summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties6
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml14
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh2
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh4
-rw-r--r--kubernetes/common/cassandra/resources/restore.sh2
-rwxr-xr-xkubernetes/common/cert-wrapper/resources/import-custom-certs.sh12
-rw-r--r--kubernetes/common/certManagerCertificate/requirements.yaml3
-rw-r--r--kubernetes/common/certManagerCertificate/templates/_certificate.tpl30
-rw-r--r--kubernetes/common/cmpv2Certificate/requirements.yaml3
-rw-r--r--kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl31
-rw-r--r--kubernetes/common/cmpv2Certificate/values.yaml35
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml34
-rwxr-xr-xkubernetes/common/music/resources/config/startup.sh4
-rwxr-xr-xkubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh4
-rwxr-xr-xkubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh2
-rwxr-xr-xkubernetes/contrib/tools/check-for-staging-images.sh2
-rwxr-xr-xkubernetes/contrib/tools/rke/rke_setup.sh10
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json20
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml2
-rwxr-xr-xkubernetes/helm/plugins/deploy/deploy.sh32
-rwxr-xr-xkubernetes/onap/values.yaml23
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/values.yaml8
-rw-r--r--kubernetes/platform/components/oom-cert-service/Makefile183
-rw-r--r--kubernetes/platform/components/oom-cert-service/requirements.yaml6
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/certificate.yaml17
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/deployment.yaml4
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/issuer.yaml32
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/secret.yaml39
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml104
-rwxr-xr-xkubernetes/robot/demo-k8s.sh2
-rwxr-xr-xkubernetes/robot/ete-k8s.sh4
-rwxr-xr-xkubernetes/robot/eteHelm-k8s.sh4
-rw-r--r--kubernetes/sdc/components/sdc-helm-validator/Chart.yaml20
-rw-r--r--kubernetes/sdc/components/sdc-helm-validator/requirements.yaml23
-rw-r--r--kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml44
-rw-r--r--kubernetes/sdc/components/sdc-helm-validator/templates/service.yaml19
-rw-r--r--kubernetes/sdc/components/sdc-helm-validator/values.yaml58
-rw-r--r--kubernetes/sdc/requirements.yaml4
-rw-r--r--kubernetes/sdc/values.yaml2
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh2
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh2
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh2
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh2
-rw-r--r--kubernetes/sdnc/values.yaml1
44 files changed, 472 insertions, 385 deletions
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
index 4f480cb5d7..774e8bd5ca 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
@@ -3,10 +3,10 @@ spring.autoconfigure.exclude=\
org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\
org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-multi.tenancy.enabled=true
+multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }}
keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth
-keycloak.realm=aai-resources
-keycloak.resource=aai-resources-app
+keycloak.realm={{ .Values.config.keycloak.realm }}
+keycloak.resource={{ .Values.config.keycloak.resource }}
keycloak.public-client=true
keycloak.principal-attribute=preferred_username
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index b84139161e..f30b067b2e 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -49,7 +49,7 @@ global: # global defaults
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap,aaf-auth
+ active: production,dmaap,aaf-auth #,keycloak
# Notification event specific properties
notification:
@@ -164,9 +164,19 @@ replicaCount: 1
# Configuration for the resources deployment
config:
+ # configure keycloak according to your environment.
+ # don't forget to add keycloak in active profiles above (global.config.profiles)
keycloak:
- host: localhost
+ host: keycloak.your.domain
port: 8180
+ # Specifies a set of users, credentials, roles, and groups
+ realm: aai-resources
+ # Used by any client application for enabling fine-grained authorization for their protected resources
+ resource: aai-resources-app
+ # If set to true, additional criteria will be added that match the data-owner property with the given role
+ # to the user in keycloak
+ multiTenancy:
+ enabled: true
# Specifies crud related operation timeouts and overrides
crud:
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
index 6e35ca894c..f2675b0404 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
@@ -18,7 +18,7 @@
waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l)
run_level=$(/opt/opendaylight/current/bin/client system:start-level)
- if [ "$run_level" == "Level 100" ] && [ "$waiting_bundles" -lt "1" ]
+ if [ "$run_level" = "Level 100" ] && [ "$waiting_bundles" -lt "1" ]
then
echo APPC is healthy.
else
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
index c78daee558..2fd6db1360 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
@@ -83,7 +83,7 @@ then
show databases like 'sdnctl';
END
)
- if [ "x${sdnc_db_exists}" == "x" ]
+ if [ "x${sdnc_db_exists}" = "x" ]
then
echo "Installing SDNC database"
${SDNC_HOME}/bin/installSdncDb.sh
@@ -92,7 +92,7 @@ END
show databases like 'appcctl';
END
)
- if [ "x${appc_db_exists}" == "x" ]
+ if [ "x${appc_db_exists}" = "x" ]
then
echo "Installing APPC database"
${APPC_HOME}/bin/installAppcDb.sh
diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh
index b56c0fac70..a8105345f7 100644
--- a/kubernetes/common/cassandra/resources/restore.sh
+++ b/kubernetes/common/cassandra/resources/restore.sh
@@ -75,7 +75,7 @@ esac
done
# Validate inputs
-if [ "$base_db_dir" == "" ] || [ "$ss_dir" == "" ] || [ "$keyspace_name" == "" ]
+if [ "$base_db_dir" = "" ] || [ "$ss_dir" = "" ] || [ "$keyspace_name" = "" ]
then
echo ""
echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>"
diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
index 87e584c78e..d955ecdf3c 100755
--- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
@@ -28,18 +28,18 @@ mkdir -p $WORK_DIR
for f in $CERTS_DIR/*; do
export canonical_name_nob64=$(echo $f | sed 's/.*\/\([^\/]*\)/\1/')
export canonical_name_b64=$(echo $f | sed 's/.*\/\([^\/]*\)\(\.b64\)/\1/')
- if [ "$AAF_ENABLED" == "false" ] && [ "$canonical_name_b64" == "$ONAP_TRUSTSTORE" ]; then
+ if [ "$AAF_ENABLED" = "false" ] && [ "$canonical_name_b64" = "$ONAP_TRUSTSTORE" ]; then
# Dont use onap truststore when aaf is disabled
continue
fi
- if [ "$AAF_ENABLED" == "false" ] && [ "$canonical_name_nob64" == "$ONAP_TRUSTSTORE" ]; then
+ if [ "$AAF_ENABLED" = "false" ] && [ "$canonical_name_nob64" = "$ONAP_TRUSTSTORE" ]; then
# Dont use onap truststore when aaf is disabled
continue
fi
- if [ ${f: -3} == ".sh" ]; then
+ if [ ${f: -3} = ".sh" ]; then
continue
fi
- if [ ${f: -4} == ".b64" ]
+ if [ ${f: -4} = ".b64" ]
then
base64 -d $f > $WORK_DIR/`basename $f .b64`
else
@@ -48,7 +48,7 @@ for f in $CERTS_DIR/*; do
done
# Prepare truststore output file
-if [ "$AAF_ENABLED" == "true" ]
+if [ "$AAF_ENABLED" = "true" ]
then
mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
else
@@ -58,7 +58,7 @@ fi
# Import Custom Certificates
for f in $WORK_DIR/*; do
- if [ ${f: -4} == ".pem" ]; then
+ if [ ${f: -4} = ".pem" ]; then
echo "importing certificate: $f"
keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
if [ $? != 0 ]; then
diff --git a/kubernetes/common/certManagerCertificate/requirements.yaml b/kubernetes/common/certManagerCertificate/requirements.yaml
index 210a02c65c..83becb0a33 100644
--- a/kubernetes/common/certManagerCertificate/requirements.yaml
+++ b/kubernetes/common/certManagerCertificate/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
- name: common
version: ~8.x-0
repository: 'file://../common'
+ - name: cmpv2Config
+ version: ~8.x-0
+ repository: 'file://../cmpv2Config'
diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
index f820c30ca9..108873b31d 100644
--- a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
+++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
@@ -18,7 +18,7 @@
#
# To request a certificate following steps are to be done:
# - create an object 'certificates' in the values.yaml
-# - create a file templates/certificates.yaml and invoke the function "certManagerCertificate.certificate".
+# - create a file templates/certificate.yaml and invoke the function "certManagerCertificate.certificate".
#
# Here is an example of the certificate request for a component:
#
@@ -53,6 +53,7 @@
# passwordSecretRef:
# name: secret-name
# key: secret-key
+# create: true
#
# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
# Other mandatory fields for the certificate definition do not have to be defined directly,
@@ -74,7 +75,7 @@
{{/*# General certifiacate attributes #*/}}
{{- $name := include "common.fullname" $dot -}}
{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}}
-{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+{{- $secretName := default (printf "%s-secret-%d" $name $i) (tpl (default "" $certificate.secretName) $ ) -}}
{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
{{- $renewBefore := default $subchartGlobal.certificate.default.renewBefore $certificate.renewBefore -}}
{{- $duration := default $subchartGlobal.certificate.default.duration $certificate.duration -}}
@@ -94,10 +95,11 @@
{{- if $certificate.issuer -}}
{{- $issuer = $certificate.issuer -}}
{{- end -}}
----
-{{- if $certificate.keystore }}
+{{/*# Secret #*/}}
+{{ if $certificate.keystore -}}
{{- $passwordSecretRef := $certificate.keystore.passwordSecretRef -}}
- {{- $password := include "common.createPassword" (dict "dot" $dot "uid" $certName) | quote }}
+ {{- $password := include "common.createPassword" (dict "dot" $dot "uid" $certName) | quote -}}
+ {{- if $passwordSecretRef.create }}
apiVersion: v1
kind: Secret
metadata:
@@ -106,7 +108,8 @@ metadata:
type: Opaque
stringData:
{{ $passwordSecretRef.key }}: {{ $password }}
-{{- end }}
+ {{- end }}
+{{ end -}}
---
apiVersion: cert-manager.io/v1
kind: Certificate
@@ -120,6 +123,15 @@ spec:
{{- if $duration }}
duration: {{ $duration }}
{{- end }}
+ {{- if $certificate.isCA }}
+ isCA: {{ $certificate.isCA }}
+ {{- end }}
+ {{- if $certificate.usages }}
+ usages:
+ {{- range $usage := $certificate.usages }}
+ - {{ $usage }}
+ {{- end }}
+ {{- end }}
subject:
organizations:
- {{ $subject.organization }}
@@ -156,7 +168,9 @@ spec:
{{- end }}
{{- end }}
issuerRef:
+ {{- if not (eq $issuer.kind "Issuer" ) }}
group: {{ $issuer.group }}
+ {{- end }}
kind: {{ $issuer.kind }}
name: {{ $issuer.name }}
{{- if $certificate.keystore }}
@@ -168,7 +182,7 @@ spec:
{{ $outputType }}:
create: true
passwordSecretRef:
- name: {{ $certificate.keystore.passwordSecretRef.name }}
+ name: {{ tpl (default "" $certificate.keystore.passwordSecretRef.name) $ }}
key: {{ $certificate.keystore.passwordSecretRef.key }}
{{- end }}
{{- end }}
@@ -234,4 +248,4 @@ spec:
{{- $certsLinkCommand = (printf "ln -s %s %s; %s" $sourcePath $destnationPath $certsLinkCommand) -}}
{{- end -}}
{{ $certsLinkCommand }}
-{{- end -}}
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/common/cmpv2Certificate/requirements.yaml b/kubernetes/common/cmpv2Certificate/requirements.yaml
index 87509d11bc..b10896d2ce 100644
--- a/kubernetes/common/cmpv2Certificate/requirements.yaml
+++ b/kubernetes/common/cmpv2Certificate/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: 'file://../repositoryGenerator'
+ - name: cmpv2Config
+ version: ~8.x-0
+ repository: 'file://../cmpv2Config'
diff --git a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
index 58cc9c7249..f80b06b4d3 100644
--- a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
+++ b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
@@ -62,7 +62,7 @@ There also need to be some includes used in a target component deployment (inden
{{- define "common.certServiceClient.initContainer" -}}
{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
{{- range $index, $certificate := $dot.Values.certificates -}}
@@ -97,11 +97,14 @@ There also need to be some includes used in a target component deployment (inden
{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
-{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.secret.mountPath -}}
-{{- $keystorePath := $subchartGlobal.platform.certServiceClient.envVariables.keystorePath -}}
-{{- $keystorePassword := $subchartGlobal.platform.certServiceClient.envVariables.keystorePassword -}}
-{{- $truststorePath := $subchartGlobal.platform.certServiceClient.envVariables.truststorePath -}}
-{{- $truststorePassword := $subchartGlobal.platform.certServiceClient.envVariables.truststorePassword -}}
+{{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}}
+{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}}
+{{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}}
+{{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}}
+{{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}}
+{{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}}
+{{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}}
+{{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}}
- name: certs-init-{{ $index }}
image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
@@ -133,11 +136,17 @@ There also need to be some includes used in a target component deployment (inden
- name: KEYSTORE_PATH
value: {{ $keystorePath | quote }}
- name: KEYSTORE_PASSWORD
- value: {{ $keystorePassword | quote }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $keystorePasswordSecret | quote}}
+ key: {{ $keystorePasswordSecretKey | quote}}
- name: TRUSTSTORE_PATH
value: {{ $truststorePath | quote }}
- name: TRUSTSTORE_PASSWORD
- value: {{ $truststorePassword | quote }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $truststorePasswordSecret | quote}}
+ key: {{ $truststorePasswordSecretKey | quote}}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
@@ -151,10 +160,10 @@ There also need to be some includes used in a target component deployment (inden
{{- define "common.certServiceClient.volumes" -}}
{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- $certificatesSecretName := $subchartGlobal.platform.certServiceClient.secret.name -}}
+{{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}}
- name: certservice-tls-volume
secret:
secretName: {{ $certificatesSecretName }}
@@ -168,7 +177,7 @@ There also need to be some includes used in a target component deployment (inden
{{- define "common.certServiceClient.volumeMounts" -}}
{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
{{- range $index, $certificate := $dot.Values.certificates -}}
diff --git a/kubernetes/common/cmpv2Certificate/values.yaml b/kubernetes/common/cmpv2Certificate/values.yaml
index b7531431c4..504947525d 100644
--- a/kubernetes/common/cmpv2Certificate/values.yaml
+++ b/kubernetes/common/cmpv2Certificate/values.yaml
@@ -11,38 +11,3 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
-#################################################################
-# Global configuration default values that can be inherited by
-# all subcharts.
-#################################################################
-global:
- # Enabling CMPv2
- cmpv2Enabled: true
- CMPv2CertManagerIntegration: false
-
- certificate:
- default:
- subject:
- organization: "Linux-Foundation"
- country: "US"
- locality: "San-Francisco"
- province: "California"
- organizationalUnit: "ONAP"
-
- platform:
- certServiceClient:
- secret:
- name: oom-cert-service-client-tls-secret
- mountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- certPath: "/var/custom-certs"
- # Client configuration related
- caName: "RA"
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
- outputType: "P12"
- keystorePassword: "secret"
- truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
- truststorePassword: "secret"
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index b6ee064302..695e40616c 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -12,22 +12,40 @@
# See the License for the specific language governing permissions and
# limitations under the License.
global:
+
+ # Enabling CMPv2
+ cmpv2Enabled: true
+ CMPv2CertManagerIntegration: false
+
+ certificate:
+ default:
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+
platform:
+ certificates:
+ clientSecretName: oom-cert-service-client-tls-secret
+ keystoreKeyRef: keystore.jks
+ truststoreKeyRef: truststore.jks
+ keystorePasswordSecretName: oom-cert-service-keystore-password
+ keystorePasswordSecretKey: password
+ truststorePasswordSecretName: oom-cert-service-truststore-password
+ truststorePasswordSecretKey: password
certServiceClient:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- secretName: oom-cert-service-client-tls-secret
+ certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
envVariables:
+ certPath: "/var/custom-certs"
# Certificate related
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2State: "California"
- cmpv2Country: "US"
+ caName: "RA"
# Client configuration related
requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
- keystorePassword: "secret"
- truststorePassword: "secret"
+ outputType: "P12"
certPostProcessor:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
diff --git a/kubernetes/common/music/resources/config/startup.sh b/kubernetes/common/music/resources/config/startup.sh
index 37bb84de8b..e3cee36f1f 100755
--- a/kubernetes/common/music/resources/config/startup.sh
+++ b/kubernetes/common/music/resources/config/startup.sh
@@ -32,8 +32,8 @@ DEBUG_PROP=
# Debug Setup. Uses env variables
# DEBUG and DEBUG_PORT
# DEBUG=true/false | DEBUG_PORT=<Port valie must be integer>
-if [ "${DEBUG}" == "true" ]; then
- if [ "${DEBUG_PORT}" == "" ]; then
+if [ "${DEBUG}" = "true" ]; then
+ if [ "${DEBUG_PORT}" = "" ]; then
DEBUG_PORT=8000
fi
echo "Debug mode on"
diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
index 657b5f9448..1a75bd7a85 100755
--- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
+++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
@@ -86,9 +86,9 @@ deploy() {
target_machine_notice_info
}
-if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
+if [[ $# -eq 1 ]] && [[ $1 = "-h" || $1 = "--help" ]]; then
usage
-elif [[ $# -eq 1 ]] && [[ $1 == "--info" ]]; then
+elif [[ $# -eq 1 ]] && [[ $1 = "--info" ]]; then
target_machine_notice_info
else
deploy $@
diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
index 6e412a3688..44fe79a0c6 100755
--- a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
+++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
@@ -76,7 +76,7 @@ manual_configuration() {
generate_config_map $@
}
-if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
+if [[ $# -eq 1 ]] && [[ $1 = "-h" || $1 = "--help" ]]; then
usage
elif [[ $# -eq 0 ]]; then
automatic_configuration
diff --git a/kubernetes/contrib/tools/check-for-staging-images.sh b/kubernetes/contrib/tools/check-for-staging-images.sh
index ce51b30b58..8c01312fa2 100755
--- a/kubernetes/contrib/tools/check-for-staging-images.sh
+++ b/kubernetes/contrib/tools/check-for-staging-images.sh
@@ -16,7 +16,7 @@
BASE_URL="https://nexus3.onap.org/repository/docker.release"
-if [ "$GERRIT_BRANCH" == "staging" ]; then
+if [ "$GERRIT_BRANCH" = "staging" ]; then
exit 0
fi
diff --git a/kubernetes/contrib/tools/rke/rke_setup.sh b/kubernetes/contrib/tools/rke/rke_setup.sh
index cde7d4caa0..7950e0cc88 100755
--- a/kubernetes/contrib/tools/rke/rke_setup.sh
+++ b/kubernetes/contrib/tools/rke/rke_setup.sh
@@ -258,14 +258,14 @@ EOF
helm init --service-account tiller
kubectl -n kube-system rollout status deploy/tiller-deploy
echo "upgrade server side of helm in kubernetes"
- if [ "$USERNAME" == "root" ]; then
+ if [ "$USERNAME" = "root" ]; then
helm version
else
sudo helm version
fi
echo "sleep 30"
sleep 30
- if [ "$USERNAME" == "root" ]; then
+ if [ "$USERNAME" = "root" ]; then
helm init --upgrade
else
sudo helm init --upgrade
@@ -273,13 +273,13 @@ EOF
echo "sleep 30"
sleep 30
echo "verify both versions are the same below"
- if [ "$USERNAME" == "root" ]; then
+ if [ "$USERNAME" = "root" ]; then
helm version
else
sudo helm version
fi
echo "start helm server"
- if [ "$USERNAME" == "root" ]; then
+ if [ "$USERNAME" = "root" ]; then
helm serve &
else
sudo helm serve &
@@ -287,7 +287,7 @@ EOF
echo "sleep 30"
sleep 30
echo "add local helm repo"
- if [ "$USERNAME" == "root" ]; then
+ if [ "$USERNAME" = "root" ]; then
helm repo add local http://127.0.0.1:8879
helm repo list
else
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
index 6018abe309..3c769fca5f 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
@@ -44,14 +44,18 @@
"image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}",
"request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}",
"timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}",
- "country": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Country }}",
- "organization": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Organization }}",
- "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}",
- "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
- "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}",
- "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}",
- "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
- "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
+ "country": "{{ .Values.cmpv2Config.global.certificate.default.subject.country }}",
+ "organization": "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}",
+ "state": "{{ .Values.cmpv2Config.global.certificate.default.subject.province }}",
+ "organizational_unit": "{{ .Values.cmpv2Config.global.certificate.default.subject.organizationalUnit }}",
+ "location": "{{ .Values.cmpv2Config.global.certificate.default.subject.locality }}",
+ "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certificates.clientSecretName }}",
+ "keystore_secret_key": "{{ .Values.cmpv2Config.global.platform.certificates.keystoreKeyRef }}",
+ "truststore_secret_key": "{{ .Values.cmpv2Config.global.platform.certificates.truststoreKeyRef }}",
+ "keystore_password_secret_name": "{{ .Values.cmpv2Config.global.platform.certificates.keystorePasswordSecretName }}",
+ "keystore_password_secret_key": "{{ .Values.cmpv2Config.global.platform.certificates.keystorePasswordSecretKey }}",
+ "truststore_password_secret_name": "{{ .Values.cmpv2Config.global.platform.certificates.truststorePasswordSecretName }}",
+ "truststore_password_secret_key": "{{ .Values.cmpv2Config.global.platform.certificates.truststorePasswordSecretKey }}"
},
"cert_post_processor": {
"image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index 1135c053d9..fcc8f6d4b0 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -55,7 +55,7 @@ config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:4.4.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:4.5.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh
index 3bcb404032..6267a35312 100755
--- a/kubernetes/helm/plugins/deploy/deploy.sh
+++ b/kubernetes/helm/plugins/deploy/deploy.sh
@@ -49,7 +49,7 @@ generate_overrides() {
for index in "${!SUBCHART_NAMES[@]}"; do
START=${SUBCHART_NAMES[index]}
END=${SUBCHART_NAMES[index+1]}
- if [[ $START == "global:" ]]; then
+ if [[ $START = "global:" ]]; then
echo "global:" > $GLOBAL_OVERRIDES
cat $COMPUTED_OVERRIDES | sed '/common:/,/consul:/d' \
| sed -n '/^'"$START"'/,/'log:'/p' | sed '1d;$d' >> $GLOBAL_OVERRIDES
@@ -72,11 +72,11 @@ resolve_deploy_flags() {
n=${#flags[*]}
for (( i = 0; i < n; i++ )); do
PARAM=${flags[i]}
- if [[ $PARAM == "-f" || \
- $PARAM == "--values" || \
- $PARAM == "--set" || \
- $PARAM == "--set-string" || \
- $PARAM == "--version" ]]; then
+ if [[ $PARAM = "-f" || \
+ $PARAM = "--values" || \
+ $PARAM = "--set" || \
+ $PARAM = "--set-string" || \
+ $PARAM = "--version" ]]; then
# skip param and its value
i=$((i + 1))
else
@@ -98,7 +98,7 @@ deploy() {
FLAGS=${@:3}
CHART_REPO="$(cut -d'/' -f1 <<<"$CHART_URL")"
CHART_NAME="$(cut -d'/' -f2 <<<"$CHART_URL")"
- if [[ $HELM_VER == "v3."* ]]; then
+ if [[ $HELM_VER = "v3."* ]]; then
CACHE_DIR=~/.local/share/helm/plugins/deploy/cache
else
CACHE_DIR=~/.helm/plugins/deploy/cache
@@ -149,7 +149,7 @@ deploy() {
SUBCHART_RELEASE="$(cut -d'-' -f2 <<<"$RELEASE")"
# update specified subchart without parent
RELEASE="$(cut -d'-' -f1 <<<"$RELEASE")"
- if [[ $SUBCHART_RELEASE == $RELEASE ]]; then
+ if [[ $SUBCHART_RELEASE = $RELEASE ]]; then
SUBCHART_RELEASE=
fi
@@ -201,13 +201,13 @@ deploy() {
helm upgrade -i $RELEASE $CHART_DIR $DEPLOY_FLAGS -f $COMPUTED_OVERRIDES \
> $LOG_FILE.log 2>&1
- if [[ $VERBOSE == "true" ]]; then
+ if [[ $VERBOSE = "true" ]]; then
cat $LOG_FILE
else
echo "release \"$RELEASE\" deployed"
fi
# Add annotation last-applied-configuration if set-last-applied flag is set
- if [[ $SET_LAST_APPLIED == "true" ]]; then
+ if [[ $SET_LAST_APPLIED = "true" ]]; then
helm get manifest ${RELEASE} \
| kubectl apply set-last-applied --create-annotation -n onap -f - \
> $LOG_FILE.log 2>&1
@@ -228,7 +228,7 @@ deploy() {
fi
if [[ $SUBCHART_ENABLED -eq 1 ]]; then
- if [[ -z "$SUBCHART_RELEASE" || $SUBCHART_RELEASE == "$subchart" ]]; then
+ if [[ -z "$SUBCHART_RELEASE" || $SUBCHART_RELEASE = "$subchart" ]]; then
LOG_FILE=$LOG_DIR/"${RELEASE}-${subchart}".log
:> $LOG_FILE
@@ -236,19 +236,19 @@ deploy() {
$DEPLOY_FLAGS -f $GLOBAL_OVERRIDES -f $SUBCHART_OVERRIDES \
> $LOG_FILE 2>&1
- if [[ $VERBOSE == "true" ]]; then
+ if [[ $VERBOSE = "true" ]]; then
cat $LOG_FILE
else
echo "release \"${RELEASE}-${subchart}\" deployed"
fi
# Add annotation last-applied-configuration if set-last-applied flag is set
- if [[ $SET_LAST_APPLIED == "true" ]]; then
+ if [[ $SET_LAST_APPLIED = "true" ]]; then
helm get manifest "${RELEASE}-${subchart}" \
| kubectl apply set-last-applied --create-annotation -n onap -f - \
> $LOG_FILE.log 2>&1
fi
fi
- if [[ $DELAY == "true" ]]; then
+ if [[ $DELAY = "true" ]]; then
echo sleep 3m
sleep 3m
fi
@@ -256,7 +256,7 @@ deploy() {
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
n=${#array[*]}
for (( i = n-1; i >= 0; i-- )); do
- if [[ $HELM_VER == "v3."* ]]; then
+ if [[ $HELM_VER = "v3."* ]]; then
helm del "${array[i]}"
else
helm del "${array[i]}" --purge
@@ -266,7 +266,7 @@ deploy() {
done
# report on success/failures of installs/upgrades
- if [[ $HELM_VER == "v3."* ]]; then
+ if [[ $HELM_VER = "v3."* ]]; then
helm ls --all-namespaces | grep -i FAILED | grep $RELEASE
else
helm ls | grep FAILED | grep $RELEASE
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index b008acf6f3..ca9ccd48f4 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -196,28 +196,25 @@ global:
cmpv2Enabled: true
CMPv2CertManagerIntegration: false
platform:
+ certificates:
+ clientSecretName: oom-cert-service-client-tls-secret
+ keystoreKeyRef: keystore.jks
+ truststoreKeyRef: truststore.jks
+ keystorePasswordSecretName: oom-cert-service-certificates-password
+ keystorePasswordSecretKey: password
+ truststorePasswordSecretName: oom-cert-service-certificates-password
+ truststorePasswordSecretKey: password
certServiceClient:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- secret:
- name: oom-cert-service-client-tls-secret
- mountPath: /etc/onap/oom/certservice/certs/
+ certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
envVariables:
certPath: "/var/custom-certs"
# Certificate related
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2State: "California"
- cmpv2Country: "US"
- # Client configuration related
caName: "RA"
+ # Client configuration related
requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
- keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
outputType: "P12"
- keystorePassword: "secret"
- truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
- truststorePassword: "secret"
# Indicates offline deployment build
# Set to true if you are rendering helm charts for offline deployment
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index 0614819930..c34ebad982 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -73,10 +73,10 @@ cmpv2issuer:
certEndpoint: v1/certificate
caName: RA
certSecretRef:
- name: cmpv2-issuer-secret
- certRef: certServiceServer-cert.pem
- keyRef: certServiceServer-key.pem
- cacertRef: truststore.pem
+ name: oom-cert-service-server-tls-secret
+ certRef: tls.crt
+ keyRef: tls.key
+ cacertRef: ca.crt
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile
deleted file mode 100644
index ea0cb8aae4..0000000000
--- a/kubernetes/platform/components/oom-cert-service/Makefile
+++ /dev/null
@@ -1,183 +0,0 @@
-CERTS_DIR = resources
-CURRENT_DIR := ${CURDIR}
-DOCKER_CONTAINER = generate-certs
-DOCKER_EXEC = docker exec ${DOCKER_CONTAINER}
-
-all: start_docker \
- clear_all \
- root_generate_keys \
- root_create_certificate \
- root_self_sign_certificate \
- client_generate_keys \
- client_generate_csr \
- client_sign_certificate_by_root \
- client_import_root_certificate \
- client_convert_certificate_to_jks \
- server_generate_keys \
- server_generate_csr \
- server_sign_certificate_by_root \
- server_import_root_certificate \
- server_convert_certificate_to_jks \
- server_convert_certificate_to_p12 \
- convert_truststore_to_p12 \
- convert_truststore_to_pem \
- server_export_certificate_to_pem \
- server_export_key_to_pem \
- clear_unused_files \
- stop_docker
-
-.PHONY: all
-
-# Starts docker container for generating certificates - deletes first, if already running
-start_docker:
- @make stop_docker
- $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
- $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
- $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
- $(eval USERNAME :=$(shell id -u))
- $(eval GROUP :=$(shell id -g))
- docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
-
-# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
-stop_docker:
- docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true
-
-#Clear all files related to certificates
-clear_all:
- @make clear_existing_certificates
- @make clear_unused_files
-
-#Clear certificates
-clear_existing_certificates:
- @echo "Clear certificates"
- ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 truststore.pem certServiceServer-cert.pem certServiceServer-key.pem
- @echo "#####done#####"
-
-#Generate root private and public keys
-root_generate_keys:
- @echo "Generate root private and public keys"
- ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
- -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
- -storepass secret -ext BasicConstraints:critical="ca:true"
- @echo "#####done#####"
-
-#Export public key as certificate
-root_create_certificate:
- @echo "(Export public key as certificate)"
- ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
- @echo "#####done#####"
-
-#Self-signed root (import root certificate into truststore)
-root_self_sign_certificate:
- @echo "(Self-signed root (import root certificate into truststore))"
- ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
- @echo "#####done#####"
-
-#Generate certService's client private and public keys
-client_generate_keys:
- @echo "Generate certService's client private and public keys"
- ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \
- -keystore certServiceClient-keystore.jks -storetype JKS \
- -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
- -keypass secret -storepass secret
- @echo "####done####"
-
-#Generate certificate signing request for certService's client
-client_generate_csr:
- @echo "Generate certificate signing request for certService's client"
- ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
- @echo "####done####"
-
-#Sign certService's client certificate by root CA
-client_sign_certificate_by_root:
- @echo "Sign certService's client certificate by root CA"
- ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
- -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
- @echo "####done####"
-
-#Import root certificate into client
-client_import_root_certificate:
- @echo "Import root certificate into intermediate"
- ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
- @echo "####done####"
-
-#Import signed certificate into certService's client
-client_convert_certificate_to_jks:
- @echo "Import signed certificate into certService's client"
- ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
- @echo "####done####"
-
-#Generate certService private and public keys
-server_generate_keys:
- @echo "Generate certService private and public keys"
- ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \
- -keystore certServiceServer-keystore.jks -storetype JKS \
- -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
- -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
- @echo "####done####"
-
-#Generate certificate signing request for certService
-server_generate_csr:
- @echo "Generate certificate signing request for certService"
- ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
- @echo "####done####"
-
-#Sign certService certificate by root CA
-server_sign_certificate_by_root:
- @echo "Sign certService certificate by root CA"
- ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
- -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
- -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
- @echo "####done####"
-
-#Import root certificate into server
-server_import_root_certificate:
- @echo "Import root certificate into intermediate(server)"
- ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
- @echo "####done####"
-
-#Import signed certificate into certService
-server_convert_certificate_to_jks:
- @echo "Import signed certificate into certService"
- ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
- -storepass secret -noprompt
- @echo "####done####"
-
-#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
-server_convert_certificate_to_p12:
- @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
- ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
- -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
- @echo "#####done#####"
-
-#Convert truststore(.jks) to PCKS12 format(.p12)
-convert_truststore_to_p12:
- @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
- ${DOCKER_EXEC} keytool -importkeystore -srckeystore truststore.jks -srcstorepass secret \
- -destkeystore truststore.p12 -deststoretype PKCS12 -deststorepass secret
- @echo "#####done#####"
-
-#Convert truststore(.p12) to PEM format(.pem)
-convert_truststore_to_pem:
- @echo "Convert certServiceServer-keystore(.p12) to PEM format(.pem)"
- ${DOCKER_EXEC} openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:secret
- @echo "#####done#####"
-
-#Export certificates from certServiceServer-keystore(.p12) to PEM format(.pem)
-server_export_certificate_to_pem:
- @echo "Export certificates from certServiceClient-keystore(.p12) to PEM format(.pem)"
- ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nokeys -out certServiceServer-cert.pem
- @echo "#####done#####"
-
-#Export keys from certServiceServer-keystore(.p12) to PEM format(.pem)
-server_export_key_to_pem:
- @echo "Export keys from certServiceClient-keystore(.p12) to PEM format(.pem)"
- ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nocerts -out certServiceServer-key.pem
- @echo "#####done#####"
-
-
-#Clear unused certificates
-clear_unused_files:
- @echo "Clear unused certificates"
- ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr truststore.p12
- @echo "#####done#####"
diff --git a/kubernetes/platform/components/oom-cert-service/requirements.yaml b/kubernetes/platform/components/oom-cert-service/requirements.yaml
index e89dc58027..6177278552 100644
--- a/kubernetes/platform/components/oom-cert-service/requirements.yaml
+++ b/kubernetes/platform/components/oom-cert-service/requirements.yaml
@@ -19,3 +19,9 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: certManagerCertificate
+ version: ~8.x-0
+ repository: '@local'
+ - name: cmpv2Config
+ version: ~8.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml b/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml
new file mode 100644
index 0000000000..fd317703e3
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020-2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "certManagerCertificate.certificate" . }}
diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
index c4d7440b20..9a6abd4eb9 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
@@ -93,9 +93,9 @@ spec:
- name: ROOT_CERT
value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}"
- name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "certificates-password" "key" "password") | indent 14 }}
- name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "certificates-password" "key" "password") | indent 14 }}
livenessProbe:
exec:
command:
diff --git a/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml b/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml
new file mode 100644
index 0000000000..9047ab73d3
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml
@@ -0,0 +1,32 @@
+{{/*
+ # Copyright © 2021, Nokia
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ .Values.tls.issuer.selfsigning.name }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ .Values.tls.issuer.ca.name }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ ca:
+ secretName: {{ .Values.tls.issuer.ca.secret.name }} \ No newline at end of file
diff --git a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
index 2d47e6f57c..5401801af5 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
@@ -28,42 +28,5 @@ data:
{{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }}
{{ end }}
---
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.global.certService.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }}
-type: Opaque
-data:
- certServiceClient-keystore.jks:
- {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }}
- truststore.jks:
- {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.tls.server.secret.name }}
-type: Opaque
-data:
- certServiceServer-keystore.jks:
- {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }}
- certServiceServer-keystore.p12:
- {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }}
- truststore.jks:
- {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
- root.crt:
- {{ (.Files.Glob "resources/root.crt").AsSecrets }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.tls.provider.secret.name }}
-type: Opaque
-data:
- certServiceServer-key.pem:
- {{ (.Files.Glob "resources/certServiceServer-key.pem").AsSecrets }}
- certServiceServer-cert.pem:
- {{ (.Files.Glob "resources/certServiceServer-cert.pem").AsSecrets }}
- truststore.pem:
- {{ (.Files.Glob "resources/truststore.pem").AsSecrets }}
+
{{ end -}}
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index 537b025fb0..829d3a01d1 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -79,38 +79,40 @@ cmpServers:
mountPath: /etc/onap/oom/certservice
tls:
+ issuer:
+ selfsigning:
+ name: &selfSigningIssuer cmpv2-selfsigning-issuer
+ ca:
+ name: &caIssuer cmpv2-ca-issuer
+ secret:
+ name: &caKeyPairSecret cmpv2-ca-key-pair
server:
secret:
- name: oom-cert-service-server-tls-secret
+ name: &serverSecret oom-cert-service-server-tls-secret
volume:
name: oom-cert-service-server-tls-volume
mountPath: /etc/onap/oom/certservice/certs/
client:
secret:
defaultName: oom-cert-service-client-tls-secret
- provider:
- secret:
- name: cmpv2-issuer-secret
envs:
keystore:
- jksName: certServiceServer-keystore.jks
- p12Name: certServiceServer-keystore.p12
- pemName: certServiceServer-keystore.pem
+ jksName: keystore.jks
+ p12Name: keystore.p12
+ pemName: tls.crt
truststore:
jksName: truststore.jks
- crtName: root.crt
- pemName: truststore.pem
+ crtName: ca.crt
+ pemName: tls.crt
httpsPort: 8443
# External secrets with credentials can be provided to override default credentials defined below,
# by uncommenting and filling appropriate *ExternalSecret value
credentials:
tls:
- keystorePassword: secret
- truststorePassword: secret
- #keystorePasswordExternalSecret:
- #truststorePasswordExternalSecret:
+ certificatesPassword: secret
+ #certificatesPasswordExternalSecret:
# Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
cmp:
# Used only if cmpv2 testing is enabled
@@ -126,17 +128,11 @@ credentials:
# rv: unused
secrets:
- - uid: keystore-password
- name: '{{ include "common.release" . }}-keystore-password'
- type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
- password: '{{ .Values.credentials.tls.keystorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- name: '{{ include "common.release" . }}-truststore-password'
+ - uid: certificates-password
+ name: &certificatesPasswordSecretName '{{ .Values.cmpv2Config.global.platform.certificates.keystorePasswordSecretName }}'
type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
- password: '{{ .Values.credentials.tls.truststorePassword }}'
+ externalSecret: '{{ tpl (default "" .Values.credentials.tls.certificatesPasswordExternalSecret) . }}'
+ password: '{{ .Values.credentials.tls.certificatesPassword }}'
passwordPolicy: required
# Below values are relevant only if global addTestingComponents flag is enabled
- uid: ejbca-server-client-iak
@@ -155,3 +151,65 @@ secrets:
type: password
externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
password: '{{ .Values.credentials.cmp.ra.rv }}'
+
+# Certificates definitions
+certificates:
+ - name: selfsigned-cert
+ secretName: *caKeyPairSecret
+ isCA: true
+ commonName: root.com
+ subject:
+ organization: Root Company
+ country: PL
+ locality: Wroclaw
+ province: Dolny Slask
+ organizationalUnit: Root Org
+ issuer:
+ name: *selfSigningIssuer
+ kind: Issuer
+ - name: cert-service-server-cert
+ secretName: *serverSecret
+ commonName: oom-cert-service
+ dnsNames:
+ - oom-cert-service
+ - localhost
+ subject:
+ organization: certServiceServer org
+ country: PL
+ locality: Wroclaw
+ province: Dolny Slask
+ organizationalUnit: certServiceServer company
+ usages:
+ - server auth
+ - client auth
+ keystore:
+ outputType:
+ - jks
+ - p12
+ passwordSecretRef:
+ name: *certificatesPasswordSecretName
+ key: password
+ issuer:
+ name: *caIssuer
+ kind: Issuer
+ - name: cert-service-client-cert
+ secretName: '{{ .Values.cmpv2Config.global.platform.certificates.clientSecretName | default .Values.tls.client.secret.defaultName }}'
+ commonName: certServiceClient.com
+ subject:
+ organization: certServiceClient org
+ country: PL
+ locality: Wroclaw
+ province: Dolny Slask
+ organizationalUnit: certServiceClient company
+ usages:
+ - server auth
+ - client auth
+ keystore:
+ outputType:
+ - jks
+ passwordSecretRef:
+ name: *certificatesPasswordSecretName
+ key: password
+ issuer:
+ name: *caIssuer
+ kind: Issuer
diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh
index 7ab384e8d0..d48070cf24 100755
--- a/kubernetes/robot/demo-k8s.sh
+++ b/kubernetes/robot/demo-k8s.sh
@@ -63,7 +63,7 @@ usage ()
# Check if execscript flag is used and drop it from input arguments
-if [[ "${!#}" == "execscript" ]]; then
+if [[ "${!#}" = "execscript" ]]; then
set -- "${@:1:$#-1}"
execscript=true
fi
diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh
index 576b669cdb..97f4e4d032 100755
--- a/kubernetes/robot/ete-k8s.sh
+++ b/kubernetes/robot/ete-k8s.sh
@@ -18,7 +18,7 @@
# Run the testsuite for the passed tag. Valid tags are listed in usage help
# Please clean up logs when you are done...
#
-if [ "$1" == "" ] || [ "$2" == "" ]; then
+if [ "$1" = "" ] || [ "$2" = "" ]; then
echo "Usage: ete-k8s.sh [namespace] [tag] [execscript]"
echo ""
echo " List of test case tags (filename for intent: tag)"
@@ -76,7 +76,7 @@ SCRIPTDIR=scripts/etescript
ETEHOME=/var/opt/ONAP
-if [[ "${!#}" == "execscript" ]]; then
+if [[ "${!#}" = "execscript" ]]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
[ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
done
diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh
index b8b8708a26..2512e5f7ce 100755
--- a/kubernetes/robot/eteHelm-k8s.sh
+++ b/kubernetes/robot/eteHelm-k8s.sh
@@ -18,7 +18,7 @@
# Run the health-check testsuites for the tags discovered by helm list
# Please clean up logs when you are done...
#
-if [ "$1" == "" ] ; then
+if [ "$1" = "" ] ; then
echo "Usage: eteHelm-k8s.sh [namespace] [execscript]"
echo " list projects via helm list and runs health-check with those tags except dev and dev-consul"
echo " [execscript] - optional parameter to execute user custom scripts located in scripts/helmscript directory"
@@ -44,7 +44,7 @@ SCRIPTDIR=scripts/helmscript
ETEHOME=/var/opt/ONAP
-if [[ "${!#}" == "execscript" ]]; then
+if [[ "${!#}" = "execscript" ]]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
[ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
done
diff --git a/kubernetes/sdc/components/sdc-helm-validator/Chart.yaml b/kubernetes/sdc/components/sdc-helm-validator/Chart.yaml
new file mode 100644
index 0000000000..5af3bf737b
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-helm-validator/Chart.yaml
@@ -0,0 +1,20 @@
+# ===========LICENSE_START========================================================
+# Copyright (c) 2021 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Service Design and Creation Helm Validator
+name: sdc-helm-validator
+version: 8.0.0
diff --git a/kubernetes/sdc/components/sdc-helm-validator/requirements.yaml b/kubernetes/sdc/components/sdc-helm-validator/requirements.yaml
new file mode 100644
index 0000000000..8e1160ad44
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-helm-validator/requirements.yaml
@@ -0,0 +1,23 @@
+# ===========LICENSE_START========================================================
+# Copyright (c) 2021 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml b/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml
new file mode 100644
index 0000000000..08228ad99c
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml
@@ -0,0 +1,44 @@
+{{/*
+# ===========LICENSE_START========================================================
+# Copyright (c) 2021 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: 1
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ env:
+ - name: LOG_LEVEL
+ value: {{ .Values.config.loggingLevel }}
+ livenessProbe:
+ httpGet:
+ path: {{ .Values.liveness.path }}
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/components/sdc-helm-validator/templates/service.yaml b/kubernetes/sdc/components/sdc-helm-validator/templates/service.yaml
new file mode 100644
index 0000000000..a5837afc84
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-helm-validator/templates/service.yaml
@@ -0,0 +1,19 @@
+{{/*
+# ===========LICENSE_START========================================================
+# Copyright (c) 2021 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/sdc/components/sdc-helm-validator/values.yaml b/kubernetes/sdc/components/sdc-helm-validator/values.yaml
new file mode 100644
index 0000000000..9c0d90649f
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-helm-validator/values.yaml
@@ -0,0 +1,58 @@
+# ===========LICENSE_START========================================================
+# Copyright (c) 2021 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# Global values
+global:
+ pullPolicy: Always
+
+image: onap/org.onap.sdc.sdc-helm-validator:1.2.0
+containerPort: &svc_port 8080
+
+config:
+ loggingLevel: INFO
+
+service:
+ type: ClusterIP
+ ports:
+ - name: &port http
+ port: *svc_port
+
+liveness:
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ path: /actuator/health
+ port: *port
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 256Mi
+ requests:
+ cpu: 1
+ memory: 256Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 256Mi
+ unlimited: {}
diff --git a/kubernetes/sdc/requirements.yaml b/kubernetes/sdc/requirements.yaml
index 7ed88c50cc..2f2cb6c373 100644
--- a/kubernetes/sdc/requirements.yaml
+++ b/kubernetes/sdc/requirements.yaml
@@ -34,3 +34,7 @@ dependencies:
version: ~8.x-0
repository: 'file://components/sdc-wfd-fe'
condition: sdc-wfd.enabled
+ - name: sdc-helm-validator
+ version: ~8.x-0
+ repository: 'file://components/sdc-helm-validator'
+ condition: sdc-helm-validator.enabled
diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml
index fef7dab310..b7476a584e 100644
--- a/kubernetes/sdc/values.yaml
+++ b/kubernetes/sdc/values.yaml
@@ -63,3 +63,5 @@ cassandra:
# dependency / sub-chart configuration
sdc-wfd:
enabled: true
+sdc-helm-validator:
+ enabled: true
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
index 5a53fa1ca2..feb6662196 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
@@ -17,7 +17,7 @@
*/}}
debugLog(){
- if [ "$enableDebugLogging" == true ]; then
+ if [ "$enableDebugLogging" = true ]; then
if [ $# -eq 0 ]; then
echo "" >> $LOGFILE
else
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh
index 9c81069812..94858339e7 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncStandby.sh
@@ -17,7 +17,7 @@
*/}}
debugLog(){
- if [ "$enableDebugLogging" == true ]; then
+ if [ "$enableDebugLogging" = true ]; then
if [ $# -eq 0 ]; then
echo "" >> $LOGFILE
else
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
index 7764d00cc2..fa76a9ee40 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
@@ -24,7 +24,7 @@ fi
# should PROM start as passive?
state=$( bin/sdnc.cluster )
-if [ "$state" == "standby" ]; then
+if [ "$state" = "standby" ]; then
echo "Starting PROM in passive mode"
passive="-p"
fi
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh
index 8057547b59..c36d2e3e9f 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/switchVoting.sh
@@ -26,7 +26,7 @@ LOGFILE="/app/geo.log"
enableDebugLogging=true
debugLog(){
- if [ "$enableDebugLogging" == true ]; then
+ if [ "$enableDebugLogging" = true ]; then
if [ $# -eq 0 ]; then
echo "" >> $LOGFILE
else
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index fc093b8637..43201fef4b 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -195,6 +195,7 @@ certificates:
outputType:
- jks
passwordSecretRef:
+ create: true
name: sdnc-cmpv2-keystore-password
key: password
issuer: