X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fvnfsdk%2Fvalues.yaml;h=0fbee4c07ffcb69269a08d3f51bccdebc94419aa;hb=2c2be1eea53e97cc1972c0b89571baff92e59484;hp=96cacfbf8253bbfa79b2143739a377e099e1086a;hpb=a391f4daa788e896e77300665a661b61e83b3e46;p=oom.git diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 96cacfbf82..0fbee4c07f 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -17,20 +17,58 @@ ################################################################# global: nodePortPrefix: 302 - repository: nexus3.onap.org:10001 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-vnfsdk-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "vnfsdk-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-vnfsdk-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "vnfsdk-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: refrepo-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: refrepo + fqi: refrepo@refrepo.onap.org + fqi_namespace: org.onap.refrepo + public_fqdn: refrepo.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** transform AAF certs into pem files" + mkdir -p {{ .Values.credsPath }}/certs + echo "keystore password: $$cadi_keystore_password_p12" + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** copy key" + cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ + {{ .Values.credsPath }}/certs/cert.key + echo "*** change ownership of certificates to targeted user" + chown -R 999 {{ .Values.credsPath }}/certs + ################################################################# # Application configuration defaults. ################################################################# # application image -repository: nexus3.onap.org:10001 -image: onap/vnfsdk/refrepo:1.5.1 -postgresRepository: crunchydata -postgresImage: crunchy-postgres:centos7-10.3-1.8.2 +image: onap/vnfsdk/refrepo:1.6.3 pullPolicy: Always # application configuration override for postgres @@ -50,9 +88,8 @@ postgres: config: pgUserName: postgres pgDatabase: postgres - pgPrimaryPassword: postgres - pgUserPassword: postgres - pgRootPassword: postgres + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName # flag to enable debugging - application support required debugEnabled: false @@ -90,13 +127,13 @@ liveness: enabled: true readiness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 60 + periodSeconds: 30 service: type: NodePort name: refrepo - portName: refrepo + portName: https nodePort: 97 internalPort: 8703 @@ -105,6 +142,6 @@ ingress: service: - baseaddr: "refrepo" name: "refrepo" - port: 97 + port: 8703 config: - ssl: "none" + ssl: "redirect"