diff options
Diffstat (limited to 'kubernetes')
186 files changed, 690 insertions, 4547 deletions
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat index 6fc63e47d7..3a61e77f40 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat @@ -7,6 +7,7 @@ aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{' aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'} aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'} appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'} +appc-cdt@appc-cdt.onap.org|appc-cdt|local|/opt/app/osaaf/local||mailto:|org.onap.appc-cdt|root|30|{'appc-cdt', 'appc-cdt.api.simpledemo.onap.org', 'appc-cdt.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'} clamp@clamp.onap.org|clamp|local|/opt/app/osaaf/local||mailto:|org.onap.clamp|root|30|{'clamp', 'clamp-onap', 'clamp.api.simpledemo.onap.org', 'clamp.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} clamp@clamp.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.clamp|jg1555|30|{'clamp.api.simpledemo.onap.org', 'clamp.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'} dcae@dcae.onap.org|dcae|local|/opt/app/osaaf/local||mailto:|org.onap.dcae|root|60|{'bbs-event-processor', 'bbs-event-processor.onap', 'bbs-event-processor.onap.svc.cluster.local', 'config-binding-service', 'config-binding-service.onap', 'config-binding-service.onap.svc.cluster.local', 'dashboard', 'dashboard.onap', 'dashboard.onap.svc.cluster.local', 'dcae-cloudify-manager', 'dcae-cloudify-manager.onap', 'dcae-cloudify-manager.onap.svc.cluster.local', 'dcae-datafile-collector', 'dcae-datafile-collector.onap', 'dcae-datafile-collector.onap.svc.cluster.local', 'dcae-hv-ves-collector', 'dcae-hv-ves-collector.onap', 'dcae-hv-ves-collector.onap.svc.cluster.local', 'dcae-pm-mapper', 'dcae-pm-mapper.onap', 'dcae-pm-mapper.onap.svc.cluster.local', 'dcae-pmsh', 'dcae-pmsh.onap', 'dcae-pmsh.onap.svc.cluster.local', 'dcae-prh', 'dcae-prh.onap', 'dcae-prh.onap.svc.cluster.local', 'dcae-tca-analytics', 'dcae-tca-analytics.onap', 'dcae-tca-analytics.onap.svc.cluster.local', 'dcae-ves-collector', 'dcae-ves-collector.onap', 'dcae-ves-collector.onap.svc.cluster.local', 'deployment-handler', 'deployment-handler.onap', 'deployment-handler.onap.svc.cluster.local', 'holmes-engine-mgmt', 'holmes-engine-mgmt.onap', 'holmes-engine-mgmt.onap.svc.cluster.local', 'holmes-rule-mgmt', 'holmes-rules-mgmt.onap', 'holmes-rules-mgmt.onap.svc.cluster.local', 'inventory', 'inventory.onap', 'inventory.onap.svc.cluster.local', 'policy-handler', 'policy-handler.onap', 'policy-handler.onap.svc.cluster.local'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} @@ -29,6 +30,8 @@ dmaap.mr@mr.dmaap.onap.org|dmaap.mr|local|/opt/app/osaaf/local||mailto:|org.onap dmaap.mr@mr.dmaap.onap.org|dmaapmr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} dmaap.mr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} holmes@holmes.onap.org|holmes|local|/opt/app/osaaf/local||mailto:|org.onap.holmes|root|30|{'holmes.api.simpledemo.onap.org', 'holmes.onap'}|aaf_admin@osaaf.org|{'pkcs12'} +msb-eag@msb-eag.onap.org|msb-eag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-eag|root|30|{'msb-eag', 'msb-eag.api.simpledemo.onap.org', 'msb-eag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'} +msb-iag@msb-iag.onap.org|msb-iag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-iag|root|30|{'msb-iag', 'msb-iag.api.simpledemo.onap.org', 'msb-iag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'} music@music.onap.org|music|aaf|/opt/app/aaf/local||mailto:|org.onap.music|root|30|{'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'pkcs12', 'script'} music@music.onap.org|music.onap|local|/opt/app/osaaf/local||mailto:|org.onap.music|root|30|{'music-api', 'music-api.onap', 'music-onap', 'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} nbi@nbi.onap.org|nbi|local|/opt/app/osaaf/local||mailto:|org.onap.nbi|root|30|{'nbi', 'nbi.api.simpledemo.onap.org', 'nbi.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat index ff5caacf47..591f732551 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat @@ -5,6 +5,7 @@ aaf-sms@aaf-sms.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d0 clamp@clamp.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344|| aai@aai.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai|53344|| appc@appc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc|53344|| +appc-cdt@appc-cdt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc-cdt|53344|| dcae@dcae.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dcae|53344|| oof@oof.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.oof|53344|| so@so.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.so|53344|| @@ -16,6 +17,8 @@ policy@policy.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04d pomba@pomba.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.pomba|53344|| holmes@holmes.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes|53344|| nbi@nbi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.nbi|53344|| +msb-eag@msb-eag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-eag|53344|| +msb-iag@msb-iag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-iag|53344|| music@music.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.music|53344|| vid@vid.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid|53344|| vid1@vid1.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid1|53344|| diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat index 9b8149dc6a..223fe03afa 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat @@ -1,6 +1,7 @@ org.onap.aaf-sms||org.onap||3 org.onap.aai||org.onap||3 org.onap.appc||org.onap||3 +org.onap.appc-cdt||org.onap||3 org.onap.cds||org.onap||3 org.onap.clampdemo|Onap clamp demo NS|org.onap|2|2 org.onap.clamp||org.onap||3 @@ -52,6 +53,8 @@ org.onap.dmaap.mr.topic-002||org.onap.dmaap.mr||3 org.onap.dmaap||org.onap||3 org.onap.holmes||org.onap||3 org.onap.music||org.onap||3 +org.onap.msb-eag||org.onap||3 +org.onap.msb-iag||org.onap||3 org.onap.nbi||org.onap||3 org.onap|ONAP|org|2|2 org.onap.oof||org.onap||3 diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat index 23b1d1d690..10edaa596a 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat @@ -22,6 +22,9 @@ org.onap.appc|apidoc|/apidoc/.*|ALL||"{'org.onap.appc|apidoc'}" org.onap.appc|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" org.onap.appc|odl|odl-api|*|Appc ODL API Access|"{'org.onap.appc.odl', 'org.onap.appc|admin'}" org.onap.appc|restconf|/restconf/.*|ALL||"{'org.onap.appc|restconf'}" +org.onap.appc-cdt|access|*|*|AAF Namespace Write Access|"{'org.onap.appc-cdt|admin', 'org.onap.appc-cdt|service'}" +org.onap.appc-cdt|access|*|read|AAF Namespace Read Access|"{'org.onap.appc-cdt|owner'}" +org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" org.onap.cds|access|*|*|AAF Namespace Write Access|"{'org.onap.cds|admin'}" org.onap.cds|access|*|read|AAF Namespace Read Access|"{'org.onap.cds|owner'}" org.onap.clamp|access|*|*|AAF Namespace Write Access|"{'org.onap.clamp|admin', 'org.onap.clamp|service'}" @@ -289,6 +292,12 @@ org.onap.dmaap.mr|topic|*|view||"{'org.onap.dmaap-bc|service', 'org.onap.dmaap.m org.onap.dmaap.mr|viewtest|*|view||"{'org.onap.dmaap.mr|viewtest'}" org.onap.holmes|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes|admin'}" org.onap.holmes|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes|owner'}" +org.onap.msb-eag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-eag|admin', 'org.onap.msb-eag|service'}" +org.onap.msb-eag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-eag|owner'}" +org.onap.msb-eag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" +org.onap.msb-iag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-iag|admin', 'org.onap.msb-iag|service'}" +org.onap.msb-iag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-iag|owner'}" +org.onap.msb-iag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" org.onap.music|access|*|*|AAF Namespace Write Access|"{'org.onap.music|admin'}" org.onap.music|access|*|read|AAF Namespace Read Access|"{'org.onap.music|owner'}" org.onap.music|certman|local|request,ignoreIPs,showpass||"{'org.onap.music|admin', 'org.osaaf.aaf|deploy'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat index 240373e5c9..bdacfaa6c3 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat @@ -18,6 +18,9 @@ org.onap.appc|odl|Onap APPC ODL Admins|"{'org.onap.appc.odl|odl-api|*'}" org.onap.appc|owner|AAF Namespace Owners|"{'org.onap.appc|access|*|read'}" org.onap.appc|restconf||"{'org.onap.appc|restconf|/restconf/.*|ALL'}" org.onap.appc|service||"{'org.onap.appc|access|*|*'}" +org.onap.appc-cdt|admin|AAF Namespace Administrators|"{'org.onap.appc-cdt|access|*|*'}" +org.onap.appc-cdt|owner|AAF Namespace Owners|"{'org.onap.appc-cdt|access|*|read'}" +org.onap.appc-cdt|service||"{'org.onap.appc-cdt|access|*|*'}" org.onap.cds|admin|AAF Namespace Administrators|"{'org.onap.cds|access|*|*'}" org.onap.cds|owner|AAF Namespace Owners|"{'org.onap.cds|access|*|read'}" org.onap.clamp|admin|AAF Namespace Administrators|"{'org.onap.clamp|access|*|*', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass'}" @@ -215,6 +218,12 @@ org.onap.dmaap|owner|AAF Namespace Owners|"{'org.onap.dmaap|access|*|read'}" org.onap.holmes|admin|AAF Namespace Administrators|"{'org.onap.holmes|access|*|*'}" org.onap.holmes|owner|AAF Namespace Owners|"{'org.onap.holmes|access|*|read'}" org.onap.holmes|service|| +org.onap.msb-eag|admin|AAF Namespace Administrators|"{'org.onap.msb-eag|access|*|*'}" +org.onap.msb-eag|owner|AAF Namespace Owners|"{'org.onap.msb-eag|access|*|read'}" +org.onap.msb-eag|service||"{'org.onap.msb-eag|access|*|*'}" +org.onap.msb-iag|admin|AAF Namespace Administrators|"{'org.onap.msb-iag|access|*|*'}" +org.onap.msb-iag|owner|AAF Namespace Owners|"{'org.onap.msb-iag|access|*|read'}" +org.onap.msb-iag|service||"{'org.onap.msb-iag|access|*|*'}" org.onap.music|admin|AAF Namespace Administrators|"{'org.onap.music|access|*|*', 'org.onap.music|certman|local|request,ignoreIPs,showpass'}" org.onap.music|owner|AAF Namespace Owners|"{'org.onap.music|access|*|read'}" org.onap.music|service|| @@ -302,7 +311,7 @@ org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'or org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}" org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}" org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}" -org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" +org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}" org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}" org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat index 63190b8a5a..a9dc752494 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat @@ -5,6 +5,8 @@ mmanager@people.osaaf.org|org.onap.aai.owner|2020-11-26 12:31:54.000+0000|org.on mmanager@people.osaaf.org|org.onap.admin|2020-11-26 12:31:54.000+0000|org.onap|admin mmanager@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin mmanager@people.osaaf.org|org.onap.appc.owner|2020-11-26 12:31:54.000+0000|org.onap.appc|owner +mmanager@people.osaaf.org|org.onap.appc-cdt.admin|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|admin +mmanager@people.osaaf.org|org.onap.appc-cdt.owner|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|owner mmanager@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin mmanager@people.osaaf.org|org.onap.cds.owner|2020-11-26 12:31:54.000+0000|org.onap.cds|owner mmanager@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin @@ -49,6 +51,10 @@ mmanager@people.osaaf.org|org.onap.dmaap-mr.sunil.owner|2020-11-26 12:31:54.000+ mmanager@people.osaaf.org|org.onap.dmaap-mr.test.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.test|owner mmanager@people.osaaf.org|org.onap.dmaap.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap|owner mmanager@people.osaaf.org|org.onap.holmes.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes|owner +mmanager@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin +mmanager@people.osaaf.org|org.onap.msb-eag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|owner +mmanager@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin +mmanager@people.osaaf.org|org.onap.msb-iag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|owner mmanager@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin mmanager@people.osaaf.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner mmanager@people.osaaf.org|org.onap.nbi.owner|2020-11-26 12:31:54.000+0000|org.onap.nbi|owner @@ -109,6 +115,8 @@ portal@portal.onap.org|org.onap.dmaap.mr.topic-000.owner|2020-11-26 12:31:54.000 portal@portal.onap.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner portal@portal.onap.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner portal@portal.onap.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin +portal@portal.onap.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin +portal@portal.onap.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin portal@portal.onap.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin portal@portal.onap.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner portal@portal.onap.org|org.onap.nbi.admin|2020-11-26 12:31:54.000+0000|org.onap.nbi|admin @@ -182,6 +190,7 @@ aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.o aaf_admin@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin aaf_admin@people.osaaf.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc aaf_admin@people.osaaf.org|org.onap.appc.restconf|2020-11-26 12:31:54.000+0000|org.onap.appc|restconf +aaf_admin@people.osaaf.org|org.onap.appc-cdt.admin|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|admin aaf_admin@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin aaf_admin@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin aaf_admin@people.osaaf.org|org.onap.dcae.admin|2020-11-26 12:31:54.000+0000|org.onap.dcae|admin @@ -208,6 +217,8 @@ aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-000.owner|2020-11-26 12:31:54 aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner aaf_admin@people.osaaf.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin +aaf_admin@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin +aaf_admin@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin aaf_admin@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin aaf_admin@people.osaaf.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner aaf_admin@people.osaaf.org|org.onap.nbi.admin|2020-11-26 12:31:54.000+0000|org.onap.nbi|admin @@ -259,6 +270,7 @@ appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000| appc@appc.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin appc@appc.onap.org|org.onap.appc.odl|2020-11-26 12:31:54.000+0000|org.onap.appc|odl appc@appc.onap.org|org.onap.appc.service|2020-11-26 12:31:54.000+0000|org.onap.appc|service +appc-cdt@appc-cdt.onap.org|org.onap.appc-cdt.service|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|service dcae@dcae.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all dcae@dcae.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced dcae@dcae.onap.org|org.onap.dcae.pmPublisher|2020-11-26 12:31:54.000+0000|org.onap.dcae|pmPublisher @@ -303,6 +315,8 @@ policy@policy.onap.org|org.onap.policy.seeCerts|2020-11-26 12:31:54.000+0000|org pomba@pomba.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all pomba@pomba.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced holmes@holmes.onap.org|org.onap.holmes.service|2020-11-26 12:31:54.000+0000|org.onap.holmes|service +msb-eag@msb-eag.onap.org|org.onap.msb-eag.service|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|service +msb-iag@msb-iag.onap.org|org.onap.msb-iag.service|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|service nbi@nbi.onap.org|org.onap.nbi.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.nbi|seeCerts nbi@nbi.onap.org|org.onap.nbi.service|2020-11-26 12:31:54.000+0000|org.onap.nbi|service music@music.onap.org|org.onap.music.service|2020-11-26 12:31:54.000+0000|org.onap.music|service diff --git a/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml b/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml index ebf09e75c5..a10bb8a7a1 100644 --- a/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml @@ -30,16 +30,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/cass-init-dats/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-cass-init-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/cass-init-data/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml index e62d387a0a..4e18b3b746 100644 --- a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml @@ -31,17 +31,9 @@ spec: args: - -c - | - echo "*** input data ***" - ls -l /config-input-data/* - echo "*** input dats ***" - ls -l /config-input-dats/* - cp -L /config-input-data/* /config-data/ + echo "*** Move files from configmap to emptyDir" cp -L /config-input-dats/* /config-dats/ - echo "*** output data ***" - ls -l /config-data/* - echo "*** output dats ***" - ls -l /config-dats/* - chown -R 1000:1000 /config-data + echo "*** set righ user to the different folders" chown -R 1000:1000 /config-dats chown -R 1000:1000 /var/lib/cassandra chown -R 1000:1000 /status @@ -50,14 +42,10 @@ spec: volumeMounts: - mountPath: /var/lib/cassandra name: aaf-cass-vol - - mountPath: /config-input-data - name: config-cass-init-data - mountPath: /config-input-dats name: config-cass-init-dats - mountPath: /config-dats name: config-cass-dats - - mountPath: /config-data - name: config-cass-data - mountPath: /status name: aaf-status resources: @@ -103,8 +91,6 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /opt/app/aaf/cass_init/data - name: config-cass-data - mountPath: /opt/app/aaf/cass_init/dats name: config-cass-dats - mountPath: /opt/app/aaf/status @@ -144,12 +130,7 @@ spec: - name: config-cass-init-dats configMap: name: {{ include "common.fullname" . }}-cass-init-dats - - name: config-cass-init-data - configMap: - name: {{ include "common.fullname" . }}-cass-init-data - name: config-cass-dats emptyDir: {} - - name: config-cass-data - emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl index afa5004a48..50da519a89 100644 --- a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl @@ -40,6 +40,8 @@ spec: - mountPath: /opt/app/osaaf/etc/org.osaaf.aaf.log4j.props name: aaf-log subPath: org.osaaf.aaf.log4j.props + - mountPath: /opt/app/osaaf/data/ + name: config-identity {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -68,6 +70,11 @@ spec: - name: aaf-log configMap: name: {{ include "common.release" . }}-aaf-log + - name: config-init-identity + configMap: + name: {{ include "common.release" . }}-aaf-identity + - name: config-identity + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" {{- end -}} diff --git a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl index 7cdf4d072e..755315296d 100644 --- a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl +++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl @@ -15,12 +15,16 @@ */} {{- define "aaf.permissionFixer" -}} -- name: fix-permission +- name: onboard-identity-and-fix-permission command: - /bin/sh args: - -c - | + echo "*** Move files from configmap to emptyDir" + cp -L /config-input-identity/* /config-identity/ + echo "*** set righ user to the different folders" + chown -R 1000:1000 /config-identity chown -R 1000:1000 /opt/app/aaf chown -R 1000:1000 /opt/app/osaaf image: {{ include "repositoryGenerator.image.busybox" . }} @@ -28,6 +32,10 @@ volumeMounts: - mountPath: /opt/app/osaaf name: aaf-config-vol + - mountPath: /config-input-identity + name: config-init-identity + - mountPath: /config-identity + name: config-identity resources: limits: cpu: 100m diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat b/kubernetes/aaf/resources/data/identities.dat index 7e976621df..2ddc273aa3 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat +++ b/kubernetes/aaf/resources/data/identities.dat @@ -53,6 +53,7 @@ aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osa clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +appc-cdt|ONAP APPC CDT Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager dcae|ONAP DCAE Application|CLAMP|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager oof|ONAP OOF Application|OOF|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager so|ONAP SO Application|SO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager @@ -64,6 +65,8 @@ policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@peo pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager # VID Identities vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager diff --git a/kubernetes/aaf/templates/configmap.yaml b/kubernetes/aaf/templates/configmap.yaml index 36628ea57a..969046551b 100644 --- a/kubernetes/aaf/templates/configmap.yaml +++ b/kubernetes/aaf/templates/configmap.yaml @@ -23,4 +23,17 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-identity + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/data/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 9eec841aa2..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index 0637cfb84b..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="info" /> - -</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 99129c145f..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index acc940987c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,93 +0,0 @@ -[ - { - "uri": "\/not\/allowed\/at\/all$", - "permissions": [ - "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" - ] - }, - { - "uri": "\/one\/auth\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/multi\/auth\/required$", - "permissions": [ - "test.auth.access.aMultipleAuth1", - "test.auth.access.aMultipleAuth2", - "test.auth.access.aMultipleAuth3" - ] - }, - { - "uri": "\/one\/[^\/]+\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/services\/getAAFRequest$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/admin\/getAAFRequest$", - "permissions": [ - "test.auth.access|admin|GET,PUT,POST" - ] - }, - { - "uri": "\/service\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/services\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/$", - "permissions": [ - "\\|services\\|GET", - "test\\.auth\\.access\\|services\\|GET,PUT" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", - "permissions": [ - "test\\.auth\\.access\\|rest\\|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read", - "test.auth.access|vservers|read" - ] - }, - { - "uri": "\/backend$", - "permissions": [ - "test\\.auth\\.access\\|services\\|GET,PUT", - "\\|services\\|GET" - ] - }, - { - "uri": "\/services\/babel-service\/.*", - "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] - } -] diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties deleted file mode 100644 index 188c55bee2..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG -cadi_keyfile=/opt/app/rproxy/config/security/keyfile - -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -# Configure AAF -aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 1b58d4235c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 2cd95d4c69..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="info" /> - -</configuration> diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 7055bf5303..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 9516 diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile deleted file mode 100644 index 6cd12fcfb4..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM -1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 -xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK -BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm -6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 -QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm -zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 -x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf -8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz -FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz -UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r -banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv -6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG -yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB -xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB -lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq -ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE -fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v -1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 -liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc -0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u -PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm -8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv -dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ --85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn -c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J -uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml index cdd2a4fefe..baee38c0e2 100644 --- a/kubernetes/aai/components/aai-babel/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,46 +28,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index e75815ecb6..9fe386a3c6 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020,2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,19 +37,6 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - {{ if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - - initContainers: - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true - {{ end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -127,79 +114,6 @@ spec: - mountPath: /usr/share/filebeat/data name: aai-filebeat - {{ if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{ end }} - volumes: - name: localtime hostPath: @@ -226,32 +140,6 @@ spec: emptyDir: {} - name: aai-filebeat emptyDir: {} - {{ if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config - {{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml index 630ce83b31..b81ffa05b9 100644 --- a/kubernetes/aai/components/aai-babel/templates/secrets.yaml +++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -43,48 +44,3 @@ type: Opaque data: KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml index fb7295581c..db54ce14f2 100644 --- a/kubernetes/aai/components/aai-babel/templates/service.yaml +++ b/kubernetes/aai/components/aai-babel/templates/service.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,27 +29,16 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if .Values.global.installSidecarSecurity }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.global.rproxy.port }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- end}} - {{ else }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - {{ end }} + {{- if eq .Values.service.type "NodePort" }} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else }} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end }} + selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index f0a5ec2b78..db1a2eb86b 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -1,6 +1,6 @@ # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020, 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,8 +17,7 @@ ################################################################# # Global configuration defaults. ################################################################# -global: - installSidecarSecurity: false +global: {} ################################################################# # Application configuration defaults. diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties index 0aee21778c..4f480cb5d7 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties @@ -3,7 +3,7 @@ spring.autoconfigure.exclude=\ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration - +multi.tenancy.enabled=true keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth keycloak.realm=aai-resources keycloak.resource=aai-resources-app diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index d9fe86e4ec..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore Binary files differdeleted file mode 100644 index f6ebc75ed8..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 9eec841aa2..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index 9a08348b0d..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="info" /> - -</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index 071d407de5..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 Binary files differdeleted file mode 100644 index 023e2eaac6..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 6ad5f51ad3..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index e23c03d833..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,99 +0,0 @@ -[ - { - "uri": "\/not\/allowed\/at\/all$", - "permissions": [ - "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" - ] - }, - { - "uri": "\/one\/auth\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/multi\/auth\/required$", - "permissions": [ - "test.auth.access.aMultipleAuth1", - "test.auth.access.aMultipleAuth2", - "test.auth.access.aMultipleAuth3" - ] - }, - { - "uri": "\/one\/[^\/]+\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/services\/getAAFRequest$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/admin\/getAAFRequest$", - "permissions": [ - "test.auth.access|admin|GET,PUT,POST" - ] - }, - { - "uri": "\/service\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/services\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/$", - "permissions": [ - "\\|services\\|GET", - "test\\.auth\\.access\\|services\\|GET,PUT" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", - "permissions": [ - "test\\.auth\\.access\\|rest\\|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read", - "test.auth.access|vservers|read" - ] - }, - { - "uri": "\/backend$", - "permissions": [ - "test\\.auth\\.access\\|services\\|GET,PUT", - "\\|services\\|GET" - ] - }, - { - "uri": "\/aai\/.*", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - }, - { - "uri": "\/aai\/util\/echo", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - } -] diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties deleted file mode 100644 index fb3d1ccd3e..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG - -# OAuth2 -aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect - -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -# Locate URL (which AAF Env) -aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 - -# AAF URL -aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 - -cadi_keyfile=/opt/app/rproxy/config/security/keyfile -cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 -cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV -cadi_alias=aai@aai.onap.org -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 1b58d4235c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 799fd8689b..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="info" /> - -</configuration> diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 2c89d28180..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 8447 diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile deleted file mode 100644 index 3416d4a737..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf -jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm -4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe -moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf -GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT -74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh -iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb -p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt -3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW -hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 -RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX -xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk -8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q -ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i -5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe -GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE -_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k -zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf -S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU -LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw -hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W -nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP -bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN -JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk -Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y -J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP -mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml index 2927031eb5..f173916104 100644 --- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -49,113 +50,3 @@ data: {{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf-keys - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-aai-policy-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} -{{ end }} diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 765ccdf5bb..6fbbf1c089 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -72,13 +72,6 @@ spec: {{- end }} spec: hostname: aai-resources - {{- if .Values.global.initContainers.enabled }} - {{- if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - {{- end }} initContainers: - command: {{- if .Values.global.jobs.migration.enabled }} @@ -86,23 +79,24 @@ spec: args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else if .Values.global.jobs.createSchema.enabled }} + {{- else }} + {{- if .Values.global.jobs.createSchema.enabled }} - /app/ready.py args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} + {{- else }} - /app/ready.py args: - --container-name - {{- if .Values.global.cassandra.localCluster }} + {{- if .Values.global.cassandra.localCluster }} - aai-cassandra - {{- else }} + {{- else }} - cassandra - {{- end }} + {{- end }} - --container-name - aai-schema-service - {{- end }} + {{- end }} env: - name: NAMESPACE valueFrom: @@ -112,14 +106,7 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - {{- if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true {{- end }} - {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -155,11 +142,6 @@ spec: - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties - {{- if .Values.global.installSidecarSecurity }} - - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json - name: {{ include "common.fullname" . }}-aai-policy - subPath: aai_policy.json - {{- end }} - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile @@ -233,84 +215,6 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.sidecar.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 - subPath: org.onap.aai.p12 - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.sidecar.keyStorePassword }} - - name: TRUST_STORE_PASSWORD - value: {{ .Values.sidecar.trustStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/fproxy_truststore - subPath: fproxy_truststore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{- end }} volumes: - name: aai-common-aai-auth-mount secret: @@ -342,35 +246,6 @@ spec: - key: {{ . }} path: {{ . }} {{- end }} - {{- if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-aai-policy - configMap: - name: {{ include "common.fullname" . }}-aai-policy-configmap - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config - {{- end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml index 1a5b0ce06a..d24149086e 100644 --- a/kubernetes/clamp/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/secret.yaml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,16 +15,17 @@ */}} apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-aaf-keys namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} +type: Opaque data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{ include "common.log.configMap" . }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index 66dfd493dd..460e0d5b93 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -27,7 +27,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} + {{ if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} @@ -39,7 +39,7 @@ spec: name: {{ .Values.service.portName }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} - {{- end}} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 620b4d70f9..5210a249d2 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -24,9 +24,6 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - rproxy: - name: reverse-proxy - initContainers: enabled: true diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index edac199968..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="debug"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="trace" additivity="false"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </logger> - -</configuration> diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index 595d484c37..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,11 +0,0 @@ -[ - { - "uri": "\/services\/search-data-service\/.*", - "method": "GET|PUT|POST|DELETE", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - } - - -] diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties deleted file mode 100644 index fb3d1ccd3e..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG - -# OAuth2 -aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect - -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -# Locate URL (which AAF Env) -aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 - -# AAF URL -aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 - -cadi_keyfile=/opt/app/rproxy/config/security/keyfile -cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 -cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV -cadi_alias=aai@aai.onap.org -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 55a9b4816f..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 289fe7512c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="debug"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="trace" additivity="false"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </logger> - -</configuration> diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 5fddcb240a..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 9509 diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml index 28cf730930..0d76239ef9 100644 --- a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,47 +40,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} -{{ end }} - diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml index eb4aefeeb3..eaa90870b0 100644 --- a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020,2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,14 +38,6 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - {{ if .Values.global.installSidecarSecurity }} - initContainers: - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true - {{ end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -126,85 +118,6 @@ spec: name: {{ include "common.fullname" . }}-service-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-service-filebeat - - {{ if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 - subPath: org.onap.aai.p12 - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: TRUST_STORE_PASSWORD - value: {{ .Values.config.trustStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/fproxy_truststore - subPath: fproxy_truststore - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{ end }} - volumes: - name: localtime hostPath: @@ -228,35 +141,6 @@ spec: - name: {{ include "common.fullname" . }}-service-log-conf configMap: name: {{ include "common.fullname" . }}-service-log - {{ if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - secret: - secretName: aai-rproxy-auth-certs - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: aai-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - secret: - secretName: aai-fproxy-auth-certs - {{ end }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml index eacae25647..3135df6f07 100644 --- a/kubernetes/aai/components/aai-search-data/templates/secret.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,16 +41,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} -{{ end }} - diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml index 940222cd3e..e031410737 100644 --- a/kubernetes/aai/components/aai-search-data/templates/service.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,28 +28,14 @@ metadata: spec: type: {{ .Values.service.type }} ports: -{{ if .Values.global.installSidecarSecurity }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- end}} - {{ else }} - - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} -{{ end }} + {{- if eq .Values.service.type "NodePort" }} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else }} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml index ae61dd761f..4bd535a475 100644 --- a/kubernetes/aai/components/aai-search-data/values.yaml +++ b/kubernetes/aai/components/aai-search-data/values.yaml @@ -55,7 +55,7 @@ readiness: service: type: ClusterIP portName: aai-search-data - internalPort: 9509 + internalPort: "9509" ingress: enabled: false diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties index 929d4ea34d..1ae00d95c4 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties @@ -24,7 +24,7 @@ spring.mvc.favicon.enabled=false # and in the values.yaml change the internalPort to 9517 # -spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal +spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,portal,aai-proxy portal.cadiFileLocation={{.Values.config.cadiFileLocation}} portal.cadiFileLocation={{.Values.config.cadiFileLocation}} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 92b8d7a025..dae42474f5 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -28,7 +28,7 @@ global: # global defaults serviceName: aai-search-data # application image -image: onap/sparky-be:1.6.2 +image: onap/sparky-be:2.0.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 08a1fb8b17..516dcc4d70 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -1,6 +1,7 @@ # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,30 +31,8 @@ global: # global defaults restartPolicy: Always - installSidecarSecurity: false aafEnabled: true - - fproxy: - name: forward-proxy - activeSpringProfiles: noHostVerification,cadi - image: onap/fproxy:2.1.13 - port: 10680 - - rproxy: - name: reverse-proxy - activeSpringProfiles: noHostVerification,cadi - image: onap/rproxy:2.1.13 - port: 10692 - - tproxyConfig: - name: init-tproxy-config - image: onap/tproxy-config:2.1.13 - - # AAF server details. Only needed if the AAF DNS does not resolve from the pod - aaf: - serverIp: 10.12.6.214 - serverHostname: aaf.osaaf.org - serverPort: 30247 + msbEnabled: true cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. diff --git a/kubernetes/appc/components/appc-cdt/requirements.yaml b/kubernetes/appc/components/appc-cdt/requirements.yaml index 5f5f1b145c..8fda7eb81d 100644 --- a/kubernetes/appc/components/appc-cdt/requirements.yaml +++ b/kubernetes/appc/components/appc-cdt/requirements.yaml @@ -16,6 +16,9 @@ dependencies: - name: common version: ~7.x-0 repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: repositoryGenerator version: ~7.x-0 repository: '@local' diff --git a/kubernetes/appc/components/appc-cdt/resources/entrypoint/startCdt.sh b/kubernetes/appc/components/appc-cdt/resources/entrypoint/startCdt.sh new file mode 100755 index 0000000000..b5fa5248fa --- /dev/null +++ b/kubernetes/appc/components/appc-cdt/resources/entrypoint/startCdt.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +### +# ============LICENSE_START======================================================= +# APPC +# ================================================================================ +# Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2021 Orange Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +if [ -z "$CDT_PORT" ] +then + CDT_PORT="30232" +fi +echo "Setting CDT port to $CDT_PORT" +sed -i -e "s/30290/$CDT_PORT/" /opt/cdt/main.bundle.js + +CDT_HOME=/opt/cdt; export CDT_HOME +LOG_DIR=/opt/cdt/logs; export LOG_DIR +MaxLogSize=3000000; export MaxLogSize +PORT=18080; export PORT +if [ -z "$HTTPS_KEY_FILE" ] +then + HTTPS_KEY_FILE=/opt/cert/cdt-key.pem + export HTTPS_KEY_FILE +fi +if [ -z "$HTTPS_CERT_FILE" ] +then + HTTPS_CERT_FILE=/opt/cert/cdt-cert.pem + export HTTPS_CERT_FILE +fi +echo "*** cert file: ${HTTPS_CERT_FILE}" +echo "*** key file : ${HTTPS_KEY_FILE}" +node $CDT_HOME/app/ndserver.js
\ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/appc/components/appc-cdt/templates/configmap.yaml index 3e98246df1..fea0ec2f7a 100644 --- a/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml +++ b/kubernetes/appc/components/appc-cdt/templates/configmap.yaml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2021 Orange. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +17,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-entrypoint namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -26,4 +25,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }} diff --git a/kubernetes/appc/components/appc-cdt/templates/deployment.yaml b/kubernetes/appc/components/appc-cdt/templates/deployment.yaml index ebcabf5112..fb15897ae1 100644 --- a/kubernetes/appc/components/appc-cdt/templates/deployment.yaml +++ b/kubernetes/appc/components/appc-cdt/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -65,10 +65,17 @@ spec: # for nodePort3. This value will be configured in appc main chart in appc-cdt section. - name: CDT_PORT value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}" - volumeMounts: + - name: HTTPS_KEY_FILE + value: {{ .Values.certInitializer.credsPath }}/certs/key.pem + - name: HTTPS_CERT_FILE + value: {{ .Values.certInitializer.credsPath }}/certs/cert.pem + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: /opt/startCdt.sh + name: entrypoint + subPath: startCdt.sh resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -79,9 +86,13 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime + - name: entrypoint + configMap: + name: {{ include "common.fullname" . }}-entrypoint + defaultMode: 0755 imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/appc/components/appc-cdt/values.yaml b/kubernetes/appc/components/appc-cdt/values.yaml index b3dab719bd..3b1ff47116 100644 --- a/kubernetes/appc/components/appc-cdt/values.yaml +++ b/kubernetes/appc/components/appc-cdt/values.yaml @@ -18,6 +18,48 @@ global: nodePortPrefix: 302 + +################################################################# +# AAF part +################################################################# + +# dependency / sub-chart configuration +certInitializer: + nameOverride: appc-cdt-cert-initializer + truststoreMountpath: /opt/onap/appc/data/stores + fqdn: "appc-cdt" + app_ns: "org.osaaf.aaf" + fqi: "appc-cdt@appc-cdt.onap.org" + fqi_namespace: org.onap.appc-cdt + public_fqdn: "appc-cdt.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving password for keystore" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + else + cd {{ .Values.credsPath }}; + mkdir -p certs; + echo "*** transform AAF certs into pem files" + mkdir -p {{ .Values.credsPath }}/certs + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** copy key file" + cp {{ .Values.fqi_namespace }}.key certs/key.pem; + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + fi + ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/clamp/.helmignore b/kubernetes/clamp/.helmignore deleted file mode 100644 index 68ffb32406..0000000000 --- a/kubernetes/clamp/.helmignore +++ /dev/null @@ -1 +0,0 @@ -components/ diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile deleted file mode 100644 index 89b2f465ec..0000000000 --- a/kubernetes/clamp/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) -ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi -else - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi -endif - @$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */requirements.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/clamp/components/Makefile b/kubernetes/clamp/components/Makefile deleted file mode 100644 index bf267b7720..0000000000 --- a/kubernetes/clamp/components/Makefile +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi - @$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */requirements.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/clamp/components/clamp-dash-es/Chart.yaml b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml deleted file mode 100644 index c2b8ccb781..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Clamp Dashboard Elasticsearch -name: clamp-dash-es -version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml deleted file mode 100644 index 22b92c4ef7..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~7.x-0 - repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~7.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml deleted file mode 100644 index 9e04d5ae01..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml +++ /dev/null @@ -1,138 +0,0 @@ ---- -# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ======================== Elasticsearch Configuration ========================= -# -# NOTE: Elasticsearch comes with reasonable defaults for most settings. -# Before you set out to tweak and tune the configuration, make sure you -# understand what are you trying to accomplish and the consequences. -# -# The primary way of configuring a node is via this file. This template lists -# the most important settings you may want to configure for a production cluster. -# -# Please consult the documentation for further information on configuration options: -# https://www.elastic.co/guide/en/elasticsearch/reference/index.html -# -# ---------------------------------- Cluster ----------------------------------- -# -# Name of the Elasticsearch cluster. -# A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster. -# The default name is elasticsearch, but you should change it to an appropriate name which describes the -# purpose of the cluster. -# -## Default Elasticsearch configuration from elasticsearch-docker. -## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/ -# - -cluster.name: "clamp-dashboard" -node.name: "cldash-es-node1" -# ---------------------------------- Network ----------------------------------- -# -# Set the bind address to a specific IP (IPv4 or IPv6): -# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a -# non-loopback address. -network.host: 0.0.0.0 -# -# Set a custom port for HTTP: If required, default is 9200-9300 -# -#http.port: $http.port -# -# For more information, consult the network module documentation. -# ----------------------------------- Paths ------------------------------------ -# -# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma. -# In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure -# may change & can deal to data loss. -path.data: /usr/share/elasticsearch/data -# -# Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs", -# as on upgrading Elasticsearch, directory structure may change. -path.logs: /usr/share/elasticsearch/logs -# -# ----------------------------------- Memory ----------------------------------- -# -# It is vitally important to the health of your node that none of the JVM is ever swapped out to disk. -# Lock the memory on startup. -# -bootstrap.memory_lock: false -# -# Make sure that the heap size is set to about half the memory available -# on the system and that the owner of the process is allowed to use this -# limit. -# -# Elasticsearch performs poorly when the system is swapping the memory. -# -# --------------------------------- Discovery ---------------------------------- -# -# Pass an initial list of hosts to perform discovery when new node is started -# To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster -# that are likely to be live and contactable. -# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try -# to connect to other nodes running on the same server. -# # minimum_master_nodes need to be explicitly set when bound on a public IP -# # set to 1 to allow single node clusters -# # Details: https://github.com/elastic/elasticsearch/pull/17288 -discovery.zen.minimum_master_nodes: 1 -discovery.seed_hosts: [] -# # Breaking change in 7.0 -# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes -cluster.initial_master_nodes: - - cldash-es-node1 -# - docker-test-node-1 -# ---------------------------------- Various ----------------------------------- -# -# Require explicit names when deleting indices: -# -#action.destructive_requires_name: true -# Set a custom port for HTTP: If required, default is 9200-9300 -# This is used for REST APIs -http.port: {{.Values.service.externalPort}} -# Port to bind for communication between nodes. Accepts a single value or a range. -# If a range is specified, the node will bind to the first available port in the range. -# Defaults to 9300-9400. -# More info: -transport.tcp.port: {{.Values.service.externalPort2}} - -######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## -# WARNING: revise all the lines below before you go into production -{{- if .Values.global.aafEnabled }} -opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} -opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} -opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} -opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} -opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} -opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} -{{- else }} -opendistro_security.ssl.transport.pemcert_filepath: esnode.pem -opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem -opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -opendistro_security.ssl.http.pemcert_filepath: esnode.pem -opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem -opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem -{{- end }} -opendistro_security.ssl.transport.enforce_hostname_verification: false -opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} - -opendistro_security.allow_unsafe_democertificates: true -opendistro_security.allow_default_init_securityindex: true -opendistro_security.authcz.admin_dn: - - CN=kirk,OU=client,O=client,L=test, C=de - -opendistro_security.audit.type: internal_elasticsearch -opendistro_security.enable_snapshot_restore_privilege: true -opendistro_security.check_snapshot_restore_write_privileges: true -opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] -cluster.routing.allocation.disk.threshold_enabled: false -node.max_local_storage_nodes: 3 -######## End OpenDistro for Elasticsearch Security Demo Configuration ######## diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml deleted file mode 100644 index d7aa77cd01..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /bin/sh - - -c - - | - sysctl -w vm.max_map_count=262144 - mkdir -p /usr/share/elasticsearch/logs - mkdir -p /usr/share/elasticsearch/data - chmod -R 777 /usr/share/elasticsearch - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - securityContext: - privileged: true - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: init-sysctl - volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/elasticsearch/logs/ - - name: {{ include "common.fullname" . }}-data - mountPath: /usr/share/elasticsearch/data/ -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }} - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }} - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }} - /usr/local/bin/docker-entrypoint.sh - {{- end }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ include "common.servicename" . }} - - containerPort: {{ .Values.service.internalPort2 }} - name: {{ include "common.servicename" . }}2 -# disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort2 }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - env: - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml - name: {{ include "common.fullname" . }}-config - subPath: elasticsearch.yml - - mountPath: /usr/share/elasticsearch/data/ - name: {{ include "common.fullname" . }}-data - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-configmap - items: - - key: elasticsearch.yml - path: elasticsearch.yml - - name: {{ include "common.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - - name: {{ include "common.fullname" . }}-logs - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPathLogs }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml deleted file mode 100644 index 3669621b24..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml deleted file mode 100644 index 6ae4eea0d3..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}} diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml deleted file mode 100644 index 9c182edbc0..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.config.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.config.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }}-tcp - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type2 }} - ports: - {{if eq .Values.service.type2 "NodePort" -}} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.config.portName2 }} - {{- else -}} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.config.portName2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/clamp/components/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml deleted file mode 100644 index 1e2ae4778d..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/values.yaml +++ /dev/null @@ -1,163 +0,0 @@ -# Copyright © 2020 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - permission_user: 1000 - permission_group: 999 - addconfig: true - keystoreFile: "org.onap.clamp.p12" - truststoreFile: "org.onap.clamp.trust.jks" - keyFile: "org.onap.clamp.keyfile" - truststoreFileONAP: "truststoreONAPall.jks" - clamp_key: "org.onap.clamp.crt.key" - clamp_pem: "org.onap.clamp.key.pem" - clamp_ca_certs_pem: "clamp-ca-certs.pem" - nameOverride: clamp-es-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; - export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); - cd {{ .Values.credsPath }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; - chmod a+rx *; - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/clamp-dashboard-elasticsearch:5.0.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -config: {} - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 180 - periodSeconds: 30 - timeoutSeconds: 5 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 180 - periodSeconds: 30 - timeoutSeconds: 5 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - accessMode: ReadWriteOnce - size: 4Gi - mountPath: /dockerdata-nfs - mountSubPath: clamp/dashboard-elasticsearch/data - mountSubPathLogs: clamp - -security: - ssl: - enabled: true - -service: - type: ClusterIP - name: cdash-es - portName: cdash-es-rest - externalPort: 9200 - internalPort: 9200 - type2: ClusterIP - portName2: cdash-es-tcp - externalPort2: 9300 - internalPort2: 9300 - -ingress: - enabled: false - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 2.5Gi - large: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 2.5Gi - unlimited: {} diff --git a/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml deleted file mode 100644 index f5c146a782..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Clamp Dashboard Kibana -name: clamp-dash-kibana -version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml deleted file mode 100644 index b7a8fbf348..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License.# Default Kibana configuration from kibana-docker. -*/}} - -server.name: "Clamp CL Dashboard" -server.host: "0" -# Kibana is served by a back end server. This setting specifies the port to use. -server.port: {{.Values.service.externalPort}} - -server.ssl.enabled: {{.Values.config.sslEnabled}} -{{- if .Values.global.aafEnabled }} -server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} -server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} -{{ else }} -server.ssl.certificate: {{.Values.config.sslPemCertFilePath}} -server.ssl.key: {{.Values.config.sslPemkeyFilePath}} -{{- end }} -# The URL of the Elasticsearch instance to use for all your queries. -elasticsearch.hosts: ${elasticsearch_base_url} - -elasticsearch.ssl.verificationMode: none -elasticsearch.username: {{.Values.config.elasticUSR}} -elasticsearch.password: {{.Values.config.elasticPWD}} - -elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] - -opendistro_security.multitenancy.enabled: true -opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] -opendistro_security.readonly_mode.roles: ["kibana_read_only"] diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml deleted file mode 100644 index 48d85478c4..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf-pem-keys - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml deleted file mode 100644 index 8cb95cdf0b..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --container-name - - clamp-dash-es - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ include "common.servicename" . }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} -# disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - env: - - name: elasticsearch_base_url - value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /usr/share/kibana/config/kibana.yml - name: {{ include "common.fullname" . }} - subPath: kibana.yml - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }} - configMap: - name: {{ include "common.fullname" . }} - items: - - key: kibana.yml - path: kibana.yml - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml deleted file mode 100644 index e5d7174e85..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{/* # Copyright © 2020 Samsung, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml deleted file mode 100644 index f1b6cf55c6..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.config.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.config.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml deleted file mode 100644 index 9b5f1fc344..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - permission_user: 1000 - permission_group: 999 - addconfig: true - keystoreFile: "org.onap.clamp.p12" - truststoreFile: "org.onap.clamp.trust.jks" - keyFile: "org.onap.clamp.keyfile" - truststoreFileONAP: "truststoreONAPall.jks" - clamp_key: "org.onap.clamp.crt.key" - clamp_pem: "org.onap.clamp.key.pem" - clamp_ca_certs_pem: "clamp-ca-certs.pem" - nameOverride: clamp-kibana-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; - export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); - cd {{ .Values.credsPath }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; - chmod a+rx *; - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/clamp-dashboard-kibana:5.0.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -#the 'sslEnabled flag' here below is for the kibana UI connection (web browser connection to kibana) -config: - elasticsearchServiceName: cdash-es - elasticsearchPort: 9200 - elasticUSR: kibanaserver - elasticPWD: kibanaserver - sslEnabled: true - sslPemCertFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.crt.pem - sslPemkeyFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.key.pem - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 360 - periodSeconds: 30 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 360 - periodSeconds: 30 - -#internal ssl security scheme for elasticsearch connection mainly -security: - ssl: - enabled: true - -service: - #Example service definition with external, internal and node ports. - #Services may use any combination of ports depending on the 'type' of - #service being defined. - type: NodePort - name: cdash-kibana - portName: cdash-kibana-http - externalPort: 5601 - internalPort: 5601 - nodePort: 90 -ingress: - enabled: false - service: - - baseaddr: "cdash-kibana" - name: "cdash-kibana" - port: 5601 - config: - ssl: "redirect" - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 2Gi - requests: - cpu: 10m - memory: 750Mi - large: - limits: - cpu: 1 - memory: 2Gi - requests: - cpu: 10m - memory: 750Mi - unlimited: {} diff --git a/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml deleted file mode 100644 index 686898eea2..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Clamp Dashboard Logstash -name: clamp-dash-logstash -version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml deleted file mode 100644 index 22b92c4ef7..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~7.x-0 - repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~7.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml deleted file mode 100644 index 1e06e34cfb..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -http.host: "0.0.0.0" -## Path where pipeline configurations reside -path.config: /usr/share/logstash/pipeline - -## Type of queue : memeory based or file based -#queue.type: persisted -## Size of queue -#queue.max_bytes: 1024mb -## Setting true makes logstash check periodically for change in pipeline configurations -config.reload.automatic: true - diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf deleted file mode 100644 index b978e766d3..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf +++ /dev/null @@ -1,277 +0,0 @@ -{{/* -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -input { - http_poller { - urls => { - event_queue => { - method => get - url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000" - headers => { - Accept => "application/json" - } - topic => "${event_topic}" - tags => [ "dmaap_source" ] - } - notification_queue => { - method => get - url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000" - headers => { - Accept => "application/json" - } - topic => "${notification_topic}" - tags => [ "dmaap_source" ] - } - request_queue => { - method => get - url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000" - headers => { - Accept => "application/json" - } - topic => "${request_topic}" - tags => [ "dmaap_source" ] - } - } - socket_timeout => 30 - request_timeout => 30 - schedule => { "every" => "1m" } - codec => "plain" -{{- if .Values.global.aafEnabled }} - cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" -{{- else }} - cacert => "/certs.d/aafca.pem" -{{- end }} - } -} - - -filter { - # avoid noise if no entry in the list - if [message] == "[]" { - drop { } - } - - if [http_request_failure] or [@metadata][code] != 200 { - mutate { - add_tag => [ "error" ] - } - } - - if "dmaap_source" in [@metadata][request][tags] { - # - # Dmaap provides a json list, whose items are Strings containing the event - # provided to Dmaap, which itself is an escaped json. - # - # We first need to parse the json as we have to use the plaintext as it cannot - # work with list of events, then split that list into multiple string events, - # that we then transform into json. - # - json { - source => "[message]" - target => "message" - } - - split { - field => "message" - } - json { - source => "message" - } - mutate { - remove_field => [ "message" ] - } - } - - # - # Some timestamps are expressed as milliseconds, some are in microseconds - # - if [closedLoopAlarmStart] { - ruby { - code => " - if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999 - event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000) - else - event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10)) - end - " - } - date { - match => [ "closedLoopAlarmStart", UNIX_MS ] - target => "closedLoopAlarmStart" - } - } - - if [closedLoopAlarmEnd] { - ruby { - code => " - if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999 - event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000) - else - event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10)) - end - " - } - date { - match => [ "closedLoopAlarmEnd", UNIX_MS ] - target => "closedLoopAlarmEnd" - } - - } - - - # - # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which - # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss" - # - if [notificationTime] { - mutate { - gsub => [ - "notificationTime", " ", "T" - ] - } - date { - match => [ "notificationTime", ISO8601 ] - target => "notificationTime" - } - } - - - # - # Renaming some fields for readability - # - if [AAI][generic-vnf.vnf-name] { - mutate { - add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" } - } - } - if [AAI][generic-vnf.vnf-type] { - mutate { - add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" } - } - } - if [AAI][vserver.vserver-name] { - mutate { - add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" } - } - } - if [AAI][complex.city] { - mutate { - add_field => { "locationCity" => "%{[AAI][complex.city]}" } - } - } - if [AAI][complex.state] { - mutate { - add_field => { "locationState" => "%{[AAI][complex.state]}" } - } - } - - - # - # Adding some flags to ease aggregation - # - if [closedLoopEventStatus] =~ /(?i)ABATED/ { - mutate { - add_field => { "flagAbated" => "1" } - } - } - if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ { - mutate { - add_field => { "flagFinalFailure" => "1" } - } - } - - - if "error" not in [@metadata][request][tags]{ - # - # Creating data for a secondary index - # - clone { - clones => [ "event-cl-aggs" ] - add_tag => [ "event-cl-aggs" ] - } - - if "event-cl-aggs" in [@metadata][request][tags]{ - # - # we only need a few fields for aggregations; remove all fields from clone except : - # vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure - # - prune { - whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"] - } - - } - } -} - - -output { - stdout { - codec => rubydebug - } - - if "error" in [tags] { - elasticsearch { - ilm_enabled => false - codec => "json" -{{- if .Values.global.aafEnabled }} - cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" -{{- else }} - cacert => "/clamp-cert/ca-certs.pem" -{{- end }} - ssl_certificate_verification => false - hosts => ["${elasticsearch_base_url}"] - user => ["${logstash_user}"] - password => ["${logstash_pwd}"] - index => "errors-%{+YYYY.MM.DD}" - doc_as_upsert => true - } - - } else if "event-cl-aggs" in [tags] { - elasticsearch { - ilm_enabled => false - codec => "json" - hosts => ["${elasticsearch_base_url}"] -{{- if .Values.global.aafEnabled }} - cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" -{{- else }} - cacert => "/clamp-cert/ca-certs.pem" -{{- end }} - ssl_certificate_verification => false - user => ["${logstash_user}"] - password => ["${logstash_pwd}"] - document_id => "%{requestID}" - index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop - doc_as_upsert => true - action => "update" - } - - } else { - elasticsearch { - ilm_enabled => false - codec => "json" - hosts => ["${elasticsearch_base_url}"] -{{- if .Values.global.aafEnabled }} - cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" -{{- else }} - cacert => "/clamp-cert/ca-certs.pem" -{{- end }} - ssl_certificate_verification => false - user => ["${logstash_user}"] - password => ["${logstash_pwd}"] - index => "events-%{+YYYY.MM.DD}" # creates daily indexes - doc_as_upsert => true - } - } -} diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml deleted file mode 100644 index f098338c7f..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml +++ /dev/null @@ -1,130 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --container-name - - clamp-dash-es - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: dmaap_consumer_group - value: "{{ .Values.config.dmaapConsumerGroup }}" - - name: dmaap_consumer_id - value: "{{ .Values.config.dmaapConsumerId }}" - - name: event_topic - value: "{{ .Values.config.eventTopic }}" - - name: notification_topic - value: "{{ .Values.config.notificationTopic }}" - - name: request_topic - value: "{{ .Values.config.requestTopic }}" - - name: dmaap_base_url - value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }} - - name: logstash_user - value: "{{ .Values.config.logstash_user }}" - - name: logstash_pwd - value: "{{ .Values.config.logstash_pwd }}" - - name: elasticsearch_base_url - value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ include "common.servicename" . }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} -# disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end -}} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /usr/share/logstash/config/logstash.yml - name: {{ include "common.fullname" . }} - subPath: logstash.yml - - mountPath: /usr/share/logstash/pipeline/logstash.conf - name: {{ include "common.fullname" . }} - subPath: pipeline.conf - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }} - configMap: - name: {{ include "common.fullname" . }} - items: - - key: logstash.yml - path: logstash.yml - - key: pipeline.conf - path: pipeline.conf - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml deleted file mode 100644 index f1b6cf55c6..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.config.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.config.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml deleted file mode 100644 index 9aab3af252..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - permission_user: 1000 - permission_group: 999 - addconfig: true - keystoreFile: "org.onap.clamp.p12" - truststoreFile: "org.onap.clamp.trust.jks" - keyFile: "org.onap.clamp.keyfile" - truststoreFileONAP: "truststoreONAPall.jks" - clamp_key: "org.onap.clamp.crt.key" - clamp_pem: "org.onap.clamp.key.pem" - clamp_ca_certs_pem: "clamp-ca-certs.pem" - nameOverride: clamp-logstash-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; - export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); - cd {{ .Values.credsPath }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; - chmod a+rx *; - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# - -# application image -image: onap/clamp-dashboard-logstash:5.0.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - elasticsearchServiceName: cdash-es - elasticsearchPort: 9200 - dmaapHost: message-router - dmaapSchemeSSL: https - dmaapSchemeNoSSL: http - dmaapPort: 3905 - dmaapConsumerGroup: "clampdashboard" - dmaapConsumerId: "clampdashboard" - eventTopic: "DCAE-CL-EVENT" - notificationTopic: "POLICY-CL-MGT" - requestTopic: "APPC-CL" - logstash_user: "logstash" - logstash_pwd: "logstash" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 900 - periodSeconds: 20 - timeoutSeconds: 5 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 900 - periodSeconds: 20 - timeoutSeconds: 5 - -security: - ssl: - enabled: true - -service: - #Example service definition with external, internal and node ports. - #Services may use any combination of ports depending on the 'type' of - #service being defined. - type: ClusterIP - name: cdash-ls - portName: cdash-ls-healthcheck - externalPort: 9600 - internalPort: 9600 -ingress: - enabled: false - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 1.3Gi - requests: - cpu: 10m - memory: 750Mi - large: - limits: - cpu: 1 - memory: 1.3Gi - requests: - cpu: 10m - memory: 750Mi - unlimited: {} diff --git a/kubernetes/clamp/components/clamp-mariadb/Chart.yaml b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml deleted file mode 100644 index c0de18592c..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: MariaDB Service -name: clamp-mariadb -version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-mariadb/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt deleted file mode 100644 index 1103affff1..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/clamp/components/clamp-mariadb/requirements.yaml b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml deleted file mode 100644 index d62ef09a4d..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/requirements.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~7.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~7.x-0 - repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh deleted file mode 100755 index 71f32e2eff..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh +++ /dev/null @@ -1,198 +0,0 @@ -#!/bin/bash -set -eo pipefail -shopt -s nullglob - -# if command starts with an option, prepend mysqld -if [ "${1:0:1}" = '-' ]; then - set -- mysqld "$@" -fi - -# skip setup if they want an option that stops mysqld -wantHelp= -for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - wantHelp=1 - break - ;; - esac -done - -prepare_password() -{ - echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - val=`prepare_password $val` - export "$var"="$val" - unset "$fileVar" -} - -_check_config() { - toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) - if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - cat >&2 <<-EOM - - ERROR: mysqld failed while attempting to check config - command was: "${toRun[*]}" - - $errors - EOM - exit 1 - fi -} - -# Fetch value from server config -# We use mysqld --verbose --help instead of my_print_defaults because the -# latter only show values present in config files, and not server defaults -_get_config() { - local conf="$1"; shift - "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ - | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' - # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" -} - -# allow the container to be started with `--user` -if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then - _check_config "$@" - DATADIR="$(_get_config 'datadir' "$@")" - mkdir -p "$DATADIR" - find "$DATADIR" \! -user mysql -exec chown mysql '{}' + - exec gosu mysql "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then - # still need to check config, container may have started with --user - _check_config "$@" - # Get config - DATADIR="$(_get_config 'datadir' "$@")" - - if [ ! -d "$DATADIR/mysql" ]; then - file_env 'MYSQL_ROOT_PASSWORD' - if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - echo >&2 'error: database is uninitialized and password option is not specified ' - echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' - exit 1 - fi - - mkdir -p "$DATADIR" - - echo 'Initializing database' - # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db --datadir="$DATADIR" --rpm "${@:2}" - echo 'Database initialized' - - SOCKET="$(_get_config 'socket' "$@")" - "$@" --skip-networking --socket="${SOCKET}" & - pid="$!" - - mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) - - for i in {30..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break - fi - echo 'MySQL init process in progress...' - sleep 1 - done - if [ "$i" = 0 ]; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then - # sed is for https://bugs.mysql.com/bug.php?id=20545 - mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql - fi - - if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" - echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" - fi - - rootCreate= - # default root to listen for connections from anywhere - file_env 'MYSQL_ROOT_HOST' '%' - if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then - # no, we don't care if read finds a terminating character in this heredoc - # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; - GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; - EOSQL - fi - - "${mysql[@]}" <<-EOSQL - -- What's done in this file shouldn't be replicated - -- or products like mysql-fabric won't work - SET @@SESSION.SQL_LOG_BIN=0; - - DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; - SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; - GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; - ${rootCreate} - DROP DATABASE IF EXISTS test ; - FLUSH PRIVILEGES ; - EOSQL - - if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then - mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) - fi - - file_env 'MYSQL_DATABASE' - if [ "$MYSQL_DATABASE" ]; then - echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" - mysql+=( "$MYSQL_DATABASE" ) - fi - - file_env 'MYSQL_USER' - file_env 'MYSQL_PASSWORD' - if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then - echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" - - if [ "$MYSQL_DATABASE" ]; then - echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" - fi - fi - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - if ! kill -s TERM "$pid" || ! wait "$pid"; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - echo - echo 'MySQL init process done. Ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf deleted file mode 100644 index 8b5dc2a021..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf +++ /dev/null @@ -1,209 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# Example MySQL config file for medium systems. -# -# This is for a system with memory 8G where MySQL plays -# an important part, or systems up to 128M where MySQL is used together with -# other programs (such as a web server) -# -# In this file, you can use all long options that a program supports. -# If you want to know which options a program supports, run the program -# with the "--help" option. -*/}} - -# The following options will be passed to all MySQL clients -##[client] -##user = root -##port = 3306 -##socket = //opt/app/mysql/mysql.sock - -# Here follows entries for some specific programs - -# The MySQL server -[mysqld] -##performance_schema - -slow_query_log =ON -long_query_time =2 -slow_query_log_file =//var/lib/mysql/slow_query.log -##basedir = //opt/app/mysql/product/mariadb-10.1.11-linux-x86_64 -##datadir = //opt/app/mysql/data -##port = 3306 -##socket = //opt/app/mysql/mysql.sock -skip-external-locking -explicit_defaults_for_timestamp = true -skip-symbolic-links -local-infile = 0 -#ignore_db_dir=lost+found -key_buffer_size = 16M -max_allowed_packet = 4M -table_open_cache = 100 -sort_buffer_size = 512K -net_buffer_length = 8K -read_buffer_size = 256K -read_rnd_buffer_size = 512K -myisam_sort_buffer_size = 8M -max_connections = 500 -lower_case_table_names = 1 -thread_stack = 256K -thread_cache_size = 25 -query_cache_size = 8M -query_cache_type = 0 -query_prealloc_size = 512K -query_cache_limit = 1M - -# Password validation -##plugin-load-add=simple_password_check.so -##simple_password_check_other_characters=0 - -# Audit Log settings -plugin-load-add=server_audit.so -server_audit=FORCE_PLUS_PERMANENT -server_audit_file_path=//var/lib/mysql/audit.log -server_audit_file_rotate_size=50M -server_audit_events=CONNECT,QUERY,TABLE -server_audit_logging=on - -# Don't listen on a TCP/IP port at all. This can be a security enhancement, -# if all processes that need to connect to mysqld run on the same host. -# All interaction with mysqld must be made via Unix sockets or named pipes. -# Note that using this option without enabling named pipes on Windows -# (via the "enable-named-pipe" option) will render mysqld useless! -# -#skip-networking - -# Replication Master Server (default) -# binary logging is required for replication -##log-bin=//var/lib/mysql/mysql-bin - -# binary logging format - mixed recommended -binlog_format=row - -# required unique id between 1 and 2^32 - 1 -# defaults to 1 if master-host is not set -# but will not function as a master if omitted - -# Replication Slave (comment out master section to use this) -# -# To configure this host as a replication slave, you can choose between -# two methods : -# -# 1) Use the CHANGE MASTER TO command (fully described in our manual) - -# the syntax is: -# -# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>, -# MASTER_USER=<user>, MASTER_PASSWORD=<password> ; -# -# where you replace <host>, <user>, <password> by quoted strings and -# <port> by the master's port number (3306 by default). -# -# Example: -# -# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306, -# MASTER_USER='joe', MASTER_PASSWORD='secret'; -# -# OR -# -# 2) Set the variables below. However, in case you choose this method, then -# start replication for the first time (even unsuccessfully, for example -# if you mistyped the password in master-password and the slave fails to -# connect), the slave will create a master.info file, and any later -# change in this file to the variables' values below will be ignored and -# overridden by the content of the master.info file, unless you shutdown -# the slave server, delete master.info and restart the slaver server. -# For that reason, you may want to leave the lines below untouched -# (commented) and instead use CHANGE MASTER TO (see above) -# -# required unique id between 2 and 2^32 - 1 -# (and different from the master) -# defaults to 2 if master-host is set -# but will not function as a slave if omitted -#server-id = 2 -# -# The replication master for this slave - required -#master-host = <hostname> -# -# The username the slave will use for authentication when connecting -# to the master - required -#master-user = <username> -# -# The password the slave will authenticate with when connecting to -# the master - required -#master-password = <password> -# -# The port the master is listening on. -# optional - defaults to 3306 -#master-port = <port> -# -# binary logging - not required for slaves, but recommended -#log-bin=mysql-bin - -# Uncomment the following if you are using InnoDB tables -##innodb_data_home_dir = //opt/app/mysql/data -##innodb_data_file_path = ibdata1:20M:autoextend:max:32G -##innodb_log_group_home_dir = //opt/app/mysql/iblogs -# You can set .._buffer_pool_size up to 50 - 80 % -# of RAM but beware of setting memory usage too high -innodb_buffer_pool_size = 128M -#innodb_additional_mem_pool_size = 2M -# Set .._log_file_size to 25 % of buffer pool size -innodb_log_file_size = 10M -innodb_log_files_in_group = 3 -innodb_log_buffer_size = 8M -#innodb_flush_log_at_trx_commit = 1 -innodb_lock_wait_timeout = 50 -innodb_autoextend_increment = 100 -expire_logs_days = 8 -open_files_limit = 2000 -transaction-isolation=READ-COMMITTED -####### Galera parameters ####### -## Galera Provider configuration -wsrep_provider=/usr/lib/galera/libgalera_smm.so -wsrep_provider_options="gcache.size=128M; gcache.page_size=10M" -## Galera Cluster configuration -wsrep_cluster_name="MSO-automated-tests-cluster" -wsrep_cluster_address="gcomm://" -#wsrep_cluster_address="gcomm://mariadb1,mariadb2,mariadb3" -##wsrep_cluster_address="gcomm://192.169.3.184,192.169.3.185,192.169.3.186" -## Galera Synchronization configuration -wsrep_sst_method=rsync -#wsrep_sst_method=xtrabackup-v2 -#wsrep_sst_auth="sstuser:Mon#2o!6" -## Galera Node configuration -wsrep_node_name="mariadb1" -##wsrep_node_address="192.169.3.184" -wsrep_on=OFF -## Status notification -#wsrep_notify_cmd=/opt/app/mysql/bin/wsrep_notify -####### - - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -no-auto-rehash -# Remove the next comment character if you are not familiar with SQL -#safe-updates - -[myisamchk] -key_buffer_size = 20971520 - -##[mysqlhotcopy] -##interactive-timeout -##[mysqld_safe] -##malloc-lib=//opt/app/mysql/local/lib/libjemalloc.so.1 -##log-error=//opt/app/mysql/log/mysqld.log diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt deleted file mode 100644 index 1103affff1..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml deleted file mode 100644 index b8a774acbe..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -#{{ if not .Values.disableClampClampMariadb }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: clamp-entrypoint-bulkload-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: clamp-mariadb-conf-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/conf.d/conf1/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/init/*").AsConfig . | indent 2 }} -#{{ end }} diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml deleted file mode 100644 index 8ddf584988..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml +++ /dev/null @@ -1,113 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MYSQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }} - - name: MYSQL_DATABASE - value: {{ tpl .Values.db.databaseName .}} - volumeMounts: - - mountPath: /docker-entrypoint.sh - subPath: docker-entrypoint.sh - name: init-script - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /docker-entrypoint-initdb.d/ - name: docker-entrypoint-bulkload - - mountPath: /etc/mysql/conf.d/conf1/ - name: clamp-mariadb-conf - - mountPath: /var/lib/mysql - name: clamp-mariadb-data - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - {{- if .Values.persistence.enabled }} - - name: clamp-mariadb-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - - name: docker-entrypoint-bulkload - configMap: - name: clamp-entrypoint-bulkload-configmap - - name: clamp-mariadb-conf - configMap: - name: clamp-mariadb-conf-configmap - - name: localtime - hostPath: - path: /etc/localtime - - name: init-script - configMap: - name: {{ include "common.fullname" . }} - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml deleted file mode 100644 index 424987936d..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml deleted file mode 100644 index 6856c80540..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} diff --git a/kubernetes/clamp/components/clamp-mariadb/values.yaml b/kubernetes/clamp/components/clamp-mariadb/values.yaml deleted file mode 100644 index 60b2cfef4f..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/values.yaml +++ /dev/null @@ -1,130 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: # global defaults - nodePortPrefix: 302 - - persistence: {} -# application image -image: mariadb:10.5.4 -pullPolicy: Always -flavor: small -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-root-pass - type: password - externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}' - password: '{{ .Values.db.rootPass }}' - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - -# Application configuration -# dummy value db user pasword to pass lint!!! -db: - user: dummy-clds - password: dummy-sidnnd83K - databaseName: dummy-cldsdb4 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 3 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 3 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: clamp/mariadb/data - -service: - type: ClusterIP - name: clampdb - portName: clampdb - internalPort: 3306 - externalPort: 3306 - - -ingress: - enabled: false - - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 500Mi - requests: - cpu: 10m - memory: 200Mi - large: - limits: - cpu: 1 - memory: 500Mi - requests: - cpu: 10m - memory: 200Mi - unlimited: {} diff --git a/kubernetes/clamp/requirements.yaml b/kubernetes/clamp/requirements.yaml deleted file mode 100644 index 2d271032e9..0000000000 --- a/kubernetes/clamp/requirements.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: certInitializer - version: ~7.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~7.x-0 - repository: '@local' - - name: clamp-mariadb - version: ~7.x-0 - repository: 'file://components/clamp-mariadb' - - name: clamp-backend - version: ~7.x-0 - repository: 'file://components/clamp-backend' - - name: clamp-dash-es - version: ~7.x-0 - repository: 'file://components/clamp-dash-es' - - name: clamp-dash-logstash - version: ~7.x-0 - repository: 'file://components/clamp-dash-logstash' - - name: clamp-dash-kibana - version: ~7.x-0 - repository: 'file://components/clamp-dash-kibana'
\ No newline at end of file diff --git a/kubernetes/clamp/templates/service.yaml b/kubernetes/clamp/templates/service.yaml deleted file mode 100644 index 31f4380eb8..0000000000 --- a/kubernetes/clamp/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name2 }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type2 }} - ports: - {{if eq .Values.service.type2 "NodePort" -}} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.config.portName2 }} - {{- else -}} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.config.portName2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }}
\ No newline at end of file diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 471f88f735..953c89d24d 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -100,6 +100,14 @@ spec: value: {{ default "GossipingPropertyFileSnitch" .Values.config.endpoint_snitch | quote }} - name: CASSANDRA_AUTHENTICATOR value: {{ default "PasswordAuthenticator" .Values.config.authenticator | quote }} + {{- if include "common.onServiceMesh" . }} + - name: CASSANDRA_LISTEN_ADDRESS + value: "127.0.0.1" + - name: CASSANDRA_BROADCAST_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- end }} - name: POD_IP valueFrom: fieldRef: diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index dddd63491d..9c3010c209 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -128,7 +128,7 @@ labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent name: {{ $port.name }} {{- end }} {{- if (eq $serviceType "NodePort") }} - nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "portNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }} + nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "useNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }} {{- end }} {{- else }} - port: {{ default $port.port $port.plain_port }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index f71db5edeb..6412bf8ac4 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -24,7 +24,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 secrets: - uid: pg-root-pass @@ -115,7 +115,7 @@ componentImages: tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1 ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.5 hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0 datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.0 diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 891c0e1650..711c1d54e7 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -24,7 +24,7 @@ global: nodePortPrefix: 302 persistence: {} tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 repositoryCred: user: docker password: docker @@ -50,7 +50,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.deployments.cm-container:4.1.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:4.2.0 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index a32214faf3..7b9431c46d 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -21,7 +21,7 @@ global: nodePortPrefix: 302 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 secrets: - uid: 'cm-pass' diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 95bbe1e5ff..8f6432d031 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -21,8 +21,7 @@ global: nodePortPrefix: 302 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 - + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 secrets: - uid: 'cm-pass' type: password diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index d4007ad0f6..232f8b45d5 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -20,7 +20,7 @@ global: nodePortPrefix: 302 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 + consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 ################################################################# # Secrets metaconfig diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index a9c0029f41..9401bf5340 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -92,7 +92,7 @@ postgres: mountInitPath: dcaemod # application image -image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.4 +image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.5 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 03b5c83a97..2482748e4c 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -69,7 +69,7 @@ readiness: # Should have a proper readiness endpoint or script # application image -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.1 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.2 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/msb/components/msb-eag/requirements.yaml b/kubernetes/msb/components/msb-eag/requirements.yaml index c59eb6fdf9..fe552019cc 100644 --- a/kubernetes/msb/components/msb-eag/requirements.yaml +++ b/kubernetes/msb/components/msb-eag/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +18,7 @@ dependencies: repository: '@local' - name: repositoryGenerator version: ~7.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml b/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml deleted file mode 100644 index 680cb7357a..0000000000 --- a/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml +++ /dev/null @@ -1,40 +0,0 @@ -<!--# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. --> -<?xml version="1.0" encoding="UTF-8"?> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="msb" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="discovery" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> diff --git a/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf b/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf new file mode 100644 index 0000000000..70125753ed --- /dev/null +++ b/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf @@ -0,0 +1,28 @@ +{{/* +# +# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE) +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +*/}} +server { + listen 443 ssl; + ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt; + ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key; + ssl_protocols TLSv1.1 TLSv1.2; + ssl_dhparam ../ssl/dh-pubkey/dhparams.pem; + include ../msb-enabled/location-default/msblocations.conf; + # Add below settings for making SDC to work + underscores_in_headers on; +}
\ No newline at end of file diff --git a/kubernetes/msb/components/msb-eag/templates/configmap.yaml b/kubernetes/msb/components/msb-eag/templates/configmap.yaml index 33c77e5eae..30c0a80209 100644 --- a/kubernetes/msb/components/msb-eag/templates/configmap.yaml +++ b/kubernetes/msb/components/msb-eag/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,11 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-nginx + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }} diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml index 36cb13dc52..113a174eb6 100644 --- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,6 +39,7 @@ spec: spec: serviceAccountName: msb initContainers: + {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: - /app/ready.py args: @@ -83,19 +85,15 @@ spec: - name: ROUTE_LABELS value: {{ .Values.config.routeLabels }} volumeMounts: + {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }} - mountPath: /etc/localtime name: localtime readOnly: true - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt - readOnly: true - subPath: "cert.crt" - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/html/cert/ca.crt - readOnly: true - subPath: "ca.crt" - mountPath: /usr/local/apiroute-works/logs name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf + name: {{ include "common.fullname" . }}-nginx-conf + subPath: msbhttps.conf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -122,12 +120,13 @@ spec: name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml volumes: - - name: {{ include "common.fullname" . }}-cert - secret: - secretName: {{ include "common.release" . }}-msb-https-cert + {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-nginx-conf + configMap: + name: {{ include "common.fullname" . }}-nginx - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-msb-filebeat-configmap diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml index b8813b8f1a..ff158b592c 100644 --- a/kubernetes/msb/components/msb-eag/values.yaml +++ b/kubernetes/msb/components/msb-eag/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +19,45 @@ global: nodePortPrefix: 302 ################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: msb-eag-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: msb-eag + fqi: msb-eag@msb-eag.onap.org + fqi_namespace: org.onap.msb-eag + public_fqdn: msb-eag.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving passwords for certificates" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c') + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + else + mkdir -p {{ .Values.credsPath }}/certs + echo "*** retrieve certificate from pkcs12" + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** copy key to relevant place" + cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key + echo "*** change ownership and read/write attributes" + chown -R 1000 {{ .Values.credsPath }}/certs + chmod 600 {{ .Values.credsPath }}/certs/cert.crt + chmod 600 {{ .Values.credsPath }}/certs/cert.key + fi + +################################################################# # Application configuration defaults. ################################################################# # application image diff --git a/kubernetes/msb/components/msb-iag/requirements.yaml b/kubernetes/msb/components/msb-iag/requirements.yaml index 467a52ab21..fe552019cc 100644 --- a/kubernetes/msb/components/msb-iag/requirements.yaml +++ b/kubernetes/msb/components/msb-iag/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~7.x-0 repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml b/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml deleted file mode 100644 index 680cb7357a..0000000000 --- a/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml +++ /dev/null @@ -1,40 +0,0 @@ -<!--# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. --> -<?xml version="1.0" encoding="UTF-8"?> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="msb" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="discovery" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> diff --git a/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf b/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf new file mode 100644 index 0000000000..70125753ed --- /dev/null +++ b/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf @@ -0,0 +1,28 @@ +{{/* +# +# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE) +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +*/}} +server { + listen 443 ssl; + ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt; + ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key; + ssl_protocols TLSv1.1 TLSv1.2; + ssl_dhparam ../ssl/dh-pubkey/dhparams.pem; + include ../msb-enabled/location-default/msblocations.conf; + # Add below settings for making SDC to work + underscores_in_headers on; +}
\ No newline at end of file diff --git a/kubernetes/msb/components/msb-iag/templates/configmap.yaml b/kubernetes/msb/components/msb-iag/templates/configmap.yaml index 33c77e5eae..30c0a80209 100644 --- a/kubernetes/msb/components/msb-iag/templates/configmap.yaml +++ b/kubernetes/msb/components/msb-iag/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,11 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-nginx + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }} diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml index 00dc6b69b3..7bae325b1e 100644 --- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,6 +39,7 @@ spec: spec: serviceAccountName: msb initContainers: + {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: - /app/ready.py args: @@ -83,19 +85,15 @@ spec: - name: ROUTE_LABELS value: {{ .Values.config.routeLabels }} volumeMounts: + {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }} - mountPath: /etc/localtime name: localtime readOnly: true - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt - readOnly: true - subPath: "cert.crt" - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/html/cert/ca.crt - readOnly: true - subPath: "ca.crt" - mountPath: /usr/local/apiroute-works/logs name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf + name: {{ include "common.fullname" . }}-nginx-conf + subPath: msbhttps.conf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -122,12 +120,13 @@ spec: name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml volumes: - - name: {{ include "common.fullname" . }}-cert - secret: - secretName: {{ include "common.release" . }}-msb-https-cert + {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-nginx-conf + configMap: + name: {{ include "common.fullname" . }}-nginx - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-msb-filebeat-configmap diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index b91ddcae1b..51e78e1de3 100644 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +19,45 @@ global: nodePortPrefix: 302 ################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: msb-iag-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: msb-iag + fqi: msb-iag@msb-iag.onap.org + fqi_namespace: org.onap.msb-iag + public_fqdn: msb-iag.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving passwords for certificates" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c') + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + else + mkdir -p {{ .Values.credsPath }}/certs + echo "*** retrieve certificate from pkcs12" + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** copy key to relevant place" + cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key + echo "*** change ownership and read/write attributes" + chown -R 1000 {{ .Values.credsPath }}/certs + chmod 600 {{ .Values.credsPath }}/certs/cert.crt + chmod 600 {{ .Values.credsPath }}/certs/cert.key + fi + +################################################################# # Application configuration defaults. ################################################################# # application image diff --git a/kubernetes/msb/requirements.yaml b/kubernetes/msb/requirements.yaml index c52bec4944..b335bfaf2b 100644 --- a/kubernetes/msb/requirements.yaml +++ b/kubernetes/msb/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/msb/resources/config/certificates/ca.crt b/kubernetes/msb/resources/config/certificates/ca.crt deleted file mode 100644 index 62da777a58..0000000000 --- a/kubernetes/msb/resources/config/certificates/ca.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC -Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK -DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg -Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa -Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh -bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu -YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1 -dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK -Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/ -mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt -2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog -6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp -7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3 -p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu -5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA -bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J -wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w -ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/ -FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3 -3lR7lW/J ------END CERTIFICATE----- diff --git a/kubernetes/msb/resources/config/certificates/cert.crt b/kubernetes/msb/resources/config/certificates/cert.crt deleted file mode 100644 index e718c8d166..0000000000 --- a/kubernetes/msb/resources/config/certificates/cert.crt +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID0TCCArmgAwIBAgIJAOQWcdss4QvKMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD -VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK -BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs -ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDUxMzAy -MjIyN1oXDTIyMDUxMzAyMjIyN1owgYwxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdT -aWNodWFuMRAwDgYDVQQHDAdDaGVuZ2R1MQ0wCwYDVQQKDARPTkFQMQwwCgYDVQQL -DANNU0IxEDAOBgNVBAMMB21zYi1pYWcxKjAoBgkqhkiG9w0BCQEWG29uYXAtZGlz -Y3Vzc0BsaXN0cy5vbmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2axA7b -5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZVMNi -L+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqClBi8 -t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz4zFF -ngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8Dx0q -2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM2MDQwMgYDVR0RBCswKYIHbXNiLWlh -Z4IHbXNiLWVhZ4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqGSIb3DQEBCwUA -A4IBAQC9KKJ5x+EBHfdODbMIAufYinlbNRQ4xdG7tlRk0cRXnZoWi6yObQXmZuHV -56M2ZIylKNab2Z0VBluQqoLJvByAHQJO1r+qsAMG/LXBRC1x3y5344vtEPbikpMs -GHtxHomAu/JtSAlSL1Wvj7co3OUgVH/yNbccysVtqxxrfPrBhLfH/yDrFehmQ00T -P8mmJG3qeOUII0pgUjBkGL52+YMN0qy0SgryBx86fR9Y1bQLdWNfsM1CUXE2q9xs -FmU5Ry1pemTo68THSJs4wOnjLZ4kWTseTcEmQ6X2lfah8Ch0ffd3tttguNXnT1Xc -axgwv2Cypja3bPbq9t8kfJhbDrYO ------END CERTIFICATE----- diff --git a/kubernetes/msb/templates/secrets.yaml b/kubernetes/msb/templates/secrets.yaml deleted file mode 100644 index 7dcec5a303..0000000000 --- a/kubernetes/msb/templates/secrets.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.release" . }}-msb-https-cert - labels: {{ include "common.labels" . | nindent 4 }} - app: {{ include "common.name" . }} - chart: {{ include "common.chart" . }} - release: {{ include "common.release" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/certificates/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/msb/templates/serviceaccout.yaml b/kubernetes/msb/templates/serviceaccount.yaml index 3248a0f12c..50cbebf984 100644 --- a/kubernetes/msb/templates/serviceaccout.yaml +++ b/kubernetes/msb/templates/serviceaccount.yaml @@ -16,8 +16,8 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: msb - namespace: {{ include "common.namespace" . }} + name: msb + namespace: {{ include "common.namespace" . }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/kubernetes/msb/values.yaml b/kubernetes/msb/values.yaml index 739fcea9d2..5d3ffe0d6c 100644 --- a/kubernetes/msb/values.yaml +++ b/kubernetes/msb/values.yaml @@ -23,4 +23,3 @@ global: config: logstashServiceName: log-ls logstashPort: 5044 - diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 53260cb21c..bc1f19a6e9 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -66,7 +66,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:7.0.2 +image: onap/externalapi/nbi:8.0.0-latest pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 335629d8e2..3e96bdf3ec 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -39,10 +39,6 @@ dependencies: version: ~7.x-0 repository: '@local' condition: cds.enabled - - name: clamp - version: ~7.x-0 - repository: '@local' - condition: clamp.enabled - name: cli version: ~7.x-0 repository: '@local' diff --git a/kubernetes/clamp/Chart.yaml b/kubernetes/policy/components/policy-clamp-be/Chart.yaml index e9f2197ea1..fd48cc2243 100644 --- a/kubernetes/clamp/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-be/Chart.yaml @@ -14,6 +14,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Clamp -name: clamp +description: ONAP Policy Clamp Backend +name: policy-clamp-be version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-backend/requirements.yaml b/kubernetes/policy/components/policy-clamp-be/requirements.yaml index 734166b43d..734166b43d 100644 --- a/kubernetes/clamp/components/clamp-backend/requirements.yaml +++ b/kubernetes/policy/components/policy-clamp-be/requirements.yaml diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties index 8dd0fc796a..17185cc4bb 100644 --- a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties @@ -44,11 +44,11 @@ server.ssl.trust-store-password=${cadi_truststore_password} #clds datasource connection details spring.datasource.username=${MYSQL_USER} spring.datasource.password=${MYSQL_PASSWORD} -spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 +spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyclamp?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements #The log folder that will be used in logback.xml file -clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json +clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config.json # # Configuration Settings for Policy Engine Components diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh index 4cf8155f6c..329479fad2 100644..100755 --- a/kubernetes/clamp/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh @@ -1,6 +1,7 @@ +#!/bin/sh {{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2017 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2018, 2020-2021 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,4 +16,4 @@ # limitations under the License. */}} -{{ include "common.secretFast" . }} +mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" policyclamp < /dbcmd-config/policy-clamp-create-tables.sql diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml index 8717e6f33a..8717e6f33a 100644 --- a/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml diff --git a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql index 1f153bce04..1f153bce04 100644 --- a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json index 3adda95c11..3adda95c11 100644 --- a/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json diff --git a/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt index e36d6a5bfb..e36d6a5bfb 100644 --- a/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt +++ b/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml index fe0349ede9..aeadc37bd4 100644 --- a/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml @@ -27,3 +27,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml index 9153f9d0ff..1120f9b2b6 100644 --- a/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml @@ -40,8 +40,8 @@ spec: - command: - /app/ready.py args: - - --container-name - - clamp-mariadb + - --job-name + - {{ include "common.release" . }}-policy-clamp-galera-config env: - name: NAMESPACE valueFrom: @@ -61,14 +61,14 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - sh - workingDir: "/opt/clamp/" + workingDir: "/opt/policy/clamp/" args: - -c - | {{- if .Values.global.aafEnabled }} export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0) {{- end }} - java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./app.jar + java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -88,19 +88,17 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - - mountPath: /opt/clamp/sdc-controllers-config.json + - mountPath: /opt/policy/clamp/sdc-controllers-config.json name: {{ include "common.fullname" . }}-config subPath: sdc-controllers-config.json - - mountPath: /opt/clamp/application.properties + - mountPath: /opt/policy/clamp/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties env: - name: MYSQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - - name: MYSQL_DATABASE - value: {{ tpl .Values.db.databaseName .}} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} {{- if ne "unlimited" (include "common.flavor" .) }} - name: JAVA_RAM_CONFIGURATION value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75 @@ -115,7 +113,7 @@ spec: volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-configmap items: - key: sdc-controllers-config.json path: sdc-controllers-config.json diff --git a/kubernetes/policy/components/policy-clamp-be/templates/job.yaml b/kubernetes/policy/components/policy-clamp-be/templates/job.yaml new file mode 100755 index 0000000000..c5c968a2e1 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/templates/job.yaml @@ -0,0 +1,84 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2020-2021 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.release" . }}-policy-clamp-galera-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-policy-clamp-job + release: {{ include "common.release" . }} +spec: + template: + metadata: + labels: + app: {{ include "common.name" . }}-policy-clamp-job + release: {{ include "common.release" . }} + spec: + initContainers: +#This container checks that all galera instances are up before initializing it. + - name: {{ include "common.name" . }}-readiness + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + - --job-name + - {{ include "common.release" . }}-policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: {{ include "common.release" . }}-policy-clamp-galera-config + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.db.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /dbcmd-config/create-db-tables.sh + name: {{ include "common.fullname" . }}-config + subPath: create-db-tables.sh + - mountPath: /dbcmd-config/policy-clamp-create-tables.sql + name: {{ include "common.fullname" . }}-config + subPath: policy-clamp-create-tables.sql + command: + - /bin/sh + args: + - -x + - /dbcmd-config/create-db-tables.sh + env: + - name: MYSQL_HOST + value: "{{ .Values.db.service.name }}" + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 10 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 10 }} + - name: MYSQL_PORT + value: "{{ .Values.db.service.internalPort }}" + resources: +{{ include "common.resources" . }} + restartPolicy: Never + volumes: + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + items: + - key: create-db-tables.sh + path: create-db-tables.sh + - key: policy-clamp-create-tables.sql + path: policy-clamp-create-tables.sql diff --git a/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml index 4cf8155f6c..4cf8155f6c 100644 --- a/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml diff --git a/kubernetes/clamp/components/clamp-backend/templates/service.yaml b/kubernetes/policy/components/policy-clamp-be/templates/service.yaml index c01d36a53d..c01d36a53d 100644 --- a/kubernetes/clamp/components/clamp-backend/templates/service.yaml +++ b/kubernetes/policy/components/policy-clamp-be/templates/service.yaml diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index efd08ba4d0..1446ac42b6 100644 --- a/kubernetes/clamp/components/clamp-backend/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -53,9 +53,9 @@ certInitializer: chmod a+rx *; secrets: - - uid: db-secret + - uid: db-creds type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required @@ -63,7 +63,7 @@ secrets: flavor: small # application image -image: onap/clamp-backend:5.1.5 +image: onap/policy-clamp-backend:6.0.0 pullPolicy: Always # flag to enable debugging - application support required @@ -80,9 +80,12 @@ log: #####dummy values for db user and password to pass lint!!!####### db: - user: dummyclds - password: dummysidnnd83K - databaseName: dummycldsdb4 + user: policy_user + password: policy_user + image: mariadb:10.5.8 + service: + name: policy-mariadb + internalPort: 3306 config: log: @@ -114,10 +117,10 @@ readiness: service: type: ClusterIP - name: clamp-backend - portName: clamp-backend + name: policy-clamp-be + portName: policy-clamp-be internalPort: 8443 - externalPort: 443 + externalPort: 8443 ingress: enabled: false diff --git a/kubernetes/clamp/components/clamp-backend/Chart.yaml b/kubernetes/policy/components/policy-clamp-fe/Chart.yaml index c9aa635ab5..331ba86995 100644 --- a/kubernetes/clamp/components/clamp-backend/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/Chart.yaml @@ -14,6 +14,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Clamp -name: clamp-backend +description: ONAP Policy Clamp Frontend +name: policy-clamp-fe version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml index 22b92c4ef7..734166b43d 100644 --- a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml @@ -14,9 +14,6 @@ # limitations under the License. dependencies: - - name: common - version: ~7.x-0 - repository: '@local' - name: certInitializer version: ~7.x-0 repository: '@local' diff --git a/kubernetes/clamp/resources/config/default.conf b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf index 3e6fde9d0d..4cab734074 100644 --- a/kubernetes/clamp/resources/config/default.conf +++ b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf @@ -12,7 +12,7 @@ server { ssl_verify_client optional_no_ca; location /restservices/clds/ { - proxy_pass https://clamp-backend:443; + proxy_pass https://policy-clamp-be:8443; proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; } diff --git a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml index 8717e6f33a..8717e6f33a 100644 --- a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml diff --git a/kubernetes/clamp/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt index e36d6a5bfb..e36d6a5bfb 100644 --- a/kubernetes/clamp/templates/NOTES.txt +++ b/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt diff --git a/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml index 1a5b0ce06a..1a5b0ce06a 100644 --- a/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml index 51b864b986..97c7919389 100644 --- a/kubernetes/clamp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml @@ -41,7 +41,7 @@ spec: - /app/ready.py args: - --container-name - - clamp-backend + - policy-clamp-be env: - name: NAMESPACE valueFrom: diff --git a/kubernetes/clamp/templates/ingress.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/clamp/templates/ingress.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml index 4cf8155f6c..4cf8155f6c 100644 --- a/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml index 20a5065503..b4549ba099 100644 --- a/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml @@ -18,7 +18,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "common.servicename" . }} + name: {{ .Values.service.name }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -31,11 +31,13 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - {{- end}} name: {{ .Values.service.portName }} + {{- end}} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} +--- diff --git a/kubernetes/clamp/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml index b2b37d3755..91a096d1b2 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -56,40 +56,13 @@ certInitializer: openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; chmod a+rx *; -secrets: - - uid: db-root-pass - name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass' - type: password - password: '{{ .Values.db.rootPass }}' - - uid: db-secret - name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass' - type: basicAuth - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - -db: - user: clds -# password: sidnnd83K - databaseName: &dbName cldsdb4 -# rootPass: emrys user: testos - -clamp-backend: - db: - userCredsExternalSecret: *dbUserPass - databaseName: *dbName -clamp-mariadb: - db: - rootCredsExternalSecret: *dbRootPass - userCredsExternalSecret: *dbUserPass - databaseName: *dbName - subChartsOnly: enabled: true flavor: small # application image -image: onap/clamp-frontend:5.1.5 +image: onap/policy-clamp-frontend:6.0.0 pullPolicy: Always # flag to enable debugging - application support required @@ -131,20 +104,14 @@ readiness: service: type: NodePort - name: clamp-external - portName: clamp-external + name: policy-clamp-fe + portName: policy-clamp-fe internalPort: 2443 nodePort: 58 # as of 20180904 port 58 is reserved for clamp from log/logdemonode # see https://wiki.onap.org/display/DW/OOM+NodePort+List - type2: ClusterIP - name2: clamp - portName2: clamp-internal - internalPort2: 2443 - externalPort2: 8443 - ingress: enabled: false service: diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties index 0d773b50c0..d2e9c62edf 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -49,6 +49,7 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome # # JPA Properties # +eclipselink.target-database=MySQL javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory javax.persistence.jdbc.user=${SQL_USER} diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index b2f2b7430a..22e3dfad18 100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -48,6 +48,14 @@ dependencies: version: ~7.x-0 repository: 'file://components/policy-distribution' condition: policy-distribution.enabled + - name: policy-clamp-be + version: ~7.x-0 + repository: 'file://components/policy-clamp-be' + condition: policy-clamp-be.enabled + - name: policy-clamp-fe + version: ~7.x-0 + repository: 'file://components/policy-clamp-fe' + condition: policy-clamp-fe.enabled - name: repositoryGenerator version: ~7.x-0 repository: '@local' diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index 0d7ce07c9b..90c987984f 100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -18,7 +18,7 @@ mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; -for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory +for db in support onap_sdk log migration operationshistory10 pooling policyadmin policyclamp operationshistory do mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index d09895484c..678772c481 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -66,6 +66,11 @@ policy-drools-pdp: policy-distribution: enabled: true db: *dbSecretsHook +policy-clamp-be: + enabled: true + db: *dbSecretsHook +policy-clamp-fe: + enabled: true policy-nexus: enabled: false diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml index 84a78ab977..20c396fa42 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T -# Modifications Copyright (c) 2020 Nokia +# Modifications Copyright (c) 2020 Nokia, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -108,6 +108,16 @@ spec: value: rack1 - name: CASSANDRA_ENABLE_RPC value: "true" + {{- $flavor := include "common.flavor" . }} + {{- $heap := pluck $flavor .Values.heap | first }} + {{- if (hasKey $heap "max") }} + - name: MAX_HEAP_SIZE + value: {{ $heap.max }} + {{- end }} + {{- if (hasKey $heap "new") }} + - name: HEAP_NEWSIZE + value: {{ $heap.new }} + {{- end }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml index ec76d08b72..b06761a870 100644 --- a/kubernetes/portal/components/portal-cassandra/values.yaml +++ b/kubernetes/portal/components/portal-cassandra/values.yaml @@ -1,6 +1,6 @@ # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T -# Modifications Copyright (c) 2020 Nokia +# Modifications Copyright (c) 2020 Nokia, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -117,7 +117,7 @@ resources: memory: 3.75Gi requests: cpu: 160m - memory: 2.8Gi + memory: 3.1Gi large: limits: cpu: 4 @@ -126,3 +126,15 @@ resources: cpu: 2 memory: 6Gi unlimited: {} + +heap: + # Heap size is tightly correlated to RAM limits. + # If limit > 8G, Cassandra should define itself the best value. + # If not, you must set up it in a coherent way with limits set + # Refer to https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/operations/opsTuneJVM.html#Determiningtheheapsize + # for more informations. + small: + max: 3G + new: 100M + large: {} + unlimited: {}
\ No newline at end of file diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index ef12c9a848..50117bd359 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -20,7 +20,7 @@ GLOBAL_INJECTED_APPC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . GLOBAL_INJECTED_APPC_CDT_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "appc-cdt") }}' GLOBAL_INJECTED_ARTIFACTS_VERSION = '{{.Values.demoArtifactsVersion}}' GLOBAL_INJECTED_ARTIFACTS_REPO_URL = "{{ .Values.demoArtifactsRepoUrl }}" -GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "clamp") }}' +GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-clamp-fe") }}' GLOBAL_INJECTED_CLI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "cli") }}' GLOBAL_INJECTED_CLOUD_ENV = 'openstack' GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}" @@ -152,7 +152,7 @@ GLOBAL_SDC_PASSWORD = "boop" GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD] # clamp info - everything is from the private oam network (also called onap private network) GLOBAL_CLAMP_SERVER_PROTOCOL = "https" -GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "clamp" "port" 8443) }}' +GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-clamp-fe" "port" 2443) }}' # nbi info - everything is from the private oam network (also called onap private network) GLOBAL_NBI_SERVER_PROTOCOL = "https" GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" 8443) }}' diff --git a/kubernetes/sdnc/resources/config/conf/org.opendaylight.daexim.cfg b/kubernetes/sdnc/resources/config/conf/org.opendaylight.daexim.cfg new file mode 100644 index 0000000000..20b794d21f --- /dev/null +++ b/kubernetes/sdnc/resources/config/conf/org.opendaylight.daexim.cfg @@ -0,0 +1,4 @@ +# Daexim directory location +# absolute path or path relative to Karaf home directory +# property substitution (interpolation) currently only supported for "${karaf.home}", no others (hard-coded) -- M. +daexim.dir={{ .Values.persistence.daeximPath }}
\ No newline at end of file diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 51c50e4fec..7441dacd23 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -114,7 +114,6 @@ spec: args: - -c - | - mkdir {{ .Values.persistence.mdsalPath }}/daexim mkdir {{ .Values.persistence.mdsalPath }}/journal mkdir {{ .Values.persistence.mdsalPath }}/snapshots chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} @@ -264,6 +263,9 @@ spec: - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties name: properties subPath: mountpoint-state-provider.properties + - mountPath: {{ .Values.config.odl.etcDir }}/org.opendaylight.daexim.cfg + name: properties + subPath: org.opendaylight.daexim.cfg resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index efc13e92e6..5a4d204c58 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -460,7 +460,7 @@ persistence: mountPath: /dockerdata-nfs mountSubPath: sdnc/mdsal mdsalPath: /opt/opendaylight/mdsal - daeximPath: /opt/opendaylight/daexim + daeximPath: /opt/opendaylight/mdsal/daexim journalPath: /opt/opendaylight/journal snapshotsPath: /opt/opendaylight/snapshots diff --git a/kubernetes/vid/requirements.yaml b/kubernetes/vid/requirements.yaml index c6554cada2..34ad968757 100644 --- a/kubernetes/vid/requirements.yaml +++ b/kubernetes/vid/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,6 +20,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: mariadb-galera version: ~7.x-0 repository: '@local' @@ -30,4 +34,3 @@ dependencies: - name: repositoryGenerator version: ~7.x-0 repository: '@local' - diff --git a/kubernetes/vid/resources/certs/org.onap.vid.jks b/kubernetes/vid/resources/certs/org.onap.vid.jks Binary files differdeleted file mode 100644 index a05f12d857..0000000000 --- a/kubernetes/vid/resources/certs/org.onap.vid.jks +++ /dev/null diff --git a/kubernetes/vid/resources/certs/org.onap.vid.trust.jks b/kubernetes/vid/resources/certs/org.onap.vid.trust.jks Binary files differdeleted file mode 100644 index 4caf7be652..0000000000 --- a/kubernetes/vid/resources/certs/org.onap.vid.trust.jks +++ /dev/null diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 2e74daa730..8872863e42 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2020 Samsung Electronics +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,7 +37,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - /app/ready.py args: @@ -55,6 +56,15 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + /tmp/vid/localize.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -100,8 +110,6 @@ spec: value: "{{ .Values.config.roleaccesscentralized }}" - name: VID_CONTACT_US_LINK value: "{{ .Values.config.vidcontactuslink }}" - - name: VID_KEYSTORE_PASSWORD - value: {{ .Values.config.vidkeystorepassword | quote }} - name: VID_UEB_URL_LIST value: message-router.{{ include "common.namespace" . }} - name: VID_MYSQL_HOST @@ -116,9 +124,13 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }} - name: VID_MYSQL_MAXCONNECTIONS value: "{{ .Values.config.vidmysqlmaxconnections }}" - volumeMounts: - - mountPath: /opt/app/vid/etc - name: vid-certs + {{- if .Values.global.aafEnabled }} + - name: VID_KEYSTORE_FILENAME + value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks" + - name: VID_TRUSTSTORE_FILENAME + value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks" + {{- end }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -149,10 +161,7 @@ spec: name: vid-logs - mountPath: /usr/share/filebeat/data name: vid-data-filebeat - volumes: - - name: vid-certs - secret: - secretName: {{ include "common.fullname" . }}-certs + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml index 72934fffd8..670838c6cf 100644 --- a/kubernetes/vid/templates/secrets.yaml +++ b/kubernetes/vid/templates/secrets.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2020 Samsung Electronics +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,17 +17,3 @@ */}} {{ include "common.secretFast" . }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-certs - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 8e8a17ae84..4510dc6908 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2020 Samsung Electronics +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,6 +37,53 @@ secrets: login: '{{ .Values.config.db.userName }}' password: '{{ .Values.config.db.userPassword }}' +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: vid-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: vid + fqi: vid@vid.onap.org + public_fqdn: vid.onap.org + fqi_namespace: "org.onap.vid" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving password for keystore and trustore" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) + if [ -z "$cadi_keystore_password" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + else + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWD}" \ + -storepass "${cadi_keystore_password_jks}" \ + -keystore {{ .Values.fqi_namespace }}.jks + keytool -storepasswd -new "${TRUSTORE_PASSWD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWD}" \ + -keystore {{ .Values.fqi_namespace }}.jks \ + -keypass "${cadi_keystore_password_jks}" \ + -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "VID_KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop + echo "VID_TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 . + fi + subChartsOnly: enabled: true @@ -49,7 +97,6 @@ config: userName: vidadmin # userCredentialsExternalSecret: some secret # userPassword: password - vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g' asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=" asdcclientrestport: "8443" vidaaiport: "8443" |