From 2652e5198b438818968bbd15e30dff1b6993c301 Mon Sep 17 00:00:00 2001 From: krishnaa96 Date: Wed, 10 Mar 2021 12:02:52 +0530 Subject: [OOF] Update containers to latest versions - OSDF: 3.0.4 - Fixed NST selection response - HAS: 2.1.4 - Fixed SDC interface - Fixed weak cryptography issues - CMSO: 2.3.2 - Fixed weak cryptography issues Chart changes - Remove encrypted password from CMSO and move it to k8s secret Issue-ID: OPTFRA-917 Signed-off-by: Krishna Moorthy Change-Id: I1cf272f66f76412d5042fdf3ed3bcf1d461ab254 --- .../aaf/components/aaf-sms/resources/config/has.json | 7 +++++++ kubernetes/aaf/components/aaf-sms/templates/job.yaml | 6 ++++++ kubernetes/aaf/components/aaf-sms/values.yaml | 9 ++++++++- .../resources/config/optimizer.properties | 4 ++-- .../oof-cmso-optimizer/templates/deployment.yaml | 4 ++++ .../oof-cmso/components/oof-cmso-optimizer/values.yaml | 14 ++++++++++++-- .../oof-cmso-service/resources/config/cmso.properties | 8 ++++---- .../oof-cmso-service/templates/deployment.yaml | 4 ++++ .../oof-cmso/components/oof-cmso-service/values.yaml | 17 ++++++++++++++--- .../oof-cmso/components/oof-cmso-ticketmgt/values.yaml | 2 +- .../oof-cmso/components/oof-cmso-topology/values.yaml | 2 +- kubernetes/oof/components/oof-cmso/values.yaml | 12 ++++++++++++ .../oof-has/components/oof-has-api/values.yaml | 2 +- .../oof-has/components/oof-has-controller/values.yaml | 2 +- .../oof-has/components/oof-has-data/values.yaml | 2 +- .../oof-has/components/oof-has-reservation/values.yaml | 2 +- .../oof-has/components/oof-has-solver/values.yaml | 2 +- kubernetes/oof/components/oof-has/values.yaml | 2 +- kubernetes/oof/values.yaml | 2 +- 19 files changed, 82 insertions(+), 21 deletions(-) (limited to 'kubernetes') diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/has.json b/kubernetes/aaf/components/aaf-sms/resources/config/has.json index 679b5189de..ef42ce98d3 100644 --- a/kubernetes/aaf/components/aaf-sms/resources/config/has.json +++ b/kubernetes/aaf/components/aaf-sms/resources/config/has.json @@ -38,6 +38,13 @@ "password": "${AAF_PASS}", "aaf_conductor_user": "oof@oof.onap.org" } + }, + { + "name": "sdc", + "values": { + "username": "${SDC_USER}", + "password": "${SDC_PASS}" + } } ] } diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index 1341889af3..6e50620a99 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -51,6 +51,7 @@ spec: export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN}; export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; export SO_PASS=${SO_PASS_PLAIN}; + export SDC_PASS=${SDC_PASS_PLAIN}; cd /config-input; for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; @@ -131,6 +132,11 @@ spec: - name: SO_PASS_PLAIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "password") | indent 10 }} + - name: SDC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "login") | indent 10 }} + - name: SDC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }} + volumeMounts: - mountPath: /config-input name: {{ include "common.name" . }}-preload-input diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index 3b777c64f6..ab7d8fb71b 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -192,7 +192,11 @@ secrets: login: '{{ .Values.oofCreds.soUsername }}' password: '{{ .Values.oofCreds.soPassword }}' passwordPolicy: required - + - uid: sdc-creds + type: basicAuth + login: '{{ .Values.oofCreds.sdcUsername }}' + password: '{{ .Values.oofCreds.sdcPassword }}' + passwordPolicy: required oofCreds: aaiUsername: oof@oof.onap.org aaiPassword: demo123456! @@ -239,6 +243,9 @@ oofCreds: soUsername: apihBpmn soPassword: password1$ + sdcUsername: aai + sdcPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + # Configure resource requests and limits resources: small: diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties index 4bf8f74666..04a5714a8e 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/resources/config/optimizer.properties @@ -52,8 +52,8 @@ cmso.minizinc.command.solver=OSICBC cmso.minizinc.command.timelimit=60000 cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn -mechid.user=oof@oof.onap.org -mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== +mechid.user=${AAF_USER} +mechid.pass=${AAF_PASSWORD} aaf.urls=https://aaf-locate:8095 aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml index c1d2602713..1f96183dd5 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/templates/deployment.yaml @@ -116,6 +116,10 @@ spec: value: {{ .Values.global.truststorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}} + - name: AAF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}} command: - /bin/sh args: diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml index aa6ae1941c..d50995a615 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-optimizer/values.yaml @@ -24,12 +24,12 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-optimizer:2.3.1 +image: onap/optf-cmso-optimizer:2.3.2 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.3.1 + image: onap/optf-cmso-dbinit:2.3.2 # flag to enable debugging - application support required debugEnabled: false @@ -45,6 +45,12 @@ secrets: login: '{{ .Values.config.db.user }}' password: '{{ .Values.config.db.password }}' passwordPolicy: required + - uid: cmso-aaf-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.aaf.user }}' + password: '{{ .Values.config.aaf.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -81,6 +87,10 @@ service: config: + aaf: + user: user + password: pass +# userCredentialsExternalSecret: some-secret db: port: 3306 # rootPassword: pass diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties index 6525a4ee9c..363aecbc03 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/resources/config/cmso.properties @@ -94,11 +94,11 @@ so.polling.interval.ms=10000 ## loopback settings so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7 -so.user=oof@oof.onap.org -so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== +so.user=${AAF_USER} +so.pass=${AAF_USER} -mechid.user=oof@oof.onap.org -mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw== +mechid.user=${AAF_USER} +mechid.pass=${AAF_PASSWORD} cmso.dispatch.url=http://localhost:8089 diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml index 27d52a24ba..d9f2bd0734 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/templates/deployment.yaml @@ -140,6 +140,10 @@ spec: value: {{ .Values.global.truststorePassword }} - name: AUTHENTICATION value: {{ .Values.global.authentication }} + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}} + - name: AAF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}} command: - /bin/sh args: diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml index f0e62e458d..06dd478b0e 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-service/values.yaml @@ -23,13 +23,13 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-service:2.3.1 -robotimage: onap/optf-cmso-robot:2.3.1 +image: onap/optf-cmso-service:2.3.2 +robotimage: onap/optf-cmso-robot:2.3.2 pullPolicy: Always #init container image dbinit: - image: onap/optf-cmso-dbinit:2.3.1 + image: onap/optf-cmso-dbinit:2.3.2 # flag to enable debugging - application support required debugEnabled: false @@ -44,6 +44,12 @@ secrets: login: '{{ .Values.config.db.user }}' password: '{{ .Values.config.db.password }}' passwordPolicy: required + - uid: cmso-aaf-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.aaf.user }}' + password: '{{ .Values.config.aaf.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -80,6 +86,10 @@ service: config: + aaf: + user: user + password: pass +# userCredentialsExternalSecret: some-secret db: port: 3306 # rootPassword: pass @@ -93,6 +103,7 @@ config: optimizer_host: oof-cmso-optimizer optimizer_port: 7997 + ingress: enabled: false diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml index d88e1b22c2..4f6976ed28 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-ticketmgt/values.yaml @@ -23,7 +23,7 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-ticketmgt:2.3.1 +image: onap/optf-cmso-ticketmgt:2.3.2 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml index 56d9c7c12a..b3adb5c69c 100644 --- a/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml +++ b/kubernetes/oof/components/oof-cmso/components/oof-cmso-topology/values.yaml @@ -22,7 +22,7 @@ subChartsOnly: enabled: true # application image -image: onap/optf-cmso-topology:2.3.1 +image: onap/optf-cmso-topology:2.3.2 pullPolicy: Always diff --git a/kubernetes/oof/components/oof-cmso/values.yaml b/kubernetes/oof/components/oof-cmso/values.yaml index c574a86136..c46fd0a33a 100644 --- a/kubernetes/oof/components/oof-cmso/values.yaml +++ b/kubernetes/oof/components/oof-cmso/values.yaml @@ -36,6 +36,11 @@ secrets: login: '{{ .Values.config.db.optimizer.userName }}' password: '{{ .Values.config.db.optimizer.userPassword }}' passwordPolicy: generate + - uid: cmso-aaf-creds + name: &aafCreds '{{ include "common.release" . }}-cmso-aaf-creds' + type: basicAuth + login: '{{ .Values.config.aaf.user }}' + password: '{{ .Values.config.aaf.password }}' mariadb-galera: replicaCount: 1 @@ -75,6 +80,9 @@ mariadb-init: flavor: small config: + aaf: + user: oof@oof.onap.org + password: demo123456! log: logstashServiceName: log-ls logstashPort: 5044 @@ -115,6 +123,8 @@ oof-cmso-service: host: *dbName container: *dbName mysqlDatabase: cmso + aaf: + userCredentialsExternalSecret: *aafCreds oof-cmso-optimizer: enabled: true @@ -128,6 +138,8 @@ oof-cmso-optimizer: host: *dbName container: *dbName mysqlDatabase: optimizer + aaf: + userCredentialsExternalSecret: *aafCreds oof-cmso-topology: enabled: true diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index 0f2e01f5c7..d6743cdfda 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,7 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index df50561d51..3cbf96adc1 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # Secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index b069be6d9c..0940a9db39 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index b069be6d9c..0940a9db39 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index b069be6d9c..0940a9db39 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 2891f806c3..3615a3bd33 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -19,7 +19,7 @@ global: commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.1.3 + optf_has: onap/optf-has:2.1.5 persistence: enabled: true diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 87e6536c35..7362ec70a6 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/optf-osdf:3.0.3 +image: onap/optf-osdf:3.0.4 pullPolicy: Always # flag to enable debugging - application support required -- cgit 1.2.3-korg