+-----------------------------------------------------------------------------------------------------------------------------------------------------+
| Project | ONAP Certificate | Own Certificate | MSB Certificate | Path |
+==================+==================+==================+============================================================================================+
+ | AAF | No | Yes | No | aaf/charts/aaf-cert-service/resources/ |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAF | Yes | No | No | aaf/components/aaf-sms/resources/certs/intermediate_root_ca.pem |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore |
To prepare your system for an installation of ONAP, you'll need to::
- > git clone -b frankfurt http://gerrit.onap.org/r/oom
+ > git clone -b frankfurt --recurse-submodules -j2 http://gerrit.onap.org/r/oom
> cd oom/kubernetes
--- /dev/null
+# Copyright © 2020 Samsung Electronics, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ nodePortPrefix: 302
+ # Readiness image
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:1.31
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
flavor: small
enabled: true
port: tcp-cql
-image: onap/aaf/aaf_cass:2.1.20
+image: onap/aaf/aaf_cass:2.1.23
config:
cluster_name: osaaf
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAF Cert Service
+name: aaf-cert-service
+version: 6.0.0
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{
+ "cmpv2Servers": []
+}
\ No newline at end of file
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIFlDCCA3ygAwIBAgIETsAy8jANBgkqhkiG9w0BAQwFADByMQswCQYDVQQGEwJQ\r
+TDEUMBIGA1UECBMLRG9sbnkgU2xhc2sxEDAOBgNVBAcTB1dyb2NsYXcxFTATBgNV\r
+BAoTDFJvb3QgQ29tcGFueTERMA8GA1UECxMIUm9vdCBPcmcxETAPBgNVBAMTCHJv\r
+b3QuY29tMB4XDTIwMDQwMzA5MTYxNloXDTMwMDQwMTA5MTYxNlowcjELMAkGA1UE\r
+BhMCUEwxFDASBgNVBAgTC0RvbG55IFNsYXNrMRAwDgYDVQQHEwdXcm9jbGF3MRUw\r
+EwYDVQQKEwxSb290IENvbXBhbnkxETAPBgNVBAsTCFJvb3QgT3JnMREwDwYDVQQD\r
+Ewhyb290LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAImm68wu\r
+rtdkVrC5JI2y53+DoVE4al7NxC2yHeVW0PRD3CgW1xba6dlSQoDQQKkDkxtuNhlU\r
+IQxU1bbKR6syqJgpJXwSDx4sl4J5lQGWN+iuNA72C1IyXATOgowGq6PbOVVTkApy\r
+3+ZZGBCmweTjhvddAO7k5p8v+ePt17VvBTxSt6rSvrkGMbpCxBGAPfGpL9xykm9Z\r
+okVSlA42gGhbra499QTT0Yc/WPPFotKkDKFGaDrLW3NYX1Lio11myYNvLOMwfSEV\r
+Xy9vkwxcdqFJpHjx+EVLLQXwkudZP+D53N4bk8nP3SacbZSQ/A85mZpWNtw+r9QL\r
+fZGecY1YIR0udLj66CIG3ybl3gSXX7TSRERTIMR6Um1lt+039FSa18mRBpQTCDXV\r
+tSL58Qs5BHFkCe0sGpY+XiSEypc6oYPf/7YjiTvMT/mHhDffrvFjhK+wP/oCIg8u\r
+vuPRoPWuyw41bBeFGitJgDn7E8p9B4K/1DCO/ZcjXiYMgn5Hwb3ojablYUeiXs99\r
+2AAV8gCceUCdgcP8d6wdAydOVljavkgHPG0IMbiVG1WT57oM3HQpejgpujlKDDsI\r
+bi9/lbcC/U0JoN9yAaJZFr7CXJrxRv8DWeTwzMTo203KHNu9roQiERd38P8Dp6AQ\r
+ivmqf0+0VZM3IpjWBYKM68tclHJcG+7wyFjvAgMBAAGjMjAwMB0GA1UdDgQWBBSN\r
+lFyR56zh67mnvYTmmgJQVxEJrjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB\r
+DAUAA4ICAQBczmFY0kmr1FK50glkT282ur0vukNtwXQNJONof3rYRqP2W98jID6D\r
+ayma0B4/H1EqCa0d66wRBxFdwW+MqOc4uWD3uUwgazrYD/Bv+V3aumaw8yX6vbyL\r
+hLNfpd4pViAEGtzYxYfMfFR6uzInF3NMpvt8OXCSGKiQjDMnMs0ekvUZLJm7yxwT\r
+Qr9aAEFYQYM/GstUC6qFfuUa4MaGvmyKWhZ10JoKXYbGGeFU4wI7Kzifh3VvawTg\r
+r314ZvQ3zpEwzNJpdvT5ZKuPvyN+drAKFpSPfOTFmmb3uF95FgYq33OFPpo7SR43\r
+tnw5u5YqKnsHmqCIRMctWiYZc8rBJ3+eBGmke6z/AN6FraG6Ejc8e4WPclrB8STb\r
++oB3a4Cvri1VHyodkm50Sb/d1FAMDXvzEPBfu2D0dVvOwOcISSN/MQUom8NN4YeI\r
+aEATdAPNkokgehOzZ1OPRv47FKYEVPCXjaZEWAC7NNmNiRn4RQOti0DlNrLL7Nx9\r
+vK09G0EnW01MO2ARRkZ3dog+Ph7orJQV3sd7TO4EEortqWtbegSH75ylyYw6rt/j\r
+uBzYtMOnEtnQKhxj4Wj7PO+StCgspoOByn0d+iSgDd2TlpWm4naP2pfFZT0R+TOH\r
+wzSH0F47TSfRd0++uEz/QhViybrvQK7yMt1G1YwZp2im+imuWwUC8Q==
+-----END CERTIFICATE-----
--- /dev/null
+{
+ "cmpv2Servers": [
+ {
+ "caName": "CLIENT",
+ "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp",
+ "issuerDN": "CN=ManagementCA",
+ "caMode": "CLIENT",
+ "authentication": {
+ "iak": "${CLIENT_IAK}",
+ "rv": "${CLIENT_RV}"
+ }
+ },
+ {
+ "caName": "RA",
+ "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA",
+ "issuerDN": "CN=ManagementCA",
+ "caMode": "RA",
+ "authentication": {
+ "iak": "${RA_IAK}",
+ "rv": "${RA_RV}"
+ }
+ }
+ ]
+}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020, Nokia
+# Modifications Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.global.cmpv2Enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ volumes:
+{{- if .Values.global.addTestingComponents }}
+ - name: cmp-servers-template-volume
+ secret:
+ secretName: {{ .Values.cmpServers.secret.name }}
+ - name: {{ .Values.cmpServers.volume.name }}
+ emptyDir:
+ medium: Memory
+{{- else }}
+ - name: {{ .Values.cmpServers.volume.name }}
+ secret:
+ secretName: {{ .Values.cmpServers.secret.name }}
+{{- end }}
+ - name: {{ .Values.tls.server.volume.name }}
+ secret:
+ secretName: {{ .Values.tls.server.secret.name }}
+{{- if .Values.global.addTestingComponents }}
+ initContainers:
+ - name: wait-for-ejbca
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - ejbca-ejbca
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ - name: subsitute-envs
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ['sh', '-c', "cd /config-input && envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"]
+ volumeMounts:
+ - name: cmp-servers-template-volume
+ mountPath: /config-input
+ readOnly: true
+ - name: {{ .Values.cmpServers.volume.name }}
+ mountPath: {{ .Values.cmpServers.volume.mountPath }}
+ readOnly: false
+ env:
+ - name: CLIENT_IAK
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }}
+ - name: CLIENT_RV
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }}
+ - name: RA_IAK
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }}
+ - name: RA_RV
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }}
+{{- end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ .Values.repository }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ env:
+ - name: HTTPS_PORT
+ value: "{{ .Values.envs.httpsPort }}"
+ - name: KEYSTORE_PATH
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}"
+ - name: KEYSTORE_P12_PATH
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}"
+ - name: TRUSTSTORE_PATH
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}"
+ - name: ROOT_CERT
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}"
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }}
+ livenessProbe:
+ exec:
+ command:
+ - /bin/bash
+ - -c
+ - {{ .Values.liveness.command }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ readinessProbe:
+ exec:
+ command:
+ - /bin/bash
+ - -c
+ - {{ .Values.readiness.command }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: {{ .Values.cmpServers.volume.name }}
+ mountPath: {{ .Values.cmpServers.volume.mountPath }}
+ readOnly: false
+ - name: {{ .Values.tls.server.volume.name }}
+ mountPath: {{ .Values.tls.server.volume.mountPath }}
+ readOnly: true
+ resources: {{ include "common.resources" . | nindent 12 }}
+{{ end -}}
--- /dev/null
+# Copyright © 2020, Nokia
+# Modifications Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.global.cmpv2Enabled }}
+{{ include "common.secretFast" . }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.cmpServers.secret.name }}
+type: Opaque
+data:
+{{ if .Values.global.addTestingComponents }}
+ {{ (.Files.Glob "resources/test/cmpServers.json").AsSecrets }}
+{{ else }}
+ {{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }}
+{{ end }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }}
+type: Opaque
+data:
+ certServiceClient-keystore.jks:
+ {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }}
+ truststore.jks:
+ {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.tls.server.secret.name }}
+type: Opaque
+data:
+ certServiceServer-keystore.jks:
+ {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }}
+ certServiceServer-keystore.p12:
+ {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }}
+ truststore.jks:
+ {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
+ root.crt:
+ {{ (.Files.Glob "resources/root.crt").AsSecrets }}
+{{ end -}}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020, Nokia
+# Modifications Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.global.cmpv2Enabled }}
+ {{ include "common.service" . }}
+{{ end -}}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020, Nokia
+# Modifications Copyright © 2020, Nordix Foundation, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Global
+global:
+ envsubstImage: dibi/envsubst
+ nodePortPrefix: 302
+ # Readiness image
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:1.31
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+
+
+# Service configuration
+service:
+ type: ClusterIP
+ ports:
+ - name: http
+ port: 8443
+ port_protocol: http
+
+
+# Deployment configuration
+repository: nexus3.onap.org:10001
+image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0
+pullPolicy: Always
+replicaCount: 1
+
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 0.5
+ memory: 1Gi
+ requests:
+ cpu: 0.2
+ memory: 512Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 2Gi
+ requests:
+ cpu: 0.4
+ memory: 1Gi
+ unlimited: {}
+
+
+# Application configuration
+cmpServers:
+ secret:
+ name: aaf-cert-service-secret
+ volume:
+ name: aaf-cert-service-volume
+ mountPath: /etc/onap/aaf/certservice
+
+tls:
+ server:
+ secret:
+ name: aaf-cert-service-server-tls-secret
+ volume:
+ name: aaf-cert-service-server-tls-volume
+ mountPath: /etc/onap/aaf/certservice/certs/
+ client:
+ secret:
+ defaultName: aaf-cert-service-client-tls-secret
+
+envs:
+ keystore:
+ jksName: certServiceServer-keystore.jks
+ p12Name: certServiceServer-keystore.p12
+ truststore:
+ jksName: truststore.jks
+ crtName: root.crt
+ httpsPort: 8443
+
+# External secrets with credentials can be provided to override default credentials defined below,
+# by uncommenting and filling appropriate *ExternalSecret value
+credentials:
+ tls:
+ keystorePassword: secret
+ truststorePassword: secret
+ #keystorePasswordExternalSecret:
+ #truststorePasswordExternalSecret:
+ # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
+ cmp:
+ #clientIakExternalSecret:
+ #clientRvExternalSecret:
+ #raIakExternalSecret:
+ #raRvExternalSecret:
+ client: {}
+ # iak: mypassword
+ # rv: unused
+ ra: {}
+ # iak: mypassword
+ # rv: unused
+
+secrets:
+ - uid: keystore-password
+ name: '{{ include "common.release" . }}-keystore-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
+ password: '{{ .Values.credentials.tls.keystorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ name: '{{ include "common.release" . }}-truststore-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
+ password: '{{ .Values.credentials.tls.truststorePassword }}'
+ passwordPolicy: required
+ # Below values are relevant only if global addTestingComponents flag is enabled
+ - uid: ejbca-server-client-iak
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}'
+ password: '{{ .Values.credentials.cmp.client.iak }}'
+ - uid: cmp-config-client-rv
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}'
+ password: '{{ .Values.credentials.cmp.client.rv }}'
+ - uid: ejbca-server-ra-iak
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}'
+ password: '{{ .Values.credentials.cmp.ra.iak }}'
+ - uid: cmp-config-ra-rv
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
+ password: '{{ .Values.credentials.cmp.ra.rv }}'
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: aaf-templates
+ version: ~6.x-0
+ repository: 'file://../aaf-templates'
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ nodePortPrefix: 302
+ # Readiness image
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:1.31
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+
+ aaf:
+ config:
+ image: onap/aaf/aaf_config:2.1.23
+
+
flavor: small
#################################################################
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: aaf-templates
+ version: ~6.x-0
+ repository: 'file://../aaf-templates'
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ nodePortPrefix: 302
+ # Readiness image
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:1.31
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+
+ aaf:
+ config:
+ image: onap/aaf/aaf_config:2.1.23
+
flavor: small
#################################################################
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: aaf-templates
+ version: ~6.x-0
+ repository: 'file://../aaf-templates'
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ nodePortPrefix: 302
+ # Readiness image
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:1.31
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+
+ aaf:
+ config:
+ image: onap/aaf/aaf_config:2.1.23
+
flavor: small
#################################################################
# Application configuration defaults.
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: aaf-templates
+ version: ~6.x-0
+ repository: 'file://../aaf-templates'
replicaCount: 0
-image: onap/aaf/aaf_hello:2.1.20
+image: onap/aaf/aaf_hello:2.1.23
service:
name: aaf-hello
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: aaf-templates
+ version: ~6.x-0
+ repository: 'file://../aaf-templates'
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ nodePortPrefix: 302
+ # Readiness image
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:1.31
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+
+ aaf:
+ config:
+ image: onap/aaf/aaf_config:2.1.23
+
+
flavor: small
#################################################################
# Application configuration defaults.
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: aaf-templates
+ version: ~6.x-0
+ repository: 'file://../aaf-templates'
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ nodePortPrefix: 302
+ # Readiness image
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:1.31
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+
+ aaf:
+ config:
+ image: onap/aaf/aaf_config:2.1.23
+
+
flavor: small
#################################################################
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: aaf-templates
+ version: ~6.x-0
+ repository: 'file://../aaf-templates'
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ nodePortPrefix: 302
+ # Readiness image
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:1.31
+ persistence:
+ enabled: true
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+
+ aaf:
+ config:
+ image: onap/aaf/aaf_config:2.1.23
+
+
flavor: small
#################################################################
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
- - name: fix-permission
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
+ # Currently intermediate certificate is not given by AAF CM so we need
+ # to give it "by hand"
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-add-intermediate-cert
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ cat /int-certs/intermediate_root_ca.pem >> {{ .Values.certInitializer.mountPath }}/local/org.onap.aaf-sms.crt
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
+ - mountPath: /int-certs
+ name: {{ include "common.fullname" . }}-int-certs
+ readOnly: true
+ {{- end }}
+ - name: {{ include "common.fullname" . }}-fix-permission
command:
- /bin/sh
args:
path: /v1/sms/quorum/status
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- name : {{ include "common.name" . }}
configMap:
name: {{ include "common.fullname" . }}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-int-certs
+ secret:
+ secretName: {{ include "common.fullname" . }}-int-certs
+ {{- end }}
- name: {{ include "common.fullname" . }}-auth
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- sh
args:
command:
- "/sms/bin/preload"
- "-cacert"
- - "/sms/certs/aaf_root_ca.cer"
+ - "{{ .Values.certInitializer.mountPath }}/local/{{ .Values.certInitializer.root_ca_name }}"
- "-jsondir"
- "/preload/config"
- "-serviceport"
- "-serviceurl"
- "https://aaf-sms.{{ include "common.namespace" . }}"
workingDir: /sms
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+---
+{{- if .Values.global.aafEnabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-int-certs
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+{{- end }}
# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T
+# Modifications © 2020 AT&T, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingImage: beats/filebeat:5.5.0
persistence: {}
envsubstImage: dibi/envsubst
+ aafEnabled: true
flavor: small
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: aaf-sms-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: aaf-sms
+ fqi: aaf-sms@aaf-sms.onap.org
+ public_fqdn: aaf-sms.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ mountPath: /opt/app/osaaf
+ keystore: truststoreONAPall.jks
+ keystore_pass: changeit
+ root_ca_alias: onaptestca
+ root_ca_name: aaf_root_ca.cer
+ permission_user: 1000
+ permission_group: 1000
+ aaf_add_config: >
+ cd {{ .Values.mountPath }}/local;
+ keytool -exportcert -rfc -file {{ .Values.root_ca_name }} -keystore {{ .Values.keystore }}
+ -alias {{ .Values.root_ca_alias }} -storepass {{ .Values.keystore_pass }};
+ chown -R {{.Values.permission_user}}:{{.Values.permission_group}}
+ {{ .Values.mountPath }};
+
#################################################################
# Application configuration defaults.
#################################################################
# Example:
config:
smsdbaddress: "http://aaf-sms-db:8200"
- cafile: "/sms/certs/aaf_root_ca.cer"
- servercert: "/sms/certs/aaf-sms.pub"
- serverkey: "/sms/certs/aaf-sms.pr"
+ cafile: "/opt/app/osaaf/local/aaf_root_ca.cer"
+ servercert: "/opt/app/osaaf/local/org.onap.aaf-sms.crt"
+ serverkey: "/opt/app/osaaf/local/org.onap.aaf-sms.key"
password: "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA=="
# subchart configuration
# Copyright 2018 Intel Corporation, Inc
+# Modifications © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
+ nodePortPrefix: 302
+ # Readiness image
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ # Ubuntu Init image
+ ubuntuInitRepository: registry.hub.docker.com
+ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+ # Logging image
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ # BusyBox image
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:1.31
+ # Standard OOM
+ pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+
tpm:
enabled: false
# if enabled, nodeselector will use the below
--- /dev/null
+# Copyright © 2020 Orange
+# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Application Authorization Framework Templates
+name: aaf-templates
+version: 6.0.0
--- /dev/null
+ # Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
dependencies:
- - name: common
+ - name: aaf-cass
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: 'file://components/aaf-cass'
+ - name: aaf-cert-service
+ version: ~6.x-0
+ repository: 'file://components/aaf-cert-service'
+ - name: aaf-cm
+ version: ~6.x-0
+ repository: 'file://components/aaf-cm'
+ - name: aaf-fs
+ version: ~6.x-0
+ repository: 'file://components/aaf-fs'
+ - name: aaf-gui
+ version: ~6.x-0
+ repository: 'file://components/aaf-gui'
+ - name: aaf-hello
+ version: ~6.x-0
+ repository: 'file://components/aaf-hello'
+ - name: aaf-locate
+ version: ~6.x-0
+ repository: 'file://components/aaf-locate'
+ - name: aaf-oauth
+ version: ~6.x-0
+ repository: 'file://components/aaf-oauth'
+ - name: aaf-service
+ version: ~6.x-0
+ repository: 'file://components/aaf-service'
+ - name: aaf-sms
+ version: ~6.x-0
+ repository: 'file://components/aaf-sms'
+ - name: aaf-sshsm
+ version: ~6.x-0
+ repository: 'file://components/aaf-sshsm'
#################################################################
# Global configuration defaults.
#################################################################
+
global:
nodePortPrefix: 302
# Readiness image
#pullPolicy: IfNotPresent
#repository: "nexus3.onap.org:10003"
+ cmpv2Enabled: true
+ addTestingComponents: false
aaf:
readiness: false
- image: onap/aaf/aaf_core:2.1.20
+ image: onap/aaf/aaf_core:2.1.23
aaf_env: "DEV"
public_fqdn: "aaf.osaaf.org"
- aaf_release: "El Alto"
+ aaf_release: "Frankfurt"
# DUBLIN ONLY - for M4 compatibility with Casablanca
# aaf_locator_name: "public.%NS.%N"
# aaf_locator_name_oom: "%NS.%N"
cadi_x509_issuers: "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US"
config:
- image: onap/aaf/aaf_config:2.1.20
+ image: onap/aaf/aaf_config:2.1.23
service:
fqdn: "aaf-service"
public_port: 31112
# Note: as hello is a sample app, find values in charts/aaf-hello/values.yaml
+ certServiceClient:
+ secret:
+ name: aaf-cert-service-client-tls-secret
#################################################################
# Application configuration defaults.
blueprintsprocessor.restConfExecutor.enabled=true
blueprintsprocessor.cliExecutor.enabled=true
blueprintsprocessor.remoteScriptCommand.enabled=true
+## Enable py-executor
+blueprintsprocessor.streamingRemoteExecution.enabled=true
# Used in Health Check
blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
command:
- chown
- -R
- - 100:101
+ - 1000:1000
- /opt/app/onap/blueprints/deploy
image: busybox:latest
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
apiVersion: v1
fieldPath: metadata.namespace
- name: {{ include "common.name" $dot }}-aaf-config
- image: {{ (default $subchartDot.Values.repository $subchartDot.Values.global.repository) }}/{{ $subchartDot.Values.global.aafAgentImage }}
+ image: {{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }}
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
volumeMounts:
- mountPath: {{ $initRoot.mountPath }}
global:
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ repository: nexus3.onap.org:10001
aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafEnabled: true
--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" (dict "suffix" "upgrade-deployment" "dot" .) | nindent 4 }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ include "common.fullname" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.fullname" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - containerPort: {{ .Values.service.sstPort }}
+ name: {{ .Values.service.sstPortName }}
+ - containerPort: {{ .Values.service.replicationPort }}
+ name: {{ .Values.service.replicationName }}
+ - containerPort: {{ .Values.service.istPort }}
+ name: {{ .Values.service.istPortName }}
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ key: login
+ name: {{ include "common.fullname" . }}-temp-upgrade-usercred
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: {{ include "common.fullname" . }}-temp-upgrade-usercred
+ - name: MYSQL_DATABASE
+ value: {{ default "" .Values.config.mysqlDatabase | quote }}
+ - name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: {{ include "common.fullname" . }}-temp-upgrade-root
+ subdomain: {{ .Values.service.name }}
+ hostname: {{ .Values.nameOverride }}-upgrade-deployment
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+
+TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \
+ app='{{ include "common.fullname" . }}' -o \
+ jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}')
+
+tmp_MYSQL_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \
+ MYSQL_PASSWORD) | base64)
+
+tmp_ROOT_PASSWORD=$(echo -n $(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- printenv \
+ MYSQL_ROOT_PASSWORD) | base64)
+
+FLAG_EX_ROOT_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .)) }}'
+
+FLAG_EX_SEC='{{ include "common.secret.getSecretNameFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .)) }}'
+
+kubectl patch secret $FLAG_EX_ROOT_SEC -p \
+ '{"data":{"password":"'"$tmp_ROOT_PASSWORD"'"}}'
+
+kubectl patch secret $FLAG_EX_SEC -p \
+ '{"data":{"password":"'"$tmp_MYSQL_PASSWORD"'"}}'
+
+kubectl delete pod -n $NAMESPACE_ENV {{ include "common.fullname" . }}-0 --now
+kubectl delete deployment -n $NAMESPACE_ENV {{ include "common.fullname" . }}-upgrade-deployment
+kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-root
+kubectl delete secret -n $NAMESPACE_ENV {{ include "common.fullname" . }}-temp-upgrade-usercred
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+MYSQL_USER=$(kubectl exec -n $NAMESPACE_ENV \
+ {{ include "common.fullname" . }}-0 -- printenv MYSQL_USER)
+
+MYSQL_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \
+ {{ include "common.fullname" . }}-0 -- printenv MYSQL_PASSWORD)
+
+MYSQL_ROOT_PASSWORD=$(kubectl exec -n $NAMESPACE_ENV \
+ {{ include "common.fullname" . }}-0 -- printenv MYSQL_ROOT_PASSWORD)
+
+kubectl create secret generic \
+ '{{ include "common.fullname" . }}'-temp-upgrade-root \
+ --from-literal=password=$MYSQL_ROOT_PASSWORD
+
+kubectl create secret generic \
+ '{{ include "common.fullname" . }}'-temp-upgrade-usercred \
+ --from-literal=login=$MYSQL_USER --from-literal=password=$MYSQL_PASSWORD
+
+kubectl create -f /upgrade/create-deployment.yml
+
+TEMP_POD=$(kubectl get pod -n $NAMESPACE_ENV --selector \
+ app='{{ include "common.fullname" . }}' -o \
+ jsonpath='{.items[?(@.metadata.ownerReferences[].kind=="ReplicaSet")].metadata.name}')
+
+CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \
+ mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \
+ -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" | \
+ awk '{print $2}')
+
+CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- \
+ mysql --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \
+ -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \
+ | awk '{print $2}')
+
+STS_REPLICA=$(kubectl get statefulsets -n $NAMESPACE_ENV \
+ {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}')
+
+DEPLOYMENT_REPLICA=$(kubectl get deployment -n $NAMESPACE_ENV \
+ {{ include "common.fullname" . }}-upgrade-deployment -o \
+ jsonpath='{.status.replicas}')
+
+while [[ ! $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \
+ || [[ ! $CLUSTER_STATE == "Synced" ]]
+do
+ echo "$CLUSTER_NO and $CLUSTER_STATE"
+ CLUSTER_NO=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \
+ --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \
+ -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size';" \
+ | awk '{print $2}')
+ CLUSTER_STATE=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysql \
+ --skip-column-names -h{{ $.Values.service.name }} -u$MYSQL_USER \
+ -p$MYSQL_PASSWORD -e "SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment';" \
+ | awk '{print $2}')
+ sleep 2
+ if [[ $CLUSTER_NO == $((STS_REPLICA+DEPLOYMENT_REPLICA)) ]] \
+ && [[ $CLUSTER_STATE == "Synced" ]]
+ then
+ echo "The cluster has $CLUSTER_NO members and $CLUSTER_STATE state."
+ break
+ fi
+done
+
+MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \
+ -uroot -p$MYSQL_ROOT_PASSWORD ping)
+
+while [[ ! $MYSQL_STATUS == "mysqld is alive" ]]
+do
+ echo "Mariadb deployment is not ready yet."
+ sleep 2
+ MYSQL_STATUS=$(kubectl exec -n $NAMESPACE_ENV $TEMP_POD -- mysqladmin \
+ -uroot -p$MYSQL_ROOT_PASSWORD ping)
+ if [[ $MYSQL_STATUS == "mysqld is alive" ]]
+ then
+ echo "Mariadb deployment is ready."
+ break
+ fi
+done
+
+kubectl scale statefulsets {{ include "common.fullname" . }} --replicas=0
+MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \
+ {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}')
+echo "The the cluster has $MY_REPLICA_NUMBER replicas."
+
+while [[ ! $MY_REPLICA_NUMBER == "0" ]]
+do
+ echo "The cluster is not scaled to 0 yet. Please wait ..."
+ MY_REPLICA_NUMBER=$(kubectl get statefulsets -n $NAMESPACE_ENV \
+ {{ include "common.fullname" . }} -o jsonpath='{.status.replicas}')
+ echo "The current status of the cluster is $MY_REPLICA_NUMBER"
+ sleep 2
+ if [[ $MY_REPLICA_NUMBER == "0" ]]
+ then
+ break
+ fi
+done
+
+for (( index=0; index<$STS_REPLICA; index+=1 ))
+do
+ kubectl delete pvc \
+ "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index"
+done
{{/*
# Copyright © 2018 Amdocs, Bell Canada
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics, and TATA Communications
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
{{- if .Values.externalConfig }}
apiVersion: v1
kind: ConfigMap
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-upgrade-deployment
+ annotations:
+ "helm.sh/hook": "pre-upgrade"
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": hook-succeeded
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-post-upgrade-deployment
+ annotations:
+ "helm.sh/hook": "post-upgrade"
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": hook-succeeded
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/post-upgrade-script.sh").AsConfig . | indent 2 }}
--- /dev/null
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-pre-upgrade
+ annotations:
+ "helm.sh/hook": "pre-upgrade"
+ "helm.sh/hook-weight": "1"
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+ template:
+ spec:
+ securityContext:
+ fsGroup: 1001
+ runAsUser: 1001
+ containers:
+ - name: mariadb-job-pre-upgrade
+ image: {{ .Values.global.kubectlImage}}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: NAMESPACE_ENV
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ command: ["/bin/bash", "-c", "--"]
+ args: ["/upgrade/upgrade-scripts.sh"]
+ volumeMounts:
+ - name: config-mariadb-upgrade
+ mountPath: /upgrade
+ volumes:
+ - name: config-mariadb-upgrade
+ configMap:
+ name: {{ include "common.fullname" . }}-upgrade-deployment
+ defaultMode: 0777
+ restartPolicy: OnFailure
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-post-upgrade
+ annotations:
+ "helm.sh/hook": "post-upgrade"
+ "helm.sh/hook-weight": "1"
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+ template:
+ spec:
+ securityContext:
+ fsGroup: 1001
+ runAsUser: 0
+ initContainers:
+ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ name: mariadb-galera-upgrade-readiness
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - mariadb-galera
+ containers:
+ - name: mariadb-job-post-upgrade
+ image: {{ .Values.global.kubectlImage}}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: NAMESPACE_ENV
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ command: ["/bin/bash", "-c", "--"]
+ args: ["/upgrade/post-upgrade-script.sh"]
+ volumeMounts:
+ - name: config-mariadb-upgrade
+ mountPath: /upgrade
+ volumes:
+ - name: config-mariadb-upgrade
+ configMap:
+ name: {{ include "common.fullname" . }}-post-upgrade-deployment
+ defaultMode: 0777
+ restartPolicy: OnFailure
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-post-delete
+ annotations:
+ "helm.sh/hook": "post-delete"
+ "helm.sh/hook-weight": "1"
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+ template:
+ spec:
+ containers:
+ - name: mariadb-job-post-delete
+ image: {{ .Values.global.kubectlImage}}
+ imagePullPolicy: IfNotPresent
+ command: ["/bin/bash", "-c", "--"]
+ args:
+ - for ((index=0;index<{{ $.Values.replicaCount }};index+=1));
+ do kubectl delete pvc "{{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-$index";
+ done; kubectl delete deployment {{ include "common.fullname" . }}-upgrade-deployment;
+ restartPolicy: OnFailure
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
-
+ busyboxImage: busybox:1.30
+ busyboxRepository: docker.io
+ # kubeclt image
+ kubectlImage: "bitnami/kubectl:1.15"
#################################################################
# Application configuration defaults.
- name: mariadb-galera
alias: mariadb
version: ~6.x-0
- repository: '@local'
\ No newline at end of file
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
apiVersion: v1
fieldPath: metadata.namespace
{{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-aaf-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - aaf-locate
- - --container-name
- - aaf-cm
- - --container-name
- - aaf-service
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-dr-prov-aaf-config
- image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
- volumeMounts:
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-config-vol
- env:
- - name: APP_FQI
- value: "{{ .Values.aafConfig.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
- - name: aaf_locator_container
- value: "{{ .Values.global.aafLocatorContainer }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_fqdn
- value: "{{ .Values.aafConfig.fqdn }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.aafConfig.publicFqdn}}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.global.aafAppNs }}"
- - name: DEPLOY_FQI
- value: "{{ .Values.aafConfig.aafDeployFqi }}"
- - name: DEPLOY_PASSWORD
- value: "{{ .Values.aafConfig.aafDeployPass }}"
- - name: cadi_longitude
- value: "{{ .Values.aafConfig.cadiLongitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aafConfig.cadiLatitude }}"
+
+ {{ include "common.certInitializer.initContainer" . | nindent 8 }}
+
- name: {{ include "common.name" . }}-permission-fixer
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-config-vol
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
command: ["chown","-Rf","1000:1001", "/opt/app/"]
+
{{ end }}
containers:
- name: {{ include "common.name" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
- name: DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
- volumeMounts:
- {{- if .Values.global.aafEnabled }}
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-config-vol
- {{- end }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: false
mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap/datarouter-prov
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.fullname" . }}-aaf-config-vol
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-aaf-props
- {{- else }}
- emptyDir: {}
- {{- end }}
- {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
- # ============LICENSE_START=======================================================
- # Copyright (C) 2019 Nordix Foundation.
- # ================================================================================
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # SPDX-License-Identifier: Apache-2.0
- # ============LICENSE_END=========================================================
-*/}}
-{{- if .Values.global.aafEnabled }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-aaf-props
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-aaf-props
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-aaf-props
-spec:
- capacity:
- storage: {{ .Values.persistence.aafCredsSize}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.aafCredsMountSubPath }}
-{{ end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
- # ============LICENSE_START=======================================================
- # Copyright (C) 2019 Nordix Foundation.
- # ================================================================================
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # SPDX-License-Identifier: Apache-2.0
- # ============LICENSE_END=========================================================
-*/}}
-{{- if .Values.global.aafEnabled }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-aaf-props
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.aafCredsSize }}
-{{ end -}}
-{{ end -}}
#################################################################
secrets:
- uid: dmaap-dr-db-user-secret
- name: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+ name: &dbSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.dmaapDrDb.userName }}'
accessMode: ReadWriteOnce
mountPath: /dockerdata-nfs
- aafCredsMountSubPath: data-router/dr-prov/aaf-props
- aafCredsSize: 10M
- aafCredsPath: /opt/app/osaaf/local
-
ingress:
enabled: false
service:
nameOverride: dmaap-dr-db
replicaCount: 2
config:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+ userCredentialsExternalSecret: *dbSecretName
mysqlDatabase: datarouter
service:
name: dmaap-dr-db-svc
size: 1Gi
mountSubPath: data-router/dr-db-data
-#AAF local config
-aafConfig:
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: dmaap-dr-prov-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
+# aafDeployCredsExternalSecret: some secret
fqdn: dmaap-dr-prov
fqi: dmaap-dr-prov@dmaap-dr.onap.org
publicFqdn: dmaap-dr.onap.org
cadiLatitude: 0.0
cadiLongitude: 0.0
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+
# Resource Limit flavor -By Default using small
flavor: small
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#
+#
+# This is specifically for the environments which take time to
+# deploy ONAP. This increase in timeouts prevents false restarting of
+# the pods during startup configuration.
+#
+# These timers have been tuned by the ONAP integration team. They
+# have been tested and validated in the ONAP integration lab (Intel/Windriver lab).
+# They are however indicative and may be adapted to your environment as they
+# depend on the performance of the infrastructure you are installing ONAP on.
+#
+# Please note that these timers must remain reasonable, in other words, if
+# your infrastructure is not performant enough, extending the timers to very
+# large value may not fix all installation issues on over subscribed hardware.
+#
+#################################################################
+global:
+ cmpv2Enabled: true
+ aaf:
+ certServiceClient:
+ envVariables:
+ # Certificate related
+ cmpv2Organization: "Linux-Foundation"
+ cmpv2OrganizationalUnit: "ONAP"
+ cmpv2Location: "San-Francisco"
+ cmpv2State: "California"
+ cmpv2Country: "US"
+ # Client configuration related
+ caName: "RA"
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
+ # dockerHub main repository
+ dockerHubRepository: docker.io
+
+ # busybox repo and image
+ busyboxRepository: docker.io
+ busyboxImage: busybox:1.30
+
+ # kubeclt image
+ kubectlImage: "bitnami/kubectl:1.15"
+
# image pull policy
pullPolicy: Always
# Enabling CMPv2
cmpv2Enabled: true
+ aaf:
+ certServiceClient:
+ image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.0.0
+ secret:
+ name: aaf-cert-service-client-tls-secret
+ mountPath: /etc/onap/aaf/certservice/certs/
+ envVariables:
+ # Certificate related
+ cmpv2Organization: "Linux-Foundation"
+ cmpv2OrganizationalUnit: "ONAP"
+ cmpv2Location: "San-Francisco"
+ cmpv2State: "California"
+ cmpv2Country: "US"
+ # Client configuration related
+ caName: "RA"
+ requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+ requestTimeout: "20000"
+ keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks"
+ keystorePassword: "secret"
+ truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks"
+ truststorePassword: "secret"
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
{{ if .Values.global.aafEnabled }}
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
+ keystoreFile="{{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.keystoreFile}}"
keystorePass="${javax.net.ssl.keyStorePassword}"
clientAuth="false" sslProtocol="TLS" />
{{ end }}
</Host>
</Engine>
</Service>
-</Server>
\ No newline at end of file
+</Server>
data:
{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
-
-{{ if .Values.global.aafEnabled }}
-{{- if .Values.aafConfig.addconfig -}}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "aaf-add-config" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
- aaf-add-config.sh: |-
- /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
-{{- end -}}
-{{- end -}}
\ No newline at end of file
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config" . | indent 6 }}
- {{- end }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["bash","-c"]
{{- if .Values.global.aafEnabled }}
- args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
+ args: ["export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0);\
export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
-Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
env:
- name: CATALINA_OPTS
value: >
- -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
- -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+ -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}"
+ -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}"
{{- else }}
args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
{{- end }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
- {{- end }}
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- name: properties-onapportalsdk
mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
subPath: server.xml
emptyDir: {}
- name: portal-tomcat-logs
emptyDir: {}
- {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volumes" . | indent 8 }}
- {{- end }}
+{{ include "common.certInitializer.volumes" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
persistence: {}
#AAF service
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.20
#################################################################
# Application configuration defaults.
#AAF local config
aafURL: https://aaf-service:8100/authz/
-aafConfig:
+certInitializer:
+ nameOverride: portal-sdk-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: portal
fqi: portal@portal.onap.org
- publicFqdn: portal.onap.org
+ public_fqdn: portal.onap.org
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
credsPath: /opt/app/osaaf/local
app_ns: org.osaaf.aaf
permission_user: 1000
permission_group: 999
- addconfig: true
- secret_uid: &aaf_secret_uid portal-sdk-aaf-deploy-creds
keystoreFile: "org.onap.portal.p12"
truststoreFile: "org.onap.portal.trust.jks"
-
-secrets:
- - uid: *aaf_secret_uid
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# flag to enable debugging - application support required
debugEnabled: false
-Subproject commit 51322d3b374588a051b4a5522fbd25ac92ffb328
+Subproject commit 7ee95b4c8f667dd0506499db17688473309cd91e
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.5
-backendInitImage: onap/sdc-backend-init:1.6.5
+image: onap/sdc-backend:1.6.6
+backendInitImage: onap/sdc-backend-init:1.6.6
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.5
-cassandraInitImage: onap/sdc-cassandra-init:1.6.5
+image: onap/sdc-cassandra:1.6.6
+cassandraInitImage: onap/sdc-cassandra-init:1.6.6
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.5
+image: onap/sdc-frontend:1.6.6
pullPolicy: Always
config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.5
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.5
+image: onap/sdc-onboard-backend:1.6.6
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.6
pullPolicy: Always
# flag to enable debugging - application support required
#
################################################################################
-# Common pattern layout for appenders
-log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %X{currentGraph} - %X{nodeId} | %m%n
+# Properties used as default values in MDC
+log4j2.property.ServiceName = INTERNAL
+log4j2.property.ErrorCode = 900
+log4j2.property.ErrorDesc = UnknownError
# Common properties
auditLogName=audit
debugLogName=debug
-
-# Root logger
-log4j2.rootLogger.level = INFO
-# uncomment to use asynchronous loggers, which require mvn:com.lmax/disruptor/3.3.2 library
-#log4j2.rootLogger.type = asyncRoot
-#log4j2.rootLogger.includeLocation = false
-log4j2.rootLogger.appenderRef.RollingFile.ref = RollingFile
+log4j2.rootLogger.appenderRef.KarafFile.ref = KarafFile
log4j2.rootLogger.appenderRef.PaxOsgi.ref = PaxOsgi
log4j2.rootLogger.appenderRef.Console.ref = Console
+log4j2.rootLogger.appenderRef.DebugFile.ref = DebugFile
+log4j2.rootLogger.appenderRef.ErrorFile.ref = ErrorFile
log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter
log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF}
-# Loggers configuration
-
-# Spifly logger
-log4j2.logger.spifly.name = org.apache.aries.spifly
-log4j2.logger.spifly.level = WARN
+log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version}
+# Veracode: Address Improper Output Neutralization for Logs CWE ID 117 flaw
+# \\R matches any new line character, any new line character will replaced with space (stripped)
+log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | ${log4j2.bundle.info} | %X{currentGraph} - %X{nodeId} | %replace{%m}{\\R}{ }%n
# Security audit logger
log4j2.logger.audit.name = org.apache.karaf.jaas.modules.audit
log4j2.appender.console.layout.type = PatternLayout
log4j2.appender.console.layout.pattern = ${log4j2.pattern}
-# Rolling file appender
-log4j2.appender.rolling.type = RollingRandomAccessFile
-log4j2.appender.rolling.name = RollingFile
-log4j.appender.rolling.level = INFO
-log4j2.appender.rolling.fileName = ${logDirectory}/${karafLogName}.log
-log4j2.appender.rolling.filePattern = ${logDirectory}/${karafLogName}.log.%i
-# uncomment to not force a disk flush
-#log4j2.appender.rolling.immediateFlush = false
-log4j2.appender.rolling.append = true
-log4j2.appender.rolling.layout.type = PatternLayout
-log4j2.appender.rolling.layout.pattern = ${log4j2.pattern}
-log4j2.appender.rolling.policies.type = Policies
-log4j2.appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
-log4j2.appender.rolling.policies.size.size = ${maxFileSize}
-
-# Audit file appender - not currently used, so commented out
-log4j2.appender.audit.type = RollingRandomAccessFile
-log4j2.appender.audit.name = AuditRollingFile
-log4j2.appender.audit.fileName = ${logDirectory}/${auditLogName}.log
-log4j2.appender.audit.filePattern = ${logDirectory}/${auditLogName}.log.%i
-log4j2.appender.audit.append = true
-log4j2.appender.audit.layout.type = PatternLayout
-log4j2.appender.audit.layout.pattern = ${log4j2.pattern}
-log4j2.appender.audit.policies.type = Policies
-log4j2.appender.audit.policies.size.type = SizeBasedTriggeringPolicy
-log4j2.appender.audit.policies.size.size = ${maxFileSize}
-
# OSGi appender
log4j2.appender.osgi.type = PaxOsgi
log4j2.appender.osgi.name = PaxOsgi
log4j2.appender.osgi.filter = *
-
-#ECOMP Debug appender
+# KarafFile appender
+log4j2.appender.karaf.type = RollingRandomAccessFile
+log4j2.appender.karaf.name = KarafFile
+log4j2.appender.karaf.fileName = ${logDirectory}/log/karaf.log
+log4j2.appender.karaf.filePattern = ${logDirectory}/log/karaf.log.%i
+# uncomment to not force a disk flush
+#log4j2.appender.karaf.immediateFlush = false
+log4j2.appender.karaf.append = true
+log4j2.appender.karaf.layout.type = PatternLayout
+log4j2.appender.karaf.layout.pattern = ${log4j2.pattern}
+log4j2.appender.karaf.policies.type = Policies
+log4j2.appender.karaf.policies.size.type = SizeBasedTriggeringPolicy
+log4j2.appender.karaf.policies.size.size = ${maxFileSize}
+log4j2.appender.karaf.strategy.type = DefaultRolloverStrategy
+log4j2.appender.karaf.strategy.max = ${maxBackupIndex}
+log4j2.appender.karaf.strategy.fileIndex = min
+# Routing appender (log4j sift)
+log4j2.appender.routing.type = Routing
+log4j2.appender.routing.name = Routing
+log4j2.appender.routing.routes.type = Routes
+log4j2.appender.routing.routes.pattern = \$\$\\\{ctx:bundle.name\}
+log4j2.appender.routing.routes.bundle.type = Route
+log4j2.appender.routing.routes.bundle.appender.type = RollingRandomAccessFile
+log4j2.appender.routing.routes.bundle.appender.name = Bundle-\$\\\{ctx:bundle.name\}
+log4j2.appender.routing.routes.bundle.appender.fileName = ${logDirectory}/log/bundle-\$\\\{ctx:bundle.name\}.log
+log4j2.appender.routing.routes.bundle.appender.filePattern= ${logDirectory}/log/bundle-\$\\\{ctx:bundle.name\}.log.%i
+log4j2.appender.routing.routes.bundle.appender.append = true
+log4j2.appender.routing.routes.bundle.appender.layout.type = PatternLayout
+log4j2.appender.routing.routes.bundle.appender.layout.pattern = ${log4j2.pattern}
+log4j2.appender.routing.routes.bundle.appender.policies.type = Policies
+log4j2.appender.routing.routes.bundle.appender.policies.size.type = SizeBasedTriggeringPolicy
+log4j2.appender.routing.routes.bundle.appender.policies.size.size = ${maxFileSize}
+
+#ecomp logging standards
log4j2.appender.debug.type = RollingRandomAccessFile
-log4j2.appender.debug.name = DebugRollingFile
-log4j2.appender.debug.fileName = ${logDirectory}/${debugLogName}.log
-log4j2.appender.debug.filePattern = ${logDirectory}/${debugLogName}.log.%i
+log4j2.appender.debug.name = DebugFile
+log4j2.appender.debug.fileName = <%= @logDir %>/debug.log
+log4j2.appender.debug.filePattern = <%= @logDir %>/debug.log.%i
+# uncomment to not force a disk flush
+#log4j2.appender.debug.immediateFlush = false
log4j2.appender.debug.append = true
log4j2.appender.debug.layout.type = PatternLayout
-log4j2.appender.debug.layout.pattern = ${log4j2.pattern}
+log4j2.appender.debug.layout.pattern = %d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%-16.16t|%-5.5p|%-32.32c{1}|${log4j2.bundle.info}|%replace{%m}{\\R}{ }%n
log4j2.appender.debug.policies.type = Policies
log4j2.appender.debug.policies.size.type = SizeBasedTriggeringPolicy
log4j2.appender.debug.policies.size.size = ${maxFileSize}
+log4j2.appender.debug.strategy.type = DefaultRolloverStrategy
+log4j2.appender.debug.strategy.max = ${maxBackupIndex}
+log4j2.appender.debug.strategy.fileIndex = min
-#Error appender
log4j2.appender.error.type = RollingRandomAccessFile
-log4j2.appender.error.name = ErrorRollingFile
-log4j2.appender.error.fileName = ${logDirectory}/${errorLogName}.log
-log4j2.appender.error.filePattern = ${logDirectory}/${errorLogName}.log.%i
+log4j2.appender.error.name = ErrorFile
+log4j2.appender.error.fileName = <%= @logDir %>/error.log
+log4j2.appender.error.filePattern = <%= @logDir %>/error.log.%i
+# uncomment to not force a disk flush
+#log4j2.appender.error.immediateFlush = false
log4j2.appender.error.append = true
log4j2.appender.error.layout.type = PatternLayout
-log4j2.appender.error.layout.pattern = ${log4j2.pattern}
+log4j2.appender.error.layout.pattern = %d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%-16.16t|$\$\\\{ctx:ServiceName\}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%p|$\$\\\{ctx:ErrorCode\}|$\$\\\{ctx:ErrorDesc\}|%replace{%m}{\\R}{ }%ex{full}{separator(\\n)}%n
+
log4j2.appender.error.policies.type = Policies
log4j2.appender.error.policies.size.type = SizeBasedTriggeringPolicy
log4j2.appender.error.policies.size.size = ${maxFileSize}
+log4j2.appender.error.strategy.type = DefaultRolloverStrategy
+log4j2.appender.error.strategy.max = ${maxBackupIndex}
+log4j2.appender.error.strategy.fileIndex = min
+log4j2.appender.error.filter.threshold.type = ThresholdFilter
+log4j2.appender.error.filter.threshold.level = WARN
+log4j2.appender.error.filter.threshold.match = ACCEPT
+
+
+
+log4j2.appender.metric.type = RollingRandomAccessFile
+log4j2.appender.metric.name = MetricFile
+log4j2.appender.metric.fileName = <%= @logDir %>/metric.log
+log4j2.appender.metric.filePattern = <%= @logDir %>/metric.log.%i
+# uncomment to not force a disk flush
+#log4j2.appender.metric.immediateFlush = false
+log4j2.appender.metric.append = true
+log4j2.appender.metric.layout.type = PatternLayout
+log4j2.appender.metric.layout.pattern=%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%-16.16t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceID}|%p|%X{Severity}|<%= @hostIP %>|%X{ElapsedTime}|<%= @hostFQDN %>|%X{ClientIPAddress}|%C{1}|||%X{TargetElement}|%X{slf4j.marker}|%X|%X{currentGraph} - %X{nodeId}|${log4j2.bundle.info}|%m%n
+log4j2.appender.metric.policies.type = Policies
+log4j2.appender.metric.policies.size.type = SizeBasedTriggeringPolicy
+log4j2.appender.metric.policies.size.size = ${maxFileSize}
+log4j2.appender.metric.strategy.type = DefaultRolloverStrategy
+log4j2.appender.metric.strategy.max = 100
+log4j2.appender.metric.strategy.fileIndex = min
-#Metrics appender - not used so commented out
-#log4j2.appender.metrics.type = RollingRandomAccessFile
-#log4j2.appender.metrics.name = MetricsRollingFile
-#log4j2.appender.metrics.fileName = ${logDirectory}/${metricsLogName}.log
-#log4j2.appender.metrics.filePattern = ${logDirectory}/${metricsLogName}.log.%i
-#log4j2.appender.metrics.append = true
-#log4j2.appender.metrics.layout.type = PatternLayout
-#log4j2.appender.metrics.layout.pattern = ${log4j2.pattern}
-#log4j2.appender.metrics.policies.type = Policies
-#log4j2.appender.metrics.policies.size.type = SizeBasedTriggeringPolicy
-#log4j2.appender.metrics.policies.size.size = ${maxFileSize}
+log4j2.appender.audit.type = RollingRandomAccessFile
+log4j2.appender.audit.name = AuditFile
+log4j2.appender.audit.fileName = <%= @logDir %>/audit.log
+log4j2.appender.audit.filePattern = <%= @logDir %>/audit.log.%i
+# uncomment to not force a disk flush
+#log4j2.appender.audit.immediateFlush = false
+log4j2.appender.audit.append = true
+log4j2.appender.audit.layout.type = PatternLayout
+log4j2.appender.audit.layout.pattern=%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%-16.16t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceID}|INFO|%X{Severity}|<%= @hostIP %>|%X{ElapsedTime}|<%= @hostFQDN %>|%X{ClientIPAddress}|%C{1}|%X{AUDIT-Unused}|%X{AUDIT-ProcessKey}|%X{slf4j.marker}|%X|%X{currentGraph} - %X{nodeId}|${log4j2.bundle.info}|%m%n
+log4j2.appender.audit.policies.type = Policies
+log4j2.appender.audit.policies.size.type = SizeBasedTriggeringPolicy
+log4j2.appender.audit.policies.size.size = ${maxFileSize}
+log4j2.appender.audit.strategy.type = DefaultRolloverStrategy
+log4j2.appender.audit.strategy.max = ${maxBackupIndex}
+log4j2.appender.audit.strategy.fileIndex = min
+
+# Loggers
+
+log4j2.logger.metric.name = org.onap.ccsdk.sli.core.filters.metric
+log4j2.logger.metric.level = INFO
+log4j2.logger.metric.additivity = false
+log4j2.logger.metric.appenderRef.MetricFile.ref = MetricFile
+
+log4j2.logger.metric2.name = org.onap.logging.filter.base.AbstractBaseMetricLogFilter
+log4j2.logger.metric2.level = INFO
+log4j2.logger.metric2.additivity = false
+log4j2.logger.metric2.appenderRef.MetricFile.ref = MetricFile
+
+log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter
+log4j2.logger.audit.level = INFO
+log4j2.logger.audit.additivity = false
+log4j2.logger.audit.appenderRef.AuditFile.ref = AuditFile
+
+log4j2.logger.metric.name = org.onap.ccsdk.sli.core.filters.metric
+log4j2.logger.metric.level = INFO
+log4j2.logger.metric.additivity = false
+log4j2.logger.metric.appenderRef.MetricFile.ref = MetricFile
+
+log4j2.logger.metric2.name = org.onap.logging.filter.base.AbstractBaseMetricLogFilter
+log4j2.logger.metric2.level = INFO
+log4j2.logger.metric2.additivity = false
+log4j2.logger.metric2.appenderRef.MetricFile.ref = MetricFile
+
+log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter
+log4j2.logger.audit.level = INFO
+log4j2.logger.audit.additivity = false
+log4j2.logger.audit.appenderRef.AuditFile.ref = AuditFile
+log4j2.logger.rr.name = org.onap.logging.filter.base.PayloadLoggingServletFilter
+log4j2.logger.rr.level = INFO
+log4j2.logger.rr.additivity = false
+log4j2.logger.rr.appenderRef.RequestResponseFile.ref = RequestResponseFile
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: A Helm chart for so appc orchestrator
+name: so-appc-orchestrator
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+ ssl-enable: false
+mso:
+ logPath: ./logs/soappcorch
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
+ msoKey: {{ .Values.global.app.msoKey }}
+ config:
+ {{ if eq .Values.global.security.aaf.enabled true }}
+ cadi: {{ include "cadi.keys" . | nindent 8}}
+ {{- else }}
+ cadi:
+ aafId: {{ .Values.mso.basicUser }}
+ {{- end }}
+ workflow:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
+ topics:
+ retryMultiplier: 1000
+appc:
+ client:
+ topic:
+ read:
+ name: {{ .Values.appc.client.topic.read.name }}
+ timeout: {{ .Values.appc.client.topic.read.timeout }}
+ write: {{ .Values.appc.client.topic.write }}
+ sdnc:
+ read: {{ .Values.appc.client.topic.sdnc.read }}
+ write: {{ .Values.appc.client.topic.sdnc.write }}
+ response:
+ timeout: {{ .Values.appc.client.response.timeout }}
+ key: {{ .Values.appc.client.key }}
+ secret: {{ .Values.appc.client.secret }}
+ service: ueb
+ poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904
+spring:
+ security:
+ usercredentials:
+ -
+ username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
--- /dev/null
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-pass-encoder
+ command:
+ - sh
+ args:
+ {{/* bcrypt plain text and convert to OpenBSD variant using sed */}}
+ - -c
+ - htpasswd -bnBC 10 "" "${ACTUATOR_PASSWORD}" | tr -d ':\n' | sed 's/\$2y/\$2a/' 1>/tmp/app/encoded;
+ env:
+ - name: ACTUATOR_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }}
+ image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.htpasswdImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: encoder
+ mountPath: /tmp/app
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"; ./start-app.sh
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: ACTUATOR_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: encoder
+ mountPath: /tmp/app
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+{{ include "helpers.livenessProbe" .| indent 8 }}
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: encoder
+ emptyDir:
+ medium: Memory
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
-{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ persistence:
+ mountPath: /dockerdata-nfs
+ htpasswdImage: xmartlabs/htpasswd
+ dockerHubRepository: docker.io
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+ - uid: server-actuator-creds
+ name: '{{ include "common.release" . }}-so-appc-actuator-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
+ login: '{{ .Values.server.actuator.username }}'
+ password: '{{ .Values.server.actuator.password }}'
+ passwordPolicy: required
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/so-appc-orchestrator:1.6.0
+pullPolicy: Always
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+server:
+ actuator:
+ username: mso_admin
+ password: password1$
+replicaCount: 1
+minReadySeconds: 10
+containerPort: 8080
+logPath: ./logs/soappcorch
+app: appc-orchestrator
+service:
+ name: so-appc-orchestrator
+ type: ClusterIP
+ ports:
+ - port: 8080
+ name: http
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: 8083
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.6.2
+image: onap/so/bpmn-infra:1.6.3
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.6.2
+image: onap/so/catalog-db-adapter:1.6.3
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.6.2
+image: onap/so/so-monitoring:1.6.3
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/nssmf-adapter:1.6.2
+image: onap/so/nssmf-adapter:1.6.3
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.6.2
+image: onap/so/openstack-adapter:1.6.3
pullPolicy: Always
repository: nexus3.onap.org:10001
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.6.2
+image: onap/so/request-db-adapter:1.6.3
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.6.2
+image: onap/so/sdc-controller:1.6.3
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.6.2
+image: onap/so/sdnc-adapter:1.6.3
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/ve-vnfm-adapter:1.6.2
+image: onap/so/ve-vnfm-adapter:1.6.3
pullPolicy: Always
replicaCount: 1
service:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.6.2
+image: onap/so/vfc-adapter:1.6.3
pullPolicy: Always
db:
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.6.2
+image: onap/so/vnfm-adapter:1.6.3
pullPolicy: Always
replicaCount: 1
adminName: so_admin
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.6.2
+image: onap/so/api-handler-infra:1.6.3
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
backupCredsExternalSecret: *dbBackupCredsSecretName
userCredsExternalSecret: *dbUserCredsSecretName
adminCredsExternalSecret: *dbAdminCredsSecretName
+so-appc-orchestrator:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ mso:
+ basicUser: poBpmn
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ noAuthn: /manage/health
+ appc:
+ client:
+ topic:
+ read:
+ name: APPC-LCM-WRITE
+ timeout: 360000
+ write: APPC-LCM-READ
+ sdnc:
+ read: SDNC-LCM-WRITE
+ write: SDNC-LCM-READ
+ response:
+ timeout: 3600000
+ key: VIlbtVl6YLhNUrtU
+ secret: 64AG2hF4pYeG2pq7CT6XwUOT
+ service: ueb
+ auth:
+ rest:
+ aaf: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456