ONAP current installation have hardcoded certificates.
Here's the list of these certificates:
- +-----------------------------------------------------------------------------------------------------------------------------+
- | Project | ONAP Certificate | Own Certificate | Path |
- +============+==================+==================+==========================================================================+
- | VID | No | Yes | kubernetes/vid/resources/cert |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI | Yes | No | aai/oom/resources/config/haproxy/aai.pem |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI | Yes | No | aai/oom/resources/config/aai/aai_keystore |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI | Yes | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI | No | Yes | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
- | AAI | Yes | Yes | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
- +------------+------------------+------------------+--------------------------------------------------------------------------+
+ +-----------------------------------------------------------------------------------------------------------------------------------------------------+
+ | Project | ONAP Certificate | Own Certificate | MSB Certificate | Path |
+ +==================+==================+==================+============================================================================================+
+ | AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/BPMN | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/Catalog | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/Monitoring | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/OpenStack | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/RequestDb | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/SDC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/SDNC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VE/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VFC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | VID | No | Yes | No | kubernetes/vid/resources/cert |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
-Subproject commit 40aacd4952fc1d8a37f4ad44c89bef093762b81c
+Subproject commit 734cab7fc193e701b59bacc9c234030b52449fa4
if $ENABLE_AAF
then
cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
- else
- cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
fi
fi
{{- $_ := set $entry "annotations" $secret.annotations }}
{{- end }}
{{- if $secret.filePaths }}
- {{- $_ := set $entry "filePaths" $secret.filePaths }}
+ {{- if kindIs "string" $secret.filePaths }}
+ {{- $evaluated := tpl (default "" $secret.filePaths) $global }}
+ {{- if and $evaluated (ne $evaluated "\"\"") }}
+ {{- $fstr := printf "val:\n%s" ($evaluated | indent 2) }}
+ {{- $flist := (index (tpl $fstr $global | fromYaml) "val") }}
+ {{- $_ := set $entry "filePaths" $flist }}
+ {{- else }}
+ {{- $_ := set $entry "filePaths" (list) }}
+ {{- end }}
+ {{- else }}
+ {{- $_ := set $entry "filePaths" $secret.filePaths }}
+ {{- end }}
{{- end }}
{{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }}
{{- $_ := set $entry "realName" $realName }}
{{- if eq $type "generic" }}
data:
{{- range $curFilePath := $secret.filePaths }}
+ {{- fail (printf "%s" $curFilePath) }}
{{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }}
{{- end }}
{{- if $secret.filePath }}
{{- end }}
{{- if $msb_informations }}
msb.onap.org/service-info: '[
+{{- range $index, $msb_information := $msb_informations }}
+{{- if ne $index 0 }}
+ ,
+{{- end }}
{
- "serviceName": "{{ include "common.servicename" $dot }}",
- "version": "{{ default "v1" $msb_informations.version }}",
- "url": "{{ default "/" $msb_informations.url }}",
- "protocol": "{{ default "REST" $msb_informations.protocol }}",
- "port": "{{ $msb_informations.port }}",
- "visualRange":"{{ default "1" $msb_informations.visualRange }}"
+ "serviceName": "{{ default (include "common.servicename" $dot) $msb_information.serviceName }}",
+ "version": "{{ default "v1" $msb_information.version }}",
+ "url": "{{ default "/" $msb_information.url }}",
+ "protocol": "{{ default "REST" $msb_information.protocol }}",
+ "port": "{{ $msb_information.port }}",
+ "visualRange":"{{ default "1" $msb_information.visualRange }}"
}
- ]'
+{{- end }}
+ ]'
{{- end}}
{{- end }}
name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
usage() {
cat << ==usage
-$0 [cluster_domain] [helm_chart_args ...]
+$0 [cluster_domain] [lb_ip] [helm_chart_args] ...
[cluster_domain] Default value simpledemo.onap.org
- [helm_chart_args...] Optional arguments passed to helm install command
+ [lb_ip] Default value LoadBalancer IP
+ [helm_chart_args] ... Optional arguments passed to helm install command
$0 --help This message
$0 --info Display howto configure target machine
==usage
==infodeploy
}
+
+list_node_with_external_addrs()
+{
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ break
+ fi
+ done
+}
+
+ingress_controller_ip() {
+ local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
+ if [ -z $metal_ns ]; then
+ echo $CLUSTER_IP
+ else
+ list_node_with_external_addrs
+ fi
+}
+
deploy() {
+ local ingress_ip=$(ingress_controller_ip)
pushd "$SPATH/bind9dns" > /dev/null
if [ $# -eq 0 ]; then
local cl_domain="simpledemo.onap.org"
local cl_domain=$1
shift
fi
- helm install . --set dnsconf.wildcard="$cl_domain=$CLUSTER_IP" $@
+ if [ $# -ne 0 ]; then
+ ingress_ip=$1
+ shift
+ fi
+ helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
popd > /dev/null
target_machine_notice_info
}
if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
usage
elif [[ $# -eq 1 ]] && [[ $1 == "--info" ]]; then
- target_machine_notice_info
+ target_machine_notice_info
else
deploy $@
fi
successThreshold: 1
timeoutSeconds: 10
----
-kind: Service
-apiVersion: v1
-metadata:
- name: ingress-nginx
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-spec:
- externalTrafficPolicy: Local
- type: LoadBalancer
- selector:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- ports:
- - name: http
- port: 80
- targetPort: http
- - name: https
- port: 443
- targetPort: https
-
---
apiVersion: v1
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
- annotations:
- service.beta.kubernetes.io/aws-load-balancer-type: nlb
spec:
externalTrafficPolicy: Local
type: LoadBalancer
--- /dev/null
+#!/bin/bash -e
+#
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+usage() {
+cat << ==usage
+$0 Automatic configuration using external addresess from nodes
+$0 --help This message
+$0 -h This message
+$0 [cluster_ip1] ... [cluster_ipn] Cluster address or ip ranges
+==usage
+}
+
+
+find_nodes_with_external_addrs()
+{
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ fi
+ done
+}
+
+generate_config_map()
+{
+cat <<CNFEOF | kubectl apply -f -
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: metallb-system
+ name: config
+data:
+ config: |
+ address-pools:
+ - name: default
+ protocol: layer2
+ addresses:
+$(for value in "$@"; do echo -e " - $value"; done)
+CNFEOF
+}
+
+generate_config_from_single_addr() {
+ generate_config_map "$1 - $1"
+}
+
+install_metallb() {
+ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml
+ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml
+ # Only when install
+ kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
+}
+
+automatic_configuration() {
+ install_metallb
+ generate_config_from_single_addr $(find_nodes_with_external_addrs)
+}
+
+manual_configuration() {
+ install_metallb
+ generate_config_map $@
+}
+
+if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
+ usage
+elif [[ $# -eq 0 ]]; then
+ automatic_configuration
+else
+ manual_configuration $@
+fi
external_port: 0
external_port_tls: {{ .Values.config.address.ves.portSecure }}
auth_method: "certBasicAuth"
-component_name: "dcae-ves-collector-tls"
-dns_component_name: "dcae-ves-collector-tls"
+component_name: "dcae-ves-collector"
+dns_component_name: "dcae-ves-collector"
enable_tls: true
ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/"
ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/"
ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/"
ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
-ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
\ No newline at end of file
+ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# Modifications (c) 2020 Nokia. All rights reserved.
# ================================================================================
external_port_tls: 0
external_port: {{ .Values.config.address.ves.port }}
auth_method: "noAuth"
-component_name: "dcae-ves-collector"
-dns_component_name: "dcae-ves-collector"
+component_name: "dcae-ves-collector-http"
+dns_component_name: "dcae-ves-collector-http"
ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/"
ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/"
ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/"
ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
-ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
\ No newline at end of file
+ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.4
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
periodSeconds: 10
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.3.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.3.1
# Resource Limit flavor -By Default using small
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.0
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.1
# Resource Limit flavor -By Default using small
flavor: small
"log.retention.hours": "168"
"zookeeper.connection.timeout.ms": "6000"
"default.replication.factor": "3"
+ "zookeeper.set.acl": "true"
jmx:
port: 5555
value: "{{ .Values.zkConfig.clientPort }}"
- name: KAFKA_OPTS
value: "{{ .Values.zkConfig.kafkaOpts }}"
- - name: EXTRA_ARGS
- value: "{{ .Values.zkConfig.extraArgs }}"
- name: ZOOKEEPER_SERVER_ID
valueFrom:
fieldRef:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/zookeeper:6.0.2
+image: onap/dmaap/zookeeper:6.0.3
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
busyBoxImage: busybox:1.30
autoPurgeSnapRetainCount: 3
autoPurgePurgeInterval: 24
heapOptions: -Xmx2G -Xms2G
- kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
- extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
+ kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
clientPort: 2181
jmx:
name: message-router
both_tls_and_plain: true
msb:
- port: api
- url: "/"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
+ - port: 3904
+ url: "/"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
ports:
- name: api
port: 3905
#AAF global config overrides
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafAppNs: org.osaaf.aaf
aafLocatorContainer: oom
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
kind: Secret
name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
pdpPort: 8081
nexusPort: 8081
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
resources:
{{ include "common.resources" . | indent 12 }}
ports:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
debugEnabled: false
# application configuration
+
+db:
+ user: policy_user
+ password: policy_user
+
config:
papPort: 9091
# wait for DB up
# now that DB is up, invoke database upgrade
# (which does nothing if the db is already up-to-date)
- dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
- dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ if [[ -v JDBC_USER ]]; then
+ dbuser=${JDBC_USER};
+ else
+ dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
+ fi
+
+ if [[ -v JDBC_PASSWORD ]]; then
+ dbpw=${JDBC_PASSWORD}
+ else
+ dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ fi
db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
fi
#
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user={{ .Values.global.mariadb.config.userName }}
-javax.persistence.jdbc.password={{ .Values.global.mariadb.config.userPassword | b64enc }}
+javax.persistence.jdbc.user=${SQL_USER}
+javax.persistence.jdbc.password=${SQL_PASSWORD}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
global:
persistence: {}
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application configuration
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
---sdc-be => 8443:30204, 8080:30205
+--sdc-be => 8443:30204
--sdc-fe => 8181:30206, 9443:30207
update fn_app set app_url = 'https://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'https://sdc-be:8443/api/v3' where app_name = 'SDC';
--pap => 8443:30219
-Subproject commit a8e1918a02156ecec86409948d400669c2e67bb7
+Subproject commit 60271b7510ea9d57ed56cd9958d1c07f5ceaf3c5
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
path: /sdc2/rest/healthCheck
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ port: {{ .Values.liveness.port }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
metadata:
name: {{ include "common.fullname" . }}-config-backend
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
backoffLimit: 20
template:
metadata:
labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}-job
+ helm.sh/chart: {{ include "common.chart" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
restartPolicy: Never
initContainers:
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc",
- "version": "v1",
- "url": "/sdc/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange":"1"
- },
- {
- "serviceName": "sdc-deprecated",
- "version": "v1",
- "url": "/sdc/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange":"1",
- "path":"/sdc/v1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
+ port: api
enabled: true
readiness:
service:
type: NodePort
name: sdc-be
- portName: sdc-be
- nodePort: "04"
- internalPort: 8443
- externalPort: 8443
- nodePort2: "05"
- internalPort2: 8080
- externalPort2: 8080
+ both_tls_and_plain: true
+ msb:
+ - port: 8080
+ url: "/sdc/v1"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ serviceName: sdc
+ - port: 8080
+ url: "/sdc/v1"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ serviceName: sdc-deprecated
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: '04'
ingress:
enabled: false
service:
- baseaddr: "sdcbe"
name: "sdc-be"
- port: 8080
+ port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
path: /dcae/healthCheckOld
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
scheme: HTTPS
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
{{- end}}
selector:
app: {{ include "common.name" . }}
type: NodePort
name: sdc-dcae-dt
portName: dcae-dt
- nodePort: "65"
- internalPort: 8186
- portName2: dcae-dt2
- nodePort2: "66"
- internalPort2: 9446
+ nodePort: "66"
+ internalPort: 9446
ingress:
enabled: false
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
path: /dcaed/healthCheck
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
scheme: HTTPS
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
{{- end}}
selector:
app: {{ include "common.name" . }}
type: NodePort
name: sdc-dcae-fe
portName: dcae-fe
- nodePort: "63"
- internalPort: 8183
- portName2: dcae-fe2
- nodePort2: "64"
- internalPort2: 9444
+ nodePort: "64"
+ internalPort: 9444
ingress:
enabled: false
service:
- baseaddr: "dcaedt"
- name: "sdc-dcae-fe"
- port: 8183
- - baseaddr: "dcaedt2"
name: "sdc-dcae-fe"
port: 9444
config:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.5.3
+image: onap/so/bpmn-infra:1.6.0
pullPolicy: Always
db:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.5.3
+image: onap/so/catalog-db-adapter:1.6.0
pullPolicy: Always
db:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- name: so-chown
image: alpine:3.6
volumeMounts:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.5.3
+image: onap/so/so-monitoring:1.6.0
pullPolicy: Always
db:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.5.3
+image: onap/so/openstack-adapter:1.6.0
pullPolicy: Always
repository: nexus3.onap.org:10001
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.5.3
+image: onap/so/request-db-adapter:1.6.0
pullPolicy: Always
db:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.5.3
+image: onap/so/sdc-controller:1.6.0
pullPolicy: Always
db:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.5.3
+image: onap/so/sdnc-adapter:1.6.0
pullPolicy: Always
db:
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
- name: logs
mountPath: /app/logs
- name: config
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
ports: {{- include "common.containerPorts" . | nindent 10 }}
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+#################################################################
+# Global configuration defaults.
+#################################################################
global:
repository: nexus3.onap.org:10001
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
persistence:
mountPath: /dockerdata-nfs
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
image: onap/so/ve-vnfm-adapter:1.6.0
pullPolicy: Always
replicaCount: 1
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.5.3
+image: onap/so/vfc-adapter:1.6.0
pullPolicy: Always
db:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- env:
+ env:
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- name: TRUSTSTORE_PASSWORD
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.5.3
+image: onap/so/vnfm-adapter:1.6.0
pullPolicy: Always
replicaCount: 1
ssl: "redirect"
nodeSelector: {}
tolerations: []
-affinity: {}
\ No newline at end of file
+affinity: {}
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
+Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
+DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
+Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
+bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
+YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
+dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
+Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
+mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
+2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
+6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
+7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
+p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
+5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
+bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
+wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
+ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
+FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
+3lR7lW/J
+-----END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFpTCCA42gAwIBAgIJAJqx8dKnCZZoMA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV
-BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3Bl
-bkVDT01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEn
-MCUGCSqGSIb3DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEy
-ODIxMTQyNloXDTIxMTEyNzIxMTQyNlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMw
-EQYDVQQLDApzaW1wbGVkZW1vMSowKAYDVQQDDCFPcGVuRUNPTVAgc2ltcGxlZGVt
-byBTZXJ2ZXIgQ0EgWDExJzAlBgkqhkiG9w0BCQEWGHNpbXBsZWRlbW9Ab3BlbmVj
-b21wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr4rivKQuRk
-YNf5Ig40e1nqj6s6LB1vgMOYbKfRziOFpPcUpsHPOhusHowiUsrU1vdFSzPz6Ej7
-PjlmNSg2Qka8YCn9kd6QgM7U0KcPJvIucBp+qjifH3EvP0jgDPhDeVRYxzV454dv
-5kQ9uCpswJP7YAnX51dkWeH8nwPUoagt31bOl9LXENSrgxEThxdLYMJnQJWk2CmV
-otXM4tT1dxyJxFUrZ6uJCEAYw5VtlplqihHf8lHy+sWQavtsLz/4dc+sGeXSTfoI
-voKvoh3uZ5gEhGV8yfJxk1veX5y5/AxP80vQ+smWYjTnQL5QQ57y4bciez4XVBmQ
-SWimWtOi4e8CAwEAAaOBtTCBsjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBhjAdBgNVHQ4EFgQUTqdsYgGNGubdJHq9tsaJhM9HE5wwcAYDVR0gBGkwZzBl
-BgRVHSAAMF0wWwYIKwYBBQUHAgIwTxpNSWYgeW91IHRydXN0IHRoaXMgY2VydCB0
-aGVuIHdlIGhhdmUgYSBicmlkZ2UgdGhhdCB5b3UgbWlnaHQgYmUgaW50ZXJlc3Rl
-ZCBpbi4wDQYJKoZIhvcNAQELBQADggIBAKNNlRqFuE/JgV1BHyYK0xoSXH4aZP/7
-IoHtDVcSaZAOOuFOUrwVMUbzRBebbb6RpFwt/X+NLFUGysd+XNLF7W7lzxKtmFNX
-n4OpNkBe0y5O7yurus8rERHzu3jiOSgVo+WzDlGpYSRnG3hI2qPWqD+Puzx/WwI8
-XUTuzEQQ3gUSyVFfXHpay3VpYmLZiLJ9WKY5SDw7Ie6Sxrju4Qm1HwnFY8wHZGcs
-2KMQzorJ1ZNQf523yUTghbT0rKaSFaD8zugPtI2ONfFG/QgrkQXo78opzPsHnHwa
-SxGSiAgeLbwAUCvPNl27zr6k6+7TcNjV0VUivAs0OG3VEAdgi7UWYB+30KfWwHwE
-zGmvd4IAGqIqlqLcSVArN5z8JK1B5nfjQn5UrclU1vK+dnuiKE2X4rKuBTRYRFR/
-km+mj4koYFPKFHndmJl1uv2OCJK9l5CSIuKWeI1qv8BASKqgNdoT/SKBXqxgYlCb
-o+j4IDjxrxChRO+e5vl9lA7INfRrbljCkUjfLRa+v2q9tWQ3+EQUwwnSrSfihh2T
-j0Tksr6b8dDsvMlCdOKG1B+JPcEXORSFKNXVTEfjqpJG8s16kFAocWt3S6xO0k1t
-qbQp+3tWQgW2TGnX0rMZzB6NGRNfWhlYmq2zHgXkiCIZ26Ztgt/LNbwEvN3+VlLo
-z/Rd+SKtlrfb
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGQTCCBCmgAwIBAgIJANSi/bsXEOI5MA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV
-BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3Bl
-bkVDT01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEn
-MCUGCSqGSIb3DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEy
-ODIxMTQyNVoXDTI2MTEyNjIxMTQyNVowgb0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMw
-EQYDVQQLDApzaW1wbGVkZW1vMTowOAYDVQQDDDFPcGVuRUNPTVAgc2ltcGxlZGVt
-byBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MScwJQYJKoZIhvcNAQkBFhhz
-aW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
-ggIKAoICAQDLgdDTCZX5xlMFIo+tjj5DItAwbutQE3NMchx/CRIuYwRCBOEO0yOs
-AdnZAuheYrjv/Dw4wKNzcvtIlYbfiPsGWVvx5j6+xoGBLLwIOnDyzD2B62uCvMs9
-47MAuiqpPojPwDDb9fF5EIhlC+cBzSYKm7D5ihYxmUCnh9yHIPEMq0IoVj2illlK
-eCTLW+bZKeaKoWdkFxyyzykOoMFgZTUm01EhDIt1DHTve675Qq80UgzrZdSK6Zjv
-3wLV7tkJSGmCkbUELpxsTLKYuaGUkE0m5n3SMUcvBDa6WNQpWlUbZlTwWotOrxfN
-Gib3nGiqyCmQXrVvuuBDzmZifZaJpBGiiGiOxp0j79E/OZkfk/9V3Hvfy78Ss9H5
-uhf/ACGKsUq9nN25u+Wpz7EzAQm/OBubBrBCMP/8pm+y1jCfQ6Bwd0Nm48KrJkTe
-ySkferISNmpQZ2dyZXQVXMarbRfagQ6XdJw6EVnDwydVzb5LAqam3JUXjsHIj7Gv
-2DmXwJtwV+cnKB/OxRsP/JWwlyC9pFGy17HWc7EwPqXm1UNdDM36UaoBDzsh3DcI
-vg5+BOOtYPmiZ2+CMD2JxAXmtCMAmQA1mSsW7beTuHKy+7EdCAWcregE60PE3w2l
-G8n50YSXb0WZ2IaQUsBhhpZmu6VVTEcoi5eMglI6QyO21y0oKPYWPQIDAQABo0Iw
-QDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmmQF
-QD3oWZUOVE81Qc9WSfcyqwwwDQYJKoZIhvcNAQELBQADggIBAE1ArwZwMVVJe1Pj
-p1R9+Q766Qhzh4EN9RFCsktCcf4pB23lPtFhMhIZJP5eZKLB4MUIvtmleU+DmOWf
-jcEcgauMrc9Ihacra+IRJsr4JQjQSDHoEgl/yR6VUd9vbGH66ElIg9nP7XWAE6h5
-DTAxA8X1qyUOVGsKAps2uhBwNtl8RdX6GrZahkSOUMOq3H4wyEEPQlpU2AewZqOU
-p0vdbQ/is6cbJh6dgxFrSzBti/MKj/EPM6yJwlO+RfGlJmEI7J7bLEYIeNssLnv6
-FGiOgyWQ+gmwVK827F4Jwoght2BCcNsG/oPkAPbdw4yRIyi92QSWMEBKibECypQE
-a1DYvfHWGQLQifGzFuJTOca9vgu2B/BQ+0Ii4DqMS8hc2rw1CAD5zHAT/BIgAKM6
-ygL5Oyvrj8AQLgOkjhFh0HFKneh4j7wBtibpmDnBoSv227PAtdytCoRgivjhmF5B
-Ryx7BswcTEtZHWHxD/i2wlMEGNqGbcRmCCy9hhCxitAz70aq3Y/pC46n7w5bOmvJ
-Ap9D+WmTJ9PdpDjiwCXCkMD3QaTuUV1W3Zr4mLLj6gRLb6ycgDrsqXnY6/JB/AOd
-gxFK9q1vjhm02FAABIa+kL10CKPuRdlE/GsWl03WKMeT5bY3MTO3odsNXhKWA19h
-wUAp0gnljuFHPX7jWwruZ1eD8mQv
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
--- /dev/null
+{{- define "so.certificate.container_importer" -}}
+- name: {{ include "common.name" . }}-certs-importer
+ image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - "/bin/sh"
+ args:
+ - "-c"
+ - "update-ca-certificates --fresh && \
+ cp -r {{ .Values.global.certificates.path }}/* /certificates"
+ volumeMounts:
+ - name: {{ include "common.name" . }}-certificates
+ mountPath: /certificates
+ - name: {{ include "common.name" . }}-onap-certificates
+ mountPath: {{ .Values.global.certificates.share_path }}
+{{- end -}}
+
+{{- define "so.certificate.volume-mounts" -}}
+- name: {{ include "common.name" . }}-certificates
+ mountPath: {{ .Values.global.certificates.path }}
+- name: {{ include "common.name" . }}-onap-certificates
+ mountPath: {{ .Values.global.certificates.share_path }}
+{{- end -}}
+
+{{- define "so.certificate.volumes" -}}
+- name: {{ include "common.name" . }}-certificates
+ emptyDir:
+ medium: Memory
+- name: {{ include "common.name" . }}-onap-certificates
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }}
+{{- end -}}
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
- - command:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/job_complete.py
args:
- --job-name
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
# Copyright © 2020 Samsung Electronics
+# Modifications Copyright © 2020 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secretFast" . }}
+{{ include "common.secret" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ soBaseImage: onap/so/base-image:1.0
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
certs:
trustStorePassword: b25hcDRzbw==
keyStorePassword: c280b25hcA==
+ certificates:
+ path: /etc/ssl/certs
+ share_path: /usr/local/share/ca-certificates/
#################################################################
# Secrets metaconfig
login: '{{ .Values.dbCreds.adminName }}'
password: '{{ .Values.dbCreds.adminPassword }}'
passwordPolicy: generate
+ - uid: "so-onap-certs"
+ name: &so-certs '{{ include "common.release" . }}-so-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certificates/onap-ca.crt
+ - resources/config/certificates/msb-ca.crt
#################################################################
# Application configuration defaults.
adminName: so_admin
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.5.3
+image: onap/so/api-handler-infra:1.6.0
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
+persistence:
+ certificatesPath: /certificates
resources:
small:
limits:
logstashServiceName: log-ls
logstashPort: 5044
-
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
# --set so.global.mariadbGalera.localCluster=true \
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
so-bpmn-infra:
+ certSecret: *so-certs
db:
<<: *dbSecrets
cds:
auth: Basic dm5mbTpwYXNzd29yZDEk
so-catalog-db-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
mso:
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
+so-monitoring:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+
so-openstack-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
aaf:
auth: Basic YnBlbDpwYXNzd29yZDEk
so-request-db-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
mso:
auth: Basic YnBlbDpwYXNzd29yZDEk
so-sdc-controller:
+ certSecret: *so-certs
db:
<<: *dbSecrets
aai:
asdc-connections:
asdc-controller1:
password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+
so-sdnc-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
org:
rest:
aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+so-ve-vnfm-adapter:
+ certSecret: *so-certs
+
so-vfc-adapter:
+ certSecret: *so-certs
db:
<<: *dbSecrets
mso:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-vnfm-adapter:
+ certSecret: *so-certs
aaf:
auth:
username: so@so.onap.org
apiEnforcement: org.onap.so.vnfmAdapterPerm
noAuthn: /manage/health
-so-monitoring:
- db:
- <<: *dbSecrets
-
so-mariadb:
db:
rootPasswordExternalSecretLocalDb: *dbRootPassSecretName