReEiIbjvAf7KT6O7VytXytMgHf2IR2nYFrQgS
-Ml71pfsf2b1xNlTe9OQxmNPQDY9+u3ZxM/4wsKECgYBPvlYMaZNIOLFf7VXzUYGG
-rkXMpbLgLvIHvhF+4nsvspPVSqPeWjh2KMee3tMamy93H4R66G/KfoQw02JuZH+N
-HbGnnpyLa2jGjY0NkXEo08o2wsqv2QFtT/SFRoDLkah8rwZUwpxIg0akgrwwTslO
-rzAazDQvlb0itUxgU4qgqw==
------END PRIVATE KEY-----
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
index b05ffaeaf2..e605e1886f 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
@@ -62,7 +62,7 @@ defaults
frontend IST_8443
mode http
- bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+ bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
option httplog
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
index ea29c903ba..c8f3670349 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
@@ -60,7 +60,7 @@ defaults
frontend IST_8443
mode http
- bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+ bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
option httplog
diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
index d2735b4882..b0da359ab1 100644
--- a/kubernetes/aai/templates/configmap.yaml
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -44,36 +44,6 @@ data:
{{ else }}
{{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }}
{{ end }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: aai-haproxy-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/haproxy/aai.pem").AsSecrets . | indent 2 }}
-# This is a shared key for both resources and traversal
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: aai-auth-truststore-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
-
{{ if .Values.global.installSidecarSecurity }}
---
apiVersion: v1
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 83d78238b0..2ca489f2de 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -39,7 +39,7 @@ spec:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- /app/ready.py
args:
@@ -75,9 +75,7 @@ spec:
subPath: haproxy.cfg
{{ end }}
name: haproxy-cfg
- - mountPath: /etc/ssl/private/aai.pem
- name: aai-pem
- subPath: aai.pem
+ {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -128,8 +126,6 @@ spec:
- name: haproxy-cfg
configMap:
name: aai-deployment-configmap
- - name: aai-pem
- secret:
- secretName: aai-haproxy-secret
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 86ecb8b355..516dcc4d70 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -1,6 +1,7 @@
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,30 +31,8 @@ global: # global defaults
restartPolicy: Always
- installSidecarSecurity: false
aafEnabled: true
-
- fproxy:
- name: forward-proxy
- activeSpringProfiles: noHostVerification,cadi
- image: onap/fproxy:2.1.13
- port: 10680
-
- rproxy:
- name: reverse-proxy
- activeSpringProfiles: noHostVerification,cadi
- image: onap/rproxy:2.1.13
- port: 10692
-
- tproxyConfig:
- name: init-tproxy-config
- image: onap/tproxy-config:2.1.13
-
- # AAF server details. Only needed if the AAF DNS does not resolve from the pod
- aaf:
- serverIp: 10.12.6.214
- serverHostname: aaf.osaaf.org
- serverPort: 30247
+ msbEnabled: true
cassandra:
#This will instantiate AAI cassandra cluster, default:shared cassandra.
@@ -295,6 +274,44 @@ global: # global defaults
# since when this is enabled, it prints a lot of information to console
enabled: false
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: "aai"
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: "org.onap.aai"
+ fqi: "aai@aai.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** retrieving passwords from AAF"
+ /opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+ export $(grep '^c' {{ .Values.credsPath }}/mycreds.prop | xargs -0)
+ echo "*** transform AAF certs into pem files"
+ mkdir -p {{ .Values.credsPath }}/certs
+ keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
+ -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
+ -alias ca_local_0 \
+ -storepass $cadi_truststore_password
+ openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+ -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
+ -passin pass:$cadi_keystore_password_p12 \
+ -passout pass:$cadi_keystore_password_p12
+ echo "*** generating needed file"
+ cat {{ .Values.credsPath }}/certs/cert.pem \
+ {{ .Values.credsPath }}/certs/cacert.pem \
+ {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
+ > {{ .Values.credsPath }}/certs/fullchain.pem;
+ chown 1001 {{ .Values.credsPath }}/certs/*
+
# application image
dockerhubRepository: registry.hub.docker.com
image: aaionap/haproxy:1.4.2
@@ -379,4 +396,3 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
-
diff --git a/kubernetes/common/certManagerCertificate/Chart.yaml b/kubernetes/common/certManagerCertificate/Chart.yaml
new file mode 100644
index 0000000000..305d25251d
--- /dev/null
+++ b/kubernetes/common/certManagerCertificate/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+name: certManagerCertificate
+description: A Helm chart for Cert-Manager Certificate CRD template
+version: 7.0.0
diff --git a/kubernetes/common/certManagerCertificate/requirements.yaml b/kubernetes/common/certManagerCertificate/requirements.yaml
new file mode 100644
index 0000000000..6bcaed05a8
--- /dev/null
+++ b/kubernetes/common/certManagerCertificate/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~7.x-0
+ repository: 'file://../common'
diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
new file mode 100644
index 0000000000..4e43f621de
--- /dev/null
+++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
@@ -0,0 +1,219 @@
+{{/*#
+# Copyright © 2020-2021, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.*/}}
+
+{{/*
+# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
+#
+# To request a certificate following steps are to be done:
+# - create an object 'certificates' in the values.yaml
+# - create a file templates/certificates.yaml and invoke the function "certManagerCertificate.certificate".
+#
+# Here is an example of the certificate request for a component:
+#
+# Directory structure:
+# component
+# templates
+# certifictes.yaml
+# values.yaml
+#
+# To be added in the file certificates.yamll
+#
+# To be added in the file values.yaml
+# 1. Minimal version (certificates only in PEM format)
+# certificates:
+# - commonName: component.onap.org
+#
+# 2. Extended version (with defined own issuer and additional certificate format):
+# certificates:
+# - name: onap-component-certificate
+# secretName: onap-component-certificate
+# commonName: component.onap.org
+# dnsNames:
+# - component.onap.org
+# issuer:
+# group: certmanager.onap.org
+# kind: CMPv2Issuer
+# name: cmpv2-issuer-for-the-component
+# keystore:
+# outputType:
+# - p12
+# - jks
+# passwordSecretRef:
+# name: secret-name
+# key: secret-key
+#
+# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
+# Other mandatory fields for the certificate definition do not have to be defined directly,
+# in that case they will be taken from default values.
+#
+# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
+# and can be overriden during onap installation process.
+#
+*/}}
+
+{{- define "certManagerCertificate.certificate" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+
+{{- $certificates := $dot.Values.certificates -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global }}
+
+{{ range $i, $certificate := $certificates }}
+{{/*# General certifiacate attributes #*/}}
+{{- $name := include "common.fullname" $dot -}}
+{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}}
+{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
+{{- $renewBefore := default $subchartGlobal.certificate.default.renewBefore $certificate.renewBefore -}}
+{{- $duration := default $subchartGlobal.certificate.default.duration $certificate.duration -}}
+{{- $namespace := $dot.Release.Namespace -}}
+{{/*# SAN's #*/}}
+{{- $dnsNames := $certificate.dnsNames -}}
+{{- $ipAddresses := $certificate.ipAddresses -}}
+{{- $uris := $certificate.uris -}}
+{{- $emailAddresses := $certificate.emailAddresses -}}
+{{/*# Subject #*/}}
+{{- $subject := $subchartGlobal.certificate.default.subject -}}
+{{- if $certificate.subject -}}
+{{- $subject = $certificate.subject -}}
+{{- end -}}
+{{/*# Issuer #*/}}
+{{- $issuer := $subchartGlobal.certificate.default.issuer -}}
+{{- if $certificate.issuer -}}
+{{- $issuer = $certificate.issuer -}}
+{{- end -}}
+---
+{{- if $certificate.keystore }}
+ {{- $passwordSecretRef := $certificate.keystore.passwordSecretRef -}}
+ {{- $password := include "common.createPassword" (dict "dot" $dot "uid" $certName) | quote }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $passwordSecretRef.name }}
+ namespace: {{ $namespace }}
+type: Opaque
+stringData:
+ {{ $passwordSecretRef.key }}: {{ $password }}
+{{- end }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ $certName }}
+ namespace: {{ $namespace }}
+spec:
+ secretName: {{ $secretName }}
+ commonName: {{ $commonName }}
+ renewBefore: {{ $renewBefore }}
+ {{- if $duration }}
+ duration: {{ $duration }}
+ {{- end }}
+ subject:
+ organizations:
+ - {{ $subject.organization }}
+ countries:
+ - {{ $subject.country }}
+ localities:
+ - {{ $subject.locality }}
+ provinces:
+ - {{ $subject.province }}
+ organizationalUnits:
+ - {{ $subject.organizationalUnit }}
+ {{- if $dnsNames }}
+ dnsNames:
+ {{- range $dnsName := $dnsNames }}
+ - {{ $dnsName }}
+ {{- end }}
+ {{- end }}
+ {{- if $ipAddresses }}
+ ipAddresses:
+ {{- range $ipAddress := $ipAddresses }}
+ - {{ $ipAddress }}
+ {{- end }}
+ {{- end }}
+ {{- if $uris }}
+ uris:
+ {{- range $uri := $uris }}
+ - {{ $uri }}
+ {{- end }}
+ {{- end }}
+ {{- if $emailAddresses }}
+ emailAddresses:
+ {{- range $emailAddress := $emailAddresses }}
+ - {{ $emailAddress }}
+ {{- end }}
+ {{- end }}
+ issuerRef:
+ group: {{ $issuer.group }}
+ kind: {{ $issuer.kind }}
+ name: {{ $issuer.name }}
+ {{- if $certificate.keystore }}
+ keystores:
+ {{- range $outputType := $certificate.keystore.outputType }}
+ {{- if eq $outputType "p12" }}
+ {{- $outputType = "pkcs12" }}
+ {{- end }}
+ {{ $outputType }}:
+ create: true
+ passwordSecretRef:
+ name: {{ $certificate.keystore.passwordSecretRef.name }}
+ key: {{ $certificate.keystore.passwordSecretRef.key }}
+ {{- end }}
+ {{- end }}
+{{ end }}
+{{- end -}}
+
+{{- define "common.certManager.volumeMounts" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+ {{- range $i, $certificate := $dot.Values.certificates -}}
+ {{- $mountPath := $certificate.mountPath -}}
+- mountPath: {{ $mountPath }}
+ name: certmanager-certs-volume-{{ $i }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certManager.volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- $certificates := $dot.Values.certificates -}}
+ {{- range $i, $certificate := $certificates -}}
+ {{- $name := include "common.fullname" $dot -}}
+ {{- $certificatesSecretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+- name: certmanager-certs-volume-{{ $i }}
+ projected:
+ sources:
+ - secret:
+ name: {{ $certificatesSecretName }}
+ {{- if $certificate.keystore }}
+ items:
+ {{- range $outputType := $certificate.keystore.outputType }}
+ - key: keystore.{{ $outputType }}
+ path: keystore.{{ $outputType }}
+ - key: truststore.{{ $outputType }}
+ path: truststore.{{ $outputType }}
+ {{- end }}
+ - secret:
+ name: {{ $certificate.keystore.passwordSecretRef.name }}
+ items:
+ - key: {{ $certificate.keystore.passwordSecretRef.key }}
+ path: keystore.pass
+ - key: {{ $certificate.keystore.passwordSecretRef.key }}
+ path: truststore.pass
+ {{- end }}
+ {{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/certManagerCertificate/values.yaml b/kubernetes/common/certManagerCertificate/values.yaml
new file mode 100644
index 0000000000..d60cdf6cbe
--- /dev/null
+++ b/kubernetes/common/certManagerCertificate/values.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+global:
+# default values for certificates
+ certificate:
+ default:
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
diff --git a/kubernetes/common/common/templates/_certificate.tpl b/kubernetes/common/common/templates/_certificate.tpl
deleted file mode 100644
index d3313b2bc1..0000000000
--- a/kubernetes/common/common/templates/_certificate.tpl
+++ /dev/null
@@ -1,192 +0,0 @@
-{{/*#
-# Copyright © 2020, Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.*/}}
-
-{{/*
-# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
-#
-# To request a certificate following steps are to be done:
-# - create an object 'certificates' in the values.yaml
-# - create a file templates/certificates.yaml and invoke the function "commom.certificate".
-#
-# Here is an example of the certificate request for a component:
-#
-# Directory structure:
-# component
-# templates
-# certifictes.yaml
-# values.yaml
-#
-# To be added in the file certificates.yamll
-#
-# To be added in the file values.yaml
-# 1. Minimal version (certificates only in PEM format)
-# certificates:
-# - commonName: component.onap.org
-#
-# 2. Extended version (with defined own issuer and additional certificate format):
-# certificates:
-# - name: onap-component-certificate
-# secretName: onap-component-certificate
-# commonName: component.onap.org
-# dnsNames:
-# - component.onap.org
-# issuer:
-# group: certmanager.onap.org
-# kind: CMPv2Issuer
-# name: cmpv2-issuer-for-the-component
-# p12Keystore:
-# create: true
-# passwordSecretRef:
-# name: secret-name
-# key: secret-key
-# jksKeystore:
-# create: true
-# passwordSecretRef:
-# name: secret-name
-# key: secret-key
-#
-# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
-# Other mandatory fields for the certificate definition do not have to be defined directly,
-# in that case they will be taken from default values.
-#
-# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
-# and can be overriden during onap installation process.
-#
-*/}}
-
-{{- define "common.certificate" -}}
-{{- $dot := default . .dot -}}
-{{- $certificates := $dot.Values.certificates -}}
-
-{{ range $i, $certificate := $certificates }}
-{{/*# General certifiacate attributes #*/}}
-{{- $name := include "common.fullname" $dot -}}
-{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}}
-{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
-{{- $commonName := default $dot.Values.global.certificate.default.commonName $certificate.commonName -}}
-{{- $renewBefore := default $dot.Values.global.certificate.default.renewBefore $certificate.renewBefore -}}
-{{- $duration := $certificate.duration -}}
-{{- $namespace := default $dot.Release.Namespace $dot.Values.global.certificate.default.namespace -}}
-{{- if $certificate.namespace -}}
-{{- $namespace = default $namespace $certificate.namespace -}}
-{{- end -}}
-{{/*# SAN's #*/}}
-{{- $dnsNames := default $dot.Values.global.certificate.default.dnsNames $certificate.dnsNames -}}
-{{- $ipAddresses := default $dot.Values.global.certificate.default.ipAddresses $certificate.ipAddresses -}}
-{{- $uris := default $dot.Values.global.certificate.default.uris $certificate.uris -}}
-{{- $emailAddresses := default $dot.Values.global.certificate.default.emailAddresses $certificate.emailAddresses -}}
-{{/*# Subject #*/}}
-{{- $subject := $dot.Values.global.certificate.default.subject -}}
-{{- if $certificate.subject -}}
-{{- $subject = mergeOverwrite $subject $certificate.subject -}}
-{{- end -}}
-{{/*# Issuer #*/}}
-{{- $issuer := $dot.Values.global.certificate.default.issuer -}}
-{{- if $certificate.issuer -}}
-{{- $issuer = mergeOverwrite $issuer $certificate.issuer -}}
-{{- end -}}
-{{/*# Keystores #*/}}
-{{- $createJksKeystore := $dot.Values.global.certificate.default.jksKeystore.create -}}
-{{- $jksKeystorePasswordSecretName := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.name -}}
-{{- $jksKeystorePasswordSecreKey := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.key -}}
-{{- $createP12Keystore := $dot.Values.global.certificate.default.p12Keystore.create -}}
-{{- $p12KeystorePasswordSecretName := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.name -}}
-{{- $p12KeystorePasswordSecreKey := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.key -}}
-{{- if $certificate.jksKeystore -}}
-{{- $createJksKeystore = default $createJksKeystore $certificate.jksKeystore.create -}}
-{{- if $certificate.jksKeystore.passwordSecretRef -}}
-{{- $jksKeystorePasswordSecretName = default $jksKeystorePasswordSecretName $certificate.jksKeystore.passwordSecretRef.name -}}
-{{- $jksKeystorePasswordSecreKey = default $jksKeystorePasswordSecreKey $certificate.jksKeystore.passwordSecretRef.key -}}
-{{- end -}}
-{{- end -}}
-{{- if $certificate.p12Keystore -}}
-{{- $createP12Keystore = default $createP12Keystore $certificate.p12Keystore.create -}}
-{{- if $certificate.p12Keystore.passwordSecretRef -}}
-{{- $p12KeystorePasswordSecretName = default $p12KeystorePasswordSecretName $certificate.p12Keystore.passwordSecretRef.name -}}
-{{- $p12KeystorePasswordSecreKey = default $p12KeystorePasswordSecreKey $certificate.p12Keystore.passwordSecretRef.key -}}
-{{- end -}}
-{{- end -}}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: {{ $certName }}
- namespace: {{ $namespace }}
-spec:
- secretName: {{ $secretName }}
- commonName: {{ $commonName }}
- renewBefore: {{ $renewBefore }}
- {{- if $duration }}
- duration: {{ $duration }}
- {{- end }}
- subject:
- organizations:
- - {{ $subject.organization }}
- countries:
- - {{ $subject.country }}
- localities:
- - {{ $subject.locality }}
- provinces:
- - {{ $subject.province }}
- organizationalUnits:
- - {{ $subject.organizationalUnit }}
- {{- if $dnsNames }}
- dnsNames:
- {{- range $dnsName := $dnsNames }}
- - {{ $dnsName }}
- {{- end }}
- {{- end }}
- {{- if $ipAddresses }}
- ipAddresses:
- {{- range $ipAddress := $ipAddresses }}
- - {{ $ipAddress }}
- {{- end }}
- {{- end }}
- {{- if $uris }}
- uris:
- {{- range $uri := $uris }}
- - {{ $uri }}
- {{- end }}
- {{- end }}
- {{- if $emailAddresses }}
- emailAddresses:
- {{- range $emailAddress := $emailAddresses }}
- - {{ $emailAddress }}
- {{- end }}
- {{- end }}
- issuerRef:
- group: {{ $issuer.group }}
- kind: {{ $issuer.kind }}
- name: {{ $issuer.name }}
- {{- if or $createJksKeystore $createP12Keystore }}
- keystores:
- {{- if $createJksKeystore }}
- jks:
- create: {{ $createJksKeystore }}
- passwordSecretRef:
- name: {{ $jksKeystorePasswordSecretName }}
- key: {{ $jksKeystorePasswordSecreKey }}
- {{- end }}
- {{- if $createP12Keystore }}
- pkcs12:
- create: {{ $createP12Keystore }}
- passwordSecretRef:
- name: {{ $p12KeystorePasswordSecretName }}
- key: {{ $p12KeystorePasswordSecreKey }}
- {{- end }}
- {{- end }}
-{{ end }}
-
-{{- end -}}
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index 18f9bb1ba5..7fee67a7a4 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -1,9 +1,15 @@
-{{- define "ingress.config.port" -}}
+{{- define "ingress.config.host" -}}
{{- $dot := default . .dot -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
+{{ printf "%s.%s" $baseaddr $burl }}
+{{- end -}}
+
+{{- define "ingress.config.port" -}}
+{{- $dot := default . .dot -}}
{{ range .Values.ingress.service }}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
- - host: {{ printf "%s.%s" $baseaddr $burl }}
+ - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
http:
paths:
- backend:
@@ -83,12 +89,12 @@ spec:
{{- end -}}
{{- if .Values.ingress.config -}}
{{- if .Values.ingress.config.tls -}}
-{{- $dot := default . .dot -}}
+{{- $dot := default . .dot }}
tls:
- - hosts:
- {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
+ - hosts:
+ {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- end }}
secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }}
{{- end -}}
{{- end -}}
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
index f5592bd252..e39b8c4ca2 100644
--- a/kubernetes/common/etcd/templates/statefulset.yaml
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -133,6 +133,10 @@ spec:
# we should wait for other pods to be up before trying to join
# otherwise we got "no such host" errors when trying to resolve other members
for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do
+ if [ "${SET_NAME}-${i}" == "${HOSTNAME}" ]; then
+ echo "Skipping self-checking"
+ continue
+ fi
while true; do
echo "Waiting for ${SET_NAME}-${i}.${SERVICE_NAME} to come up"
ping -W 1 -c 1 ${SET_NAME}-${i}.${SERVICE_NAME} > /dev/null && break
diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml
index a9566c1811..0a3c9315ab 100644
--- a/kubernetes/common/music/requirements.yaml
+++ b/kubernetes/common/music/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~7.x-0
repository: 'file://../repositoryGenerator'
+ - name: certInitializer
+ version: ~7.x-0
+ repository: 'file://../certInitializer' \ No newline at end of file
diff --git a/kubernetes/common/music/resources/config/music-sb.properties b/kubernetes/common/music/resources/config/music-sb.properties
index 751a351737..7a13f10d8e 100755
--- a/kubernetes/common/music/resources/config/music-sb.properties
+++ b/kubernetes/common/music/resources/config/music-sb.properties
@@ -6,7 +6,7 @@ server.tomcat.max-threads=100
#logging.file=/opt/app/music/logs/MUSIC/music-app.log
#logging.config=file:/opt/app/music/etc/logback.xml
security.require-ssl=true
-server.ssl.key-store=/opt/app/aafcertman/org.onap.music.jks
+server.ssl.key-store=/opt/app/aafcertman/local/org.onap.music.jks
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS
diff --git a/kubernetes/common/music/resources/keys/org.onap.music.jks b/kubernetes/common/music/resources/keys/org.onap.music.jks
deleted file mode 100644
index 35d27c3ef7..0000000000
--- a/kubernetes/common/music/resources/keys/org.onap.music.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/common/music/resources/keys/truststoreONAPall.jks b/kubernetes/common/music/resources/keys/truststoreONAPall.jks
deleted file mode 100644
index ff844b109d..0000000000
--- a/kubernetes/common/music/resources/keys/truststoreONAPall.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/common/music/templates/deployment.yaml b/kubernetes/common/music/templates/deployment.yaml
index cf0ce8f899..1e5d3c5377 100644
--- a/kubernetes/common/music/templates/deployment.yaml
+++ b/kubernetes/common/music/templates/deployment.yaml
@@ -38,19 +38,18 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.certInitializer.initContainer" . | indent 8 | trim }}
- command:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "export KEYSTORE_PASSWORD=$(cat /opt/app/aafcertman/local/.pass); cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-keystore-pw" "key" "password") | indent 12}}
- name: CASSA_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }}
- name: CASSA_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /config-input
name: properties-music-scrubbed
- mountPath: /config
@@ -87,7 +86,7 @@ spec:
value: "{{ .Values.javaOpts }}"
- name: DEBUG
value: "{{ .Values.debug }}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: localtime
mountPath: /etc/localtime
readOnly: true
@@ -100,9 +99,7 @@ spec:
- name: properties-music-scrubbed
mountPath: /opt/app/music/etc/logback.xml
subPath: logback.xml
- - name: certs-aaf
- mountPath: /opt/app/aafcertman/
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: shared-data
emptyDir: {}
- name: certificate-vol
@@ -116,6 +113,3 @@ spec:
- name: properties-music
emptyDir:
medium: Memory
- - name: certs-aaf
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "music-certs") }}
diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml
index 31df352de7..25cab910a9 100644
--- a/kubernetes/common/music/values.yaml
+++ b/kubernetes/common/music/values.yaml
@@ -25,16 +25,6 @@ global:
# Secrets metaconfig
#################################################################
secrets:
- - uid: music-certs
- name: keystore.jks
- type: generic
- filePaths:
- - resources/keys/org.onap.music.jks
- - uid: music-keystore-pw
- name: keystore-pw
- type: password
- password: '{{ .Values.keystorePassword }}'
- passwordPolicy: required
- uid: cassa-secret
type: basicAuth
login: '{{ .Values.properties.cassandraUser }}'
@@ -115,8 +105,6 @@ debug: false
ingress:
enabled: false
-keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew"
-
properties:
lockUsing: "cassandra"
# Comma dilimited list of hosts
@@ -159,4 +147,22 @@ logback:
metricsLogLevel: info
auditLogLevel: info
# Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
- rootLogLevel: INFO \ No newline at end of file
+ rootLogLevel: INFO
+
+#sub-charts configuration
+certInitializer:
+ nameOverride: music-cert-initializer
+ fqdn: "music.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "music@music.onap.org"
+ fqi_namespace: org.onap.music
+ public_fqdn: "music.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /opt/app/aafcertman
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1;
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
index f0e9a39494..f34c8ddbc8 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
@@ -3,6 +3,7 @@
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# Modifications (c) 2020 Nokia. All rights reserved.
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,9 +29,6 @@ dependencies:
- name: mongo
version: ~7.x-0
repository: '@local'
- - name: cmpv2Config
- version: ~7.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~7.x-0
repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml
deleted file mode 100644
index d05129bc10..0000000000
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-{{/*
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ if .Values.componentImages.datafile_collector }}
-tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.datafile_collector }}
-{{ end }}
-replicas: 1
-log_directory: "/var/log/ONAP"
-topic_name: "unauthenticated.VES_NOTIFICATION_OUTPUT"
-envs: {}
-use_tls: true
-PM_MEAS_FILES_feed0_location: "loc00"
-feed0_name: "bulk_pm_feed"
-consumer_id: "C12"
-consumer_group: "OpenDcae-c12"
-cert_directory: "/opt/app/datafile/etc/cert/"
-external_port: ":0"
-datafile-collector_memory_limit: "512Mi"
-datafile-collector_memory_request: "512Mi"
-datafile-collector_cpu_limit: "250m"
-datafile-collector_cpu_request: "250m"
-external_cert_use_external_tls: false
-external_cert_ca_name: "RA"
-external_cert_common_name: "dcae-datafile-collector"
-external_cert_sans: "dcae-datafile-collector,datafile-collector,datafile"
-external_cert_cert_type: "P12"
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml
deleted file mode 100644
index 7c234243b0..0000000000
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-{{/*
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ if .Values.componentImages.snmptrap }}
-tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.snmptrap }}
-{{ end }}
-external_port: {{ .Values.config.address.snmptrap.port }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml
index 47db1753e0..135572fb2f 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml
@@ -3,6 +3,7 @@
# ================================================================================
# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,15 +18,6 @@
# limitations under the License.
# ============LICENSE_END=========================================================
*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dcae-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
apiVersion: v1
kind: ConfigMap
metadata:
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
index 15a2ad1212..ac37beed6b 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
@@ -3,6 +3,7 @@
# ================================================================================
# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -118,8 +119,6 @@ spec:
volumeMounts:
- mountPath: /inputs
name: {{ include "common.fullname" . }}-dcae-inputs
- - mountPath: /dcae-configs
- name: {{ include "common.fullname" . }}-dcae-config
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -148,9 +147,6 @@ spec:
- name: {{ include "common.fullname" . }}-dcae-inputs
emptyDir:
medium: Memory
- - name: {{ include "common.fullname" . }}-dcae-config
- configMap:
- name: {{ include "common.fullname" . }}-dcae-config
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 2826516330..f71db5edeb 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -2,6 +2,7 @@
#=================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -103,7 +104,7 @@ mongo:
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.0
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
index af43e0fb71..c06e459289 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,4 +20,7 @@ dependencies:
repository: '@local'
- name: repositoryGenerator
version: ~7.x-0
+ repository: '@local'
+ - name: cmpv2Config
+ version: ~7.x-0
repository: '@local' \ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/dmaap-plugin.json
index 44a345455a..44a345455a 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/dmaap-plugin.json
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
index 5e37856d19..c967774cb9 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
@@ -18,7 +18,6 @@
# limitations under the License.
# ============LICENSE_END=========================================================
*/}}
-
{
"namespace": "{{ if .Values.dcae_ns }}{{ .Values.dcae_ns}}{{ else }}{{include "common.namespace" . }}{{ end}}",
"consul_dns_name": "{{ .Values.config.address.consul.host }}.{{ include "common.namespace" . }}",
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml
index 6ec98b56c4..806b06ed8a 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml
@@ -3,6 +3,7 @@
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,7 +18,6 @@
# limitations under the License.
# ============LICENSE_END=========================================================
*/}}
-
apiVersion: v1
kind: ConfigMap
metadata:
@@ -29,6 +29,14 @@ data:
apiVersion: v1
kind: ConfigMap
metadata:
+ name: {{ include "common.fullname" . }}-plugins
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
name: {{ include "common.release" . }}-dcae-filebeat-configmap
namespace: {{include "common.namespace" . }}
data:
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
index 6c7fa4d85c..204a3e27d7 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
@@ -3,7 +3,7 @@
# ================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
-# Copyright (c) 2020 J. F. Lucas. All rights reserved.
+# Copyright (c) 2020-2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -46,6 +46,8 @@ spec:
- ip: "127.0.0.1"
hostnames:
- "dcae-cloudify-manager"
+ # Cloudify requires a fixed hostname across restarts
+ hostname: dcae-cloudify-manager
initContainers:
- name: {{ include "common.name" . }}-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
@@ -55,6 +57,8 @@ spec:
args:
- --container-name
- aaf-cm
+ - --container-name
+ - consul-server
- "-t"
- "15"
env:
@@ -71,6 +75,18 @@ spec:
- {{ include "common.namespace" . }}
- --configmap
- {{ .Values.multisiteConfigMapName }}
+ - name: init-consul
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --key
+ - k8s-plugin|/plugin-configs/k8s-plugin.json
+ - --key
+ - dmaap-plugin|/plugin-configs/dmaap-plugin.json
+ resources: {}
+ volumeMounts:
+ - mountPath: /plugin-configs
+ name: plugin-configs
- name: init-tls
env:
- name: POD_IP
@@ -160,6 +176,9 @@ spec:
- name: {{ include "common.fullname" .}}-kubeconfig
configMap:
name: {{ .Values.multisiteConfigMapName }}
+ - name: plugin-configs
+ configMap:
+ name: {{ include "common.fullname" . }}-plugins
- name: dcae-token
secret:
secretName: dcae-token
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index e187e119dc..891c0e1650 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -2,7 +2,7 @@
# ================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
-# Copyright (c) 2020 J. F. Lucas. All rights reserved.
+# Copyright (c) 2020-2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ global:
nodePortPrefix: 302
persistence: {}
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
repositoryCred:
user: docker
password: docker
@@ -49,7 +50,7 @@ config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:4.1.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
@@ -61,6 +62,9 @@ multisiteInitImage: onap/org.onap.dcaegen2.deployments.multisite-init-container:
# image for cleanup job container
cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0.0
+# default location for k8s deployments via Cloudify
+default_k8s_location: central
+
# probe configuration parameters
liveness:
initialDelaySeconds: 10
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
index 13ea930aa5..a9c0029f41 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
@@ -92,7 +92,7 @@ postgres:
mountInitPath: dcaemod
# application image
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.4
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index b9f8943e04..03b5c83a97 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -69,7 +69,7 @@ readiness:
# Should have a proper readiness endpoint or script
# application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.0
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.1
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index f653a02cff..40a4d7db93 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -87,7 +87,7 @@ spec:
{{- end -}}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
- {{- end -}}
+ {{- end }}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
image: {{ include "repositoryGenerator.image.logging" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index a43073e8e2..5c94116bac 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -105,7 +105,7 @@ spec:
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
- {{- end -}}
+ {{- end }}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
image: {{ include "repositoryGenerator.image.logging" . }}
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index b401d66c3a..0920222ad7 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -172,10 +172,15 @@ global:
aafEnabled: true
aafAgentImage: onap/aaf/aaf_agent:2.1.20
- # default values for certificates
+ # Disabling MSB
+ # POC Mode, only for use in development environment
+ msbEnabled: true
+
+ # default values for certificates
certificate:
default:
- renewBefore: 8h
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
subject:
organization: "Linux-Foundation"
country: "US"
@@ -186,16 +191,6 @@ global:
group: certmanager.onap.org
kind: CMPv2Issuer
name: cmpv2-issuer-onap
- p12Keystore:
- create: false
- passwordSecretRef:
- name: ""
- key: ""
- jksKeystore:
- create: false
- passwordSecretRef:
- name: ""
- key: ""
# Enabling CMPv2
cmpv2Enabled: true
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index f58ecb16be..27b68df4ee 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -24,6 +24,9 @@ dependencies:
- name: cmpv2Certificate
version: ~7.x-0
repository: '@local'
+ - name: certManagerCertificate
+ version: ~7.x-0
+ repository: '@local'
- name: logConfiguration
version: ~7.x-0
repository: '@local'
diff --git a/kubernetes/sdnc/templates/certificates.yaml b/kubernetes/sdnc/templates/certificates.yaml
index dda16176a5..c4eca61e35 100644
--- a/kubernetes/sdnc/templates/certificates.yaml
+++ b/kubernetes/sdnc/templates/certificates.yaml
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2020 Nokia
+# Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,6 +14,6 @@
# limitations under the License.
*/}}
-{{ if .Values.global.CMPv2CertManagerIntegration }}
-{{ include "common.certificate" . }}
+{{ if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "certManagerCertificate.certificate" . }}
{{ end }}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 2158fefe19..51c50e4fec 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -203,6 +203,9 @@ spec:
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
+{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "common.certManager.volumeMounts" . | indent 10 }}
+{{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -317,6 +320,9 @@ spec:
{{ else }}
{{ include "common.certInitializer.volumes" . | nindent 8 }}
{{ include "common.certServiceClient.volumes" . | nindent 8 }}
+{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "common.certManager.volumes" . | nindent 8 }}
+{{- end }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index c02d5592e6..efc13e92e6 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -117,10 +117,6 @@ secrets:
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- password: secret
- passwordPolicy: required
#################################################################
# Certificates
#################################################################
@@ -129,16 +125,16 @@ certificates:
commonName: sdnc.simpledemo.onap.org
dnsNames:
- sdnc.simpledemo.onap.org
- p12Keystore:
- create: true
- passwordSecretRef:
- name: keystore-password
- key: password
- jksKeystore:
- create: true
+ keystore:
+ outputType:
+ - jks
passwordSecretRef:
- name: keystore-password
+ name: sdnc-cmpv2-keystore-password
key: password
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
#################################################################
# Application configuration defaults.
#################################################################