X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fvalues.yaml;h=a463e47f19c948a9c9ba01c754439f112338ff12;hb=27fd7d8750ceeb798052eb8af36264c79b6536fb;hp=05507307fc3f679e248ad70007d2b96a8cc502ec;hpb=6212bb27ae5202b9071b8a8493afcaecaa1b9249;p=oom.git diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 05507307fc..a463e47f19 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -202,8 +202,9 @@ global: # global defaults passwd: AAI # Active spring profiles for the resources microservice + # aaf-auth profile will be automatically set if aaf enabled is set to true profiles: - active: production,dmaap,aaf-auth + active: production,dmaap #,aaf-auth # Notification event specific properties notification: @@ -213,6 +214,7 @@ global: # global defaults # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth + # will be set to no-auth if tls is disabled service: client: one-way-ssl # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service @@ -228,11 +230,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v21 + default: v23 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23 # Specifies from which version related link should appear related: link: v11 @@ -274,6 +276,40 @@ global: # global defaults # since when this is enabled, it prints a lot of information to console enabled: false +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: "aai" + app_ns: "org.osaaf.aaf" + fqi_namespace: "org.onap.aai" + fqi: "aai@aai.onap.org" + public_fqdn: "aaf.osaaf.org" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** transform AAF certs into pem files" + mkdir -p {{ .Values.credsPath }}/certs + keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ + -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ + -alias ca_local_0 \ + -storepass $cadi_truststore_password + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** generating needed file" + cat {{ .Values.credsPath }}/certs/cert.pem \ + {{ .Values.credsPath }}/certs/cacert.pem \ + {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ + > {{ .Values.credsPath }}/certs/fullchain.pem; + chown 1001 {{ .Values.credsPath }}/certs/* + # application image dockerhubRepository: registry.hub.docker.com image: aaionap/haproxy:1.4.2 @@ -325,13 +361,16 @@ readiness: service: type: NodePort - portName: aai-ssl + portName: http externalPort: 8443 internalPort: 8443 nodePort: 33 # POLICY hotfix - Note this must be temporary # See https://jira.onap.org/browse/POLICY-510 aaiServiceClusterIp: + externalPlainPort: 80 + internalPlainPort: 8080 + nodeport: 33 ingress: enabled: false @@ -339,8 +378,8 @@ ingress: - baseaddr: "aai.api" name: "aai" port: 8443 - config: - ssl: "redirect" + config: + ssl: "redirect" resources: small: