--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2018 Amdocs, Bell Canada
+
+.. Links
+.. _hardcoded-certiticates-label:
+
+ONAP Hardcoded certificates
+###########################
+
+ONAP current installation have hardcoded certificates.
+Here's the list of these certificates:
+
+ +----------------------------------------------------------------------------------+
+ | Project | ONAP Certificate | Own Certificate | Path |
+ +============+==================+==================+===============================+
+ | VID | No | Yes | kubernetes/vid/resources/cert |
+ +------------+------------------+------------------+-------------------------------+
- :ref:`user-guide-label` - a guide for operators of an ONAP instance
- :ref:`developer-guide-label` - a guide for developers of OOM and ONAP
- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use
+- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation
The :ref:`release-notes-label` for OOM describe the incremental features per release.
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
+ - name: sdc-logs
+ mountPath: /var/lib/jetty/logs
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
+ - name: sdc-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.2
-backendInitImage: onap/sdc-backend-init:1.6.2
+image: onap/sdc-backend:1.6.3
+backendInitImage: onap/sdc-backend-init:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
- name: {{ include "common.fullname" . }}-chef-cache
- mountPath: /root/chef-solo/cache
+ mountPath: /home/sdc/chef-solo/cache
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.2
-cassandraInitImage: onap/sdc-cassandra-init:1.6.2
+image: onap/sdc-cassandra:1.6.3
+cassandraInitImage: onap/sdc-cassandra-init:1.6.3
pullPolicy: Always
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments
+ mountPath: /var/lib/jetty/chef-solo/environments
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.2
+image: onap/dcae-be:1.3.3
pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3.2
+backendInitImage: onap/dcae-tools:v1.3.3
# flag to enable debugging - application support required
debugEnabled: false
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.2
+image: onap/dcae-dt:1.3.3
pullPolicy: IfNotPresent
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.2
+image: onap/dcae-fe:1.3.3
pullPolicy: Always
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3.1
+image: onap/dcae-tosca-app:1.3.3
pullPolicy: Always
# flag to enable debugging - application support required
value: {{ .Values.config.javaOptions }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.2
+image: onap/sdc-frontend:1.6.3
pullPolicy: Always
config:
livenessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
value: {{ .Values.cert.certDir }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.2
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.2
+image: onap/sdc-onboard-backend:1.6.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.1
-configInitImage: onap/workflow-init:1.6.1
+image: onap/workflow-backend:1.6.2
+configInitImage: onap/workflow-init:1.6.2
pullPolicy: Always
initJob:
serverSSLEnabled: true
serverSSLKeyStoreType: jks
- serverSSLKeyStorePath: /etc/keystore
+ serverSSLKeyStorePath: /home/sdc/etc/keystore
serverSSLTrustStoreType: jks
- serverSSLTrustStorePath: /etc/truststore
+ serverSSLTrustStorePath: /home/sdc/etc/truststore
cassandraSSLEnabled: false
- cassandraTrustStorePath: /etc/truststore
+ cassandraTrustStorePath: /home/sdc/etc/truststore
# default number of instances
replicaCount: 1
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.1
+image: onap/workflow-frontend:1.6.2
pullPolicy: Always
# flag to enable debugging - application support required
}
]'
spec:
- type: {{ .Values.service.type }}
+ type: NodePort
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
+ - name: "{{ .Values.service.portName }}-restconf"
{{ if not .Values.global.aafEnabled }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- {{ end }}
- name: "{{ .Values.service.portName }}-8282"
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: "{{ .Values.service.portName }}-8202"
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: "{{ .Values.service.portName }}-8280"
- - port: {{ .Values.service.externalPort4 }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
- {{ if .Values.global.aafEnabled }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
{{ end }}
- name: "{{ .Values.service.portName }}-8443"
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ .Values.service.name }}-oam"
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ ports:
+ - name: "{{ .Values.service.portName }}-restconf-alt"
+ {{ if .Values.global.aafEnabled }}
+ port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ {{- else -}}
+ port: {{ .Values.service.internalPort4 }}
+ target: {{ .Values.service.internalPort4 }}
+ {{ end }}
+ - name: "{{ .Values.service.portName }}-karaf"
+ port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
mariadb-galera: &mariadbGalera
nameOverride: sdnc-db
- config:
+ config: &mariadbGaleraConfig
rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}'
userName: sdnctl
userCredentialsExternalSecret: *dbSecretName
dmaap-listener:
nameOverride: sdnc-dmaap-listener
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
ueb-listener:
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
nameOverride: sdnc-ueb-listener
config:
sdnc-portal:
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
config:
restCredsExternalSecret: *ansibleSecretName
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: ansible
service:
name: sdnc-ansible-server
#port
externalPort: 8282
- nodePort: "02"
externalPort2: 8202
- nodePort2: "08"
externalPort3: 8280
- nodePort3: 46
externalPort4: 8443
nodePort4: 67
userName: vidadmin
# userCredentialsExternalSecret: some secret
# userPassword: password
- vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!'
+ vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g'
asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
asdcclientrestport: "8443"
vidaaiport: "8443"