diff options
Diffstat (limited to 'kubernetes')
101 files changed, 603 insertions, 3520 deletions
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat index cbe9864f1b..6fc63e47d7 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat @@ -3,8 +3,8 @@ aaf@aaf.osaaf.org|aaf|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30| aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file'} aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'} aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} -aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'} -aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'} +aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} +aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'} aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'} appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'} clamp@clamp.onap.org|clamp|local|/opt/app/osaaf/local||mailto:|org.onap.clamp|root|30|{'clamp', 'clamp-onap', 'clamp.api.simpledemo.onap.org', 'clamp.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 9eec841aa2..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index 0637cfb84b..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="info" /> - -</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 99129c145f..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index acc940987c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,93 +0,0 @@ -[ - { - "uri": "\/not\/allowed\/at\/all$", - "permissions": [ - "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" - ] - }, - { - "uri": "\/one\/auth\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/multi\/auth\/required$", - "permissions": [ - "test.auth.access.aMultipleAuth1", - "test.auth.access.aMultipleAuth2", - "test.auth.access.aMultipleAuth3" - ] - }, - { - "uri": "\/one\/[^\/]+\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/services\/getAAFRequest$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/admin\/getAAFRequest$", - "permissions": [ - "test.auth.access|admin|GET,PUT,POST" - ] - }, - { - "uri": "\/service\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/services\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/$", - "permissions": [ - "\\|services\\|GET", - "test\\.auth\\.access\\|services\\|GET,PUT" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", - "permissions": [ - "test\\.auth\\.access\\|rest\\|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read", - "test.auth.access|vservers|read" - ] - }, - { - "uri": "\/backend$", - "permissions": [ - "test\\.auth\\.access\\|services\\|GET,PUT", - "\\|services\\|GET" - ] - }, - { - "uri": "\/services\/babel-service\/.*", - "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] - } -] diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties deleted file mode 100644 index 188c55bee2..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG -cadi_keyfile=/opt/app/rproxy/config/security/keyfile - -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -# Configure AAF -aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 1b58d4235c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 2cd95d4c69..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="info" /> - -</configuration> diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 7055bf5303..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 9516 diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile deleted file mode 100644 index 6cd12fcfb4..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM -1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 -xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK -BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm -6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 -QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm -zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 -x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf -8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz -FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz -UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r -banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv -6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG -yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB -xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB -lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq -ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE -fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v -1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 -liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc -0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u -PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm -8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv -dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ --85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn -c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J -uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml index cdd2a4fefe..baee38c0e2 100644 --- a/kubernetes/aai/components/aai-babel/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,46 +28,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index e75815ecb6..9fe386a3c6 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020,2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,19 +37,6 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - {{ if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - - initContainers: - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true - {{ end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -127,79 +114,6 @@ spec: - mountPath: /usr/share/filebeat/data name: aai-filebeat - {{ if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{ end }} - volumes: - name: localtime hostPath: @@ -226,32 +140,6 @@ spec: emptyDir: {} - name: aai-filebeat emptyDir: {} - {{ if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config - {{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml index 630ce83b31..b81ffa05b9 100644 --- a/kubernetes/aai/components/aai-babel/templates/secrets.yaml +++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -43,48 +44,3 @@ type: Opaque data: KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml index fb7295581c..db54ce14f2 100644 --- a/kubernetes/aai/components/aai-babel/templates/service.yaml +++ b/kubernetes/aai/components/aai-babel/templates/service.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,27 +29,16 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if .Values.global.installSidecarSecurity }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.global.rproxy.port }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- end}} - {{ else }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - {{ end }} + {{- if eq .Values.service.type "NodePort" }} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else }} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end }} + selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index f0a5ec2b78..db1a2eb86b 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -1,6 +1,6 @@ # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020, 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,8 +17,7 @@ ################################################################# # Global configuration defaults. ################################################################# -global: - installSidecarSecurity: false +global: {} ################################################################# # Application configuration defaults. diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index d9fe86e4ec..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore Binary files differdeleted file mode 100644 index f6ebc75ed8..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 9eec841aa2..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index 9a08348b0d..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="info" /> - -</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index 071d407de5..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 Binary files differdeleted file mode 100644 index 023e2eaac6..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 6ad5f51ad3..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index e23c03d833..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,99 +0,0 @@ -[ - { - "uri": "\/not\/allowed\/at\/all$", - "permissions": [ - "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" - ] - }, - { - "uri": "\/one\/auth\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/multi\/auth\/required$", - "permissions": [ - "test.auth.access.aMultipleAuth1", - "test.auth.access.aMultipleAuth2", - "test.auth.access.aMultipleAuth3" - ] - }, - { - "uri": "\/one\/[^\/]+\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/services\/getAAFRequest$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/admin\/getAAFRequest$", - "permissions": [ - "test.auth.access|admin|GET,PUT,POST" - ] - }, - { - "uri": "\/service\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/services\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/$", - "permissions": [ - "\\|services\\|GET", - "test\\.auth\\.access\\|services\\|GET,PUT" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", - "permissions": [ - "test\\.auth\\.access\\|rest\\|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read", - "test.auth.access|vservers|read" - ] - }, - { - "uri": "\/backend$", - "permissions": [ - "test\\.auth\\.access\\|services\\|GET,PUT", - "\\|services\\|GET" - ] - }, - { - "uri": "\/aai\/.*", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - }, - { - "uri": "\/aai\/util\/echo", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - } -] diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties deleted file mode 100644 index fb3d1ccd3e..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG - -# OAuth2 -aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect - -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -# Locate URL (which AAF Env) -aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 - -# AAF URL -aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 - -cadi_keyfile=/opt/app/rproxy/config/security/keyfile -cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 -cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV -cadi_alias=aai@aai.onap.org -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 1b58d4235c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 799fd8689b..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="info" /> - -</configuration> diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 2c89d28180..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 8447 diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile deleted file mode 100644 index 3416d4a737..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf -jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm -4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe -moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf -GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT -74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh -iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb -p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt -3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW -hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 -RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX -xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk -8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q -ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i -5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe -GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE -_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k -zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf -S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU -LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw -hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W -nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP -bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN -JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk -Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y -J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP -mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml index 2927031eb5..f173916104 100644 --- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -49,113 +50,3 @@ data: {{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf-keys - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-aai-policy-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} -{{ end }} diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 09e9607de7..6fbbf1c089 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -2,6 +2,7 @@ # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,1151 +40,38 @@ spec: name: {{ include "common.name" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.global.msbEnabled }} + {{ $values := .Values }} msb.onap.org/service-info: '[ + {{- range $api_endpoint := $values.aai_enpoints -}} + {{- range $api_version := $values.api_list }} { - "serviceName": "_aai-cloudInfrastructure", - "version": "v11", - "url": "/aai/v11/cloud-infrastructure", + "serviceName": "_{{ $api_endpoint.name }}", + "version": "v{{ $api_version }}", + "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8447", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1", - "path": "/aai/v11/cloud-infrastructure" + "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}" }, { - "serviceName": "_aai-cloudInfrastructure", - "version": "v12", - "url": "/aai/v12/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v13", - "url": "/aai/v13/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v14", - "url": "/aai/v14/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v15", - "url": "/aai/v15/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v16", - "url": "/aai/v16/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v17", - "url": "/aai/v17/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v18", - "url": "/aai/v18/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/cloud-infrastructure" - }, - { - "serviceName": "_aai-cloudInfrastructure", - "version": "v19", - "url": "/aai/v19/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/cloud-infrastructure" - }, - { - "serviceName": "_aai-business", - "version": "v11", - "url": "/aai/v11/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/business" - }, - { - "serviceName": "_aai-business", - "version": "v12", - "url": "/aai/v12/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/business" - }, - { - "serviceName": "_aai-business", - "version": "v13", - "url": "/aai/v13/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/business" - }, - { - "serviceName": "_aai-business", - "version": "v14", - "url": "/aai/v14/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/business" - }, - { - "serviceName": "_aai-business", - "version": "v15", - "url": "/aai/v15/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/business" - }, - { - "serviceName": "_aai-business", - "version": "v16", - "url": "/aai/v16/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/business" - }, - { - "serviceName": "_aai-business", - "version": "v17", - "url": "/aai/v17/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/business" - }, - { - "serviceName": "_aai-business", - "version": "v18", - "url": "/aai/v18/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/business" - }, - { - "serviceName": "_aai-business", - "version": "v19", - "url": "/aai/v19/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/business" - }, - { - "serviceName": "_aai-actions", - "version": "v11", - "url": "/aai/v11/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v12", - "url": "/aai/v12/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v13", - "url": "/aai/v13/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v14", - "url": "/aai/v14/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v15", - "url": "/aai/v15/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v16", - "url": "/aai/v16/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v17", - "url": "/aai/v17/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v18", - "url": "/aai/v18/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/actions" - }, - { - "serviceName": "_aai-actions", - "version": "v19", - "url": "/aai/v19/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/actions" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v11", - "url": "/aai/v11/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v12", - "url": "/aai/v12/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v13", - "url": "/aai/v13/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v14", - "url": "/aai/v14/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v15", - "url": "/aai/v15/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v16", - "url": "/aai/v16/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v17", - "url": "/aai/v17/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v18", - "url": "/aai/v18/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/service-design-and-creation" - }, - { - "serviceName": "_aai-service-design-and-creation", - "version": "v19", - "url": "/aai/v19/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/service-design-and-creation" - }, - { - "serviceName": "_aai-network", - "version": "v11", - "url": "/aai/v11/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/network" - }, - { - "serviceName": "_aai-network", - "version": "v12", - "url": "/aai/v12/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/network" - }, - { - "serviceName": "_aai-network", - "version": "v13", - "url": "/aai/v13/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/network" - }, - { - "serviceName": "_aai-network", - "version": "v14", - "url": "/aai/v14/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/network" - }, - { - "serviceName": "_aai-network", - "version": "v15", - "url": "/aai/v15/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/network" - }, - { - "serviceName": "_aai-network", - "version": "v16", - "url": "/aai/v16/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/network" - }, - { - "serviceName": "_aai-network", - "version": "v17", - "url": "/aai/v17/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/network" - }, - { - "serviceName": "_aai-network", - "version": "v18", - "url": "/aai/v18/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/network" - }, - { - "serviceName": "_aai-network", - "version": "v19", - "url": "/aai/v19/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/network" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v11", - "url": "/aai/v11/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v12", - "url": "/aai/v12/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v13", - "url": "/aai/v13/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v14", - "url": "/aai/v14/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v15", - "url": "/aai/v15/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v16", - "url": "/aai/v16/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v17", - "url": "/aai/v17/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v18", - "url": "/aai/v18/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/external-system" - }, - { - "serviceName": "_aai-externalSystem", - "version": "v19", - "url": "/aai/v19/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/external-system" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v11", - "url": "/aai/v11/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v12", - "url": "/aai/v12/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v13", - "url": "/aai/v13/cloud-infrastructure", + "serviceName": "{{ $api_endpoint.name }}", + "version": "v{{ $api_version }}", + "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8447", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v14", - "url": "/aai/v14/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v15", - "url": "/aai/v15/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v16", - "url": "/aai/v16/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v17", - "url": "/aai/v17/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v18", - "url": "/aai/v18/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-cloudInfrastructure", - "version": "v19", - "url": "/aai/v19/cloud-infrastructure", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v11", - "url": "/aai/v11/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v12", - "url": "/aai/v12/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v13", - "url": "/aai/v13/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v14", - "url": "/aai/v14/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v15", - "url": "/aai/v15/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v16", - "url": "/aai/v16/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v17", - "url": "/aai/v17/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v18", - "url": "/aai/v18/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-business", - "version": "v19", - "url": "/aai/v19/business", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v11", - "url": "/aai/v11/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v12", - "url": "/aai/v12/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v13", - "url": "/aai/v13/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v14", - "url": "/aai/v14/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v15", - "url": "/aai/v15/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v16", - "url": "/aai/v16/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v17", - "url": "/aai/v17/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v18", - "url": "/aai/v18/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-actions", - "version": "v19", - "url": "/aai/v19/actions", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v11", - "url": "/aai/v11/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v12", - "url": "/aai/v12/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v13", - "url": "/aai/v13/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v14", - "url": "/aai/v14/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v15", - "url": "/aai/v15/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v16", - "url": "/aai/v16/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v17", - "url": "/aai/v17/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v18", - "url": "/aai/v18/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-service-design-and-creation", - "version": "v19", - "url": "/aai/v19/service-design-and-creation", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v11", - "url": "/aai/v11/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v12", - "url": "/aai/v12/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v13", - "url": "/aai/v13/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v14", - "url": "/aai/v14/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v15", - "url": "/aai/v15/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v16", - "url": "/aai/v16/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v17", - "url": "/aai/v17/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v18", - "url": "/aai/v18/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-network", - "version": "v19", - "url": "/aai/v19/network", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v11", - "url": "/aai/v11/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v12", - "url": "/aai/v12/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v13", - "url": "/aai/v13/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v14", - "url": "/aai/v14/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v15", - "url": "/aai/v15/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v16", - "url": "/aai/v16/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v17", - "url": "/aai/v17/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v18", - "url": "/aai/v18/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-externalSystem", - "version": "v19", - "url": "/aai/v19/external-system", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - } + {{- end }} + {{- end }} ]' + {{- end }} spec: hostname: aai-resources - {{- if .Values.global.initContainers.enabled }} - {{- if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - {{- end }} initContainers: - command: {{- if .Values.global.jobs.migration.enabled }} @@ -1191,23 +79,24 @@ spec: args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else if .Values.global.jobs.createSchema.enabled }} + {{- else }} + {{- if .Values.global.jobs.createSchema.enabled }} - /app/ready.py args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} + {{- else }} - /app/ready.py args: - --container-name - {{- if .Values.global.cassandra.localCluster }} + {{- if .Values.global.cassandra.localCluster }} - aai-cassandra - {{- else }} + {{- else }} - cassandra - {{- end }} + {{- end }} - --container-name - aai-schema-service - {{- end }} + {{- end }} env: - name: NAMESPACE valueFrom: @@ -1217,14 +106,7 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - {{- if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true {{- end }} - {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -1260,11 +142,6 @@ spec: - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties - {{- if .Values.global.installSidecarSecurity }} - - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json - name: {{ include "common.fullname" . }}-aai-policy - subPath: aai_policy.json - {{- end }} - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile @@ -1338,84 +215,6 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.sidecar.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 - subPath: org.onap.aai.p12 - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.sidecar.keyStorePassword }} - - name: TRUST_STORE_PASSWORD - value: {{ .Values.sidecar.trustStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/fproxy_truststore - subPath: fproxy_truststore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{- end }} volumes: - name: aai-common-aai-auth-mount secret: @@ -1447,35 +246,6 @@ spec: - key: {{ . }} path: {{ . }} {{- end }} - {{- if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-aai-policy - configMap: - name: {{ include "common.fullname" . }}-aai-policy-configmap - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config - {{- end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-resources/templates/secret.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml new file mode 100644 index 0000000000..d24149086e --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/secret.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-keys + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index 66dfd493dd..460e0d5b93 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -27,7 +27,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} + {{ if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} @@ -39,7 +39,7 @@ spec: name: {{ .Values.service.portName }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} - {{- end}} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 2685d9a3f5..5210a249d2 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -1,5 +1,6 @@ # Copyright (c) 2018 Amdocs, Bell Canada, AT&T # Copyright (c) 2020 Nokia, Orange +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,9 +24,6 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - rproxy: - name: reverse-proxy - initContainers: enabled: true @@ -116,6 +114,31 @@ global: # global defaults realtime: clients: SDNC,MSO,SO,robot-ete +api_list: + - 11 + - 12 + - 13 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + +aai_enpoints: + - name: aai-cloudInfrastructure + url: cloud-infrastructure + - name: aai-business + url: business + - name: aai-actions + url: actions + - name: aai-service-design-and-creation + url: service-design-and-creation + - name: aai-network + url: network + - name: aai-externalSystem + url: external-system + # application image image: onap/aai-resources:1.7.2 pullPolicy: Always diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index edac199968..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="debug"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="trace" additivity="false"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </logger> - -</configuration> diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index 595d484c37..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,11 +0,0 @@ -[ - { - "uri": "\/services\/search-data-service\/.*", - "method": "GET|PUT|POST|DELETE", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - } - - -] diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties deleted file mode 100644 index fb3d1ccd3e..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG - -# OAuth2 -aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect - -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -# Locate URL (which AAF Env) -aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 - -# AAF URL -aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 - -cadi_keyfile=/opt/app/rproxy/config/security/keyfile -cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 -cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV -cadi_alias=aai@aai.onap.org -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 55a9b4816f..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 289fe7512c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="debug"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="trace" additivity="false"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </logger> - -</configuration> diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 5fddcb240a..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 9509 diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml index 28cf730930..0d76239ef9 100644 --- a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,47 +40,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} -{{ end }} - diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml index eb4aefeeb3..eaa90870b0 100644 --- a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020,2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,14 +38,6 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - {{ if .Values.global.installSidecarSecurity }} - initContainers: - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true - {{ end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -126,85 +118,6 @@ spec: name: {{ include "common.fullname" . }}-service-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-service-filebeat - - {{ if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 - subPath: org.onap.aai.p12 - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: TRUST_STORE_PASSWORD - value: {{ .Values.config.trustStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/fproxy_truststore - subPath: fproxy_truststore - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{ end }} - volumes: - name: localtime hostPath: @@ -228,35 +141,6 @@ spec: - name: {{ include "common.fullname" . }}-service-log-conf configMap: name: {{ include "common.fullname" . }}-service-log - {{ if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - secret: - secretName: aai-rproxy-auth-certs - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: aai-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - secret: - secretName: aai-fproxy-auth-certs - {{ end }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml index eacae25647..3135df6f07 100644 --- a/kubernetes/aai/components/aai-search-data/templates/secret.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,16 +41,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} -{{ end }} - diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml index 940222cd3e..e031410737 100644 --- a/kubernetes/aai/components/aai-search-data/templates/service.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,28 +28,14 @@ metadata: spec: type: {{ .Values.service.type }} ports: -{{ if .Values.global.installSidecarSecurity }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- end}} - {{ else }} - - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} -{{ end }} + {{- if eq .Values.service.type "NodePort" }} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else }} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml index ae61dd761f..4bd535a475 100644 --- a/kubernetes/aai/components/aai-search-data/values.yaml +++ b/kubernetes/aai/components/aai-search-data/values.yaml @@ -55,7 +55,7 @@ readiness: service: type: ClusterIP portName: aai-search-data - internalPort: 9509 + internalPort: "9509" ingress: enabled: false diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index ab1cb309d8..6f5ac8263b 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -2,6 +2,7 @@ # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,304 +40,34 @@ spec: name: {{ include "common.name" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.global.msbEnabled }} + {{ $values := .Values }} msb.onap.org/service-info: '[ + {{- range $api_endpoint := $values.aai_enpoints -}} + {{- range $api_version := $values.api_list }} { - "serviceName": "_aai-generic-query", - "version": "v11", - "url": "/aai/v11/search/generic-query", + "serviceName": "_{{ $api_endpoint.name }}", + "version": "v{{ $api_version }}", + "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8446", "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1", - "path": "/aai/v11/search/generic-query" + "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}" }, { - "serviceName": "_aai-generic-query", - "version": "v12", - "url": "/aai/v12/search/generic-query", + "serviceName": "{{ $api_endpoint.name }}", + "version": "v{{ $api_version }}", + "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", "protocol": "REST", "port": "8446", "enable_ssl": true, "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v13", - "url": "/aai/v13/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v14", - "url": "/aai/v14/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v15", - "url": "/aai/v15/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v16", - "url": "/aai/v16/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v17", - "url": "/aai/v17/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v18", - "url": "/aai/v18/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/search/generic-query" - }, - { - "serviceName": "_aai-generic-query", - "version": "v19", - "url": "/aai/v19/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/search/generic-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v11", - "url": "/aai/v11/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v12", - "url": "/aai/v12/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v13", - "url": "/aai/v13/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v14", - "url": "/aai/v14/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v15", - "url": "/aai/v15/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v16", - "url": "/aai/v16/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v17", - "url": "/aai/v17/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v18", - "url": "/aai/v18/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/search/nodes-query" - }, - { - "serviceName": "_aai-nodes-query", - "version": "v19", - "url": "/aai/v19/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/search/nodes-query" - }, - { - "serviceName": "_aai-query", - "version": "v11", - "url": "/aai/v11/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v11/query" - }, - { - "serviceName": "_aai-query", - "version": "v12", - "url": "/aai/v12/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v12/query" - }, - { - "serviceName": "_aai-query", - "version": "v13", - "url": "/aai/v13/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v13/query" - }, - { - "serviceName": "_aai-query", - "version": "v14", - "url": "/aai/v14/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v14/query" - }, - { - "serviceName": "_aai-query", - "version": "v15", - "url": "/aai/v15/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v15/query" - }, - { - "serviceName": "_aai-query", - "version": "v16", - "url": "/aai/v16/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v16/query" - }, - { - "serviceName": "_aai-query", - "version": "v17", - "url": "/aai/v17/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v17/query" - }, - { - "serviceName": "_aai-query", - "version": "v18", - "url": "/aai/v18/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v18/query" - }, - { - "serviceName": "_aai-query", - "version": "v19", - "url": "/aai/v19/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v19/query" + "visualRange": "1" }, + {{- end }} + {{- end }} { "serviceName": "_aai-named-query", "url": "/aai/search", @@ -348,276 +79,6 @@ spec: "path": "/aai/search" }, { - "serviceName": "aai-generic-query", - "version": "v11", - "url": "/aai/v11/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v12", - "url": "/aai/v12/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v13", - "url": "/aai/v13/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v14", - "url": "/aai/v14/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v15", - "url": "/aai/v15/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v16", - "url": "/aai/v16/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v17", - "url": "/aai/v17/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v18", - "url": "/aai/v18/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-generic-query", - "version": "v19", - "url": "/aai/v19/search/generic-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v11", - "url": "/aai/v11/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v12", - "url": "/aai/v12/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v13", - "url": "/aai/v13/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v14", - "url": "/aai/v14/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v15", - "url": "/aai/v15/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v16", - "url": "/aai/v16/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v17", - "url": "/aai/v17/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v18", - "url": "/aai/v18/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-nodes-query", - "version": "v19", - "url": "/aai/v19/search/nodes-query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v11", - "url": "/aai/v11/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v12", - "url": "/aai/v12/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v13", - "url": "/aai/v13/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v14", - "url": "/aai/v14/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v15", - "url": "/aai/v15/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v16", - "url": "/aai/v16/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v17", - "url": "/aai/v17/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v18", - "url": "/aai/v18/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { - "serviceName": "aai-query", - "version": "v19", - "url": "/aai/v19/query", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - { "serviceName": "aai-named-query", "url": "/aai/search", "protocol": "REST", @@ -627,6 +88,7 @@ spec: "visualRange": "1" } ]' + {{- end }} spec: hostname: aai-traversal {{ if .Values.global.initContainers.enabled }} @@ -653,7 +115,7 @@ spec: {{- end }} - --container-name - aai-schema-service - {{ end }} + {{ end }} env: - name: NAMESPACE valueFrom: diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index fbfcdaed8d..0242cedd0b 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -1,5 +1,6 @@ # Copyright (c) 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright (c) 2020 Nokia +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -129,6 +130,26 @@ pullPolicy: Always restartPolicy: Always flavor: small flavorOverride: small + +api_list: + - 11 + - 12 + - 13 + - 14 + - 15 + - 16 + - 17 + - 18 + - 19 + +aai_enpoints: + - name: aai-generic-query + url: search/generic-query + - name: aai-nodes-query + url: search/nodes-query + - name: aai-nquery + url: query + # application configuration config: diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml index bdab308144..c8970da183 100644 --- a/kubernetes/aai/requirements.yaml +++ b/kubernetes/aai/requirements.yaml @@ -28,6 +28,9 @@ dependencies: # be published independently to a repo (at this point) repository: '@local' condition: global.cassandra.localCluster + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' diff --git a/kubernetes/aai/resources/config/haproxy/aai.pem b/kubernetes/aai/resources/config/haproxy/aai.pem deleted file mode 100644 index 6390db10de..0000000000 --- a/kubernetes/aai/resources/config/haproxy/aai.pem +++ /dev/null @@ -1,88 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFKzCCBBOgAwIBAgIILW/fiLbps3kwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE -BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTIwMDMxNzIwMjg1NloXDTIxMDMxNzIwMjg1Nlow -WTEMMAoGA1UEAwwDYWFpMR0wGwYDVQQLDBRhYWlAYWFpLm9uYXAub3JnOkRFVjEO -MAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAov4ddmOzRCWAU/sx2Q9kcYZZ0r/x -agqwDBcmlS2OP0MAou/f/xY2gzE2ugXXGGEXG6PCUx4YEHGeRxyezEQ/+c+kSjFe -0FTUa8Z1Ojad3VDsJfjfZ1994NpV99KTrrw1Twq9Ei7dpkypUA8kZxEjg7eM11TU -F4jS6x5NEyVsxih5uJjIF7ErGwimSEKsympcsXezYgG9Z/VPBpZWmYlYl5MWjzT6 -F0FgGfSbajWauMifEPajmvn8ZXn6Lyx0RCI25+BCcOhS6UvYXFX+jE/uOoEbKgwz -11tIdryEFrXiLVfD01uhacx02YCrzj1u53RWiD6bCPyatKo1hQsf+aDkEQIDAQAB -o4ICBzCCAgMwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBeAwIAYDVR0lAQH/BBYw -FAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1UdIwRNMEuAFIH3mVsQuciM3vNSXupO -aaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkG -A1UEBhMCVVOCAQcwHQYDVR0OBBYEFP94WTftXhHcz93nBT6jIdMe6h+6MIIBTQYD -VR0RBIIBRDCCAUCBH21hcmsuZC5tYW5hZ2VyQHBlb3BsZS5vc2FhZi5jb22CA2Fh -aYIUYWFpLXNlYXJjaC1kYXRhLm9uYXCCEmFhaS1zcGFya3ktYmUub25hcIIbYWFp -LmFwaS5zaW1wbGVkZW1vLm9uYXAub3JngiVhYWkuZWxhc3RpY3NlYXJjaC5zaW1w -bGVkZW1vLm9uYXAub3JngiVhYWkuZ3JlbWxpbnNlcnZlci5zaW1wbGVkZW1vLm9u -YXAub3Jngh1hYWkuaGJhc2Uuc2ltcGxlZGVtby5vbmFwLm9yZ4IIYWFpLm9uYXCC -JWFhaS5zZWFyY2hzZXJ2aWNlLnNpbXBsZWRlbW8ub25hcC5vcmeCF2FhaS5zaW1w -bGVkZW1vLm9uYXAub3JnghphYWkudWkuc2ltcGxlZGVtby5vbmFwLm9yZzANBgkq -hkiG9w0BAQsFAAOCAQEAVigPPsYd8yscW+U6zpffBc5S6Mg2DQD/gikB0uF//lIq -oa5qTI3yB0wPoRKmxpeEZiJYDkBs3App2sPM2fPb9GGmGncCLkprqTflM2Y4yxX4 -k/a7w8vEwMoCrBgxEdmniAj9TirsISyLqBIXoGT7WtaXBLZarYhJ4P7TplhyWuwe -sV6jxkZLIRLj31ihf32adFIhPZQKxaHbbFnyEylLTdPuZGy3nvdmjajZuomOFF8h -HhDIouSJAtgkuWVsMiX6iR1qG9//6ymnZMvUyDGr8bkZURhMqesAejwP4aKxqDZg -B0uVjapQTJH4ES0M+2PoY9gP8uh0dc3TusOs1QYJiA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN -MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL -neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d -o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 -nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV -v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO -15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw -gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV -M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q -ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl -u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ -+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ -QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht -8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX -kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 -aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky -uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w -tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep -BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= ------END CERTIFICATE----- -Bag Attributes - friendlyName: aai@aai.onap.org - localKeyID: 54 69 6D 65 20 31 35 38 34 34 37 36 39 33 36 35 31 35 -Key Attributes: <No Attributes> ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCi/h12Y7NEJYBT -+zHZD2RxhlnSv/FqCrAMFyaVLY4/QwCi79//FjaDMTa6BdcYYRcbo8JTHhgQcZ5H -HJ7MRD/5z6RKMV7QVNRrxnU6Np3dUOwl+N9nX33g2lX30pOuvDVPCr0SLt2mTKlQ -DyRnESODt4zXVNQXiNLrHk0TJWzGKHm4mMgXsSsbCKZIQqzKalyxd7NiAb1n9U8G -llaZiViXkxaPNPoXQWAZ9JtqNZq4yJ8Q9qOa+fxlefovLHREIjbn4EJw6FLpS9hc -Vf6MT+46gRsqDDPXW0h2vIQWteItV8PTW6FpzHTZgKvOPW7ndFaIPpsI/Jq0qjWF -Cx/5oOQRAgMBAAECggEAVYWGSf9IKYKP0gDkh+LmrhZzfPxPnHddJgrjqLSNha4P -YG8CliK+mZmyAGteECGpcUw8g0YwFDi5dtCSldVdyCLmLjO3bxKDnsUz70aHEIAM -WGQ8PE5Diz6kivMHoFCKnB2jVS4YCNECqco4LIg2nT8q/DU7T9nv6YQtptUlPNdY -OmJRXfUfcBSUINqVi/VbEjHtbZqc6dgvaRNEF0CYtqHm7P51BXGa3pH+6drL+U+a -o3T4yHrEsDKUaQzJZoiJneexwN91x42gcyHzg30UZVgCP+9Zt2GQWXqpENNZjGlI -bwzouvBj266ViBNbuu3tar58MASOCnCKGA0Jrs3P3QKBgQD0ENenvzaqNzV0A47x -+RI76DM2eorY2dxh+4txAt1pXlkbMZuWXjs1ysBPYaGHZRitiCFcaSwdP2T0oCET -ojYEU97bJkKlcuw2scAqznSi7U0uSaStwaWzEviGTsQ51MKghRESMfpt3BxZqyi0 -BV+fPeRk3l3xaw1AuZQ/JTn0qwKBgQCq9msPcbRzKvsmfsAVvjKAodzl6EaM+PcF -YLnJLurjCtdyjj1lRaCBg9bRbaRbt9YPg4VA5oMYm2SuwbJQQHjqaeN+SpnV8GGc -nPsZgoSlfZrnLovyGgC3muiA3uSPREZWUlp+IE8qlQ8VztSWkNyxNej4nhxk2UTH -DOE2ZmNyMwKBgFD+yeKkZUrFuZp/l8+bfb6dx2kb77oZSrbFmLfvYHUYV2/b3atg -KDwoxftSBh39odvs4k1dpcMrB6DbBz8RxOVYxAtsPg/T/KoGASTzkOeE4ukqjVkQ -e6Ha+NjxiNM8VT6aCllEdrxAoLPtRju/0MTy8Dm9ReXZRfOl4pm2C+6zAoGAY2D6 -uu+NxaSmeaoUXo9BLCTrE3oCCNBwR2ACnz/2qiQTOTQV3FitBJxusy7Y67fhZwM8 -4o0ch6FM1Yki7iOMJjeHVlJnOkWReEiIbjvAf7KT6O7VytXytMgHf2IR2nYFrQgS -Ml71pfsf2b1xNlTe9OQxmNPQDY9+u3ZxM/4wsKECgYBPvlYMaZNIOLFf7VXzUYGG -rkXMpbLgLvIHvhF+4nsvspPVSqPeWjh2KMee3tMamy93H4R66G/KfoQw02JuZH+N -HbGnnpyLa2jGjY0NkXEo08o2wsqv2QFtT/SFRoDLkah8rwZUwpxIg0akgrwwTslO -rzAazDQvlb0itUxgU4qgqw== ------END PRIVATE KEY----- diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg index b05ffaeaf2..e605e1886f 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -62,7 +62,7 @@ defaults frontend IST_8443 mode http - bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem + bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem # log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" option httplog diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index ea29c903ba..c8f3670349 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -60,7 +60,7 @@ defaults frontend IST_8443 mode http - bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem + bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem # log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" option httplog diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml index d2735b4882..b0da359ab1 100644 --- a/kubernetes/aai/templates/configmap.yaml +++ b/kubernetes/aai/templates/configmap.yaml @@ -44,36 +44,6 @@ data: {{ else }} {{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }} {{ end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: aai-haproxy-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/haproxy/aai.pem").AsSecrets . | indent 2 }} -# This is a shared key for both resources and traversal ---- -apiVersion: v1 -kind: Secret -metadata: - name: aai-auth-truststore-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }} - {{ if .Values.global.installSidecarSecurity }} --- apiVersion: v1 diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index 83d78238b0..2ca489f2de 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - /app/ready.py args: @@ -75,9 +75,7 @@ spec: subPath: haproxy.cfg {{ end }} name: haproxy-cfg - - mountPath: /etc/ssl/private/aai.pem - name: aai-pem - subPath: aai.pem + {{- include "common.certInitializer.volumeMount" . | nindent 8 }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -128,8 +126,6 @@ spec: - name: haproxy-cfg configMap: name: aai-deployment-configmap - - name: aai-pem - secret: - secretName: aai-haproxy-secret + {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 86ecb8b355..516dcc4d70 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -1,6 +1,7 @@ # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,30 +31,8 @@ global: # global defaults restartPolicy: Always - installSidecarSecurity: false aafEnabled: true - - fproxy: - name: forward-proxy - activeSpringProfiles: noHostVerification,cadi - image: onap/fproxy:2.1.13 - port: 10680 - - rproxy: - name: reverse-proxy - activeSpringProfiles: noHostVerification,cadi - image: onap/rproxy:2.1.13 - port: 10692 - - tproxyConfig: - name: init-tproxy-config - image: onap/tproxy-config:2.1.13 - - # AAF server details. Only needed if the AAF DNS does not resolve from the pod - aaf: - serverIp: 10.12.6.214 - serverHostname: aaf.osaaf.org - serverPort: 30247 + msbEnabled: true cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. @@ -295,6 +274,44 @@ global: # global defaults # since when this is enabled, it prints a lot of information to console enabled: false +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: "aai" + app_ns: "org.osaaf.aaf" + fqi_namespace: "org.onap.aai" + fqi: "aai@aai.onap.org" + public_fqdn: "aaf.osaaf.org" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving passwords from AAF" + /opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + export $(grep '^c' {{ .Values.credsPath }}/mycreds.prop | xargs -0) + echo "*** transform AAF certs into pem files" + mkdir -p {{ .Values.credsPath }}/certs + keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ + -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ + -alias ca_local_0 \ + -storepass $cadi_truststore_password + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** generating needed file" + cat {{ .Values.credsPath }}/certs/cert.pem \ + {{ .Values.credsPath }}/certs/cacert.pem \ + {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ + > {{ .Values.credsPath }}/certs/fullchain.pem; + chown 1001 {{ .Values.credsPath }}/certs/* + # application image dockerhubRepository: registry.hub.docker.com image: aaionap/haproxy:1.4.2 @@ -379,4 +396,3 @@ resources: cpu: 2 memory: 2Gi unlimited: {} - diff --git a/kubernetes/common/certManagerCertificate/Chart.yaml b/kubernetes/common/certManagerCertificate/Chart.yaml new file mode 100644 index 0000000000..305d25251d --- /dev/null +++ b/kubernetes/common/certManagerCertificate/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2021 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +name: certManagerCertificate +description: A Helm chart for Cert-Manager Certificate CRD template +version: 7.0.0 diff --git a/kubernetes/common/certManagerCertificate/requirements.yaml b/kubernetes/common/certManagerCertificate/requirements.yaml new file mode 100644 index 0000000000..6bcaed05a8 --- /dev/null +++ b/kubernetes/common/certManagerCertificate/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2021 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + repository: 'file://../common' diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl new file mode 100644 index 0000000000..4e43f621de --- /dev/null +++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl @@ -0,0 +1,219 @@ +{{/*# +# Copyright © 2020-2021, Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License.*/}} + +{{/* +# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io). +# +# To request a certificate following steps are to be done: +# - create an object 'certificates' in the values.yaml +# - create a file templates/certificates.yaml and invoke the function "certManagerCertificate.certificate". +# +# Here is an example of the certificate request for a component: +# +# Directory structure: +# component +# templates +# certifictes.yaml +# values.yaml +# +# To be added in the file certificates.yamll +# +# To be added in the file values.yaml +# 1. Minimal version (certificates only in PEM format) +# certificates: +# - commonName: component.onap.org +# +# 2. Extended version (with defined own issuer and additional certificate format): +# certificates: +# - name: onap-component-certificate +# secretName: onap-component-certificate +# commonName: component.onap.org +# dnsNames: +# - component.onap.org +# issuer: +# group: certmanager.onap.org +# kind: CMPv2Issuer +# name: cmpv2-issuer-for-the-component +# keystore: +# outputType: +# - p12 +# - jks +# passwordSecretRef: +# name: secret-name +# key: secret-key +# +# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined. +# Other mandatory fields for the certificate definition do not have to be defined directly, +# in that case they will be taken from default values. +# +# Default values are defined in file onap/values.yaml (see-> global.certificate.default) +# and can be overriden during onap installation process. +# +*/}} + +{{- define "certManagerCertificate.certificate" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}} + +{{- $certificates := $dot.Values.certificates -}} +{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global }} + +{{ range $i, $certificate := $certificates }} +{{/*# General certifiacate attributes #*/}} +{{- $name := include "common.fullname" $dot -}} +{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}} +{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}} +{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}} +{{- $renewBefore := default $subchartGlobal.certificate.default.renewBefore $certificate.renewBefore -}} +{{- $duration := default $subchartGlobal.certificate.default.duration $certificate.duration -}} +{{- $namespace := $dot.Release.Namespace -}} +{{/*# SAN's #*/}} +{{- $dnsNames := $certificate.dnsNames -}} +{{- $ipAddresses := $certificate.ipAddresses -}} +{{- $uris := $certificate.uris -}} +{{- $emailAddresses := $certificate.emailAddresses -}} +{{/*# Subject #*/}} +{{- $subject := $subchartGlobal.certificate.default.subject -}} +{{- if $certificate.subject -}} +{{- $subject = $certificate.subject -}} +{{- end -}} +{{/*# Issuer #*/}} +{{- $issuer := $subchartGlobal.certificate.default.issuer -}} +{{- if $certificate.issuer -}} +{{- $issuer = $certificate.issuer -}} +{{- end -}} +--- +{{- if $certificate.keystore }} + {{- $passwordSecretRef := $certificate.keystore.passwordSecretRef -}} + {{- $password := include "common.createPassword" (dict "dot" $dot "uid" $certName) | quote }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $passwordSecretRef.name }} + namespace: {{ $namespace }} +type: Opaque +stringData: + {{ $passwordSecretRef.key }}: {{ $password }} +{{- end }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ $certName }} + namespace: {{ $namespace }} +spec: + secretName: {{ $secretName }} + commonName: {{ $commonName }} + renewBefore: {{ $renewBefore }} + {{- if $duration }} + duration: {{ $duration }} + {{- end }} + subject: + organizations: + - {{ $subject.organization }} + countries: + - {{ $subject.country }} + localities: + - {{ $subject.locality }} + provinces: + - {{ $subject.province }} + organizationalUnits: + - {{ $subject.organizationalUnit }} + {{- if $dnsNames }} + dnsNames: + {{- range $dnsName := $dnsNames }} + - {{ $dnsName }} + {{- end }} + {{- end }} + {{- if $ipAddresses }} + ipAddresses: + {{- range $ipAddress := $ipAddresses }} + - {{ $ipAddress }} + {{- end }} + {{- end }} + {{- if $uris }} + uris: + {{- range $uri := $uris }} + - {{ $uri }} + {{- end }} + {{- end }} + {{- if $emailAddresses }} + emailAddresses: + {{- range $emailAddress := $emailAddresses }} + - {{ $emailAddress }} + {{- end }} + {{- end }} + issuerRef: + group: {{ $issuer.group }} + kind: {{ $issuer.kind }} + name: {{ $issuer.name }} + {{- if $certificate.keystore }} + keystores: + {{- range $outputType := $certificate.keystore.outputType }} + {{- if eq $outputType "p12" }} + {{- $outputType = "pkcs12" }} + {{- end }} + {{ $outputType }}: + create: true + passwordSecretRef: + name: {{ $certificate.keystore.passwordSecretRef.name }} + key: {{ $certificate.keystore.passwordSecretRef.key }} + {{- end }} + {{- end }} +{{ end }} +{{- end -}} + +{{- define "common.certManager.volumeMounts" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}} +{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} + {{- range $i, $certificate := $dot.Values.certificates -}} + {{- $mountPath := $certificate.mountPath -}} +- mountPath: {{ $mountPath }} + name: certmanager-certs-volume-{{ $i }} + {{- end -}} +{{- end -}} + +{{- define "common.certManager.volumes" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}} +{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} +{{- $certificates := $dot.Values.certificates -}} + {{- range $i, $certificate := $certificates -}} + {{- $name := include "common.fullname" $dot -}} + {{- $certificatesSecretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}} +- name: certmanager-certs-volume-{{ $i }} + projected: + sources: + - secret: + name: {{ $certificatesSecretName }} + {{- if $certificate.keystore }} + items: + {{- range $outputType := $certificate.keystore.outputType }} + - key: keystore.{{ $outputType }} + path: keystore.{{ $outputType }} + - key: truststore.{{ $outputType }} + path: truststore.{{ $outputType }} + {{- end }} + - secret: + name: {{ $certificate.keystore.passwordSecretRef.name }} + items: + - key: {{ $certificate.keystore.passwordSecretRef.key }} + path: keystore.pass + - key: {{ $certificate.keystore.passwordSecretRef.key }} + path: truststore.pass + {{- end }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/certManagerCertificate/values.yaml b/kubernetes/common/certManagerCertificate/values.yaml new file mode 100644 index 0000000000..d60cdf6cbe --- /dev/null +++ b/kubernetes/common/certManagerCertificate/values.yaml @@ -0,0 +1,29 @@ +# Copyright © 2021 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +global: +# default values for certificates + certificate: + default: + renewBefore: 720h #30 days + duration: 8760h #365 days + subject: + organization: "Linux-Foundation" + country: "US" + locality: "San-Francisco" + province: "California" + organizationalUnit: "ONAP" + issuer: + group: certmanager.onap.org + kind: CMPv2Issuer + name: cmpv2-issuer-onap diff --git a/kubernetes/common/common/templates/_certificate.tpl b/kubernetes/common/common/templates/_certificate.tpl deleted file mode 100644 index d3313b2bc1..0000000000 --- a/kubernetes/common/common/templates/_certificate.tpl +++ /dev/null @@ -1,192 +0,0 @@ -{{/*# -# Copyright © 2020, Nokia -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License.*/}} - -{{/* -# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io). -# -# To request a certificate following steps are to be done: -# - create an object 'certificates' in the values.yaml -# - create a file templates/certificates.yaml and invoke the function "commom.certificate". -# -# Here is an example of the certificate request for a component: -# -# Directory structure: -# component -# templates -# certifictes.yaml -# values.yaml -# -# To be added in the file certificates.yamll -# -# To be added in the file values.yaml -# 1. Minimal version (certificates only in PEM format) -# certificates: -# - commonName: component.onap.org -# -# 2. Extended version (with defined own issuer and additional certificate format): -# certificates: -# - name: onap-component-certificate -# secretName: onap-component-certificate -# commonName: component.onap.org -# dnsNames: -# - component.onap.org -# issuer: -# group: certmanager.onap.org -# kind: CMPv2Issuer -# name: cmpv2-issuer-for-the-component -# p12Keystore: -# create: true -# passwordSecretRef: -# name: secret-name -# key: secret-key -# jksKeystore: -# create: true -# passwordSecretRef: -# name: secret-name -# key: secret-key -# -# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined. -# Other mandatory fields for the certificate definition do not have to be defined directly, -# in that case they will be taken from default values. -# -# Default values are defined in file onap/values.yaml (see-> global.certificate.default) -# and can be overriden during onap installation process. -# -*/}} - -{{- define "common.certificate" -}} -{{- $dot := default . .dot -}} -{{- $certificates := $dot.Values.certificates -}} - -{{ range $i, $certificate := $certificates }} -{{/*# General certifiacate attributes #*/}} -{{- $name := include "common.fullname" $dot -}} -{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}} -{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}} -{{- $commonName := default $dot.Values.global.certificate.default.commonName $certificate.commonName -}} -{{- $renewBefore := default $dot.Values.global.certificate.default.renewBefore $certificate.renewBefore -}} -{{- $duration := $certificate.duration -}} -{{- $namespace := default $dot.Release.Namespace $dot.Values.global.certificate.default.namespace -}} -{{- if $certificate.namespace -}} -{{- $namespace = default $namespace $certificate.namespace -}} -{{- end -}} -{{/*# SAN's #*/}} -{{- $dnsNames := default $dot.Values.global.certificate.default.dnsNames $certificate.dnsNames -}} -{{- $ipAddresses := default $dot.Values.global.certificate.default.ipAddresses $certificate.ipAddresses -}} -{{- $uris := default $dot.Values.global.certificate.default.uris $certificate.uris -}} -{{- $emailAddresses := default $dot.Values.global.certificate.default.emailAddresses $certificate.emailAddresses -}} -{{/*# Subject #*/}} -{{- $subject := $dot.Values.global.certificate.default.subject -}} -{{- if $certificate.subject -}} -{{- $subject = mergeOverwrite $subject $certificate.subject -}} -{{- end -}} -{{/*# Issuer #*/}} -{{- $issuer := $dot.Values.global.certificate.default.issuer -}} -{{- if $certificate.issuer -}} -{{- $issuer = mergeOverwrite $issuer $certificate.issuer -}} -{{- end -}} -{{/*# Keystores #*/}} -{{- $createJksKeystore := $dot.Values.global.certificate.default.jksKeystore.create -}} -{{- $jksKeystorePasswordSecretName := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.name -}} -{{- $jksKeystorePasswordSecreKey := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.key -}} -{{- $createP12Keystore := $dot.Values.global.certificate.default.p12Keystore.create -}} -{{- $p12KeystorePasswordSecretName := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.name -}} -{{- $p12KeystorePasswordSecreKey := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.key -}} -{{- if $certificate.jksKeystore -}} -{{- $createJksKeystore = default $createJksKeystore $certificate.jksKeystore.create -}} -{{- if $certificate.jksKeystore.passwordSecretRef -}} -{{- $jksKeystorePasswordSecretName = default $jksKeystorePasswordSecretName $certificate.jksKeystore.passwordSecretRef.name -}} -{{- $jksKeystorePasswordSecreKey = default $jksKeystorePasswordSecreKey $certificate.jksKeystore.passwordSecretRef.key -}} -{{- end -}} -{{- end -}} -{{- if $certificate.p12Keystore -}} -{{- $createP12Keystore = default $createP12Keystore $certificate.p12Keystore.create -}} -{{- if $certificate.p12Keystore.passwordSecretRef -}} -{{- $p12KeystorePasswordSecretName = default $p12KeystorePasswordSecretName $certificate.p12Keystore.passwordSecretRef.name -}} -{{- $p12KeystorePasswordSecreKey = default $p12KeystorePasswordSecreKey $certificate.p12Keystore.passwordSecretRef.key -}} -{{- end -}} -{{- end -}} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ $certName }} - namespace: {{ $namespace }} -spec: - secretName: {{ $secretName }} - commonName: {{ $commonName }} - renewBefore: {{ $renewBefore }} - {{- if $duration }} - duration: {{ $duration }} - {{- end }} - subject: - organizations: - - {{ $subject.organization }} - countries: - - {{ $subject.country }} - localities: - - {{ $subject.locality }} - provinces: - - {{ $subject.province }} - organizationalUnits: - - {{ $subject.organizationalUnit }} - {{- if $dnsNames }} - dnsNames: - {{- range $dnsName := $dnsNames }} - - {{ $dnsName }} - {{- end }} - {{- end }} - {{- if $ipAddresses }} - ipAddresses: - {{- range $ipAddress := $ipAddresses }} - - {{ $ipAddress }} - {{- end }} - {{- end }} - {{- if $uris }} - uris: - {{- range $uri := $uris }} - - {{ $uri }} - {{- end }} - {{- end }} - {{- if $emailAddresses }} - emailAddresses: - {{- range $emailAddress := $emailAddresses }} - - {{ $emailAddress }} - {{- end }} - {{- end }} - issuerRef: - group: {{ $issuer.group }} - kind: {{ $issuer.kind }} - name: {{ $issuer.name }} - {{- if or $createJksKeystore $createP12Keystore }} - keystores: - {{- if $createJksKeystore }} - jks: - create: {{ $createJksKeystore }} - passwordSecretRef: - name: {{ $jksKeystorePasswordSecretName }} - key: {{ $jksKeystorePasswordSecreKey }} - {{- end }} - {{- if $createP12Keystore }} - pkcs12: - create: {{ $createP12Keystore }} - passwordSecretRef: - name: {{ $p12KeystorePasswordSecretName }} - key: {{ $p12KeystorePasswordSecreKey }} - {{- end }} - {{- end }} -{{ end }} - -{{- end -}} diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 18f9bb1ba5..7fee67a7a4 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -1,9 +1,15 @@ -{{- define "ingress.config.port" -}} +{{- define "ingress.config.host" -}} {{- $dot := default . .dot -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} +{{ printf "%s.%s" $baseaddr $burl }} +{{- end -}} + +{{- define "ingress.config.port" -}} +{{- $dot := default . .dot -}} {{ range .Values.ingress.service }} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} - - host: {{ printf "%s.%s" $baseaddr $burl }} + - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} http: paths: - backend: @@ -83,12 +89,12 @@ spec: {{- end -}} {{- if .Values.ingress.config -}} {{- if .Values.ingress.config.tls -}} -{{- $dot := default . .dot -}} +{{- $dot := default . .dot }} tls: - - hosts: - {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} + - hosts: + {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- end }} secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }} {{- end -}} {{- end -}} diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index f5592bd252..e39b8c4ca2 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -133,6 +133,10 @@ spec: # we should wait for other pods to be up before trying to join # otherwise we got "no such host" errors when trying to resolve other members for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do + if [ "${SET_NAME}-${i}" == "${HOSTNAME}" ]; then + echo "Skipping self-checking" + continue + fi while true; do echo "Waiting for ${SET_NAME}-${i}.${SERVICE_NAME} to come up" ping -W 1 -c 1 ${SET_NAME}-${i}.${SERVICE_NAME} > /dev/null && break diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml index a9566c1811..0a3c9315ab 100644 --- a/kubernetes/common/music/requirements.yaml +++ b/kubernetes/common/music/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~7.x-0 repository: 'file://../repositoryGenerator' + - name: certInitializer + version: ~7.x-0 + repository: 'file://../certInitializer'
\ No newline at end of file diff --git a/kubernetes/common/music/resources/config/music-sb.properties b/kubernetes/common/music/resources/config/music-sb.properties index 751a351737..7a13f10d8e 100755 --- a/kubernetes/common/music/resources/config/music-sb.properties +++ b/kubernetes/common/music/resources/config/music-sb.properties @@ -6,7 +6,7 @@ server.tomcat.max-threads=100 #logging.file=/opt/app/music/logs/MUSIC/music-app.log #logging.config=file:/opt/app/music/etc/logback.xml security.require-ssl=true -server.ssl.key-store=/opt/app/aafcertman/org.onap.music.jks +server.ssl.key-store=/opt/app/aafcertman/local/org.onap.music.jks server.ssl.key-store-password=${KEYSTORE_PASSWORD} server.ssl.key-store-provider=SUN server.ssl.key-store-type=JKS diff --git a/kubernetes/common/music/resources/keys/org.onap.music.jks b/kubernetes/common/music/resources/keys/org.onap.music.jks Binary files differdeleted file mode 100644 index 35d27c3ef7..0000000000 --- a/kubernetes/common/music/resources/keys/org.onap.music.jks +++ /dev/null diff --git a/kubernetes/common/music/resources/keys/truststoreONAPall.jks b/kubernetes/common/music/resources/keys/truststoreONAPall.jks Binary files differdeleted file mode 100644 index ff844b109d..0000000000 --- a/kubernetes/common/music/resources/keys/truststoreONAPall.jks +++ /dev/null diff --git a/kubernetes/common/music/templates/deployment.yaml b/kubernetes/common/music/templates/deployment.yaml index cf0ce8f899..1e5d3c5377 100644 --- a/kubernetes/common/music/templates/deployment.yaml +++ b/kubernetes/common/music/templates/deployment.yaml @@ -38,19 +38,18 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{ include "common.certInitializer.initContainer" . | indent 8 | trim }} - command: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "export KEYSTORE_PASSWORD=$(cat /opt/app/aafcertman/local/.pass); cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - - name: KEYSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-keystore-pw" "key" "password") | indent 12}} - name: CASSA_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }} - name: CASSA_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /config-input name: properties-music-scrubbed - mountPath: /config @@ -87,7 +86,7 @@ spec: value: "{{ .Values.javaOpts }}" - name: DEBUG value: "{{ .Values.debug }}" - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: localtime mountPath: /etc/localtime readOnly: true @@ -100,9 +99,7 @@ spec: - name: properties-music-scrubbed mountPath: /opt/app/music/etc/logback.xml subPath: logback.xml - - name: certs-aaf - mountPath: /opt/app/aafcertman/ - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: shared-data emptyDir: {} - name: certificate-vol @@ -116,6 +113,3 @@ spec: - name: properties-music emptyDir: medium: Memory - - name: certs-aaf - secret: - secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "music-certs") }} diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml index 31df352de7..25cab910a9 100644 --- a/kubernetes/common/music/values.yaml +++ b/kubernetes/common/music/values.yaml @@ -25,16 +25,6 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: music-certs - name: keystore.jks - type: generic - filePaths: - - resources/keys/org.onap.music.jks - - uid: music-keystore-pw - name: keystore-pw - type: password - password: '{{ .Values.keystorePassword }}' - passwordPolicy: required - uid: cassa-secret type: basicAuth login: '{{ .Values.properties.cassandraUser }}' @@ -115,8 +105,6 @@ debug: false ingress: enabled: false -keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew" - properties: lockUsing: "cassandra" # Comma dilimited list of hosts @@ -159,4 +147,22 @@ logback: metricsLogLevel: info auditLogLevel: info # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc.. - rootLogLevel: INFO
\ No newline at end of file + rootLogLevel: INFO + +#sub-charts configuration +certInitializer: + nameOverride: music-cert-initializer + fqdn: "music.onap" + app_ns: "org.osaaf.aaf" + fqi: "music@music.onap.org" + fqi_namespace: org.onap.music + public_fqdn: "music.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + appMountPath: /opt/app/aafcertman + aaf_add_config: > + cd {{ .Values.credsPath }}; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1; diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml index f0e9a39494..f34c8ddbc8 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml @@ -3,6 +3,7 @@ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # Modifications (c) 2020 Nokia. All rights reserved. +# Copyright (c) 2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,9 +29,6 @@ dependencies: - name: mongo version: ~7.x-0 repository: '@local' - - name: cmpv2Config - version: ~7.x-0 - repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml deleted file mode 100644 index d05129bc10..0000000000 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-datafile-collector-inputs.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -#================================================================================= -# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ if .Values.componentImages.datafile_collector }} -tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.datafile_collector }} -{{ end }} -replicas: 1 -log_directory: "/var/log/ONAP" -topic_name: "unauthenticated.VES_NOTIFICATION_OUTPUT" -envs: {} -use_tls: true -PM_MEAS_FILES_feed0_location: "loc00" -feed0_name: "bulk_pm_feed" -consumer_id: "C12" -consumer_group: "OpenDcae-c12" -cert_directory: "/opt/app/datafile/etc/cert/" -external_port: ":0" -datafile-collector_memory_limit: "512Mi" -datafile-collector_memory_request: "512Mi" -datafile-collector_cpu_limit: "250m" -datafile-collector_cpu_request: "250m" -external_cert_use_external_tls: false -external_cert_ca_name: "RA" -external_cert_common_name: "dcae-datafile-collector" -external_cert_sans: "dcae-datafile-collector,datafile-collector,datafile" -external_cert_cert_type: "P12" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml deleted file mode 100644 index 7c234243b0..0000000000 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-snmptrap-inputs.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -#============LICENSE_START======================================================== -#================================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -*/}} - -{{ if .Values.componentImages.snmptrap }} -tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.snmptrap }} -{{ end }} -external_port: {{ .Values.config.address.snmptrap.port }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml index 47db1753e0..135572fb2f 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/configmap.yaml @@ -3,6 +3,7 @@ # ================================================================================ # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,15 +18,6 @@ # limitations under the License. # ============LICENSE_END========================================================= */}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-dcae-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- apiVersion: v1 kind: ConfigMap metadata: diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index 15a2ad1212..ac37beed6b 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -3,6 +3,7 @@ # ================================================================================ # Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -118,8 +119,6 @@ spec: volumeMounts: - mountPath: /inputs name: {{ include "common.fullname" . }}-dcae-inputs - - mountPath: /dcae-configs - name: {{ include "common.fullname" . }}-dcae-config - mountPath: /etc/localtime name: localtime readOnly: true @@ -148,9 +147,6 @@ spec: - name: {{ include "common.fullname" . }}-dcae-inputs emptyDir: medium: Memory - - name: {{ include "common.fullname" . }}-dcae-config - configMap: - name: {{ include "common.fullname" . }}-dcae-config - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 2826516330..f71db5edeb 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -2,6 +2,7 @@ #================================================================================= # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -103,7 +104,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.4 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.0 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml index af43e0fb71..c06e459289 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Copyright (c) 2021 J. F. Lucas. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +20,7 @@ dependencies: repository: '@local' - name: repositoryGenerator version: ~7.x-0 + repository: '@local' + - name: cmpv2Config + version: ~7.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/dmaap-plugin.json index 44a345455a..44a345455a 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/dmaap-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/dmaap-plugin.json diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json index 5e37856d19..c967774cb9 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json @@ -18,7 +18,6 @@ # limitations under the License. # ============LICENSE_END========================================================= */}} - { "namespace": "{{ if .Values.dcae_ns }}{{ .Values.dcae_ns}}{{ else }}{{include "common.namespace" . }}{{ end}}", "consul_dns_name": "{{ .Values.config.address.consul.host }}.{{ include "common.namespace" . }}", diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml index 6ec98b56c4..806b06ed8a 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/configmap.yaml @@ -3,6 +3,7 @@ # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +18,6 @@ # limitations under the License. # ============LICENSE_END========================================================= */}} - apiVersion: v1 kind: ConfigMap metadata: @@ -29,6 +29,14 @@ data: apiVersion: v1 kind: ConfigMap metadata: + name: {{ include "common.fullname" . }}-plugins + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: name: {{ include "common.release" . }}-dcae-filebeat-configmap namespace: {{include "common.namespace" . }} data: diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml index 6c7fa4d85c..204a3e27d7 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml @@ -3,7 +3,7 @@ # ================================================================================ # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada -# Copyright (c) 2020 J. F. Lucas. All rights reserved. +# Copyright (c) 2020-2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -46,6 +46,8 @@ spec: - ip: "127.0.0.1" hostnames: - "dcae-cloudify-manager" + # Cloudify requires a fixed hostname across restarts + hostname: dcae-cloudify-manager initContainers: - name: {{ include "common.name" . }}-readiness image: {{ include "repositoryGenerator.image.readiness" . }} @@ -55,6 +57,8 @@ spec: args: - --container-name - aaf-cm + - --container-name + - consul-server - "-t" - "15" env: @@ -71,6 +75,18 @@ spec: - {{ include "common.namespace" . }} - --configmap - {{ .Values.multisiteConfigMapName }} + - name: init-consul + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: + - --key + - k8s-plugin|/plugin-configs/k8s-plugin.json + - --key + - dmaap-plugin|/plugin-configs/dmaap-plugin.json + resources: {} + volumeMounts: + - mountPath: /plugin-configs + name: plugin-configs - name: init-tls env: - name: POD_IP @@ -160,6 +176,9 @@ spec: - name: {{ include "common.fullname" .}}-kubeconfig configMap: name: {{ .Values.multisiteConfigMapName }} + - name: plugin-configs + configMap: + name: {{ include "common.fullname" . }}-plugins - name: dcae-token secret: secretName: dcae-token diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index e187e119dc..891c0e1650 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -2,7 +2,7 @@ # ================================================================================ # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada -# Copyright (c) 2020 J. F. Lucas. All rights reserved. +# Copyright (c) 2020-2021 J. F. Lucas. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,6 +24,7 @@ global: nodePortPrefix: 302 persistence: {} tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 repositoryCred: user: docker password: docker @@ -49,7 +50,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.2 +image: onap/org.onap.dcaegen2.deployments.cm-container:4.1.0 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters @@ -61,6 +62,9 @@ multisiteInitImage: onap/org.onap.dcaegen2.deployments.multisite-init-container: # image for cleanup job container cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0.0 +# default location for k8s deployments via Cloudify +default_k8s_location: central + # probe configuration parameters liveness: initialDelaySeconds: 10 diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index 13ea930aa5..a9c0029f41 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -92,7 +92,7 @@ postgres: mountInitPath: dcaemod # application image -image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3 +image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.4 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index b9f8943e04..03b5c83a97 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -69,7 +69,7 @@ readiness: # Should have a proper readiness endpoint or script # application image -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.0 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.1 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index f653a02cff..40a4d7db93 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -87,7 +87,7 @@ spec: {{- end -}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} - {{- end -}} + {{- end }} # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap image: {{ include "repositoryGenerator.image.logging" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index a43073e8e2..5c94116bac 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -105,7 +105,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 10 }} - {{- end -}} + {{- end }} # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap image: {{ include "repositoryGenerator.image.logging" . }} diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index b401d66c3a..0920222ad7 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -172,10 +172,15 @@ global: aafEnabled: true aafAgentImage: onap/aaf/aaf_agent:2.1.20 - # default values for certificates + # Disabling MSB + # POC Mode, only for use in development environment + msbEnabled: true + + # default values for certificates certificate: default: - renewBefore: 8h + renewBefore: 720h #30 days + duration: 8760h #365 days subject: organization: "Linux-Foundation" country: "US" @@ -186,16 +191,6 @@ global: group: certmanager.onap.org kind: CMPv2Issuer name: cmpv2-issuer-onap - p12Keystore: - create: false - passwordSecretRef: - name: "" - key: "" - jksKeystore: - create: false - passwordSecretRef: - name: "" - key: "" # Enabling CMPv2 cmpv2Enabled: true diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index f58ecb16be..27b68df4ee 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -24,6 +24,9 @@ dependencies: - name: cmpv2Certificate version: ~7.x-0 repository: '@local' + - name: certManagerCertificate + version: ~7.x-0 + repository: '@local' - name: logConfiguration version: ~7.x-0 repository: '@local' diff --git a/kubernetes/sdnc/templates/certificates.yaml b/kubernetes/sdnc/templates/certificates.yaml index dda16176a5..c4eca61e35 100644 --- a/kubernetes/sdnc/templates/certificates.yaml +++ b/kubernetes/sdnc/templates/certificates.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2020 Nokia +# Copyright © 2020-2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +14,6 @@ # limitations under the License. */}} -{{ if .Values.global.CMPv2CertManagerIntegration }} -{{ include "common.certificate" . }} +{{ if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{ include "certManagerCertificate.certificate" . }} {{ end }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 2158fefe19..51c50e4fec 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -203,6 +203,9 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} {{ include "common.certServiceClient.volumeMounts" . | indent 10 }} +{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{ include "common.certManager.volumeMounts" . | indent 10 }} +{{- end }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -317,6 +320,9 @@ spec: {{ else }} {{ include "common.certInitializer.volumes" . | nindent 8 }} {{ include "common.certServiceClient.volumes" . | nindent 8 }} +{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{ include "common.certManager.volumes" . | nindent 8 }} +{{- end }} volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-data diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index c02d5592e6..efc13e92e6 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -117,10 +117,6 @@ secrets: login: '{{ .Values.config.scaleoutUser }}' password: '{{ .Values.config.scaleoutPassword }}' passwordPolicy: required - - uid: keystore-password - type: password - password: secret - passwordPolicy: required ################################################################# # Certificates ################################################################# @@ -129,16 +125,16 @@ certificates: commonName: sdnc.simpledemo.onap.org dnsNames: - sdnc.simpledemo.onap.org - p12Keystore: - create: true - passwordSecretRef: - name: keystore-password - key: password - jksKeystore: - create: true + keystore: + outputType: + - jks passwordSecretRef: - name: keystore-password + name: sdnc-cmpv2-keystore-password key: password + issuer: + group: certmanager.onap.org + kind: CMPv2Issuer + name: cmpv2-issuer-onap ################################################################# # Application configuration defaults. ################################################################# |