+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VNFM | No | Yes? | Yes | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| VID | No | Yes | No | kubernetes/vid/resources/cert |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
-Subproject commit ab137ca81f5d4f9eb3d442f37f8e7ea52d7757f0
+Subproject commit eb70b3f12b30d4d7ea010723707db8c3e2ef2354
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.2
+image: onap/clamp-backend:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.2
+image: onap/clamp-frontend:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
"dmaap": {
"username": "notused",
"password": "doesnotmatter",
- "owner": "dcaecm",
- "protocol": "http"
- }
+ "owner": "dcaecm"
+ }
}
\ No newline at end of file
trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.release" . }}-so-truststore-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
env:
- name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
+ value: {{ .Values.global.client.certs.truststore }}
- name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name}}-so-client-certs-secret
key: trustStorePassword
+ {{ if eq .Values.global.security.aaf.enabled true }}
- name: KEYSTORE
- value: /app/org.onap.so.jks
+ value: {{ .Values.global.client.certs.keystore }}
- name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readonly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
defaultCloudOwner: onap
cadi:
cadiLoglevel: DEBUG
- cadiKeyFile: /app/org.onap.so.keyfile
- cadiTrustStore: /app/org.onap.so.trust.jks
+ cadiKeyFile: /app/client/org.onap.so.keyfile
+ cadiTrustStore: /app/client/org.onap.so.trust.jks
cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
cadiLatitude: 38.4329
cadiLongitude: -90.43248
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
client:
certs:
- trustStorePassword: b25hcDRzbw==
+ truststore: /app/client/org.onap.so.trust.jks
+ keystore: /app/client/org.onap.so.jks
+ trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
keyStorePassword: c280b25hcA==
certificates:
path: /etc/ssl/certs
Code Review / oom.git / commitdiff