summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rwxr-xr-xkubernetes/cds/charts/cds-blueprints-processor/values.yaml2
-rwxr-xr-xkubernetes/cds/charts/cds-command-executor/values.yaml2
-rw-r--r--kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-chain.pem38
-rw-r--r--kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-key.pem52
-rw-r--r--kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor.conf46
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/templates/deployment.yaml14
-rw-r--r--kubernetes/cds/charts/cds-py-executor/templates/secret.yaml2
-rwxr-xr-xkubernetes/cds/charts/cds-py-executor/values.yaml10
-rw-r--r--kubernetes/cds/charts/cds-sdc-listener/values.yaml2
-rw-r--r--kubernetes/cds/charts/cds-ui/values.yaml2
-rwxr-xr-xkubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh193
-rw-r--r--kubernetes/clamp/charts/mariadb/templates/configmap.yaml13
-rw-r--r--kubernetes/clamp/charts/mariadb/templates/deployment.yaml7
-rw-r--r--kubernetes/common/mariadb-galera/resources/create-deployment.yml50
-rw-r--r--kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh26
-rw-r--r--kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh101
-rw-r--r--kubernetes/common/mariadb-galera/templates/configmap.yaml37
-rw-r--r--kubernetes/common/mariadb-galera/templates/job.yaml107
-rw-r--r--kubernetes/common/mariadb-galera/values.yaml5
-rwxr-xr-xkubernetes/common/mariadb-init/resources/config/db_init.sh5
-rw-r--r--kubernetes/onap/Chart.yaml2
-rwxr-xr-xkubernetes/onap/values.yaml10
-rw-r--r--kubernetes/policy/charts/pap/templates/deployment.yaml5
-rw-r--r--kubernetes/policy/charts/pap/values.yaml14
-rw-r--r--kubernetes/policy/charts/policy-api/templates/deployment.yaml5
-rw-r--r--kubernetes/policy/charts/policy-api/values.yaml13
-rw-r--r--kubernetes/policy/charts/policy-distribution/templates/deployment.yaml5
-rw-r--r--kubernetes/policy/charts/policy-distribution/values.yaml13
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml5
-rw-r--r--kubernetes/policy/charts/policy-xacml-pdp/values.yaml13
-rw-r--r--kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties4
-rw-r--r--kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties4
-rw-r--r--kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties6
-rw-r--r--kubernetes/sdnc/charts/dmaap-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml2
-rw-r--r--kubernetes/sdnc/charts/sdnc-portal/values.yaml2
-rw-r--r--kubernetes/sdnc/charts/ueb-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/values.yaml2
-rw-r--r--kubernetes/so/charts/so-appc-orchestrator/Chart.yaml18
-rw-r--r--kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml57
-rwxr-xr-xkubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml41
-rw-r--r--kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml83
-rw-r--r--kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml15
-rw-r--r--kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml15
-rw-r--r--kubernetes/so/charts/so-appc-orchestrator/values.yaml125
-rwxr-xr-xkubernetes/so/charts/so-bpmn-infra/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-catalog-db-adapter/values.yaml2
-rw-r--r--kubernetes/so/charts/so-monitoring/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-nssmf-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-openstack-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-request-db-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-sdc-controller/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-sdnc-adapter/values.yaml2
-rw-r--r--kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jksbin2344 -> 4641 bytes
-rwxr-xr-xkubernetes/so/charts/so-ve-vnfm-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-vfc-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml10
-rwxr-xr-xkubernetes/so/charts/so-vnfm-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/values.yaml34
59 files changed, 867 insertions, 376 deletions
diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
index c8921f9efa..500e3a536b 100755
--- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml
@@ -62,7 +62,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.7.3
+image: onap/ccsdk-blueprintsprocessor:0.7.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml
index 8b4dbbfc16..f194c279c9 100755
--- a/kubernetes/cds/charts/cds-command-executor/values.yaml
+++ b/kubernetes/cds/charts/cds-command-executor/values.yaml
@@ -40,7 +40,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.7.3
+image: onap/ccsdk-commandexecutor:0.7.5
pullPolicy: Always
# application configuration
diff --git a/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-chain.pem b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-chain.pem
new file mode 100644
index 0000000000..7d626d3922
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-chain.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGmjCCBIKgAwIBAgIUKY54WlWSTO1gukYe2chbzm9mVIowDQYJKoZIhvcNAQEL
+BQAwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCk5ldyBKZXJzZXkxEzARBgNVBAcM
+Ck1pZGRsZXRvd24xFzAVBgNVBAoMDk9OQVAgQ29tbXVuaXR5MQ4wDAYDVQQDDAVD
+Q1NESzEdMBsGCSqGSIb3DQEJARYOYnMyNzk2QGF0dC5jb20wHhcNMjAwNjA1MDgx
+NjAwWhcNMzAwNjAzMDgxNjAwWjB/MQswCQYDVQQGEwJVUzETMBEGA1UECAwKTmV3
+IEplcnNleTETMBEGA1UEBwwKTWlkZGxldG93bjEXMBUGA1UECgwOT05BUCBDb21t
+dW5pdHkxDjAMBgNVBAMMBUNDU0RLMR0wGwYJKoZIhvcNAQkBFg5iczI3OTZAYXR0
+LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMNqVzDC+BpV9iV1
+2sB3ya9Bwx2qTqmygV/ZM/2/Bd6z4duUHd5dK3ZeRablfB2HmaFsjXTTvf+/nVC8
+Q0e4yrOBXRY6qGD27YEkwTebP1Mjvj5uOuamGr6bsZOuJr8HooIA5L25D5GZ37bV
+H4Wq1xz1PG+PgldUf/YXOcwuzO2Nq3FS3I0xKeaNI5YmmlW8gFeGKtPR8vRwpg45
+I+orp2NnO7tFqjwxO3Ka7se9s9fy3GUg0Yn4N1So36r3G2NNbueN34I/d8IazT3Z
+dnWT4amnMXy455ijr1yucaGwKkc7nQDn2cNGlQOIlpzEU90w/V8ne73hAfWKZ+7p
+o3BFOE1X0PV1fFZ4d9rf7slUCWYiUcaKRBbCf+Tu3EBonpJJBQBJTb78pln/5x5r
+d9av0eruCm0K8MZVgHPNRnZVeggi34YFGo1MmDMZDPAYSxBX7z106QmHJiuFvzdc
+u2AIht5jMnXERGO1mzLtjUjWgdjN2zxpARiCPoR59jBuX/DO+vBeSJZ3dFjWFHrM
+2bDg8328ZU6/cVoU30vKR9J+CrBv+V5mvpqRVx/atHIuJ6aQne1FW+qYE/aWw6CH
+IrJbHXLYb1T6nMhzu7rX5YVXSDGu5wLTjnBZlh8XVjn3UBgopS4EnceJRW9Jn01L
+sGlNoEamKVVZ8jS4dif+8zgLsznzAgMBAAGjggEMMIIBCDAdBgNVHQ4EFgQUaigR
+IIb+2J4zJ4bi2IIxICIOSyMwHwYDVR0jBBgwFoAUaigRIIb+2J4zJ4bi2IIxICIO
+SyMwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
+awYDVR0RBGQwYoIRKmNkcy1jb250cm9sbGVyLSqCEipjZHMtcHktZXhlY3V0b3It
+KoIMKnB5LWV4ZWN1dG9ygg4qcHktZXhlY3V0b3ItKoIKKi1weWV4ZWMtKoIJbG9j
+YWxob3N0hwR/AAABMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAMooc0ZyZVzLePmm0q2iU6jls
+ORmfpNXe/MqCRfEPr7sZAy3jGtJK9+ShoVVbvQbXaQ2wDe9XxwnrblWB+SaAwZiL
+A8gF7ozgwavatwZ70683fnCsPC061WDlC965UWCbPL5opxW4ulL3meSYEdzvS3hm
+oxeMhaLJSZpkk4D9tyVHwPtLJBpWD5a3rp9y6e2Q87XhrQKB+y2/QHeaDs3l+tKa
+o6GW/PqKKM3ktboXBlGDT7bLhCpg179dOzXgdtHNtqv7zmXLDbGKV0mbQpjBVu72
+tWKf6KoVFhvXQP2he6vgvcMeycOS9ff3RLePwt61WiDXnQ97kD2UubTrdsQ0QieZ
+r5NHeDQEEnEMW9kHQrYDEGk5s881QTg8EmrKKdcUH9+65ka/0HnKF9cQ+MklRMtG
+8QDiwTd8AIyeOLg/9l9VP09IglksrmkfxqWD7zFyFKlyZZbiBH5XrYGlnGgezIUx
+T41ulfQyQ6Ef1z97EUzYTOmxWRWReoFbLsqFOg1KLD2Y0wZkT22IdBreEO9W/W+X
+OQuLLA3qwOZMF/mKwzp6SSLbelVIOhhx4k1sQy95dqMMQQMuLK/uPNETlenE36fT
+yhiCa7B6VyPKVsYDcte2Cs8wo2uhMb7i5VaFIZD8Cjswkx1GbcQs9X0Fm1W9g5J0
+j/cJjXSeCIp84F+fxZo=
+-----END CERTIFICATE-----
diff --git a/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-key.pem b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-key.pem
new file mode 100644
index 0000000000..c6ef005641
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor-key.pem
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDDalcwwvgaVfYl
+ddrAd8mvQcMdqk6psoFf2TP9vwXes+HblB3eXSt2XkWm5Xwdh5mhbI10073/v51Q
+vENHuMqzgV0WOqhg9u2BJME3mz9TI74+bjrmphq+m7GTria/B6KCAOS9uQ+Rmd+2
+1R+Fqtcc9Txvj4JXVH/2FznMLsztjatxUtyNMSnmjSOWJppVvIBXhirT0fL0cKYO
+OSPqK6djZzu7Rao8MTtymu7HvbPX8txlINGJ+DdUqN+q9xtjTW7njd+CP3fCGs09
+2XZ1k+GppzF8uOeYo69crnGhsCpHO50A59nDRpUDiJacxFPdMP1fJ3u94QH1imfu
+6aNwRThNV9D1dXxWeHfa3+7JVAlmIlHGikQWwn/k7txAaJ6SSQUASU2+/KZZ/+ce
+a3fWr9Hq7gptCvDGVYBzzUZ2VXoIIt+GBRqNTJgzGQzwGEsQV+89dOkJhyYrhb83
+XLtgCIbeYzJ1xERjtZsy7Y1I1oHYzds8aQEYgj6EefYwbl/wzvrwXkiWd3RY1hR6
+zNmw4PN9vGVOv3FaFN9LykfSfgqwb/leZr6akVcf2rRyLiemkJ3tRVvqmBP2lsOg
+hyKyWx1y2G9U+pzIc7u61+WFV0gxrucC045wWZYfF1Y591AYKKUuBJ3HiUVvSZ9N
+S7BpTaBGpilVWfI0uHYn/vM4C7M58wIDAQABAoICAGFZMGZSOlakTCMNOxR2mDp+
+gDzfAqD3FAwzn/rgloQDCJjiiJ6lu2kUPY6O8+2iB56q/S0d7qDhS/VUVA/+trwF
+zeGtBwSG/no/XSHebQV14Ogo8Z7FUL1zwlrXfuXbX9FzsH/zGRZnmVLziOiF2vPK
+F3lb/IqUxcpKd7iH9/6/fJDPvp93xm/cD8ZVJL1hUm5HoD41cNrk41RiksmtRY33
+d4IrikrCG+NT23AVyOnjSnf2iWw6AxZhqkr5HuOxR3aC7r1r8LT5tRUCqEiaiuiB
+Kd4AHx+jK1D4dhMeN3GU+PnihlEJcGJ6QM2H4F9ocFBe0v4cgWVYtb4HFixvz0OY
+E+4vsrMObxVBkJtEvEntdQqBEKxdHUotTzJvF3NocncM65VzKViyCBiFXyijQ2Aw
+zFtyBNSzMLMBfkfJNXKhlDz4sOeDFjVaDTl6Rn3tnIHpjgbbbm5CXqNi0JRNi36C
+/ANTAoxrol/FSkPxdsCdhYaU6CxZpelu2FbwjyV189dEyCROOTelqAC0k0YsmcOJ
+FsQEkr8baWTIjgKta+kxo8SllPWntDeXfiM6iI4NeAwneIIJwqQb5WQiJWtnv0QX
+eH/cbnXHJgxTw4Hb0LzDBYG3nY5LHW//eaXTt1vSwJh7AbPo0hl7JBe6JNUMT9ih
++LUE1zzOj3dJbnFh+QLBAoIBAQD601wIBHeGnm4TwnjpEWExb2VlC0uMYhik1uql
+1zCsn7vgCFspq2tJugfALG4QEoti51AHkOybHX43jD6wvtPFT1HNL7yP63Zm27GP
+3bkCsZLVWnIEtPCR266ENSdGr3cnoO91Pf4efINKlZPIo4jLwfYgJhcVbhHb57uw
+j/VKhit9Cm+OnPD7PpKiGi4vUQPnbeIZsUTf5v4lYLR5r9uW91q07mS+jsoKcPyy
+dHZBM1nz7vMQitTYAhL17x6rINtTl7ulBHfLxHpPZxvVN5z+pJpKhYJP2pIWwKZY
+EBBMefiJhx6pR/T4YlFMdx0AmvVbeYZraIhh2vyNH5IeygNXAoIBAQDHclpbFNyd
+ZfkufMIq7N0oGDOuYwfzfAYK93lHgAm6NXibbyY7v49WAViOILSSGo4edCB53mLq
+9bLCsc0x9SL/OgZTCHwlY3cgc3WNAbICCsvinZS87XwPU3ZEMzy5T9AA1WlV0QSv
+6FXffF71skKM7yaWRhNJ6zWLSVBZ5iRAcmg5IboWFseGx845RSp/M1FZTuRvX5Ne
+7qQyJfJ0pu72Y6KkICpOqLmWYbxs3bcBpXdIGueUC4A6QlY+QrbGjGapkNhWzM1x
+vMK+8cpuSNhIHDtEWf43jw0Oz59vmPws/iTENtk4RDgIncD7bJ4HWjb+ZZtjHnSG
+r7L/HKS69ZjFAoIBAQDbpCwKBUdZhfCksv5IMeTnckHa+socU2Z7Kovtz4ObFoFh
+jE+wLKDVvea9nOqAfoy6fg4xofHfXzNAlznqciBlvrDGOhAoAyv6pFVXwvQY7MDE
+vd/sSToEr9ehhB4xosN321D1XOTjc2tQ66yu3K2Up/PMcS5zoKBY7hMIaPeGW/lH
+FNVdkAbiLAghlUVuP8ZoaWu9zeKfItrYhldj2+Ax0ccHe16TE9zOyeQurRdEvx/9
+IPiOOtRpl19dJxi3CB2nlM5HkaMJt7LXR1YzHvEGd8N4kHLtVFvrOqYvpVlwbrp6
+S+1IlW9p9kZ07DVka02B3egctDwBXM8dEVFWTtYfAoIBAFOhB3IZlUgKcimj9ma5
+WyJsw37j13mpD3+ZtSjd7zY9JY1HVejHsfqGJfOykwSQTfdHCjcPoLqUu5gXpcrE
+1x/d3LkEXcnvowvgXfH6PAHPNR6YpL1zdwmWHYkLUvMBHF69HaX2NtjrutYy+D5d
+uLoPrUZlq8Da92CoJSEM9zZuwnTyR2zrsE47iaVJ8z/S7NFd2zs4ADtWJVNBxiBT
+vu9hZ9kaA6Nn7Cm6YZ/kd9Ag6Zs6bNAO4n2LQ05n+uvWA1YmfhAnYB3I4H/gMtl7
+gfT6oX9PnOD/AqKrPFc29saG6jO8K+kD8drrCvhh2wGKOnUBdd5h7spq8cs233vl
+b2ECggEAKL5rjbcUhRtJjobcIqnk1FeN43cXmFnlIICsY3ouskzGgDx5z4f8e9Oo
+1fzoV4PVBf7uVPjgyiQy4Zio3qOcodvUi1xdv0mQEJzwyKpd12842pqVh3IvcVwf
+V64Yr5m5CylDAfIsabT4uP9Cmh7TC87YD3Fiu2OPUTTIWfLY16iJfV8lvLyBxFNE
+8VAqgnf3EH9VBNFWVUSaPcLO2BoduC1v74utK+T9+bqdLujBP5ZfQ1anfvYMlQVE
+1e5twdnYJTHHWhlT6EtnaHmLJ0SuTFJfZNxxdAeRWyyqnS0vZvWvIonafnVi6g5X
+m3FiOonz1SF53erfm5chlHxpQbUIhA==
+-----END PRIVATE KEY-----
diff --git a/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor.conf b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor.conf
new file mode 100644
index 0000000000..547810b081
--- /dev/null
+++ b/kubernetes/cds/charts/cds-py-executor/resources/certs/py-executor.conf
@@ -0,0 +1,46 @@
+[req]
+default_bits = 4096
+default_keyfile = py-executor-key.pem
+distinguished_name = subject
+req_extensions = extensions
+x509_extensions = extensions
+string_mask = utf8only
+
+[ subject ]
+countryName = Country Name (2 letter code)
+countryName_default = US
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = New Jersey
+
+localityName = Locality Name (eg, city)
+localityName_default = Middletown
+
+organizationName = Organization Name (eg, company)
+organizationName_default = ONAP Community
+
+commonName = Common Name (e.g. server FQDN or YOUR name)
+commonName_default = CCSDK
+
+emailAddress = Email Address
+emailAddress_default = bs2796@att.com
+
+[ extensions ]
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+nsComment = "OpenSSL Generated Certificate"
+
+[alt_names]
+DNS.1 = *cds-controller-*
+DNS.2 = *cds-py-executor-*
+DNS.3 = *py-executor
+DNS.4 = *py-executor-*
+DNS.5 = *-pyexec-*
+DNS.6 = localhost
+IP.1 = 127.0.0.1
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml
index f9c3377dd8..4210a0311a 100755
--- a/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml
+++ b/kubernetes/cds/charts/cds-py-executor/templates/deployment.yaml
@@ -66,15 +66,14 @@ spec:
readOnly: true
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
- resources:
-{{ include "common.resources" . | nindent 12 }}
+ - mountPath: /opt/app/onap/python/certs/py-executor/
+ name: certificates
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | nindent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | nindent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
volumes:
- name: localtime
@@ -86,5 +85,8 @@ spec:
- name: {{ include "common.fullname" . }}-blueprints
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-cds-blueprints
+ - name: certificates
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cds-py-onap-certs") }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml
index c36607b172..c13b7d814b 100644
--- a/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml
+++ b/kubernetes/cds/charts/cds-py-executor/templates/secret.yaml
@@ -12,4 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secretFast" . }} \ No newline at end of file
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/cds/charts/cds-py-executor/values.yaml b/kubernetes/cds/charts/cds-py-executor/values.yaml
index bbae1b9e5a..73736f11bb 100755
--- a/kubernetes/cds/charts/cds-py-executor/values.yaml
+++ b/kubernetes/cds/charts/cds-py-executor/values.yaml
@@ -38,7 +38,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-py-executor:0.7.3
+image: onap/ccsdk-py-executor:0.7.5
pullPolicy: Always
# default number of instances
@@ -79,6 +79,14 @@ secrets:
login: '{{ .Values.config.apiUsername }}'
password: '{{ .Values.config.apiPassword }}'
passwordPolicy: required
+ - uid: "cds-py-onap-certs"
+ name: '{{ include "common.release" . }}-cds-py-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/certs/py-executor.conf
+ - resources/certs/py-executor-chain.pem
+ - resources/certs/py-executor-key.pem
config:
# the api credentials below are used to authenticate communication with blueprint
diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml
index 57b9e49426..30f9451673 100644
--- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml
@@ -37,7 +37,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.7.3
+image: onap/ccsdk-sdclistener:0.7.5
name: sdc-listener
pullPolicy: Always
diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml
index aea1202d51..d8a87cc2ea 100644
--- a/kubernetes/cds/charts/cds-ui/values.yaml
+++ b/kubernetes/cds/charts/cds-ui/values.yaml
@@ -28,7 +28,7 @@ subChartsOnly:
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.7.3
+image: onap/ccsdk-cds-ui-server:0.7.5
pullPolicy: Always
# application configuration
diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh
new file mode 100755
index 0000000000..6c69694011
--- /dev/null
+++ b/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh
@@ -0,0 +1,193 @@
+#!/bin/bash
+set -eo pipefail
+shopt -s nullglob
+
+# if command starts with an option, prepend mysqld
+if [ "${1:0:1}" = '-' ]; then
+ set -- mysqld "$@"
+fi
+
+# skip setup if they want an option that stops mysqld
+wantHelp=
+for arg; do
+ case "$arg" in
+ -'?'|--help|--print-defaults|-V|--version)
+ wantHelp=1
+ break
+ ;;
+ esac
+done
+
+# usage: file_env VAR [DEFAULT]
+# ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+ local var="$1"
+ local fileVar="${var}_FILE"
+ local def="${2:-}"
+ if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+ echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+ exit 1
+ fi
+ local val="$def"
+ if [ "${!var:-}" ]; then
+ val="${!var}"
+ elif [ "${!fileVar:-}" ]; then
+ val="$(< "${!fileVar}")"
+ fi
+ val=`echo -n $val | sed -e "s/'/''/g"`
+ export "$var"="$val"
+ unset "$fileVar"
+}
+
+_check_config() {
+ toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
+ if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+ cat >&2 <<-EOM
+
+ ERROR: mysqld failed while attempting to check config
+ command was: "${toRun[*]}"
+
+ $errors
+ EOM
+ exit 1
+ fi
+}
+
+# Fetch value from server config
+# We use mysqld --verbose --help instead of my_print_defaults because the
+# latter only show values present in config files, and not server defaults
+_get_config() {
+ local conf="$1"; shift
+ "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
+ | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+ # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
+}
+
+# allow the container to be started with `--user`
+if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then
+ _check_config "$@"
+ DATADIR="$(_get_config 'datadir' "$@")"
+ mkdir -p "$DATADIR"
+ find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+ exec gosu mysql "$BASH_SOURCE" "$@"
+fi
+
+if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
+ # still need to check config, container may have started with --user
+ _check_config "$@"
+ # Get config
+ DATADIR="$(_get_config 'datadir' "$@")"
+
+ if [ ! -d "$DATADIR/mysql" ]; then
+ file_env 'MYSQL_ROOT_PASSWORD'
+ if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ echo >&2 'error: database is uninitialized and password option is not specified '
+ echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
+ exit 1
+ fi
+
+ mkdir -p "$DATADIR"
+
+ echo 'Initializing database'
+ # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+ mysql_install_db --datadir="$DATADIR" --rpm "${@:2}"
+ echo 'Database initialized'
+
+ SOCKET="$(_get_config 'socket' "$@")"
+ "$@" --skip-networking --socket="${SOCKET}" &
+ pid="$!"
+
+ mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
+
+ for i in {30..0}; do
+ if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
+ break
+ fi
+ echo 'MySQL init process in progress...'
+ sleep 1
+ done
+ if [ "$i" = 0 ]; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+ fi
+
+ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
+ fi
+
+ if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+ echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+ fi
+
+ rootCreate=
+ # default root to listen for connections from anywhere
+ file_env 'MYSQL_ROOT_HOST' '%'
+ if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+ # no, we don't care if read finds a terminating character in this heredoc
+ # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+ read -r -d '' rootCreate <<-EOSQL || true
+ CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+ GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
+ EOSQL
+ fi
+
+ "${mysql[@]}" <<-EOSQL
+ -- What's done in this file shouldn't be replicated
+ -- or products like mysql-fabric won't work
+ SET @@SESSION.SQL_LOG_BIN=0;
+
+ DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+ SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+ GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+ ${rootCreate}
+ DROP DATABASE IF EXISTS test ;
+ FLUSH PRIVILEGES ;
+ EOSQL
+
+ if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
+ mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
+ fi
+
+ file_env 'MYSQL_DATABASE'
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
+ mysql+=( "$MYSQL_DATABASE" )
+ fi
+
+ file_env 'MYSQL_USER'
+ file_env 'MYSQL_PASSWORD'
+ if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
+
+ if [ "$MYSQL_DATABASE" ]; then
+ echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ fi
+ fi
+
+ echo
+ for f in /docker-entrypoint-initdb.d/*; do
+ case "$f" in
+ *.sh) echo "$0: running $f"; . "$f" ;;
+ *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
+ *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
+ *) echo "$0: ignoring $f" ;;
+ esac
+ echo
+ done
+
+ if ! kill -s TERM "$pid" || ! wait "$pid"; then
+ echo >&2 'MySQL init process failed.'
+ exit 1
+ fi
+
+ echo
+ echo 'MySQL init process done. Ready for start up.'
+ echo
+ fi
+fi
+
+exec "$@"
diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
index 522c5f9bf8..01420aa97b 100644
--- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
@@ -39,4 +39,17 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/mariadb/conf.d/conf1/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/init/*").AsConfig . | indent 2 }}
#{{ end }}
diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
index 7d22930b6a..b6af4e3d0b 100644
--- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
@@ -61,6 +61,9 @@ spec:
- name: MYSQL_DATABASE
value: {{ tpl .Values.db.databaseName .}}
volumeMounts:
+ - mountPath: /docker-entrypoint.sh
+ subPath: docker-entrypoint.sh
+ name: init-script
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -97,5 +100,9 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
+ - name: init-script
+ configMap:
+ name: {{ include "common.fullname" . }}
+ defaultMode: 0755
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/mariadb-galera/resources/create-deployment.yml b/kubernetes/common/mariadb-galera/resources/create-deployment.yml
deleted file mode 100644
index 61bfc78945..0000000000
--- a/kubernetes/common/mariadb-galera/resources/create-deployment.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" (dict "suffix" "upgrade-deployment" "dot" .) | nindent 4 }}
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: {{ include "common.fullname" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.fullname" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - containerPort: {{ .Values.service.sstPort }}
- name: {{ .Values.service.sstPortName }}
- - containerPort: {{ .Values.service.replicationPort }}
- name: {{ .Values.service.replicationName }}
- - containerPort: {{ .Values.service.istPort }}
- name: {{ .Values.service.istPortName }}
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: MYSQL_USER
- valueFrom:
- secretKeyRef:
- key: login
- name: {{ include "common.fullname" . }}-temp-upgrade-usercred
- - name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- key: password
- name: {{ include "common.fullname" . }}-temp-upgrade-usercred
- - name: MYSQL_DATABASE
- value: {{ default "" .Values.config.mysqlDatabase | quote }}
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- key: password
- name: {{ include "common.fullname" . }}-temp-upgrade-root
- subdomain: {{ .Values.service.name }}
- hostname: {{ .Values.nameOverride }}-upgrade-deployment \ No newline at end of file
diff --git a/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh b/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh
deleted file mode 100644
index 132ac27ea2..0000000000
--- a/kubernetes/common/mariadb-galera/resources/post-upgrade-script.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \
- app='{{ include "common.fullname" . }}' -o \
- jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}')
-
-tmp_MYSQL_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \
- MYSQL_PASSWORD) | base64)
-
-tmp_ROOT_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \
- MYSQL_ROOT_PASSWORD) | base64)
-
-FLAG_EX_ROOT_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .)) }}'
-
-FLAG_EX_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .)) }}'
-
-kubectl patch secret $FLAG_EX_ROOT_SEC -p \
- '{"data":{"password":"'"$tmp_ROOT_PASSWORD"'"}}'
-
-kubectl patch secret $FLAG_EX_SEC -p \
- '{"data":{"password":"'"$tmp_MYSQL_PASSWORD"'"}}'
-
-kubectl delete pod -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 --now
-kubectl delete deployment -n $NAMESPACE_ENV {{ include "common.fullname" . }}-upgrade-deployment
-kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-root
-kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-usercred \ No newline at end of file
diff --git a/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh b/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh
deleted file mode 100644
index ff44606e23..0000000000
--- a/kubernetes/common/mariadb-galera/resources/upgrade-scripts.sh
+++ /dev/null
@@ -1,101 +0,0 @@
-#!/bin/bash
-MYSQL_USER=$(kubectl exec -n $NAMESPACE_ENV \
- {{ include "common.fullname" . }}-0 -- printenv MYSQL_USER)
-
-MYSQL_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \
- {{ include "common.fullname" . }}-0 -- printenv MYSQL_PASSWORD)
-
-MYSQL_ROOT_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \
- {{ include "common.fullname" . }}-0 -- printenv MYSQL_ROOT_PASSWORD)
-
-kubectl create secret generic \
- '{{ include "common.fullname" . }}'-temp-upgrade-root \
- --from-literal=password=$MYSQL_ROOT_PASSWORD
-
-kubectl create secret generic \
- '{{ include "common.fullname" . }}'-temp-upgrade-usercred \
- --from-literal=login=$MYSQL_USER --from-literal=password=$MYSQL_PASSWORD
-
-kubectl create -f /upgrade/create-deployment.yml
-
-TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \
- app='{{ include "common.fullname" . }}' -o \
- jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}')
-
-CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \
- mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \
- -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \
- awk '{print $2}')
-
-CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \
- mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \
- -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \
- | awk '{print $2}')
-
-STS_REPLICA=$(kubectl get statefulsets -n $NAMESPACE_ENV \
- {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}')
-
-DEPLOYMENT_REPLICA=$(kubectl get deployment -n $NAMESPACE_ENV \
- {{ include "common.fullname" . }}-upgrade-deployment -o \
- jsonpath='{.status.replicas}')
-
-while [[ ! $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \
- || [[ ! $CLUSTER_STATE == "Synced" ]]
-do
- echo "$CLUSTER_NO and $CLUSTER_STATE"
- CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \
- --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \
- -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \
- | awk '{print $2}')
- CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \
- --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \
- -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \
- | awk '{print $2}')
- sleep 2
- if [[ $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \
- && [[ $CLUSTER_STATE == "Synced" ]]
- then
- echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state."
- break
- fi
-done
-
-MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \
- -uroot -p$MYSQL_ROOT_PASSWORD ping)
-
-while [[ ! $MYSQL_STATUS == "mysqld is alive" ]]
-do
- echo "Mariadb deployment is not ready yet."
- sleep 2
- MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \
- -uroot -p$MYSQL_ROOT_PASSWORD ping)
- if [[ $MYSQL_STATUS == "mysqld is alive" ]]
- then
- echo "Mariadb deployment is ready."
- break
- fi
-done
-
-kubectl scale statefulsets {{ include "common.fullname" . }} --replicas=0
-MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \
- {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}')
-echo "The the cluster has $MY_REPLICA_NUMBER replicas."
-
-while [[ ! $MY_REPLICA_NUMBER == "0" ]]
-do
- echo "The cluster is not scaled to 0 yet. Please wait ..."
- MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \
- {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}')
- echo "The current status of the cluster is $MY_REPLICA_NUMBER"
- sleep 2
- if [[ $MY_REPLICA_NUMBER == "0" ]]
- then
- break
- fi
-done
-
-for (( index=0; index<$STS_REPLICA; index+=1 ))
-do
- kubectl delete pvc \
- "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index"
-done
diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml
index 685901fa95..a7064d7ce4 100644
--- a/kubernetes/common/mariadb-galera/templates/configmap.yaml
+++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml
@@ -1,6 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
-# Copyright © 2020 Samsung Electronics, and TATA Communications
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,6 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+
{{- if .Values.externalConfig }}
apiVersion: v1
kind: ConfigMap
@@ -42,37 +43,3 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-upgrade-deployment
- annotations:
- "helm.sh/hook": "pre-upgrade"
- "helm.sh/hook-weight": "0"
- "helm.sh/hook-delete-policy": hook-succeeded
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-post-upgrade-deployment
- annotations:
- "helm.sh/hook": "post-upgrade"
- "helm.sh/hook-weight": "0"
- "helm.sh/hook-delete-policy": hook-succeeded
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/post-upgrade-script.sh").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/mariadb-galera/templates/job.yaml b/kubernetes/common/mariadb-galera/templates/job.yaml
deleted file mode 100644
index cc71bb855c..0000000000
--- a/kubernetes/common/mariadb-galera/templates/job.yaml
+++ /dev/null
@@ -1,107 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-pre-upgrade
- annotations:
- "helm.sh/hook": "pre-upgrade"
- "helm.sh/hook-weight": "1"
- "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-spec:
- template:
- spec:
- securityContext:
- fsGroup: 1001
- runAsUser: 1001
- containers:
- - name: mariadb-job-pre-upgrade
- image: {{ .Values.global.kubectlImage}}
- imagePullPolicy: IfNotPresent
- env:
- - name: NAMESPACE_ENV
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- command: ["/bin/bash", "-c", "--"]
- args: ["/upgrade/upgrade-scripts.sh"]
- volumeMounts:
- - name: config-mariadb-upgrade
- mountPath: /upgrade
- volumes:
- - name: config-mariadb-upgrade
- configMap:
- name: {{ include "common.fullname" . }}-upgrade-deployment
- defaultMode: 0777
- restartPolicy: OnFailure
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-post-upgrade
- annotations:
- "helm.sh/hook": "post-upgrade"
- "helm.sh/hook-weight": "1"
- "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-spec:
- template:
- spec:
- securityContext:
- fsGroup: 1001
- runAsUser: 0
- initContainers:
- - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- name: mariadb-galera-upgrade-readiness
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- command:
- - /root/ready.py
- args:
- - --container-name
- - mariadb-galera
- containers:
- - name: mariadb-job-post-upgrade
- image: {{ .Values.global.kubectlImage}}
- imagePullPolicy: IfNotPresent
- env:
- - name: NAMESPACE_ENV
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- command: ["/bin/bash", "-c", "--"]
- args: ["/upgrade/post-upgrade-script.sh"]
- volumeMounts:
- - name: config-mariadb-upgrade
- mountPath: /upgrade
- volumes:
- - name: config-mariadb-upgrade
- configMap:
- name: {{ include "common.fullname" . }}-post-upgrade-deployment
- defaultMode: 0777
- restartPolicy: OnFailure
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-post-delete
- annotations:
- "helm.sh/hook": "post-delete"
- "helm.sh/hook-weight": "1"
- "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-spec:
- template:
- spec:
- containers:
- - name: mariadb-job-post-delete
- image: {{ .Values.global.kubectlImage}}
- imagePullPolicy: IfNotPresent
- command: ["/bin/bash", "-c", "--"]
- args:
- - for ((index=0;index<{{ $.Values.replicaCount }};index+=1));
- do kubectl delete pvc "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index";
- done; kubectl delete deployment {{ include "common.fullname" . }}-upgrade-deployment;
- restartPolicy: OnFailure
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 4ccb0e5c6e..af08ea3d58 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -42,10 +42,7 @@ global:
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
- busyboxImage: busybox:1.30
- busyboxRepository: docker.io
- # kubeclt image
- kubectlImage: "bitnami/kubectl:1.15"
+
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh
index b2fdb14b12..40254d469b 100755
--- a/kubernetes/common/mariadb-init/resources/config/db_init.sh
+++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh
@@ -14,11 +14,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+# make sure the script fails if any of commands failed
+set -e
+
while read DB ; do
USER_VAR="MYSQL_USER_${DB^^}"
PASS_VAR="MYSQL_PASSWORD_${DB^^}"
USER=${!USER_VAR}
- PASS=${!PASS_VAR}
+ PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} )
echo "Creating database ${DB} and user ${USER}..."
diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml
index 65588b5f39..874d498284 100644
--- a/kubernetes/onap/Chart.yaml
+++ b/kubernetes/onap/Chart.yaml
@@ -15,7 +15,7 @@
apiVersion: v1
name: onap
version: 6.0.0
-appVersion: El Alto
+appVersion: Frankfurt
description: Open Network Automation Platform (ONAP)
home: https://www.onap.org/
sources:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 2f42223452..1723ad5d39 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -53,16 +53,6 @@ global:
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
- # dockerHub main repository
- dockerHubRepository: docker.io
-
- # busybox repo and image
- busyboxRepository: docker.io
- busyboxImage: busybox:1.30
-
- # kubeclt image
- kubectlImage: "bitnami/kubectl:1.15"
-
# image pull policy
pullPolicy: Always
diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml
index 39ac8a81ec..6925d772d1 100644
--- a/kubernetes/policy/charts/pap/templates/deployment.yaml
+++ b/kubernetes/policy/charts/pap/templates/deployment.yaml
@@ -68,6 +68,11 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
args: ["/opt/app/policy/pap/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml
index dc7a58d804..47597f08c2 100644
--- a/kubernetes/policy/charts/pap/values.yaml
+++ b/kubernetes/policy/charts/pap/values.yaml
@@ -54,6 +54,17 @@ secrets:
login: '{{ .Values.healthCheckRestClient.distribution.user }}'
password: '{{ .Values.healthCheckRestClient.distribution.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
@@ -81,6 +92,9 @@ healthCheckRestClient:
distribution:
user: healthcheck
password: zb!XztG34
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
# default number of instances
replicaCount: 1
diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
index e1f699eccf..53f232af74 100644
--- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml
@@ -61,6 +61,11 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
args: ["/opt/app/policy/api/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml
index ba12db21de..00675399b4 100644
--- a/kubernetes/policy/charts/policy-api/values.yaml
+++ b/kubernetes/policy/charts/policy-api/values.yaml
@@ -40,6 +40,16 @@ secrets:
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -59,6 +69,9 @@ db:
restServer:
user: healthcheck
password: zb!XztG34
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
# default number of instances
replicaCount: 1
diff --git a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml
index b3b017acd3..b0dbac9526 100644
--- a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml
@@ -53,6 +53,11 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml
index 73c9e99e61..dfed7648d4 100644
--- a/kubernetes/policy/charts/policy-distribution/values.yaml
+++ b/kubernetes/policy/charts/policy-distribution/values.yaml
@@ -45,6 +45,16 @@ secrets:
login: '{{ .Values.sdcBe.user }}'
password: '{{ .Values.sdcBe.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
#################################################################
# Global configuration defaults.
@@ -78,6 +88,9 @@ papParameters:
sdcBe:
user: policy
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
# default number of instances
replicaCount: 1
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
index bd126b810b..eb2c776f0d 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml
@@ -63,6 +63,11 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
index c9ced1fc13..e3feeab950 100644
--- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml
@@ -45,6 +45,16 @@ secrets:
login: '{{ .Values.apiServer.user }}'
password: '{{ .Values.apiServer.password }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -68,6 +78,9 @@ restServer:
apiServer:
user: healthcheck
password: zb!XztG34
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
# default number of instances
replicaCount: 1
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
index eff236a962..6d5afef190 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
+++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
@@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH
Latitude =50.000000
Longitude =-100.000000
Version =1.0
-ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
Environment =TEST
Partner =
routeOffer=MR1
@@ -32,4 +32,4 @@ sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
index 944b63f4c2..fcb56e08c3 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
+++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
@@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH
Latitude =50.000000
Longitude =-100.000000
Version =1.0
-ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
Environment =TEST
Partner =
routeOffer=MR1
@@ -32,4 +32,4 @@ sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
index b670d436c0..a03871d428 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
+++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
@@ -2,7 +2,7 @@ TransportType=HTTPNOAUTH
Latitude =50.000000
Longitude =-100.000000
Version =1.0
-ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
Environment =TEST
Partner =
routeOffer=MR1
@@ -30,6 +30,6 @@ AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=$(ODL_USER}
+sdnc.odl.user=${ODL_USER}
sdnc.odl.password=${ODL_PASSWORD}
-sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml
index 5713b0918e..9fe8232532 100644
--- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml
@@ -56,7 +56,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.8.3
+image: onap/sdnc-dmaap-listener-image:1.8.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
index 749fe62459..fc93a6ea32 100644
--- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml
@@ -56,7 +56,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.8.3
+image: onap/sdnc-ansible-server-image:1.8.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
index 029159d03f..f2ce269505 100644
--- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml
+++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml
@@ -73,7 +73,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.8.3
+image: onap/admportal-sdnc-image:1.8.4
config:
dbFabricDB: mysql
dbFabricUser: admin
diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml
index 2754ab274a..d9baeab11c 100644
--- a/kubernetes/sdnc/charts/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml
@@ -62,7 +62,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.8.3
+image: onap/sdnc-ueb-listener-image:1.8.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 6001fab2c1..f16f3b1925 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -112,7 +112,7 @@ secrets:
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.8.3
+image: onap/sdnc-image:1.8.4
# flag to enable debugging - application support required
diff --git a/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml b/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml
new file mode 100644
index 0000000000..ab2bad332a
--- /dev/null
+++ b/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: A Helm chart for so appc orchestrator
+name: so-appc-orchestrator
+version: 6.0.0
diff --git a/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml
new file mode 100644
index 0000000000..c897f48e4a
--- /dev/null
+++ b/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml
@@ -0,0 +1,57 @@
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+ ssl-enable: false
+mso:
+ logPath: ./logs/soappcorch
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
+ msoKey: {{ .Values.global.app.msoKey }}
+ config:
+ {{ if eq .Values.global.security.aaf.enabled true }}
+ cadi: {{ include "cadi.keys" . | nindent 8}}
+ {{- else }}
+ cadi:
+ aafId: {{ .Values.mso.basicUser }}
+ {{- end }}
+ workflow:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
+ topics:
+ retryMultiplier: 1000
+appc:
+ client:
+ topic:
+ read:
+ name: {{ .Values.appc.client.topic.read.name }}
+ timeout: {{ .Values.appc.client.topic.read.timeout }}
+ write: {{ .Values.appc.client.topic.write }}
+ sdnc:
+ read: {{ .Values.appc.client.topic.sdnc.read }}
+ write: {{ .Values.appc.client.topic.sdnc.write }}
+ response:
+ timeout: {{ .Values.appc.client.response.timeout }}
+ key: {{ .Values.appc.client.key }}
+ secret: {{ .Values.appc.client.secret }}
+ service: ueb
+ poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904
+spring:
+ security:
+ usercredentials:
+ -
+ username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml
new file mode 100755
index 0000000000..8c0ee290ce
--- /dev/null
+++ b/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml
@@ -0,0 +1,41 @@
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml
new file mode 100644
index 0000000000..b9a39fe8c3
--- /dev/null
+++ b/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml
@@ -0,0 +1,83 @@
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-pass-encoder
+ command:
+ - sh
+ args:
+ {{/* bcrypt plain text and convert to OpenBSD variant using sed */}}
+ - -c
+ - htpasswd -bnBC 10 "" "${ACTUATOR_PASSWORD}" | tr -d ':\n' | sed 's/\$2y/\$2a/' 1>/tmp/app/encoded;
+ env:
+ - name: ACTUATOR_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }}
+ image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.htpasswdImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: encoder
+ mountPath: /tmp/app
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"; ./start-app.sh
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: encoder
+ mountPath: /tmp/app
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+{{ include "helpers.livenessProbe" .| indent 8 }}
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: encoder
+ emptyDir:
+ medium: Memory
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml
new file mode 100644
index 0000000000..bd7eb8ea40
--- /dev/null
+++ b/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml b/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml
new file mode 100644
index 0000000000..fc3e2879ce
--- /dev/null
+++ b/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
diff --git a/kubernetes/so/charts/so-appc-orchestrator/values.yaml b/kubernetes/so/charts/so-appc-orchestrator/values.yaml
new file mode 100644
index 0000000000..f10873d66b
--- /dev/null
+++ b/kubernetes/so/charts/so-appc-orchestrator/values.yaml
@@ -0,0 +1,125 @@
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ persistence:
+ mountPath: /dockerdata-nfs
+ htpasswdImage: xmartlabs/htpasswd
+ dockerHubRepository: docker.io
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-appc-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/so-appc-orchestrator:1.6.0
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+server:
+ actuator:
+ username: mso_admin
+ password: password1$
+replicaCount: 1
+minReadySeconds: 10
+containerPort: 8080
+logPath: ./logs/soappcorch
+app: appc-orchestrator
+service:
+ name: so-appc-orchestrator
+ type: ClusterIP
+ ports:
+ - port: 8080
+ name: http
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8083
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml
index b73032e0b7..775df5ecc0 100755
--- a/kubernetes/so/charts/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml
@@ -57,7 +57,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.6.3
+image: onap/so/bpmn-infra:1.6.4
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml
index a66a869fb1..9aa9c98fbc 100755
--- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml
@@ -54,7 +54,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.6.3
+image: onap/so/catalog-db-adapter:1.6.4
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml
index fc91ee2abc..27fba13521 100644
--- a/kubernetes/so/charts/so-monitoring/values.yaml
+++ b/kubernetes/so/charts/so-monitoring/values.yaml
@@ -57,7 +57,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.6.3
+image: onap/so/so-monitoring:1.6.4
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-nssmf-adapter/values.yaml b/kubernetes/so/charts/so-nssmf-adapter/values.yaml
index 8a0d4e4386..43d757ea38 100755
--- a/kubernetes/so/charts/so-nssmf-adapter/values.yaml
+++ b/kubernetes/so/charts/so-nssmf-adapter/values.yaml
@@ -69,7 +69,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/nssmf-adapter:1.6.3
+image: onap/so/nssmf-adapter:1.6.4
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml
index 9f50806ede..cf86817ff8 100755
--- a/kubernetes/so/charts/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml
@@ -51,7 +51,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.6.3
+image: onap/so/openstack-adapter:1.6.4
pullPolicy: Always
repository: nexus3.onap.org:10001
diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml
index e79b57c5f9..107b7cde0c 100755
--- a/kubernetes/so/charts/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml
@@ -52,7 +52,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.6.3
+image: onap/so/request-db-adapter:1.6.4
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml
index ee4b5f965d..a477678c1b 100755
--- a/kubernetes/so/charts/so-sdc-controller/values.yaml
+++ b/kubernetes/so/charts/so-sdc-controller/values.yaml
@@ -52,7 +52,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.6.3
+image: onap/so/sdc-controller:1.6.4
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml
index 9337721ac0..c4c0b3c300 100755
--- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml
@@ -55,7 +55,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.6.3
+image: onap/so/sdnc-adapter:1.6.4
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
index 9ebe9a8041..31ea6ba650 100644
--- a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
+++ b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks
Binary files differ
diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml
index 69c877a228..65e11b41c8 100755
--- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml
+++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml
@@ -37,7 +37,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/ve-vnfm-adapter:1.6.3
+image: onap/so/ve-vnfm-adapter:1.6.4
pullPolicy: Always
replicaCount: 1
service:
diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml
index 9128a5205e..85aeef9b5c 100755
--- a/kubernetes/so/charts/so-vfc-adapter/values.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml
@@ -52,7 +52,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.6.3
+image: onap/so/vfc-adapter:1.6.4
pullPolicy: Always
db:
diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml
index 1166eab0c4..4128bc36ee 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml
@@ -55,11 +55,11 @@ etsi-catalog-manager:
vnfpkgm:
{{- if .Values.global.msbEnabled }}
endpoint: https://msb-iag:443/api/vnfpkgm/v1
- http:
- client:
- ssl:
- trust-store: ${TRUSTSTORE}
- trust-store-password: ${TRUSTSTORE_PASSWORD}
+ http:
+ client:
+ ssl:
+ trust-store: ${TRUSTSTORE}
+ trust-store-password: ${TRUSTSTORE_PASSWORD}
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1
{{- end }}
diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml
index 7547096842..0454892119 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml
@@ -40,7 +40,7 @@ secrets:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.6.3
+image: onap/so/vnfm-adapter:1.6.4
pullPolicy: Always
replicaCount: 1
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index bc7cba36cd..bc7ff5cb92 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -137,7 +137,7 @@ dbCreds:
adminName: so_admin
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.6.3
+image: onap/so/api-handler-infra:1.6.4
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
@@ -457,3 +457,35 @@ so-mariadb:
backupCredsExternalSecret: *dbBackupCredsSecretName
userCredsExternalSecret: *dbUserCredsSecretName
adminCredsExternalSecret: *dbAdminCredsSecretName
+so-appc-orchestrator:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ mso:
+ basicUser: poBpmn
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ noAuthn: /manage/health
+ appc:
+ client:
+ topic:
+ read:
+ name: APPC-LCM-WRITE
+ timeout: 360000
+ write: APPC-LCM-READ
+ sdnc:
+ read: SDNC-LCM-WRITE
+ write: SDNC-LCM-READ
+ response:
+ timeout: 3600000
+ key: VIlbtVl6YLhNUrtU
+ secret: 64AG2hF4pYeG2pq7CT6XwUOT
+ service: ueb
+ auth:
+ rest:
+ aaf: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456