+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VNFM | No | Yes? | Yes | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| VID | No | Yes | No | kubernetes/vid/resources/cert |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | OOF/OOF-CMSO | Yes | No | No | kubernetes/oof/charts/oof-cmso/resources/certs |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | OOF/OOF-HAS | Yes | No | No | kubernetes/oof/charts/oof-has/resources/config |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
-Subproject commit ab137ca81f5d4f9eb3d442f37f8e7ea52d7757f0
+Subproject commit eb70b3f12b30d4d7ea010723707db8c3e2ef2354
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-cdt-image:1.7.0
+image: onap/appc-cdt-image:1.7.1
pullPolicy: Always
# application configuration
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
cadi_keyfile=/opt/onap/appc/data/stores/org.onap.appc.keyfile
cadi_keystore=/opt/onap/appc/data/stores/org.onap.appc.p12
-cadi_keystore_password=enc:tQTHVtbdCuzqrQY1TBRt9SkFL9tCY3OzwbsfaVyAa2dOfZlI0krFOJSBnkm1WdGr
+cadi_keystore_password=enc:j5wAY4JjI6Gg8KbPRT3CK55kCaBZcrSq9XMe0vU2Hj3_TWfhln414p_og8-0u4EV
#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
cadi_alias=appc@appc.onap.org
cadi_truststore=/opt/onap/appc/data/stores/truststoreONAPall.jks
-cadi_truststore_password=enc:O3Vtv5e77OQWJ_OiLC9Atj3ngyYfulRK519JYFmbKl7
+cadi_truststore_password=enc:9WJ6CRlrFmHiQrFlckhHybFXOwPW3tRetofp3AZ5nyt
##
## org.osaaf.location.props
--- /dev/null
+EVYIj42lKzRyMicebf8OOUa9CVwvaKie3N7fTGeDT-GjiR6M6AHQCwBD9Bj95VxgVWOyXGAYy7eT
+SSfnkVBgcdZWXlRL7HSUocs52DneRTGYcYGIBGz24O6EpmeZQyWluCKBcVCALKClPzqBNsHa2W06
+XwAccZzYPkDV-taGqF5kP10RiYvKe5YoZEQYBfauS3lDqf47AP-Dh1wLUIpvTSAUfBgDW9FBx9Ay
+8Wy2geTuAXcPduBtTGIj3law-5ePDFRqwVVkXmSaEmEn34NvJ4z6Ww7VHqzqBxKAvLErV-KCEHEa
+L3L1CCqNCXjUUa_D8CReDA-LPAG_v0yrjQxrdqzcYJ76Q0uIlNmEi_85AlAUXx6KGC03TqaGqICW
+nNs4ouxM6U4ekiDi9qbFh7RlTEXw6bHhJPCq-G5ID-crWDHSarQ3IUR5qOmgIFIxpkPksBSGmUI4
+OIScgb2TtqG94EAZ3qu3PmzVlJrxbHYHVFlNLEecu7tGtiQJTLUHpJ0Z8O2GOc8bBz6o6NBT72Pv
+i068VkLyUyrSNnVo9rNVFWAc3HREFi85KszBdk58kPTr2AQFH9iK2hmrXTdnPMjhmQgRh4xiAn4J
+v5Gsb4DL2si3ZjD2E36Fy5XlPhyFFc8gdB6-v-Et1XJTU6mwV5DgKgg5o3WdHTuHZjYgWmcATZiQ
+yLOQ6ZdjTF_004yOSkUzHbArOEmS6LIPTuLibvN6CY1Q0u_ucl5iaIbcwo_sVFisnVXQBHYXblBm
+MgZZFg0n5ugL-bdUSdJtU7yIU5t79n0aMxnN84QhuREMSvCUioCrBD5c5H22iqbY7UCPO9Yy7lM-
+aPVDRPwHAKEVjYqf4Z4k0Jthn7wqWS2iAKVOEi4R1oniAuuIcM9xoha0-LdRe8hWTV-qXDbtCVDz
+h6Rw3dqtS5mCGBMC0TCrLJzG5n3Ed_4kGl5Emb3SXHWNqI_BuIalU4uot7seCv464E3QWQgAkv8w
+wTk_IEWIFZhKJIcy5Brsw7Fz-XWQWkExEU3xKButC9hFXpdszF0y8CYUI6EPt2mPqaxB6zu3s4Bv
+bKrVxFPX97mOeD8TpmxElmF0vpdhJ9Ee8clvBrGtLl1UIP6B80PrAPEZMLNhLV8S-ZJMKL5PTZh0
+_HNpj1EfiXnBz02cbes5Fuq9M8Dk7f16tP8prYzJ1JbnLTNHHcW4Z1quKrN8RIoYw3qzlXuYRm6Y
+8rbuPlZ1wTllIxf00omnonJw8Fx9XzArv_UvqTvAYrv22YliUSl-lcFi8cOK58bmM5rBmkWoFObK
+DsCMicfyPWhKf3DEwg1Y0j0qKppFqtKcSxnIbQ-VPRCrRv2yTjauEW6iNlq3RQKSJqFjUVmSUn2w
+7tYQzeNv0tYgfRtHgSy_CA9q_ANJFFlxDtqtrFTsgrEH4jOlLs2_UN96RNUhVqSu95X5hEukI574
+kQBUMc5gGQvQ2_Xug15O_-cFfhtalI7NBZkGNNPY5K8h7xYZp2aAl-pNPwKHAmrOWAvFwy64A1NT
+_RrZxrtVkj-k3f8Mv_p56yChUpujZ_ZDwLgYKWraqDxyEctpXyMMgjOYRy2CZ6oZfuAygrN5Gw4k
+zMKBDkz_5LO_rYU2RUa2NRDLlh2Y47Gxt90IEw_i8y7nxn7K6y3nApI11tfsiiotYq8DLk6jYh07
+mJg-D8lb0q9JRYmnJcNkIQNVJ06bmJnaJQZ7GXUz9MF8_zuTdm4D8m_Ly2Ai4KFq_lw5CBVrLM5k
+pfJveSw_6_uF5pda_EZoR4bBoWdrFvLNwob3lsdgiIYGTafQx2SFfQiiEB_CwpGuj4_Dv-TkUT2O
+Ui2UWI9Gr-HxSITnvUR0UHStrDb5miXEr8E_Znwc4Db2juh30L57aEtl5N0TYwKI925qLNLHbFg0
+FKEvIt-o7HmvPY6UqajwAtIAdKpxWpWD-hl-eNVNsT4mVzdegIrM2wzzKIcLOvCEEvyWei_E8mIp
+nqYw9LoFrQf3dCh8XeamqYkbPE00E8p1zXPNRow5iz9NQ-BNksp1e-ghqF_xr3L4eh7BkEu2
\ No newline at end of file
# limitations under the License.
{{ include "common.secretFast" . }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-certs
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
- mountPath: /opt/onap/appc/data/org.ops4j.pax.logging.cfg
name: log-config
subPath: org.ops4j.pax.logging.cfg
+ - mountPath: /opt/onap/appc/data/stores/org.onap.appc.p12
+ name: p12-certs
+ subPath: org.onap.appc.p12
+ - mountPath: /opt/onap/appc/data/stores/org.onap.appc.keyfile
+ name: keyfile-certs
+ subPath: org.onap.appc.keyfile
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- mountPath: /usr/share/filebeat/data
name: data-filebeat
volumes:
+ - name: keyfile-certs
+ secret:
+ secretName: {{ include "common.fullname" . }}-certs
+ - name: p12-certs
+ secret:
+ secretName: {{ include "common.fullname" . }}-certs
- name: localtime
hostPath:
path: /etc/localtime
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/appc-image:1.7.0
+image: onap/appc-image:1.7.1
pullPolicy: Always
# flag to enable debugging - application support required
# SDN-C's ODL Restconf Connection Details
blueprintsprocessor.restconfEnabled=true
blueprintsprocessor.restclient.sdncodl.type=basic-auth
-blueprintsprocessor.restclient.sdncodl.url=http://sdnc:8282/
+blueprintsprocessor.restclient.sdncodl.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}/
blueprintsprocessor.restclient.sdncodl.username=admin
blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
blueprintsprocessor.grpcclient.py-executor.type=tls-auth
# Config Data REST client settings
blueprintsprocessor.restclient.sdnc.type=basic-auth
-blueprintsprocessor.restclient.sdnc.url=http://sdnc:8282
+blueprintsprocessor.restclient.sdnc.url=http://{{ .Values.global.sdncOamService }}:{{ .Values.global.sdncOamPort }}
blueprintsprocessor.restclient.sdnc.username=admin
blueprintsprocessor.restclient.sdnc.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
# envsusbt
envsubstImage: dibi/envsubst
+ #This configuration specifies Service and port for SDNC OAM interface
+ sdncOamService: sdnc-oam
+ sdncOamPort: 8282
+
#################################################################
# Secrets metaconfig
#################################################################
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-blueprintsprocessor:0.6.3
+image: onap/ccsdk-blueprintsprocessor:0.7.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-commandexecutor:0.6.3
+image: onap/ccsdk-commandexecutor:0.7.1
pullPolicy: Always
# application configuration
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-sdclistener:0.6.3
+image: onap/ccsdk-sdclistener:0.7.1
name: sdc-listener
pullPolicy: Always
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-cds-ui-server:0.6.3
+image: onap/ccsdk-cds-ui-server:0.7.1
pullPolicy: Always
# application configuration
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.2
+image: onap/clamp-backend:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.2
+image: onap/clamp-frontend:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
{{/*
Give the root folder for ONAP when using host pathes
+
+ The function takes up to two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .subPath: the sub path to use, default to
+ ".Values.persistence.mountSubPath"
+
+ Example calls:
+ {{ include "common.storageClass" . }}
+ {{ include "common.storageClass" (dict "dot" . "subPath" "my-awesome-subPath") }}
*/}}
{{- define "common.persistencePath" -}}
-{{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
+{{- $dot := default . .dot -}}
+{{- $subPath := default $dot.Values.persistence.mountSubPath .subPath -}}
+{{ $dot.Values.global.persistence.mountPath | default $dot.Values.persistence.mountPath }}/{{ include "common.release" $dot }}/{{ $subPath }}
{{- end -}}
{{/*
The value "common.fullname"-data is used by default,
unless either override mechanism is used.
- - .Values.global.persistence.storageClass : override default storageClass for all charts
- - .Values.persistence.storageClassOverride : override global and default storage class on a per chart basis
- - .Values.persistence.storageClass : override default storage class on a per chart basis
+ - .Values.global.persistence.storageClass : override default storageClass for
+ all charts
+ - .Values.persistence.storageClassOverride : override global and default
+ storage class on a per chart
+ basis
+ - .Values.persistence.storageClass : override default storage class on
+ per chart basis
+
+ The function takes up to two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix: suffix to name. if not set, default to "data" when no override
+ mechanism is used.
+ - .persistenceInfos: the persitence values to use, default to
+ `.Values.persistence`.
+ Need to be the dict key from `.Values` in string
+ format.
+ let's say you have:
+
+ persistence:
+ logs:
+ enabled: true
+ size: 100Mi
+ accessMode: ReadWriteOnce
+ ...
+
+ then you have to put `.Values.persitence.logs` in
+ order to use it.
+
+
+ Example calls:
+ {{ include "common.storageClass" . }}
+ {{ include "common.storageClass" (dict "dot" . "suffix" "my-awesome-suffix") }}
+ {{ include "common.storageClass" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }}
*/}}
{{- define "common.storageClass" -}}
- {{- if .Values.persistence.storageClassOverride -}}
- {{- if ne "-" .Values.persistence.storageClassOverride -}}
- {{- printf "%s" .Values.persistence.storageClassOverride -}}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "data" .suffix -}}
+{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}}
+ {{- if $persistenceInfos.storageClassOverride -}}
+ {{- if ne "-" $persistenceInfos.storageClassOverride -}}
+ {{- $persistenceInfos.storageClassOverride -}}
{{- else -}}
{{- $storage_class := "" -}}
{{- printf "%q" $storage_class -}}
{{- end -}}
{{- else -}}
- {{- if or .Values.persistence.storageClass .Values.global.persistence.storageClass }}
- {{- if ne "-" (default .Values.persistence.storageClass .Values.global.persistence.storageClass) -}}
- {{- printf "%s" (default .Values.persistence.storageClass .Values.global.persistence.storageClass) -}}
+ {{- if or $persistenceInfos.storageClass $dot.Values.global.persistence.storageClass }}
+ {{- if ne "-" (default $persistenceInfos.storageClass $dot.Values.global.persistence.storageClass) -}}
+ {{- default $persistenceInfos.storageClass $dot.Values.global.persistence.storageClass -}}
{{- else -}}
{{- $storage_class := "" -}}
{{- printf "%q" $storage_class -}}
{{- end -}}
{{- else -}}
- {{- printf "%s-data" (include "common.fullname" .) -}}
+ {{- printf "%s-%s" (include "common.fullname" $dot) $suffix -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Generate a PV
+
+ The function takes up to three arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix: suffix to name. if not set, default to "data".
+ - .persistenceInfos: the persitence values to use, default to
+ `.Values.persistence`.
+ Need to be the dict key from `.Values` in string
+ format.
+ let's say you have:
+
+ persistence:
+ logs:
+ enabled: true
+ size: 100Mi
+ accessMode: ReadWriteOnce
+ ...
+
+ then you have to put `.Values.persitence.logs` in
+ order to use it.
+
+ Example calls:
+ {{ include "common.PV" . }}
+ {{ include "common.PV" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos".Values.persistenceLog ) }}
+ {{ include "common.PV" (dict "dot" . "subPath" "persistenceInfos" .Values.persistence.log) }}
*/}}
{{- define "common.PV" -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if (include "common.needPV" .) -}}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "data" .suffix -}}
+{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}}
+{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}}
+{{- if and $persistenceInfos.enabled (not $persistenceInfos.existingClaim) -}}
+{{- if (include "common.needPV" $dot) -}}
kind: PersistentVolume
apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels: {{- include "common.labels" . | nindent 4 }}
+metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $suffix "labels" $persistenceInfos.labels) | nindent 2 }}
spec:
capacity:
- storage: {{ .Values.persistence.size }}
+ storage: {{ $persistenceInfos.size }}
accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ - {{ $persistenceInfos.accessMode }}
+ persistentVolumeReclaimPolicy: {{ $persistenceInfos.volumeReclaimPolicy }}
+ storageClassName: "{{ include "common.fullname" $dot }}-{{ $suffix }}"
hostPath:
- path: {{ include "common.persistencePath" . }}
+ path: {{ include "common.persistencePath" (dict "dot" $dot "subPath" $persistenceInfos.mountSubPath) }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Generate N PV for a statefulset
+
+ The function takes up to two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix: suffix to name. if not set, default to "data".
+ - .persistenceInfos: the persitence values to use, default to
+ `.Values.persistence`.
+ Need to be the dict key from `.Values` in string
+ format.
+ let's say you have:
+
+ persistence:
+ logs:
+ enabled: true
+ size: 100Mi
+ accessMode: ReadWriteOnce
+ ...
+
+ then you have to put `.Values.persitence.logs` in
+ order to use it.
+
+ Example calls:
+ {{ include "common.replicaPV" . }}
+ {{ include "common.replicaPV" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }}
+ {{ include "common.replicaPV" (dict dot" . "subPath" "persistenceInfos" .Values.persistence.log) }}
*/}}
{{- define "common.replicaPV" -}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "data" .suffix -}}
+{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}}
+{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}}
+{{- if and $persistenceInfos.enabled (not $persistenceInfos.existingClaim) -}}
+{{- if (include "common.needPV" $dot) -}}
+{{/* TODO: see if we can use "common.PV" after branching F release */}}
+{{- range $i := until (int $dot.Values.replicaCount) }}
+{{- $range_suffix := printf "%s-%d" $metadata_suffix $i }}
---
kind: PersistentVolume
apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{$i}}
- namespace: {{ include "common.namespace" $global }}
- labels: {{- include "common.labels" $global | nindent 4 }}
+metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $range_suffix "labels" $persistenceInfos.labels) | nindent 2 }}
spec:
capacity:
- storage: {{ $global.Values.persistence.size}}
+ storage: {{ $persistenceInfos.size }}
accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
+ - {{ $persistenceInfos.accessMode }}
+ persistentVolumeReclaimPolicy: {{ $persistenceInfos.volumeReclaimPolicy }}
+ storageClassName: "{{ include "common.fullname" $dot }}-{{ $suffix }}"
hostPath:
- path: {{ include "common.persistencePath" $global }}-{{$i}}
+ path: {{ include "common.persistencePath" (dict "dot" $dot "subPath" $persistenceInfos.mountSubPath) }}-{{ $i }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Generate a PVC
+
+ The function takes up to two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix: suffix to name. if not set, default to "data".
+ - .persistenceInfos: the persitence values to use, default to
+ `.Values.persistence`.
+ Need to be the dict key from `.Values` in string
+ format.
+ let's say you have:
+
+ persistence:
+ logs:
+ enabled: true
+ size: 100Mi
+ accessMode: ReadWriteOnce
+ ...
+
+ then you have to put `.Values.persitence.logs` in
+ order to use it.
+
+ Example calls:
+ {{ include "common.PVC" . }}
+ {{ include "common.PVC" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }}
+ {{ include "common.PVC" (dict dot" . "subPath" "persistenceInfos" .Values.persistence.log) }}
*/}}
{{- define "common.PVC" -}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- $dot := default . .dot -}}
+{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}}
+{{- $suffix := default "data" .suffix -}}
+{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}}
+{{- if and $persistenceInfos.enabled (not $persistenceInfos.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
+{{ include "common.PVCTemplate" (dict "dot" $dot "suffix" $suffix "persistenceInfos" $persistenceInfos) }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Generate a PVC template for a statefulset
+
+ The function takes up to two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix: suffix to name. if not set, default to "data".
+ - .persistenceInfos: the persitence values to use, default to
+ `.Values.persistence`.
+ Need to be the dict key from `.Values` in string
+ format.
+ let's say you have:
+
+ persistence:
+ logs:
+ enabled: true
+ size: 100Mi
+ accessMode: ReadWriteOnce
+ ...
+
+ then you have to put `.Values.persitence.logs` in
+ order to use it.
+
+ Example calls:
+ {{ include "common.PVCTemplate" . }}
+ {{ include "common.PVCTemplate" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }}
+ {{ include "common.PVCTemplate" (dict dot" . "subPath" "persistenceInfos" .Values.persistence.log) }}
+*/}}
+{{- define "common.PVCTemplate" -}}
+{{- $dot := default . .dot -}}
+{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}}
+{{- $suffix := default "data" .suffix -}}
+{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}}
+metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $metadata_suffix "annotations" $persistenceInfos.annotations) | nindent 2 }}
spec:
accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
+ - {{ $persistenceInfos.accessMode }}
+ storageClassName: {{ include "common.storageClass" (dict "dot" $dot "suffix" $suffix "persistenceInfos" $persistenceInfos ) }}
resources:
requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
+ storage: {{ $persistenceInfos.size }}
{{- end -}}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/ccsdk-dgbuilder-image:0.6.3
+image: onap/ccsdk-dgbuilder-image:0.7.2
pullPolicy: Always
# flag to enable debugging - application support required
"dmaap": {
"username": "notused",
"password": "doesnotmatter",
- "owner": "dcaecm",
- "protocol": "http"
- }
+ "owner": "dcaecm"
+ }
}
\ No newline at end of file
"timeout_in_secs": 60
},
"dmaap_mr" : {
- "url" : "https://message-router:3904/events/unauthenticated.POLICY-NOTIFICATION/policy-handler/ph1",
+ "url" : "https://message-router:3905/events/POLICY-NOTIFICATION/policy-handler/ph1",
"query": {
"timeout": 15000
},
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.5
+image: onap/dmaap/datarouter-node:2.1.6
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.5
+image: onap/dmaap/datarouter-prov:2.1.6
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+{{ if .Values.global.aafEnabled }}
+{{/*
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.aafConfig.addconfig -}}
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
release: {{ include "common.release" . }}
name: {{ include "common.fullname" . }}
spec:
+{{- if .Values.global.aafEnabled }}
+ initContainers: {{ include "common.aaf-config" . | nindent 6 }}
+{{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - bash
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0)
+ export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
+ -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \
+ -Dserver.ssl.key-store-type=PKCS12 \
+ -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \
+ -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \
+ -Djavax.net.ssl.trustStoreType=jks\
+ -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
+ {{- if eq "DEBUG" .Values.config.loglevel }}
+ export JAVA_DEBUG="-Djavax.net.debug=all"
+ {{- end }}
+ exec java -XX:+UseContainerSupport $JAVA_DEBUG $JAVA_OPTS -jar /opt/onap/app.jar
+ {{- end }}
{{ if .Values.liveness.enabled }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ scheme: HTTPS
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ scheme: HTTPS
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ONAP_CLOUDOWNER
value: {{ .Values.config.cloudOwner }}
- name: NBI_URL
- value: "http://nbi.{{ include "common.namespace" . }}:8080/nbi/api/v4"
+ value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4"
- name: SDC_HOST
value: "https://sdc-be.{{ include "common.namespace" . }}:8443"
- name: SDC_HEADER_ECOMPINSTANCEID
value: {{ .Values.so_authorization }}
{{- end }}
- name: DMAAP_HOST
- value: "https://message-router.{{ include "common.namespace" . }}:3905"
+ value: "http://message-router.{{ include "common.namespace" . }}:3904"
- name: LOGGING_LEVEL_ORG_ONAP_NBI
value: {{ .Values.config.loglevel }}
- name: MSB_ENABLED
value: "msb-discovery.{{ include "common.namespace" . }}"
- name: MSB_DISCOVERY_PORT
value: "10081"
- volumeMounts:
+ volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
# name: esr-server-logs
# - mountPath: /usr/share/filebeat/data
# name: esr-server-filebeat
- volumes:
+ volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ aafEnabled: true
+ busyBoxImage: busybox:1.30
+ busyBoxRepository: docker.io
+
+#################################################################
+# AAF part
+#################################################################
+aafConfig:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: nbi
+ fqi: nbi@nbi.onap.org
+ public_fqdn: nbi.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds
+
#################################################################
# Secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
password: '{{ .Values.config.db.userPassword }}'
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:6.0.0
+image: onap/externalapi/nbi:6.0.1
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
# probe configuration parameters
liveness:
- httpGet:
- path: /nbi/api/v4/status
- port: 8080
+ path: /nbi/api/v4/status
+ port: 8443
initialDelaySeconds: 180
periodSeconds: 30
# necessary to disable liveness probe when setting breakpoints
enabled: true
readiness:
- httpGet:
- path: /nbi/api/v4/status
- port: 8080
+ path: /nbi/api/v4/status
+ port: 8443
initialDelaySeconds: 185
periodSeconds: 30
portName: api
name: nbi
nodePort: 74
- internalPort: 8080
+ internalPort: 8443
ingress:
enabled: false
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
- name: db-init
image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-optimizer:2.1.1
+image: onap/optf-cmso-optimizer:2.2.0
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.1.1
+ image: onap/optf-cmso-dbinit:2.2.0
# flag to enable debugging - application support required
debugEnabled: false
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
- name: db-init
image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-service:2.1.1
-robotimage: onap/optf-cmso-robot:2.1.1
+image: onap/optf-cmso-service:2.2.0
+robotimage: onap/optf-cmso-robot:2.2.0
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.1.1
+ image: onap/optf-cmso-dbinit:2.2.0
# flag to enable debugging - application support required
debugEnabled: false
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
authentication: proprietary-auth
-
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-ticketmgt:2.1.1
+image: onap/optf-cmso-ticketmgt:2.2.0
pullPolicy: Always
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-chown
+ command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-cmso-topology:2.1.1
+image: onap/optf-cmso-topology:2.2.0
pullPolicy: Always
-liD-IR8Y1MHqPDTUqq3AaTtqnWn5jCpfIRBlyi6xY4A0fbQz8ZPlTZPHkshRt0dHdST3R7TIvTyQ
-JpTCeBNBu2df3vBbUzsN0rIpPG9TGjzmE7cRu4V4kfefSqsIj-S7OTAaWaWpwGWJYLLCB2sQALkS
-f68VWdupUEw3g9jqCU1QzjKOnLGvhlp6Qrc1xG4Z5Ar8WERw-C3DqTWUKANoEvjWkvH2rAywzj93
-pmspvd5fQfH1rp1ACNvnPrRb_oYNfwPrNpE7Sb4LvM1muoiKMDF64IDO0TkxhjHZ9wpJgVsnowby
-qmokqf39dMRRk3S1IEpOiBGyLS_885JDj_XJKYRQsjvkTzjpFJ7wE2-HDZEVWCITvtS9-Xorm5TI
-3iU4rjMDew5fkBnjoKuSOS7Lksva4ouZOCiUkDos1jAJ5XMDEQm4BcPHtcW6PpC602-qRcgnNjjP
-wOPdF7hCm27ZTai3lAtNGByR7oBr9r5Uma-soORFvg8drV8Rgh0lax-poFVhoEH7RhKPIzYpSco9
-jnpURzi_epTjAhjjup-erTv2GAIllKsSEHZLbfsFWlNUZTOx58PSB0jBN5m_8HxTyNm0zsm0Cb7U
-KsjPduQ5ZblsfRIJwqpOBXoof7WerKReMZSOdgjZUNueiuEImVH9_SYOdKZhkluSi4yfEtme7CCP
-kZ2JhdiT5km3SeonalhU2MUsx60krxyQ1mnjI4jS9QagUME4mujdvM_L7mtjcPZVSfXUn49whakE
-J-NQV6q2iZgN2IxsT_uCnlZYwnE5i-IbQkQAEu13m6ETsMmf0cwPnKaSwRhb8G48EkJhTL-GP9Z0
--EsIKT7lQt7kfX-mmNoEirTg9gQAaN3uxLmdHvXpeJdlETnnaLYYJJ3h-SL0e_5Yz2SpdsEwZ3Bk
-PtR-QvlYKDhG1nhPOna65ctCzn81PZOUP3lsO6MSTOK6D6Taxfh1TYEBAvzCP0BfFBodw4lSglFP
-I5IfdiJmomTGARa36nC_O5YzH_jBWLQrgd2gxI5H5bB-5zqzu79SGX9o2_LRVY_LVV0BmI3xSYOI
-vziYYC1XyTY6blfdiOM5a5KjraErxSTEFZVFrsx4OQ_dLA0woVtixawrIy1rgfQr49U1oIRe8BgN
-j3eis_UQAbPbmdbEe1qtXnvi6T7trHskzt6K-vTgo5ITJkr-F2Sds_QgNdaFBGuES6X5RwRGlbHT
-Tl_M8Ja_1K-RMNKJRssoRTKstpwnrhk9IcoSwYcLykbDLgeC0mhSMHOOuWv1RGRaZdzObc5YA1eB
-idQmzy5xAHzNxPHHrB-fpjFJRYv_QZY9qZcGvP58d6bHO0upxbj-BBt9zfc7Qt0JLU6EAdYbW5TI
-2v4JImikrx6KvtoK8vcjJMTDAanTVB31J65tat0rq9wYKxUdjBJLzkT3psYs_DRtYQc0i02YTD7t
-dWya0-3p1Yrt0em3XGb8JAh2PA3BsQKmvKAOc054wf_B8n8saxSFw1WQL30vU5c4-Z_p53HfaUYd
-Qg7DZskzgwBRy48sLJNCrn81RtxXfQP1XtPEZs-AAlTUslHoUdoQ1cwrYEgkNT1cjk6sLI_oKSK-
-dDICBnlYLrZRBS3sH8K38WaIh1WRY6vbGVDs1tUectUpng_-Khavd0Crw7D_CE6T7Rnfcn0pnTV-
-HW1PIXejFsONQn-2c3a9HZ-v6Hg4JL6UWm-qgBPC5118ymO0LfmrviAFAC6Wt3WFiNzrvx9Jggus
-lE0qvLVfkQVZXAy-hSPHlYZmtxk5voVsf60qPoDN2-NdpWz62M9PrXd_A03YGxzt0G6J4VXExRES
-xqLeGNGB496AfX_vEub97sR8xcbbUXsyt12uVnygifGyND60coikaKrMktv2OLOLEl8AudLp0ZNA
-oOoYJZqfUnQqaLt0dNmNa5OtzYjf7f6bYX0V8XLTHlFqZ6QzqYGFMPNhDYjqtet6d--Q8t7_5S5C
-RfXP8Wh8CjbEh2_rsr9rvy1nhM_Cptxc0BFXcS5Dt_R4vjd2G4B_LEC4Hy1s_rZThzUVxRCl
\ No newline at end of file
+dX1X5XcwStbiOmKV2k-px6nukVP3Ucg3mB6Rx3IyAyAQOZx8nU-TBK9kOV635VI5559pLF6z7jGR
+BcBfEgQtiO93vGKsSfkiVjorFz5UDqqXvoW6kFz4yQHBYR8cfFIRQ4L6mitfrs6gsM0d7CBqBz29
+I5lyzeSzmaPmJDP92jw--y3cvGRYYNLGvl3U3IIeCFX9IkDY29OZazaQaihAZx2trjLZKEeuzLN1
+6JQGbKEqCCRzZ46TXnH1DKRPxxV2aNzb_3I8402XUmlGBPf0Ucyj2wlBWrSApVVaxKKIEgIjf7vs
+x2fEMD-ye--2MkalDZ6Tm_x75GFKiia7Uc2fBBb4xHGZZEmKTh4php1Gu3v1bVY8hjXXVTpF-WXm
+cm9T4uczm_CgnKE4PtqLnYQg87LI8ONbWIE5jkgu1D4lhWkzO8nMrQlnFT0HlB-CRGu_xRsIWvnc
+bTA8K4iKJMHm7IhRfrBFNRBSq8AH_9LoUfTQ62C-Nt8g6Wu7ox6fO_dus1S9H9ndNzos31IVrn1h
+5QHxuBCUORISWjGoEQSM6spz3pyvbNMgKpkkg2izwXzDwc3RbqOgiSY8WtpKXuWceU-Ltl_npFpO
+O1suykGF6fnuql87ERJ7mcEiNd8L2_GuxTr-0YbbWgCK2IBDyfNc6ayTcjN0huoF72umE0ODQ0aK
+0HUAWAV4W6cWXEj7iOpMx1jkDURbWEdPetlz-LZKv7aN3s65Cl4Nib7ltWrs9ilP5J-KUKTkUPpM
+poBWXVZf4IjNx3H2KFzdLeGSXO3kG46tQDeeloFuY2yk1FWeyS9xLS60H2komdIW6qRVVBzeJHRN
+7dYMK5AhAgOghhe5XBhH1yHVdjLJuOMXPRrXe8dTyNU6fD1rHuvGukwSLW9lXsQkJBENfsIxY-At
+-j6Gm54G_Dz5k7tu7ThpCREVxNoBDMOBC_RemS0P-pqHSEpxEc0OjLQbVSPBQRa3eaRiqLMz_dop
+FGJt56UE73Qn0HWQw16lSdKSDtuSlByEwbQ8fRFN6e2f6DCHwW81kPpfJBcoPgO4RcoazNfbLXGI
+c3q9SSpOy6r33lPT8ZigURWiNqgO2NgWswAhaN1lllbXooQxhmTnokTxi8lbQ45ZMI0n5TKFJVAB
+TtEpi4VESECsda-Rlt2w-SE9QMSSxbdYcoMutupHoj2EuRcEDAW9ghLcfBqBkGapS_Vk-E7VYBqT
+mCzuKx5WdvNj9RFCIHq7U6axpddRd7XGgKhQwyLo075DLlpULcXjHegh2Dv_U-CgwMc7J4NfCNYL
+atLIkKAhxiaHt7nkhSVKsJK89-7_NQd-OubYnUNMREoEBJautCFfyiL5fooEb2Vdu1S-27fAYk3f
+9Zv4j_lwldSGBkNZg8vKGsSLgl9acdXld_zyUI9iGe-cj5eibI7LLpaxRL9UyBJWvElyDdTQvTZL
+DdpWmy3QF9GUGx0AwZixPixXdIHmmu2yOu1kFqNAjHqfVfoyNETlGrQRM5IPQ6RmBhWC3Iv5mSNA
+FZ0J95bvy9_HS718wAhlEiw4B6FGnTR8KZozfOtr2ihh8QybBgvvJrs-68RIB56gWyavbn-aAnXi
+zTI1YYCVzBDVv4XPzqK4itVl5gPb3KCHPUSlrVhkPLXAUix3b4-nu4pk8veAE1CYZCIy_GqPNUOT
+LqLl4-WMHodF7SLNzvPSqgolCC1TjnuO1ysOHlK86W7nZPyrpnideiLbGs6G51cG0pIcDIyWNm6d
+9TXQTiRx87cZxRxEEFz57ftjqy3qhg_sw2ziFWOeItEO6OaOgwfH2OtMToeBWiJepyfG1eB4n7jH
+OsTQLSvCt2gHI1zXyCtYBZKeZI2dxO6cOdh5ljIuS0rABHe1BP2ZkKmJIXoEPFstJlAz4GPaghL4
+8rCndhdyoW7CayzBAAe5balYq63qjqUD_eOIp-pHcEe0Mfbmzu4CDSK8-40Qia6ApskFsRCkzu1V
+Pf1fH6-3rvQZFqt6irr_7HWUFhGRcXw9kBOy8h24nTawv-L6eydW5iX0pwRMz_QfHo_Krm6O
\ No newline at end of file
keystoreFile: "org.onap.oof.jks"
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- keystorePassword: N{$tSp*U)RQzjqE;)%4z;Pv[
+ keystorePassword: OA7*y0PEGTma?$be2z#0$:L]
truststorePassword:
authentication: aaf-auth
+ busyBoxImage: busybox:1.30
+ busyBoxRepository: docker.io
flavor: small
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
"databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}",
- "databaseUser": "{{ .Values.global.mariadb.config.userName }}",
- "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}",
+ "databaseUser": "${SQL_USER}",
+ "databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
},
"topicParameterGroup": {
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+
+ - command:
+ - sh
+ args:
+ - -c
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: papconfig
+ - mountPath: /config
+ name: papconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: localtime
readOnly: true
- mountPath: /opt/app/policy/pap/etc/mounted
- name: papconfig
+ name: papconfig-processed
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: papconfig-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
#################################################################
global:
persistence: {}
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
# application configuration
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
"implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl",
"databaseDriver": "org.mariadb.jdbc.Driver",
"databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin",
- "databaseUser": "{{ .Values.global.mariadb.config.userName }}",
- "databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}",
+ "databaseUser": "${SQL_USER}",
+ "databasePassword": "${SQL_PASSWORD_BASE64}",
"persistenceUnit": "PolicyMariaDb"
},
"preloadPolicyTypes": [
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+
+ - command:
+ - sh
+ args:
+ - -c
+ - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: apiconfig
+ - mountPath: /config
+ name: apiconfig-processed
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
name: localtime
readOnly: true
- mountPath: /opt/app/policy/api/etc/mounted
- name: apiconfig
+ name: apiconfig-processed
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
configMap:
name: {{ include "common.fullname" . }}-configmap
defaultMode: 0755
+ - name: apiconfig-processed
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
global:
nodePortPrefix: 304
persistence: {}
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
debugEnabled: false
# application configuration
+db:
+ user: policy_user
+ password: policy_user
# default number of instances
replicaCount: 1
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-dmaap-listener-image:1.7.6
+image: onap/sdnc-dmaap-listener-image:1.8.0
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ansible-server-image:1.7.6
+image: onap/sdnc-ansible-server-image:1.8.0
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.7.6
+image: onap/admportal-sdnc-image:1.8.0
config:
dbFabricDB: mysql
dbFabricUser: admin
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdnc-ueb-listener-image:1.7.6
+image: onap/sdnc-ueb-listener-image:1.8.0
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
# SDNC
# ================================================================================
+# Copyright © 2020 Samsung Electronics
# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
if $SDNC_AAF_ENABLED; then
- export SDNC_STORE_DIR=/opt/app/osaaf/local
- export SDNC_CONFIG_DIR=/opt/app/osaaf/local
+ export SDNC_AAF_STORE_DIR=/opt/app/osaaf/local
+ export SDNC_AAF_CONFIG_DIR=/opt/app/osaaf/local
export SDNC_KEYPASS=`cat /opt/app/osaaf/local/.pass`
export SDNC_KEYSTORE=org.onap.sdnc.p12
sed -i '/cadi_prop_files/d' $ODL_HOME/etc/system.properties
- echo "cadi_prop_files=$SDNC_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
+ echo "cadi_prop_files=$SDNC_AAF_CONFIG_DIR/org.onap.sdnc.props" >> $ODL_HOME/etc/system.properties
sed -i '/org.ops4j.pax.web.ssl.keystore/d' $ODL_HOME/etc/custom.properties
sed -i '/org.ops4j.pax.web.ssl.password/d' $ODL_HOME/etc/custom.properties
sed -i '/org.ops4j.pax.web.ssl.keypassword/d' $ODL_HOME/etc/custom.properties
- echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+ echo org.ops4j.pax.web.ssl.keystore=$SDNC_AAF_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
fi
{{/*
+# Copyright © 2020 Samsung Electronics
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
- mountPath: {{ .Values.config.binDir }}/installSdncDb.sh
name: bin
subPath: installSdncDb.sh
+ - mountPath: {{ .Values.config.ccsdkConfigDir }}/aaiclient.properties
+ name: properties
+ subPath: aaiclient.properties
- mountPath: {{ .Values.config.configDir }}/aaiclient.properties
name: properties
subPath: aaiclient.properties
+# Copyright © 2020 Samsung Electronics
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# application images
repository: nexus3.onap.org:10001
pullPolicy: Always
-image: onap/sdnc-image:1.7.6
+image: onap/sdnc-image:1.8.0
# flag to enable debugging - application support required
peerODLCluster: 127.0.0.1
isPrimaryCluster: true
configDir: /opt/onap/sdnc/data/properties
+ ccsdkConfigDir: /opt/onap/ccsdk/data/properties
dmaapTopic: SUCCESS
dmaapPort: 3904
logstashServiceName: log-ls
environment: TEST
sdnc:
auth: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
- host: http://sdnc.{{ include "common.namespace" . }}:8282
+ host: http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}
path: /restconf/operations/GENERIC-RESOURCE-API
si:
svc:
readinessImage: readiness-check:2.0.2
persistence:
mountPath: /dockerdata-nfs
+ #This configuration specifies Service and port for SDNC OAM interface
+ sdncOamService: sdnc-oam
+ sdncOamPort: 8282
#################################################################
# Secrets metaconfig
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
sdncconnecttime: 5000
- sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:'
- sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:'
- sdncurl12: 'http://sdnc.{{ include "common.namespace" . }}:8282/'
- sdncurl13: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/opticalservice:'
- sdncurl5: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config'
- sdncurl6: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:'
- sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:'
- sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:'
- sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation'
- sdncurl20: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/LCM:'
+ sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:'
+ sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:'
+ sdncurl12: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/'
+ sdncurl13: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/opticalservice:'
+ sdncurl5: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/config'
+ sdncurl6: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNF-API:'
+ sdncurl7: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/L3UCPE-API:'
+ sdncurl8: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NBNC-API:'
+ sdncurl9: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NORTHBOUND-API:service-topology-operation'
+ sdncurl20: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/LCM:'
service:
infra:
service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
readinessImage: readiness-check:2.0.2
persistence:
mountPath: /dockerdata-nfs
+ #This configuration specifies Service and port for SDNC OAM interface
+ sdncOamService: sdnc-oam
+ sdncOamPort: 8282
#################################################################
# Secrets metaconfig
trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.release" . }}-so-truststore-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
env:
- name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
+ value: {{ .Values.global.client.certs.truststore }}
- name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name}}-so-client-certs-secret
key: trustStorePassword
+ {{ if eq .Values.global.security.aaf.enabled true }}
- name: KEYSTORE
- value: /app/org.onap.so.jks
+ value: {{ .Values.global.client.certs.keystore }}
- name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: config
mountPath: /app/config
readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readonly: true
livenessProbe:
tcpSocket:
port: {{ index .Values.livenessProbe.port }}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+aai:
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
server:
port: {{ index .Values.containerPort }}
tomcat:
localCluster: false
persistence:
mountPath: /dockerdata-nfs
+ #This configuration specifies Service and port for SDNC OAM interface
+ sdncOamService: sdnc-oam
+ sdncOamPort: 8282
#This configuration will run the migration. The configurations are for backing up the data
#from DB and then restoring it to the present versions preferred DB.
migration:
defaultCloudOwner: onap
cadi:
cadiLoglevel: DEBUG
- cadiKeyFile: /app/org.onap.so.keyfile
- cadiTrustStore: /app/org.onap.so.trust.jks
+ cadiKeyFile: /app/client/org.onap.so.keyfile
+ cadiTrustStore: /app/client/org.onap.so.trust.jks
cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
cadiLatitude: 38.4329
cadiLongitude: -90.43248
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
client:
certs:
- trustStorePassword: b25hcDRzbw==
+ truststore: /app/client/org.onap.so.trust.jks
+ keystore: /app/client/org.onap.so.jks
+ trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
keyStorePassword: c280b25hcA==
certificates:
path: /etc/ssl/certs
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.3.2
+image: onap/vnfsdk/refrepo:1.5.1
postgresRepository: crunchydata
postgresImage: crunchy-postgres:centos7-10.3-1.8.2
pullPolicy: Always