X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcomponents%2Faai-graphadmin%2Fvalues.yaml;h=170223ccbb1c5b22c16522a2ef03b57559df77af;hb=702d68ae02195cbe56ab5f5cd61bddc816880076;hp=cdbef0dd8a0669ca957172b6582da2a848534103;hpb=971fac5ee071235248d6bc02dca1df55ac652dae;p=oom.git diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index cdbef0dd8a..170223ccbb 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -4,7 +4,7 @@ # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. -# Copyright (c) 2020 Orange Intellectual Property. All rights reserved. +# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,8 +37,6 @@ global: # global defaults migration: enabled: false config: - # User information for the admin user in container - userId: 1000 # Specifies that the cluster connected to a dynamic # cluster being spinned up by kubernetes deployment @@ -78,11 +76,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v24 + default: v27 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27 # Specifies from which version related link should appear related: link: v11 @@ -96,30 +94,57 @@ global: # global defaults edge: label: v12 - # Keystore configuration password and filename - keystore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Truststore configuration password and filename - truststore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - - - # Specifies a list of files to be included in auth volume - auth: - files: - - aai_keystore - # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-graphadmin-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai + fqi: aai@aai.onap.org + public_fqdn: aai.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai + user_id: &user_id 1000 + group_id: &group_id 1000 + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export KEYSTORE_JKS_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + keytool -storepasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \ + -storepass "${cadi_keystore_password_jks}" \ + -keystore {{ .Values.fqi_namespace }}.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \ + -keystore {{ .Values.fqi_namespace }}.jks \ + -keypass "${cadi_keystore_password_jks}" \ + -storepass "${KEYSTORE_JKS_PLAIN_PASSWORD}" -alias {{ .Values.fqi }} + echo "*** writing passwords into prop file" + echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop + echo "KEYSTORE_JKS_PLAIN_PASSWORD=${KEYSTORE_JKS_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image -image: onap/aai-graphadmin:1.9.1 +image: onap/aai-graphadmin:1.11.0 pullPolicy: Always restartPolicy: Always flavor: small @@ -259,8 +284,17 @@ resources: memory: 2Gi unlimited: {} +# Not fully used for now +securityContext: + user_id: *user_id + group_id: *group_id + #Pods Service Account serviceAccount: nameOverride: aai-graphadmin roles: - read +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}'