summaryrefslogtreecommitdiffstats
path: root/kubernetes/onap/values.yaml
AgeCommit message (Collapse)AuthorFilesLines
2020-12-02[PLATFORM] Update cert service images to 2.3.1Remigiusz Janeczek1-1/+1
Update cert service and cert service client to allow IPAddresses, E-mails and URIs as SANs. Update ejbca configuration with IPAddresses, E-mail and URIs. Fix dcae bp inputs to use comma as SANs delimiter (from to allow use of IPv6) Issue-ID: OOM-2559 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
2020-11-23[PLATFORM] Add new fake deployment to fix offline certificates generationAdam Wudzinski1-0/+5
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation. Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com> Issue-ID: OOM-2588 Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
2020-11-20[COMMON] New templates to handle repositoriesSylvain Desbureaux1-18/+59
Current repository templates handles only ONAP "nexus" repository configuration. So, all images coming from another repository (currently, OOM is using 4 repository, including nexus one) cannot simply be retrieved from another one. This commit add new templates, in a specific chart, in order to change that. Now, each for repository can be overidden and all 4 can have a credentials. Also, in order to minimize global variables, templates aimed to retrieve usual utility images (busybox, envsubst, readiness, ...) are created. Issue-ID: OOM-2634 Change-Id: I27eb33d830d56ec28f9de68599f5108a262983b3 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> [Reduce code size, add missing busyboxRepository] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-10-29[Tree-wide] Remove pnda charts from OOMKrzysztof Opasiak1-2/+0
pnda was introduced in earlier release (R3) as POC however no longer supported. As we don't like unmaintained code and noone is using it let's remove it from oom helm charts. Issue-ID: DCAEGEN2-2503 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I717925acee3956ac7e5c6abda7a54e3a78f3ebf3
2020-10-29Merge "[SO] Enable SO-Monitoring - use HTTPS and certInitializer"Krzysztof Opasiak1-0/+6
2020-10-29[SO] Enable SO-Monitoring - use HTTPS and certInitializerKrzysztof Gajewski1-0/+6
- SO-Monitoring service exposed as NodePort - Certs are retrieved dynamically using certInitializer Issue-ID: SO-2920 Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com> Change-Id: I04e6556bcddc3c67afc2a76c5b4fecb59a134911
2020-10-20[COMMON] Make certInitializer share truststore among instancesKrzysztof Opasiak1-0/+3
Truststore is quite heavy. If it is included several times in the component it can easily cross helm chart size limit. To fix this issue let's make sure that the truststore is created only once and then shared among all certInitializer instances. Issue-ID: AAF-1134 Change-Id: I546a88fea3fe869748194682e7dcf3ad566282ab Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-09-25Merge "[DCAEGEN2][OOM] Update k8splugin configs"Sylvain Desbureaux1-1/+1
2020-09-24[DCAEGEN2][OOM] Update k8splugin configsJan Malkiewicz1-1/+1
Top up certservice-api image Update config for k8splugin 3.4.1: - update images of certservice-client - add certservice-client secret name to config - add certservice-post-processor image to config CertPostProcessor is an application which appends CMPv2 truststore entries to AAF CertMan truststore and allows swapping AAF CertMan keystore for CMPv2 keystore. Issue-ID: DCAEGEN2-2253 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Icc7020d8e1431f4ba2f49206b84bf3930d3c2c23
2020-09-21[SDNC] Deploy external TLC cert in ODLegernug1-9/+9
Changes for 111973 Issue-ID: SDNC-1136 Signed-off-by: esobmar <mariusz.sobucki@est.tech> Change-Id: If185ee3658b8f51a969bb3505f8bfb163cfea2a3 Signed-off-by: egernug <gerard.nugent@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> [Access EJBCA secret from cert service] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-09-18[OOM] Moving cert-service to platformMaciej Malewski1-7/+10
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components. All aaf-cert-service references have been replaced with oom-cert-service. Issue-ID: OOM-2526 Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7 Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>
2020-09-17Merge "Add A1 Policy Management Service helm charts"Sylvain Desbureaux1-0/+3
2020-09-16Add A1 Policy Management Service helm chartsLathish1-0/+3
Issue-ID: CCSDK-2492 Change-Id: Ide809298d075471b457cfb93fee77658c7cb597c Signed-off-by: Lathish <lathishbabu.ganesan@est.tech>
2020-09-07Merge "[COMMON] Allow to set default password complexity"Sylvain Desbureaux1-0/+5
2020-09-04[GENERAL] Use readiness container v3.0.1Sylvain Desbureaux1-3/+2
Readiness container v3.x and up are now present in ONAP main repository. They're also not using root user anymore and then script path has changed. Finally, "job_complete" script has been integrated in main "ready" script. As those changes are significant, we must upgrade all the components at once. Depends-On: I5afa83892043f4844afe12e61724a8d368a9f2e0 Issue-ID: OOM-2545 Signed-off-by: Grzegorz Lis <grzegorz.lis@nokia.com> Change-Id: I0b4eb5dd86390273532d67d0a9696e1cfcadf110
2020-09-02[COMMON] Allow to set default password complexityKrzysztof Opasiak1-0/+5
With the introduction of common secret template many of ONAP passwords started being automatically generated. The algorithm that we use for this purpose allows to choose the complexity of generated password. By default we use "long" which contains special characters. Unfortunately this turns out to often cause some issue. To make our deployment more stable and user friendly lets allow the deployer to choose the desired password complexity. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e
2020-08-25Merge "[COMMON] new logConfiguration chart"Krzysztof Opasiak1-0/+6
2020-07-30[DCAEGEN2] Add config supporting request CMPv2 certsPiotr Marcinkiewicz1-2/+1
Add configuration supporting dealing with CMPv2 certs in K8s plugin. Remove outputType from global values to allow it be specific for service. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: Iedb9c3f63a539a386b9abd5d257c54f5ce023662
2020-07-22[COMMON] new logConfiguration chartSylvain Desbureaux1-0/+6
This new chart allows to set the same log level accross components in ONAP. As other similar templates, default value will be retrieved (`logConfiguration.logLevel`) but can be overrided: - globally by setting global.logLevel - per component basis by setting `logConfiguration.logLevelOverride` per component basis Issue-ID: OOM-2515 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I18196b56bb4f8732d42271d7c93c1a0f71bfac58
2020-07-20[AAF Certservice] Update versions to 1.2.0Piotr Marcinkiewicz1-1/+1
Update Cert Service version to 1.2.0 in order to allow creation not existing subdirectories where certs will be located. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I83560e21a6894c8869201205000bb7c41956176a
2020-07-01[AAF Certservice] Update versions to 1.1.0Remigiusz Janeczek1-1/+2
Allow use of OUTPUT_TYPE env in certservice client to define desired certificates format (one of: P12, JKS, PEM) Issue-ID: AAF-1152 Change-Id: I5065b659ae36d71209d643303896516042fabaa0 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
2020-06-15[GLOBAL] Upgrade readiness check versionSylvain Desbureaux1-1/+1
Use a newer readiness check script with better handling of readiness on statefulsets. Issue-ID: OOM-2418 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ica7c87e856c193b2ed825a3eb2345262689f2808
2020-06-10Merge "[COMMON] add pre upgrade script for mariadb-galera"Sylvain Desbureaux1-0/+10
2020-06-05[COMMON] add pre upgrade script for mariadb-galeratringuyen1-0/+10
When upgrading from a version to another, it may be impossible to do it "simply" because of changes in immutable properties of statefulsets. We change that here by creating a temporary deployment which will hold the whole databases during the time the old statefulset gets destroyed and the new one gets created. Issue-ID: OOM-2316 Signed-off-by: tringuyen <tri.nguyen@tatacommunications.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I318d72830d5002f50597e23e0753e292f8b47c53
2020-05-28[AAF] Add CMPv2 Cert ServiceEmmettCox1-0/+21
This new micro service allow retrieval of certificates using CMPv2 protocol and relay the requests to CA server (such as EJBCA provided in contrib folder). Issue-ID: AAF-1083 Change-Id: Ib3acba3d071533ad933d043f067147e8406d8fa8 Signed-off-by: EmmettCox <emmett.cox@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-05-18Merge "Bump version of readiness image"Sylvain Desbureaux1-1/+6
2020-05-13Bump version of readiness imageSylvain Desbureaux1-1/+6
New readiness image proposes several new stuff: * smaller size * ability to wait for daemonset Issue-ID: OOM-2373 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I4af9a09393c5b71214d8f4db2c1a095b260c9fbd
2020-05-04remove hardcoded MariaDB passwordJulienBe1-1/+1
This aligns with other changes on OOM. You can either supply a specific password or have it generated for you based on a master password Issue-ID: CLAMP-796, OJSI-188 Change-Id: If1b80fc47cf1033e094f8a106746d1e8c556c08b Signed-off-by: JulienBe <jb379x@att.com> Co-authored-by: sebdet <sebastien.determe@intl.att.com> [small updates in common secret template usage] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-04-22Merge "[COMMON] templates for centralized logs"Krzysztof Opasiak1-1/+9
2020-04-22[COMMON] templates for centralized logsSylvain Desbureaux1-1/+9
Add three templates: * one for creating the sidecar * one for creating the configmap * one for creating the volumes Issue-ID: OOM-2370 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I34ac35a30b3ab892622431ee7c70277bc7b1f41d
2020-04-20[COMMON] helm chart for elastic dbAlexander Dehn1-0/+4
Add elasticdb as common chart to oom Issue-ID: SDNC-1061 Signed-off-by: Alexander Dehn <alexander.dehn@highstreet-technologies.com> Change-Id: Id8c48113b8d4193d7f13991296f0307a29724c01 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-04-15[Contrib] Add EJBCA ServerSylvain Desbureaux1-1/+21
EJBCA Server is used to test that CMPv2 Certificate handling is well done in ONAP. Issue-ID: AAF-1083 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5e2d25b68b5cd80d3c7bf282ce871dd81e711ff6
2020-04-07AAF OOM 2.1.20ChrisC1-1/+1
Cleaned up up configs, JDK11 fixes, Hello and Agent works, now a model for Apps non-root fix Issue-ID: AAF-1081, AAF-1102 Signed-off-by: Instrumental <jgonap@stl.gathman.org> Signed-off-by: ChrisC <christophe.closset@intl.att.com> Change-Id: I4947075029db8abd7d2072b6b82064af8e2daa3e
2020-04-03[COMMON] Faster aafConfig templateSylvain Desbureaux1-1/+3
"index" function is bad in term of performance in Helm. Reworked the templates in order to avoid it. as certificates are retrieved at every boot (and as already present certs are deleted before), we don't need persistent storage Also set aafImage as a global variable in order to have a consistent use accross ONAP Issue-ID: EXTAPI-375 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79
2020-03-13Add dcaemod chartsJack Lucas1-0/+2
Issue-ID: DCAEGEN2-1866 Change-Id: I0179e1e75529ad8017b1a5c23747dbd80aa6f625 Signed-off-by: Jack Lucas <jflucas@research.att.com> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2020-03-06[COMMON] Handle TLS/Non-TLS for ServiceSylvain Desbureaux1-0/+51
Current service and headlessService templates doesn't handle the fact that out of cluster ports must be TLS encrypted only. With a new (backward compatible) DSL, this is now possible. In values.yaml, all ports in service part with port AND plain_port will have the ability to be HTTP or HTTPS depending on the context. Per default, they'll be HTTPS. TLS choice will be done according this table: | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result | |-------------|-------------------|----------------------------|------------------------|--------| | not present | not present | not present | any | true | | not present | not present | false | any | true | | not present | not present | true | false | true | | not present | not present | true | true | false | | not present | true | any | any | true | | not present | false | any | any | false | | true | any | any | any | true | | false | any | any | any | false | Service template will create one or two service templates according to this table: | serviceType | both_tls_and_plain | result | |---------------|--------------------|--------------| | ClusterIP | any | one Service | | Not ClusterIP | not present | one Service | | Not ClusterIP | false | one Service | | Not ClusterIP | true | two Services | If two services are created, one is ClusterIP with both crypted and plain ports and the other one is NodePort (or LoadBalancer) with crypted port only. Issue-ID: OOM-1936 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5
2020-02-04[COMMON] Create templates for services and PVSylvain Desbureaux1-1/+1
Proposition of common templates to make service declaration and PV declaration consistent accross OOM. Propositions of templates for sub parties of resource definitions such as metadatas, selector and containerPorts. I've also made an example with cassandra. Change-Id: I8b8aa8eb61dafba75e89add1979114a0eefce243 Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-12-11Merge "[Common] Use global storage templates for PVC"Borislav Glozman1-2/+0
2019-12-05[Common] Use global storage templates for PVCSylvain Desbureaux1-2/+0
OOM has now templates in order to create the needed PVC, using: * a PV with a specific class when using a common nfs mount path between nodes (sames as today use) --> is the default behavior today * or a storage class if we want to use dynamic PV. On this case, we use (in order of priority): - persistence.storageClassOverride if set on the chart - global.persistence.storageClass if set globally - persistence.storageClass if set on the chart I've also aligned the PV creation of the different charts. I've also aligned the PVC creation of the different charts. I've removed unused mysql chart and (badly) used nfs-provisioner chart. I've also make cassandra backup work with dynamic PV (but RWX only for now). Change-Id: I0ea3f8c7514ca648d94b6c682684c06b822bbe0a Issue-ID: OOM-2229 Issue-ID: OOM-2228 Issue-ID: OOM-2227 Issue-ID: OOM-1227 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
2019-12-03Vhosts support to the common ingress templateLucjan Bryndza1-1/+7
Add virtual hosting support to the ingress common template Added support for global configuration path or virtual host based Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Change-Id: I6b1a0c9cfd0eb5c90a090058d5db70f8ee33731e Issue-ID: OOM-2125 Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
2019-09-10Seperate CDS chart from SDNC in OOMAbdelmuhaimen Seaudi1-0/+2
Issue-ID: OOM-2085 Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com> Change-Id: I21fed8c9cf33967f62f156cac96deefdcb4f8d47 Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
2019-08-22Removing nginx-ingress from helm charts. It is running by default viaOndřej Šmalec1-2/+0
RKE. Issue-ID: OOM-2050 Signed-off-by: Ondřej Šmalec <o.smalec@partner.samsung.com> Change-Id: I72802282d296c6e1f23f96112a6406ded18aa5ab
2019-07-17Add nginx ingress controller supportLucjan Bryndza1-0/+2
Add nginx ingress controller support to the OOM nginx ingress controller is disabled by default. Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Change-Id: I97683ede7d99d2c8ca2f512c962d2d8d03467124 Issue-ID: OOM-1508
2019-05-10Add modeling parser chartyangyanyj1-0/+2
Issue-ID: MODELING-165 Change-Id: I46419561fdc3f1b4fb7a7bcf19185ac6cbd99c1d Signed-off-by: yangyanyj <yangyanyj@chinamobile.com>
2019-05-08Update overrides to support docsMike Elliott1-1/+1
Change-Id: I2a0428bfec238231b299c9f35364979b116a5d67 Issue-ID: OOM-1598 Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
2019-04-10default storageclass and nfs provisionersushil masal1-1/+7
Issue-ID: OOM-1500 Change-Id: I15dd98ea8042914220f1b6025e93f65224bb9adb Signed-off-by: sushil masal <sushil.masal@amdocs.com>
2019-03-14Shared Instance of Mariadb-GaleraPramod1-0/+2
Change-Id: Id3fbbc7ad639bfd03ddbfc931abf774407851d74 Issue-ID: OOM-1193 Signed-off-by: Pramod <pramod.kumarsharma@amdocs.com>
2019-03-02Improve override usabilityMike Elliott1-29/+29
Currently when you deploy onap with no override file, the behavior is to deploy everything. In order to deploy a subset of components, an override file must contain all components and then disable the ones you don't want. As we prepare to transfer helm chart ownership to the teams, it will simplify the creation of project specific development override files, if the default behavior for deploying onap was reversed. Allowing override files to only contain the components they care to enable (and configure) and ignore the rest as they would be disabled by default. From this point on, it will be necessary to use an override file (as integration uses for testing) to enable all components. This patch includes an onap-all.yaml override file that may be used for this purpose. helm deploy dev local/onap -f onap/overrides/onap-all.yaml No configuration is part of this override. Its purpose is only to enable the components and is intended to be used in combination with other override files that provide environment specific configuration. Change-Id: I4b74a3a8a35a178298af7205762e2aca7c65dda3 Issue-ID: OOM-1692 Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
2019-02-20Instantiate common cassandra clusterMahendra Raghuwanshi1-0/+2
Issue-ID: OOM-1198 Change-Id: Ie49a34cfbe5bdb2620312e8780dccbc0b86a0d6e Signed-off-by: Mahendra Raghuwanshi <mahendra.raghuwanshi@amdocs.com>
2019-02-08Remove VVP from OOMLovett, Trevor1-2/+0
As part of the Dublin release, the web version of VVP is being deprecated. A command-line script will remain, but there will be no deployable, online version of the tooling. This change removes the deprecated components from the OOM deployment and management. Issue-ID: VVP-136 Change-Id: Iea4e611d6b1a784be271982eb6a92099a944bd76 Signed-off-by: Lovett, Trevor <trevor.lovett@att.com>