summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/aaf/.gitignore1
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml5
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/values.yaml2
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml4
-rw-r--r--kubernetes/common/common/templates/_certificate.tpl192
-rw-r--r--kubernetes/contrib/.gitignore1
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml2
-rwxr-xr-xkubernetes/onap/values.yaml28
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/values.yaml2
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml2
-rw-r--r--kubernetes/sdnc/templates/certificates.yaml19
-rw-r--r--kubernetes/sdnc/values.yaml26
13 files changed, 272 insertions, 14 deletions
diff --git a/kubernetes/aaf/.gitignore b/kubernetes/aaf/.gitignore
index 3a4f8ba352..71fbb5cbb9 100644
--- a/kubernetes/aaf/.gitignore
+++ b/kubernetes/aaf/.gitignore
@@ -1 +1,2 @@
/sms/
+components/dist
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index f321e54fd1..9645b20cd2 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -109,11 +109,8 @@ spec:
env:
- name: APP_CONFIG_HOME
value: {{ .Values.config.appConfigDir }}
- - name: USE_SCRIPT_COMPILE_CACHE
- value: {{ .Values.config.useScriptCompileCache | quote }}
- # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly
- name: CLUSTER_ENABLED
- value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
+ value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
- name: CLUSTER_ID
value: {{ .Values.cluster.clusterName }}
- name: CLUSTER_NODE_ID
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index 629b8252cc..1b456983f7 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -60,7 +60,6 @@ debugEnabled: false
# application configuration
config:
appConfigDir: /opt/app/onap/config
- useScriptCompileCache: false
sdncDB:
dbService: mariadb-galera
dbPort: 3306
@@ -130,7 +129,6 @@ persistence:
cluster:
# Cannot have cluster enabled if the replicaCount is not at least 3
- # AND config value useScriptCompileCache is not set to false
enabled: true
clusterName: cds-cluster
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index c22f9731b5..19b87b1afa 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -14,7 +14,7 @@
global:
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
secretName: oom-cert-service-client-tls-secret
envVariables:
# Certificate related
@@ -29,5 +29,5 @@ global:
keystorePassword: "secret"
truststorePassword: "secret"
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.1
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.2
diff --git a/kubernetes/common/common/templates/_certificate.tpl b/kubernetes/common/common/templates/_certificate.tpl
new file mode 100644
index 0000000000..74f81af901
--- /dev/null
+++ b/kubernetes/common/common/templates/_certificate.tpl
@@ -0,0 +1,192 @@
+{{/*#
+# Copyright © 2020, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.*/}}
+
+{{/*
+# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
+#
+# To request a certificate following steps are to be done:
+# - create an object 'certificates' in the values.yaml
+# - create a file templates/certificates.yaml and invoke the function "commom.certificate".
+#
+# Here is an example of the certificate request for a component:
+#
+# Directory structure:
+# component
+# templates
+# certifictes.yaml
+# values.yaml
+#
+# To be added in the file certificates.yamll
+#
+# To be added in the file values.yaml
+# 1. Minimal version (certificates only in PEM format)
+# certificates:
+# - name: onap-component-certificate
+# secretName: onap-component-certificate
+# commonName: component.onap.org
+# 2. Extended version (with defined own issuer and additional certificate format):
+# certificates:
+# - name: onap-component-certificate
+# secretName: onap-component-certificate
+# commonName: component.onap.org
+# dnsNames:
+# - component.onap.org
+# issuer:
+# group: certmanager.onap.org
+# kind: CMPv2Issuer
+# name: cmpv2-issuer-for-the-component
+# p12Keystore:
+# create: true
+# passwordSecretRef:
+# name: secret-name
+# key: secret-key
+# jksKeystore:
+# create: true
+# passwordSecretRef:
+# name: secret-name
+# key: secret-key
+#
+# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
+# Other mandatory fields for the certificate definition do not have to be defined directly,
+# in that case they will be taken from default values.
+#
+# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
+# and can be overriden during onap installation process.
+#
+*/}}
+
+{{- define "common.certificate" -}}
+{{- $dot := default . .dot -}}
+{{- $certificates := $dot.Values.certificates -}}
+
+{{ range $certificate := $certificates }}
+{{/*# General certifiacate attributes #*/}}
+{{- $name := $certificate.name -}}
+{{- $secretName := $certificate.secretName -}}
+{{- $commonName := default $dot.Values.global.certificate.default.commonName $certificate.commonName -}}
+{{- $renewBefore := default $dot.Values.global.certificate.default.renewBefore $certificate.renewBefore -}}
+{{- $duration := $certificate.duration -}}
+{{- $namespace := default $dot.Release.Namespace $dot.Values.global.certificate.default.namespace -}}
+{{- if $certificate.namespace -}}
+{{- $namespace = default $namespace $certificate.namespace -}}
+{{- end -}}
+{{/*# SAN's #*/}}
+{{- $dnsNames := default $dot.Values.global.certificate.default.dnsNames $certificate.dnsNames -}}
+{{- $ipAddresses := default $dot.Values.global.certificate.default.ipAddresses $certificate.ipAddresses -}}
+{{- $uris := default $dot.Values.global.certificate.default.uris $certificate.uris -}}
+{{- $emailAddresses := default $dot.Values.global.certificate.default.emailAddresses $certificate.emailAddresses -}}
+{{/*# Subject #*/}}
+{{- $subject := $dot.Values.global.certificate.default.subject -}}
+{{- if $certificate.subject -}}
+{{- $subject = mergeOverwrite $subject $certificate.subject -}}
+{{- end -}}
+{{/*# Issuer #*/}}
+{{- $issuer := $dot.Values.global.certificate.default.issuer -}}
+{{- if $certificate.issuer -}}
+{{- $issuer = mergeOverwrite $issuer $certificate.issuer -}}
+{{- end -}}
+{{/*# Keystores #*/}}
+{{- $createJksKeystore := $dot.Values.global.certificate.default.jksKeystore.create -}}
+{{- $jksKeystorePasswordSecretName := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.name -}}
+{{- $jksKeystorePasswordSecreKey := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.key -}}
+{{- $createP12Keystore := $dot.Values.global.certificate.default.p12Keystore.create -}}
+{{- $p12KeystorePasswordSecretName := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.name -}}
+{{- $p12KeystorePasswordSecreKey := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.key -}}
+{{- if $certificate.jksKeystore -}}
+{{- $createJksKeystore = default $createJksKeystore $certificate.jksKeystore.create -}}
+{{- if $certificate.jksKeystore.passwordSecretRef -}}
+{{- $jksKeystorePasswordSecretName = default $jksKeystorePasswordSecretName $certificate.jksKeystore.passwordSecretRef.name -}}
+{{- $jksKeystorePasswordSecreKey = default $jksKeystorePasswordSecreKey $certificate.jksKeystore.passwordSecretRef.key -}}
+{{- end -}}
+{{- end -}}
+{{- if $certificate.p12Keystore -}}
+{{- $createP12Keystore = default $createP12Keystore $certificate.p12Keystore.create -}}
+{{- if $certificate.p12Keystore.passwordSecretRef -}}
+{{- $p12KeystorePasswordSecretName = default $p12KeystorePasswordSecretName $certificate.p12Keystore.passwordSecretRef.name -}}
+{{- $p12KeystorePasswordSecreKey = default $p12KeystorePasswordSecreKey $certificate.p12Keystore.passwordSecretRef.key -}}
+{{- end -}}
+{{- end -}}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ $name }}
+ namespace: {{ $namespace }}
+spec:
+ secretName: {{ $secretName }}
+ commonName: {{ $commonName }}
+ renewBefore: {{ $renewBefore }}
+ {{- if $duration }}
+ duration: {{ $duration }}
+ {{- end }}
+ subject:
+ organizations:
+ - {{ $subject.organization }}
+ countries:
+ - {{ $subject.country }}
+ localities:
+ - {{ $subject.locality }}
+ provinces:
+ - {{ $subject.province }}
+ organizationalUnits:
+ - {{ $subject.organizationalUnit }}
+ {{- if $dnsNames }}
+ dnsNames:
+ {{- range $dnsName := $dnsNames }}
+ - {{ $dnsName }}
+ {{- end }}
+ {{- end }}
+ {{- if $ipAddresses }}
+ ipAddresses:
+ {{- range $ipAddress := $ipAddresses }}
+ - {{ $ipAddress }}
+ {{- end }}
+ {{- end }}
+ {{- if $uris }}
+ uris:
+ {{- range $uri := $uris }}
+ - {{ $uri }}
+ {{- end }}
+ {{- end }}
+ {{- if $emailAddresses }}
+ emailAddresses:
+ {{- range $emailAddress := $emailAddresses }}
+ - {{ $emailAddress }}
+ {{- end }}
+ {{- end }}
+ issuerRef:
+ group: {{ $issuer.group }}
+ kind: {{ $issuer.kind }}
+ name: {{ $issuer.name }}
+ {{- if or $createJksKeystore $createP12Keystore }}
+ keystores:
+ {{- if $createJksKeystore }}
+ jks:
+ create: {{ $createJksKeystore }}
+ passwordSecretRef:
+ name: {{ $jksKeystorePasswordSecretName }}
+ key: {{ $jksKeystorePasswordSecreKey }}
+ {{- end }}
+ {{- if $createP12Keystore }}
+ pkcs12:
+ create: {{ $createP12Keystore }}
+ passwordSecretRef:
+ name: {{ $p12KeystorePasswordSecretName }}
+ key: {{ $p12KeystorePasswordSecreKey }}
+ {{- end }}
+ {{- end }}
+{{ end }}
+
+{{- end -}}
diff --git a/kubernetes/contrib/.gitignore b/kubernetes/contrib/.gitignore
new file mode 100644
index 0000000000..7020381894
--- /dev/null
+++ b/kubernetes/contrib/.gitignore
@@ -0,0 +1 @@
+components/dist
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index a3bff07fb2..bbc06113d3 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -103,7 +103,7 @@ mongo:
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.1
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.3
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index c13d3cebe6..e187e119dc 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -49,7 +49,7 @@ config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.1
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.2
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 1998539726..5376940938 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -172,11 +172,37 @@ global:
aafEnabled: true
aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ # default values for certificates
+ certificate:
+ default:
+ renewBefore: 8h
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
+ p12Keystore:
+ create: false
+ passwordSecretRef:
+ name: ""
+ key: ""
+ jksKeystore:
+ create: false
+ passwordSecretRef:
+ name: ""
+ key: ""
+
# Enabling CMPv2
cmpv2Enabled: true
+ CMPv2CertManagerIntegration: false
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index 990c36d7a3..0614819930 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -38,7 +38,7 @@ service:
# Deployment configuration
deployment:
name: oom-certservice-cmpv2issuer
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.2
proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
# fol local development use IfNotPresent
pullPolicy: Always
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index bd415c06b1..8f31124e41 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -38,7 +38,7 @@ certificateGenerationImage: onap/integration-java11:7.2.0
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.1
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.2
pullPolicy: Always
replicaCount: 1
diff --git a/kubernetes/sdnc/templates/certificates.yaml b/kubernetes/sdnc/templates/certificates.yaml
new file mode 100644
index 0000000000..dda16176a5
--- /dev/null
+++ b/kubernetes/sdnc/templates/certificates.yaml
@@ -0,0 +1,19 @@
+{{/*
+# Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ include "common.certificate" . }}
+{{ end }}
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index f4f09107bb..1d2fa266ea 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -32,9 +32,10 @@ global:
service: mariadb-galera
# Enabling CMPv2
cmpv2Enabled: true
+ CMPv2CertManagerIntegration: false
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
@@ -132,6 +133,29 @@ secrets:
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ password: secret
+ passwordPolicy: required
+#################################################################
+# Certificates
+#################################################################
+certificates:
+ - name: onap-sdnc-certificate
+ secretName: onap-sdnc-certificate
+ commonName: sdnc.simpledemo.onap.org
+ dnsNames:
+ - sdnc.simpledemo.onap.org
+ p12Keystore:
+ create: true
+ passwordSecretRef:
+ name: keystore-password
+ key: password
+ jksKeystore:
+ create: true
+ passwordSecretRef:
+ name: keystore-password
+ key: password
#################################################################
# Application configuration defaults.
#################################################################