Code Review / oom.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw (from parent 2: 3c75b9e)
Merge "[DCAEGEN2] Correction of the conditional statement"
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>
Tue, 29 Sep 2020 07:17:00 +0000 (07:17 +0000)
committerGerrit Code Review <gerrit@onap.org>
Tue, 29 Sep 2020 07:17:00 +0000 (07:17 +0000)
47 files changed:
kubernetes/aaf/components/aaf-sms/templates/job.yaml patch | blob | history
kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml patch | blob | history
kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml patch | blob | history
kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml patch | blob | history
kubernetes/clamp/components/clamp-dash-es/requirements.yaml patch | blob | history
kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml patch | blob | history
kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml patch | blob | history
kubernetes/clamp/components/clamp-dash-es/values.yaml patch | blob | history
kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml patch | blob | history
kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml patch | blob | history
kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml patch | blob | history
kubernetes/clamp/components/clamp-dash-kibana/values.yaml patch | blob | history
kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml patch | blob | history
kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf patch | blob | history
kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml patch | blob | history
kubernetes/clamp/components/clamp-dash-logstash/values.yaml patch | blob | history
kubernetes/common/cmpv2Config/values.yaml patch | blob | history
kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json patch | blob | history
kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml patch | blob | history
kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml patch | blob | history
kubernetes/onap/values.yaml patch | blob | history
kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml patch | blob | history
kubernetes/oof/components/oof-has/resources/config/log.conf patch | blob | history
kubernetes/oof/resources/config/log.yml [new file with mode: 0644] patch | blob
kubernetes/oof/templates/deployment.yaml patch | blob | history
kubernetes/platform/components/oom-cert-service/values.yaml patch | blob | history
kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties [new file with mode: 0644] patch | blob
kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties patch | blob | history
kubernetes/portal/components/portal-app/templates/deployment.yaml patch | blob | history
kubernetes/portal/components/portal-app/values.yaml patch | blob | history
kubernetes/portal/components/portal-cassandra/templates/deployment.yaml patch | blob | history
kubernetes/portal/components/portal-cassandra/templates/secrets.yaml [new file with mode: 0644] patch | blob
kubernetes/portal/components/portal-cassandra/values.yaml patch | blob | history
kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql patch | blob | history
kubernetes/portal/components/portal-mariadb/templates/job.yaml patch | blob | history
kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties [new file with mode: 0644] patch | blob
kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties patch | blob | history
kubernetes/portal/components/portal-sdk/templates/deployment.yaml patch | blob | history
kubernetes/portal/components/portal-sdk/values.yaml patch | blob | history
kubernetes/portal/templates/secrets.yaml [new file with mode: 0644] patch | blob
kubernetes/portal/values.yaml patch | blob | history
kubernetes/robot patch | blob | history
kubernetes/sdc/Makefile patch | blob | history
kubernetes/sdc/components/Makefile patch | blob | history
kubernetes/sdnc/Makefile patch | blob | history
kubernetes/sdnc/components/Makefile patch | blob | history
kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml patch | blob | history

diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
index b3745e1..3650990 100644 (file)
--- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
@@ -25,7 +25,6 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
-  replicas: {{ .Values.replicaCount }}
   template:
     metadata:
       labels:
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
index e6ccf05..90d1899 100644 (file)
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
@@ -58,7 +58,6 @@ spec:
         {{- if .Values.affinity }}
       affinity: {{ toYaml .Values.affinity | nindent 8 }}
         {{- end }}
-      resources: {{ include "common.resources" . | nindent 10 }}
       volumes:
       - name: {{ include "common.fullname" . }}-data
         persistentVolumeClaim:
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
index c6041d1..c40c6b0 100644 (file)
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
@@ -20,7 +20,6 @@ apiVersion: batch/v1
 kind: Job
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
   serviceName:
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
index 1643c15..021276b 100644 (file)
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
@@ -20,7 +20,6 @@ apiVersion: batch/v1
 kind: Job
 metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
-  replicas: {{ .Values.replicaCount }}
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
diff --git a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
index caff1e5..317d5b5 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
index 1eb20fc..9e04d5a 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
+++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
@@ -106,14 +106,24 @@ transport.tcp.port: {{.Values.service.externalPort2}}
 
 ######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
 # WARNING: revise all the lines below before you go into production
+{{- if .Values.global.aafEnabled }}
+opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+{{- else }}
 opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
 opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
 opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
 opendistro_security.ssl.http.pemcert_filepath: esnode.pem
 opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
 opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+{{- end }}
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+
 opendistro_security.allow_unsafe_democertificates: true
 opendistro_security.allow_default_init_securityindex: true
 opendistro_security.authcz.admin_dn:
diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
index 0ec38b0..0e37df7 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
@@ -59,10 +59,22 @@ spec:
           mountPath: /usr/share/elasticsearch/logs/
         - name: {{ include "common.fullname" . }}-data
           mountPath: /usr/share/elasticsearch/data/
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.global.aafEnabled }}
+          command:
+          - sh
+          args:
+          - -c
+          - |
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }}
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }}
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }}
+            /usr/local/bin/docker-entrypoint.sh
+          {{- end }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
             name: {{ include "common.servicename" . }}
@@ -85,7 +97,7 @@ spec:
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
           env:
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -104,7 +116,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/clamp/components/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml
index 27158a6..a4ff555 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-es/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/values.yaml
@@ -20,6 +20,44 @@ global:
   nodePortPrefix: 302
   repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
   persistence: {}
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-es-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
+
 flavor: small
 
 #################################################################
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
index caff1e5..317d5b5 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
index db81e3d..acfb4cc 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
@@ -18,9 +18,13 @@ server.host: "0"
 server.port: {{.Values.service.externalPort}}
 
 server.ssl.enabled: {{.Values.config.sslEnabled}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }}
+server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }}
+{{ else }}
 server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
 server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-
+{{- end }}
 # The URL of the Elasticsearch instance to use for all your queries.
 elasticsearch.hosts: ${elasticsearch_base_url}
 
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
index 0e5f65c..d9a3035 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
@@ -49,6 +49,7 @@ spec:
         image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -73,7 +74,7 @@ spec:
           env:
           - name: elasticsearch_base_url
             value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -90,7 +91,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
index 11f2957..73cf1bd 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
@@ -21,6 +21,44 @@ global:
   repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
   readinessImage: onap/oom/readiness:3.0.1
   persistence: {}
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-kibana-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
+
 flavor: small
 
 #################################################################
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
index caff1e5..317d5b5 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
index c005fcc..2364e55 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
+++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
@@ -46,7 +46,11 @@ input {
         request_timeout => 30
         schedule => { "every" => "1m" }
         codec => "plain"
+{{- if .Values.global.aafEnabled }}
+        cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
         cacert => "/certs.d/aafca.pem"
+{{- end }}
     }
 }
 
@@ -218,7 +222,11 @@ output {
     if "error" in [tags] {
         elasticsearch {
             codec => "json"
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
             cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
             ssl_certificate_verification => false
             hosts => ["${elasticsearch_base_url}"]
             user => ["${logstash_user}"]
@@ -231,7 +239,11 @@ output {
         elasticsearch {
             codec => "json"
             hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
             cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
             ssl_certificate_verification => false
             user => ["${logstash_user}"]
             password => ["${logstash_pwd}"]
@@ -245,7 +257,11 @@ output {
         elasticsearch {
             codec => "json"
             hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
             cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
             ssl_certificate_verification => false
             user => ["${logstash_user}"]
             password => ["${logstash_pwd}"]
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
index acd108d..887f722 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
@@ -49,6 +49,7 @@ spec:
         image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -91,7 +92,7 @@ spec:
             periodSeconds: {{ .Values.liveness.periodSeconds }}
             timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
           {{ end -}}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -111,7 +112,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
index c2a522b..8bccbcb 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
@@ -21,6 +21,44 @@ global:
   repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
   readinessImage: onap/oom/readiness:3.0.1
   persistence: {}
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-logstash-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
+
 flavor: small
 
 #################################################################
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index 1a18835..f6feee6 100644 (file)
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -14,7 +14,8 @@
 global:
   platform:
     certServiceClient:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+      secretName: oom-cert-service-client-tls-secret
       envVariables:
         # Certificate related
         cmpv2Organization: "Linux-Foundation"
@@ -27,3 +28,6 @@ global:
         requestTimeout: "30000"
         keystorePassword: "secret"
         truststorePassword: "secret"
+    certPostProcessor:
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0
+
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
index 3979dd2..d041319 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
@@ -49,8 +49,12 @@
       "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}",
       "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
       "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}",
+      "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}",
       "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
       "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
+    },
+  "truststore_merger":
+    {
+      "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
     }
 }
-
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 367014d..6a1ed17 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -104,7 +104,7 @@ mongo:
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.4
 default_k8s_location: central
 
 # DCAE component images to be deployed via Cloudify Manager
@@ -113,10 +113,10 @@ componentImages:
   holmes_rules: onap/holmes/rule-management:1.2.7
   holmes_engine: onap/holmes/engine-management:1.2.6
   tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0
-  ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3
+  ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.5
   snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
-  prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
-  hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
+  prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
+  hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
 
 # Resource Limit flavor -By Default using small
 flavor: small
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index a727b1a..1010152 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -45,7 +45,7 @@ config:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.1
 pullPolicy: Always
 
 # name of shared ConfigMap with kubeconfig for multiple clusters
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 5f44954..3413c38 100755 (executable)
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -125,7 +125,7 @@ global:
   cmpv2Enabled: true
   platform:
     certServiceClient:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
       secret:
         name: oom-cert-service-client-tls-secret
         mountPath: /etc/onap/oom/certservice/certs/
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
index c61be42..1538b47 100755 (executable)
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
@@ -93,7 +93,7 @@ spec:
           image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command: ["/bin/bash","-c"]
-          args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
+          args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
           ports:
           - containerPort: {{ .Values.uwsgi.internalPort }}
           # disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/oof/components/oof-has/resources/config/log.conf b/kubernetes/oof/components/oof-has/resources/config/log.conf
index c476d0b..374d02a 100755 (executable)
--- a/kubernetes/oof/components/oof-has/resources/config/log.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/log.conf
@@ -1,5 +1,6 @@
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,7 +26,7 @@ handlers=trfhand,consoleHandler,audithand,metrichand,errhand,debughand
 
 [handler_consoleHandler]
 class=StreamHandler
-level=NOTSET
+level=INFO
 formatter=generic
 args=(sys.stdout,)
 
diff --git a/kubernetes/oof/resources/config/log.yml b/kubernetes/oof/resources/config/log.yml
new file mode 100644 (file)
index 0000000..3966ea2
--- /dev/null
+++ b/kubernetes/oof/resources/config/log.yml
@@ -0,0 +1,101 @@
+version: 1
+disable_existing_loggers: True
+
+loggers:
+  error:
+    handlers: [error_handler, console_handler]
+    level: "WARN"
+    propagate: True
+  debug:
+    handlers: [debug_handler, console_handler]
+    level: "DEBUG"
+    propagate: True
+  metrics:
+    handlers: [metrics_handler, console_handler]
+    level: "INFO"
+    propagate: True
+  audit:
+    handlers: [audit_handler, console_handler]
+    level: "INFO"
+    propagate: True
+handlers:
+  debug_handler:
+    level: "DEBUG"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/debug.log"
+    formatter: "debugFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  error_handler:
+    level: "WARN"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/error.log"
+    formatter: "errorFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  metrics_handler:
+    level: "INFO"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/metrics.log"
+    formatter: "metricsFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  audit_handler:
+    level: "INFO"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/audit.log"
+    formatter: "auditFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  console_handler:
+    level: "DEBUG"
+    class: "logging.StreamHandler"
+    formatter: "metricsFormat"
+
+formatters:
+  standard:
+    format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+  debugFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  errorFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\
+    |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  auditFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+        |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\
+        |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+        |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  metricsFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+        |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\
+        |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+        |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  mdcFormat:
+    format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s"
+    mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+
diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml
index 70eadd9..76d1a62 100644 (file)
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/kubernetes/oof/templates/deployment.yaml
@@ -1,5 +1,6 @@
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -103,6 +104,9 @@ spec:
           - mountPath: /opt/osdf/config/common_config.yaml
             name: {{ include "common.fullname" . }}-config
             subPath: common_config.yaml
+          - mountPath: /opt/osdf/config/log.yml
+            name: {{ include "common.fullname" . }}-config
+            subPath: log.yml
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -129,5 +133,7 @@ spec:
               path: aaf_root_ca.cer
             - key: common_config.yaml
               path: common_config.yaml
+            - key: log.yml
+              path: log.yml
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index 64ed1a3..3ab9895 100644 (file)
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -47,7 +47,7 @@ service:
 
 # Deployment configuration
 repository: nexus3.onap.org:10001
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.0.0
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
 pullPolicy: Always
 replicaCount: 1
 
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties
new file mode 100644 (file)
index 0000000..368cbe7
--- /dev/null
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties
@@ -0,0 +1,2 @@
+# Encrypted Properties
+cipher.enc.key = ${CIPHER_ENC_KEY}
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
index 37544d1..4efbac7 100644 (file)
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
@@ -29,5 +29,5 @@ music.serialize.compress = true
 music.atomic.get = false
 music.atomic.put = true
 cassandra.host={{.Values.cassandra.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml
index 6964715..0be1fdc 100644 (file)
--- a/kubernetes/portal/components/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml
@@ -49,6 +49,23 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-portal-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command: ["/bin/sh"]
+        args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"]
+        env:
+          - name: CASSA_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+          - name: CASSA_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+          - name: CIPHER_ENC_KEY
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: properties-onapportal-scrubbed
+        - mountPath: /config
+          name: properties-onapportal
 {{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
       - name: {{ include "common.name" . }}
@@ -102,6 +119,9 @@ spec:
         - name: properties-onapportal
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties"
           subPath: portal.properties
+        - name: properties-onapportal
+          mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+          subPath: key.properties
         - name: properties-onapportal
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties"
           subPath: music.properties
@@ -114,6 +134,8 @@ spec:
         - name: properties-onapportal
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
           subPath: web.xml
+        - name: properties-onapportal
+          mountPath: "{{ .Values.global.env.tomcatDir }}/temp"
         - name: var-log-onap
           mountPath: /var/log/onap
         resources:
@@ -122,7 +144,7 @@ spec:
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
       {{- end -}}
-      {{- if .Values.affinity }}
+{{- if .Values.affinity }}
       affinity:
 {{ toYaml .Values.affinity | indent 10 }}
       {{- end }}
@@ -143,6 +165,9 @@ spec:
           hostPath:
             path: /etc/localtime
         - name: properties-onapportal
+          emptyDir:
+            medium: Memory
+        - name: properties-onapportal-scrubbed
           configMap:
             name: {{ include "common.fullname" . }}-onapportal
             defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml
index 73306ba..55a7ccc 100644 (file)
--- a/kubernetes/portal/components/portal-app/values.yaml
+++ b/kubernetes/portal/components/portal-app/values.yaml
@@ -23,9 +23,27 @@ global:
   readinessImage: onap/oom/readiness:3.0.1
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
+  envsubstImage: dibi/envsubst
   #AAF service
   aafEnabled: true
 
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+  - uid: portal-cass
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+    login: '{{ .Values.cassandra.config.cassandraUsername }}'
+    password: '{{ .Values.cassandra.config.cassandraPassword }}'
+    passwordPolicy: required
+  - uid: cipher-enc-key
+    type: password
+    externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+    password: '{{ .Values.config.cipherEncKey }}'
+    passwordPolicy: required
+
 #################################################################
 # Application configuration defaults.
 #################################################################
@@ -35,6 +53,11 @@ repository: nexus3.onap.org:10001
 image: onap/portal-app:3.2.3
 pullPolicy: Always
 
+# application configuration
+config:
+  # cipherEncKeyExternalSecret: some secret
+  cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==!
+
 #AAF local config
 
 aafURL: https://aaf-service:8100/authz/
@@ -104,6 +127,7 @@ cassandra:
   service:
     name: portal-cassandra
   config:
+    # cassandraExternalSecret: some secret
     cassandraUsername: root
     cassandraPassword: Aa123456
 messageRouter:
diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
index 5b4bf0c..16b8971 100644 (file)
--- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
@@ -64,9 +64,9 @@ spec:
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         env:
           - name: CASSUSER
-            value: "{{ .Values.config.cassandraUsername }}"
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}}
           - name: CASSPASS
-            value: "{{ .Values.config.cassandraPassword }}"
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}}
           - name: JVM_OPTS
             value: "{{ .Values.config.cassandraJvmOpts }}"
           - name: POD_IP
diff --git a/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml
new file mode 100644 (file)
index 0000000..34932b7
--- /dev/null
+++ b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml
index 65fcdbe..eb6fc12 100644 (file)
--- a/kubernetes/portal/components/portal-cassandra/values.yaml
+++ b/kubernetes/portal/components/portal-cassandra/values.yaml
@@ -26,10 +26,21 @@ repository: nexus3.onap.org:10001
 image: onap/music/cassandra_music:3.0.0
 pullPolicy: Always
 
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: 'db-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}'
+    login: '{{ .Values.config.cassandraUsername }}'
+    password: '{{ .Values.config.cassandraPassword }}'
+
 # application configuration
 config:
   cassandraUsername: root
   cassandraPassword: Aa123456
+#  cassandraCredsExternalSecret: some secret
   cassandraJvmOpts: -Xmx2536m -Xms2536m
 
 # default number of instances
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 7502e93..1e28067 100644 (file)
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -23,7 +23,7 @@ while the OOM K8s version has these service split up.
 */
 -- app_url is the FE, app_rest_endpoint is the BE
 --portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
 --dmaap-bc => the dmaap-bc doesn't open a node port..
 update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
 --sdc-be => 8443:30204
@@ -74,6 +74,9 @@ update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS
 -- aai sparky
 update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7;
 
+-- Disabled Policy APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy';
+
 
 /*
 Replace spaces with underscores for role names to match AAF role names
diff --git a/kubernetes/portal/components/portal-mariadb/templates/job.yaml b/kubernetes/portal/components/portal-mariadb/templates/job.yaml
index e8a6e0f..b05b920 100644 (file)
--- a/kubernetes/portal/components/portal-mariadb/templates/job.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/job.yaml
@@ -72,7 +72,9 @@ spec:
           value: "{{ .Values.service.internalPort }}"
         - name: DB_PASS
           valueFrom:
-            secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password}
+            secretKeyRef:
+              name: {{ include "common.fullname" . }}
+              key: db-root-password
         command:
         - /bin/sh
         - -x
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties
new file mode 100644 (file)
index 0000000..0025a58
--- /dev/null
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties
@@ -0,0 +1,40 @@
+###
+# ============LICENSE_START==========================================
+# ONAP Portal SDK
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#             http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#             https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+#
+###
+
+# Properties read by the ECOMP Framework library (epsdk-fw)
+cipher.enc.key = ${CIPHER_ENC_KEY}
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
index 83ce9ca..f97b90c 100644 (file)
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
@@ -30,5 +30,5 @@ music.atomic.get = false
 music.atomic.put = true
 
 cassandra.host={{.Values.cassandra.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
index 104c2df..f79098f 100644 (file)
--- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
@@ -49,6 +49,23 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-portalsdk-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command: ["/bin/sh"]
+        args: [ "-c", "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"]
+        env:
+          - name: CASSA_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+          - name: CASSA_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+          - name: CIPHER_ENC_KEY
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: properties-onapportalsdk-scrubbed
+        - mountPath: /config
+          name: properties-onapportalsdk
 {{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
       - name: {{ include "common.name" . }}
@@ -99,6 +116,9 @@ spec:
         - name: properties-onapportalsdk
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties"
           subPath: portal.properties
+        - name: properties-onapportalsdk
+          mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+          subPath: key.properties
         - name: properties-onapportalsdk
           mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties"
           subPath: music.properties
@@ -135,6 +155,9 @@ spec:
           hostPath:
             path: /etc/localtime
         - name: properties-onapportalsdk
+          emptyDir:
+            medium: Memory
+        - name: properties-onapportalsdk-scrubbed
           configMap:
             name: {{ include "common.fullname" . }}-onapportalsdk
             defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml
index ebe49e0..c0f1b58 100644 (file)
--- a/kubernetes/portal/components/portal-sdk/values.yaml
+++ b/kubernetes/portal/components/portal-sdk/values.yaml
@@ -24,9 +24,27 @@ global:
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   persistence: {}
+  envsubstImage: dibi/envsubst
   #AAF service
   aafEnabled: true
 
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+  - uid: portal-cass
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+    login: '{{ .Values.cassandra.config.cassandraUsername }}'
+    password: '{{ .Values.cassandra.config.cassandraPassword }}'
+    passwordPolicy: required
+  - uid: cipher-enc-key
+    type: password
+    externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+    password: '{{ .Values.config.cipherEncKey }}'
+    passwordPolicy: required
+
 #################################################################
 # Application configuration defaults.
 #################################################################
@@ -36,6 +54,12 @@ repository: nexus3.onap.org:10001
 image: onap/portal-sdk:3.2.0
 pullPolicy: Always
 
+# application configuration
+config:
+  # cipherEncKeyExternalSecret: some secret
+  cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==
+
+
 #AAF local config
 aafURL: https://aaf-service:8100/authz/
 certInitializer:
@@ -98,6 +122,7 @@ cassandra:
   service:
     name: portal-cassandra
   config:
+    # cassandraExternalSecret: some secret
     cassandraUsername: root
     cassandraPassword: Aa123456
 messageRouter:
diff --git a/kubernetes/portal/templates/secrets.yaml b/kubernetes/portal/templates/secrets.yaml
new file mode 100644 (file)
index 0000000..34932b7
--- /dev/null
+++ b/kubernetes/portal/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml
index a7d1e09..2a760cd 100644 (file)
--- a/kubernetes/portal/values.yaml
+++ b/kubernetes/portal/values.yaml
@@ -21,9 +21,25 @@ global:
   portalFEPort: "30225"
   # application's front end hostname.  Must be resolvable on the client side environment
   portalHostName: "portal.api.simpledemo.onap.org"
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: portal-cass
+    name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}'
+    login: '{{ .Values.config.cassandraUsername }}'
+    password: '{{ .Values.config.cassandraPassword }}'
+
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
+  cassandraUsername: root
+# cassandraPassword: Aa123456
+# casandraCredsExternalSecret: some secret
+
 portal-mariadb:
   nameOverride: portal-db
 mariadb:
@@ -36,8 +52,15 @@ cassandra:
   service:
     name: portal-cassandra
   config:
-    cassandraUsername: root
-    cassandraPassword: Aa123456
+    cassandraExternalSecret: *dbSecretName
+portal-app:
+  cassandra:
+    config:
+      cassandraExternalSecret: *dbSecretName
+portal-sdk:
+  cassandra:
+    config:
+      cassandraExternalSecret: *dbSecretName
 messageRouter:
   service:
     name: message-router
diff --git a/kubernetes/robot b/kubernetes/robot
index b093c77..0611262 160000 (submodule)
--- a/kubernetes/robot
+++ b/kubernetes/robot
@@ -1 +1 @@
-Subproject commit b093c77b4faa2c4f0bfc67e481f724b6d67c7229
+Subproject commit 0611262fbb68714cfdb922f13ffb009b58a43f71
diff --git a/kubernetes/sdc/Makefile b/kubernetes/sdc/Makefile
index f2670c5..3dab31f 100644 (file)
--- a/kubernetes/sdc/Makefile
+++ b/kubernetes/sdc/Makefile
@@ -20,6 +20,8 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
 EXCLUDES := dist resources templates charts docker
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
 
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
 
 all: $(HELM_CHARTS)
@@ -39,7 +41,12 @@ lint-%: dep-%
 
 package-%: lint-%
        @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
        @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+
        @helm repo index $(PACKAGE_DIR)
 
 clean:
diff --git a/kubernetes/sdc/components/Makefile b/kubernetes/sdc/components/Makefile
index 8d3bf2b..0d5b9e0 100644 (file)
--- a/kubernetes/sdc/components/Makefile
+++ b/kubernetes/sdc/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
 
 EXCLUDES :=
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
 
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
 
@@ -39,7 +40,11 @@ lint-%: dep-%
 
 package-%: lint-%
        @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
        @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
        @helm repo index $(PACKAGE_DIR)
 
 clean:
diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile
index e4b5dda..1518f3c 100644 (file)
--- a/kubernetes/sdnc/Makefile
+++ b/kubernetes/sdnc/Makefile
@@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
 
 EXCLUDES := dist resources templates charts
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
 
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
 
@@ -40,7 +41,11 @@ lint-%: dep-%
 
 package-%: lint-%
        @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
        @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
        @helm repo index $(PACKAGE_DIR)
 
 clean:
diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile
index 4e73763..c38171c 100644 (file)
--- a/kubernetes/sdnc/components/Makefile
+++ b/kubernetes/sdnc/components/Makefile
@@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
 
 EXCLUDES :=
 HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
 
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
 
@@ -40,7 +41,11 @@ lint-%: dep-%
 
 package-%: lint-%
        @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
        @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
        @helm repo index $(PACKAGE_DIR)
 
 clean:
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
index 2dbfa4e..ee84d60 100755 (executable)
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
@@ -72,7 +72,7 @@ spec:
           readOnly: true
         - name: {{ include "common.fullname" . }}-truststore
           mountPath: /app/client
-          readonly: true
+          readOnly: true
         livenessProbe:
           tcpSocket:
             port: {{ index .Values.livenessProbe.port }}
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).