From cd2e66f770d8778dbd5c95a73fa810b9ee0ee779 Mon Sep 17 00:00:00 2001 From: Krzysztof Gajewski Date: Thu, 15 Oct 2020 20:33:34 +0200 Subject: [SO] Enable SO-Monitoring - use HTTPS and certInitializer - SO-Monitoring service exposed as NodePort - Certs are retrieved dynamically using certInitializer Issue-ID: SO-2920 Signed-off-by: Krzysztof Gajewski Change-Id: I04e6556bcddc3c67afc2a76c5b4fecb59a134911 --- kubernetes/so/components/so-monitoring/values.yaml | 51 ++++++++++++++++------ 1 file changed, 37 insertions(+), 14 deletions(-) (limited to 'kubernetes/so/components/so-monitoring/values.yaml') diff --git a/kubernetes/so/components/so-monitoring/values.yaml b/kubernetes/so/components/so-monitoring/values.yaml index e746baf1bb..9ba1d7b7d8 100644 --- a/kubernetes/so/components/so-monitoring/values.yaml +++ b/kubernetes/so/components/so-monitoring/values.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Copyright (C) 2020 Huawei +# Modifications Copyright © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,8 +28,15 @@ global: readinessImage: onap/oom/readiness:3.0.1 aafAgentImage: onap/aaf/aaf_agent:2.1.20 envsubstImage: dibi/envsubst + aafEnabled: true persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: true + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= ################################################################# # Secrets metaconfig @@ -46,25 +54,21 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: app-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.monitoring.soMonitoringCredsExternalSecret) . }}' + login: '{{ .Values.server.monitoring.username }}' + password: '{{ .Values.server.monitoring.password }}' #secretsFilePaths: | # - 'my file 1' # - '{{ include "templateThatGeneratesFileName" . }}' -################################################################# -# AAF part -################################################################# -soHelpers: - nameOverride: so-monitoring-cert-init - certInitializer: - nameOverride: so-monitoring-cert-init - credsPath: /opt/app/osaaf/local - ################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.6.4 +image: onap/so/so-monitoring:1.7.7 pullPolicy: Always db: @@ -77,15 +81,34 @@ db: replicaCount: 1 minReadySeconds: 10 -containerPort: 9091 +containerPort: &containerPort 9091 logPath: app/logs/ app: so-monitoring + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-monitoring-cert-init + certInitializer: + nameOverride: so-monitoring-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.monitoringPerm + containerPort: *containerPort + +server: + monitoring: + username: demo + # password: demo123456! + # soMonitoringCredsExternalSecret: some secret + service: #Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis... - type: ClusterIP + type: NodePort nodePort: 24 - internalPort: 9091 - externalPort: 9091 + internalPort: *containerPort + externalPort: *containerPort portName: so-monitor-port updateStrategy: type: RollingUpdate -- cgit 1.2.3-korg