> ~/oom/kubernetes/robot/ete-k8s.sh onap health
+ Launch Robot distribute health checks to verify whether ONAP runtime components are healthy::
+
+ > ~/oom/kubernetes/robot/ete-k8s.sh onap healthdist
+
**Step 10.** Undeploy ONAP
::
--- /dev/null
+chartstorage/
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
#################################################################
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: onap/cli:6.0.0
pullPolicy: Always
flavor: small
global:
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
secretName: oom-cert-service-client-tls-secret
envVariables:
# Certificate related
keystorePassword: "secret"
truststorePassword: "secret"
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.1
<int>1</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>3</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>0</int>
<void method="add">
<int>1802</int>
</void>
+ <void method="add">
+ <int>1700</int>
+ </void>
+ <void method="add">
+ <int>1701</int>
+ </void>
+ <void method="add">
+ <int>1702</int>
+ </void>
+ <void method="add">
+ <int>1900</int>
+ </void>
+ <void method="add">
+ <int>1901</int>
+ </void>
+ <void method="add">
+ <int>1902</int>
+ </void>
+ <void method="add">
+ <int>2100</int>
+ </void>
+ <void method="add">
+ <int>2101</int>
+ </void>
+ <void method="add">
+ <int>2102</int>
+ </void>
</object>
</void>
<void method="put">
</void>
<void method="put">
<int>37</int>
- <string>-1501801709</string>
+ <string>-29939301</string>
</void>
<void method="put">
<int>20037</int>
<int>30218</int>
<boolean>true</boolean>
</void>
+ <void method="put">
+ <int>17</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20017</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10017</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30017</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>117</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20117</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10117</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30117</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>217</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20217</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10217</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30217</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>19</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20019</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10019</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30019</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>119</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20119</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10119</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30119</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>219</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20219</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10219</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30219</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>21</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20021</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10021</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30021</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>121</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20121</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10121</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30121</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>221</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20221</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10221</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30221</int>
+ <boolean>true</boolean>
+ </void>
</object>
</java>
"keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
"truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
},
- "truststore_merger": {
+ "cert_post_processor": {
"image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
}
-}
\ No newline at end of file
+}
security_ssl_disable: false
external_cert_ca_name: "RA"
external_cert_common_name: "dcae-hv-ves-collector"
-external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves"
+external_cert_sans: "dcae-hv-ves-collector,hv-ves-collector,hv-ves"
external_cert_cert_type: "JKS"
external_cert_use_external_tls: false
user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
external_cert_ca_name: "RA"
external_cert_common_name: "dcae-ves-collector"
-external_cert_sans: "dcae-ves-collector:ves-collector:ves"
+external_cert_sans: "dcae-ves-collector,ves-collector,ves"
external_cert_cert_type: "JKS"
external_cert_use_external_tls: false
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.8
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.1
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.1
# Resource Limit flavor -By Default using small
flavor: small
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.4
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.1
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
template:
metadata:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada , ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-dependencies:
- - name: common
- version: ~7.x-0
- repository: '@local'
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
- name: common
version: ~7.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: KUBE_MASTER_URL
#################################################################
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: onap/oom/kube2msb:1.2.6
pullPolicy: Always
istioSidecar: true
- name: common
version: ~7.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
serviceAccountName: msb
containers:
- name: {{ include "common.name" . }}
- image: "{{ .Values.global.dockerHubRepository | default .Values.dockerHubRepository }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
# Application configuration defaults.
#################################################################
# application image
-dockerHubRepository: docker.io
image: library/consul:1.4.3
pullPolicy: Always
istioSidecar: true
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada , ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~7.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-filebeat-conf
#################################################################
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: onap/msb/msb_discovery:1.2.6
pullPolicy: Always
istioSidecar: true
- name: common
version: ~7.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
\ No newline at end of file
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- end }}
# side car containers
- name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-filebeat-conf
#################################################################
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: onap/msb/msb_apigateway:1.2.7
pullPolicy: Always
istioSidecar: true
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada , ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~7.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- end }}
# side car containers
- name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-filebeat-conf
#################################################################
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: onap/msb/msb_apigateway:1.2.7
pullPolicy: Always
istioSidecar: true
- name: common
version: ~7.x-0
repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
+ - name: kube2msb
+ version: ~7.x-0
+ repository: 'file://components/kube2msb'
+ - name: msb-consul
+ version: ~7.x-0
+ repository: 'file://components/msb-consul'
+ - name: msb-discovery
+ version: ~7.x-0
+ repository: 'file://components/msb-discovery'
+ - name: msb-eag
+ version: ~7.x-0
+ repository: 'file://components/msb-eag'
+ - name: msb-iag
+ version: ~7.x-0
+ repository: 'file://components/msb-iag'
\ No newline at end of file
#################################################################
global:
nodePortPrefix: 302
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
# application configuration
config:
apiVersion: v1
name: onap
version: 7.0.0
-appVersion: Frankfurt
+appVersion: Guilin
description: Open Network Automation Platform (ONAP)
home: https://www.onap.org/
sources:
cmpv2Enabled: true
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP CMPv2 certificate external provider for cert-manager
+name: cmpv2-cert-provider
+version: 7.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: cmpv2issuers.certmanager.onap.org
+spec:
+ group: certmanager.onap.org
+ names:
+ kind: CMPv2Issuer
+ listKind: CMPv2IssuerList
+ plural: cmpv2issuers
+ singular: cmpv2issuer
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ description: CMPv2Issuer is the Schema for the cmpv2issuers API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CMPv2IssuerSpec defines the desired state of CMPv2Issuer
+ properties:
+ url:
+ description: URL to CertService API.
+ type: string
+ healthEndpoint:
+ description: Path of health check endpoint.
+ type: string
+ certEndpoint:
+ description: Path of cerfificate signing enpoint.
+ type: string
+ caName:
+ description: Name of the external CA server configured on CertService API side.
+ type: string
+ certSecretRef:
+ description: Reference to K8s secret which contains certificate, private key and CA certificate
+ needed to connect to CertService API (which requires client certificate authentication)
+ properties:
+ name:
+ description: The name of K8s secret to select certificates from. Secret must be in the same
+ namespace as CMPv2Issuer.
+ type: string
+ keyRef:
+ description: The key of the secret to select private key from. Must be a
+ valid secret key.
+ type: string
+ certRef:
+ description: The key of the secret to select cert from. Must be a
+ valid secret key.
+ type: string
+ cacertRef:
+ description: The key of the secret to select cacert from. Must be a
+ valid secret key.
+ type: string
+ required:
+ - name
+ - keyRef
+ - certRef
+ - cacertRef
+ type: object
+ required:
+ - url
+ - healthEndpoint
+ - certEndpoint
+ - caName
+ - certSecretRef
+ type: object
+ status:
+ description: CMPv2IssuerStatus defines the observed state of CMPv2Issuer
+ properties:
+ conditions:
+ items:
+ description: CMPv2IssuerCondition contains condition information for
+ the certservice issuer.
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
+ type: string
+ message:
+ description: Message is a human readable description of the details
+ of the last transition, complementing reason.
+ type: string
+ reason:
+ description: Reason is a brief machine readable explanation for
+ the condition's last transition.
+ type: string
+ status:
+ allOf:
+ - enum:
+ - "True"
+ - "False"
+ - Unknown
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
+ type: string
+ type:
+ description: Type of the condition, currently ('Ready').
+ enum:
+ - Ready
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ type: object
+ type: object
-# Copyright © 2018 Amdocs, Bell Canada , ZTE
-#
+# Copyright © 2020 Nokia
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-dependencies:
+
+ dependencies:
- name: common
version: ~7.x-0
repository: '@local'
--- /dev/null
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: certmanager.onap.org/v1
+kind: CMPv2Issuer
+metadata:
+ name: {{ .Values.cmpv2issuer.name }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ url: {{ .Values.cmpv2issuer.url }}
+ healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }}
+ certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }}
+ caName: {{ .Values.cmpv2issuer.caName }}
+ certSecretRef:
+ name: {{ .Values.cmpv2issuer.certSecretRef.name }}
+ keyRef: {{ .Values.cmpv2issuer.certSecretRef.keyRef }}
+ certRef: {{ .Values.cmpv2issuer.certSecretRef.certRef }}
+ cacertRef: {{ .Values.cmpv2issuer.certSecretRef.cacertRef }}
+{{ end }}
--- /dev/null
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ labels:
+ control-plane: controller-manager
+ spec:
+ containers:
+ - name: {{ .Values.deploymentProxy.name }}
+ image: {{ .Values.deploymentProxy.image }}
+ imagePullPolicy: {{ .Values.deploymentProxy.pullPolicy }}
+ args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=10
+ ports:
+ - containerPort: 8443
+ name: https
+ resources:
+ limits:
+ cpu: {{ .Values.deploymentProxy.resources.limits.cpu }}
+ memory: {{ .Values.deploymentProxy.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.deploymentProxy.resources.requests.cpu }}
+ memory: {{ .Values.deploymentProxy.resources.requests.memory }}
+ - name: provider
+ image: {{ .Values.global.repository }}{{if .Values.global.repository }}/{{ end }}{{ .Values.deployment.image }}
+ imagePullPolicy: {{ .Values.deployment.pullPolicy }}
+ command:
+ - /oom-certservice-cmpv2issuer
+ args:
+ - --metrics-addr=127.0.0.1:8080
+ - --log-level={{ .Values.deployment.logLevel }}
+ resources:
+ limits:
+ cpu: {{ .Values.deployment.resources.limits.cpu }}
+ memory: {{ .Values.deployment.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.deployment.resources.requests.cpu }}
+ memory: {{ .Values.deployment.resources.requests.memory }}
+ terminationGracePeriodSeconds: 10
+{{ end }}
--- /dev/null
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: cmpv2-issuer-leader-election-role
+ namespace: {{ include "common.namespace" . }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cmpv2-issuer-manager-role
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - cert-manager.io
+ resources:
+ - certificaterequests
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - cert-manager.io
+ resources:
+ - certificaterequests/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - certmanager.onap.org
+ resources:
+ - cmpv2issuers
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - certmanager.onap.org
+ resources:
+ - cmpv2issuers/status
+ verbs:
+ - get
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cmpv2-issuer-proxy-role
+rules:
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: cmpv2-issuer-leader-election-rolebinding
+ namespace: {{ include "common.namespace" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: cmpv2-issuer-leader-election-role
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ include "common.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cmpv2-issuer-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmpv2-issuer-manager-role
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ include "common.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cmpv2-issuer-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmpv2-issuer-proxy-role
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ include "common.namespace" . }}
+{{ end }}
--- /dev/null
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ prometheus.io/port: "8443"
+ prometheus.io/scheme: https
+ prometheus.io/scrape: "true"
+ labels:
+ control-plane: controller-manager
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.ports.name }}
+ port: {{ .Values.service.ports.port }}
+ targetPort: {{ .Values.service.ports.targetPort }}
+ selector:
+ control-plane: controller-manager
+{{ end }}
--- /dev/null
+# Copyright © 2020, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Global
+global:
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
+ repository: "nexus3.onap.org:10001"
+ CMPv2CertManagerIntegration: false
+
+namespace: onap
+
+# Service configuration
+service:
+ name: oom-certservice-cmpv2issuer-metrics-service
+ type: ClusterIP
+ ports:
+ name: https
+ port: 8443
+ targetPort: https
+
+# Deployment configuration
+deployment:
+ name: oom-certservice-cmpv2issuer
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.0
+ proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
+ # fol local development use IfNotPresent
+ pullPolicy: Always
+ logLevel: debug
+ resources:
+ limits:
+ cpu: 250m
+ memory: 128Mi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+deploymentProxy:
+ name: kube-rbac-proxy
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
+ pullPolicy: IfNotPresent
+ resources:
+ limits:
+ cpu: 250m
+ memory: 128Mi
+ requests:
+ cpu: 50m
+ memory: 32Mi
+
+# CMPv2Issuer
+cmpv2issuer:
+ name: cmpv2-issuer-onap
+ url: https://oom-cert-service:8443
+ healthcheckEndpoint: actuator/health
+ certEndpoint: v1/certificate
+ caName: RA
+ certSecretRef:
+ name: cmpv2-issuer-secret
+ certRef: certServiceServer-cert.pem
+ keyRef: certServiceServer-key.pem
+ cacertRef: truststore.pem
+
+
+
+
--- /dev/null
+resources/*.jks
+resources/*.pem
+resources/*.p12
+resources/*.crt
+resources/*.csr
.idea/
*.tmproj
.vscode/
+
server_import_root_certificate \
server_convert_certificate_to_jks \
server_convert_certificate_to_p12 \
+ convert_truststore_to_p12 \
+ convert_truststore_to_pem \
+ server_export_certificate_to_pem \
+ server_export_key_to_pem \
clear_unused_files \
stop_docker
$(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
$(eval USERNAME :=$(shell id -u))
$(eval GROUP :=$(shell id -g))
- docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
+ docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
stop_docker:
#Clear certificates
clear_existing_certificates:
@echo "Clear certificates"
- ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+ ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 truststore.pem certServiceServer-cert.pem certServiceServer-key.pem
@echo "#####done#####"
#Generate root private and public keys
-destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
@echo "#####done#####"
+#Convert truststore(.jks) to PCKS12 format(.p12)
+convert_truststore_to_p12:
+ @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+ ${DOCKER_EXEC} keytool -importkeystore -srckeystore truststore.jks -srcstorepass secret \
+ -destkeystore truststore.p12 -deststoretype PKCS12 -deststorepass secret
+ @echo "#####done#####"
+
+#Convert truststore(.p12) to PEM format(.pem)
+convert_truststore_to_pem:
+ @echo "Convert certServiceServer-keystore(.p12) to PEM format(.pem)"
+ ${DOCKER_EXEC} openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:secret
+ @echo "#####done#####"
+
+#Export certificates from certServiceServer-keystore(.p12) to PEM format(.pem)
+server_export_certificate_to_pem:
+ @echo "Export certificates from certServiceClient-keystore(.p12) to PEM format(.pem)"
+ ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nokeys -out certServiceServer-cert.pem
+ @echo "#####done#####"
+
+#Export keys from certServiceServer-keystore(.p12) to PEM format(.pem)
+server_export_key_to_pem:
+ @echo "Export keys from certServiceClient-keystore(.p12) to PEM format(.pem)"
+ ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nocerts -out certServiceServer-key.pem
+ @echo "#####done#####"
+
+
#Clear unused certificates
clear_unused_files:
@echo "Clear unused certificates"
- ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
+ ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr truststore.p12
@echo "#####done#####"
{
"cmpv2Servers": []
-}
\ No newline at end of file
+}
{{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
root.crt:
{{ (.Files.Glob "resources/root.crt").AsSecrets }}
-{{ end -}}
\ No newline at end of file
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.tls.provider.secret.name }}
+type: Opaque
+data:
+ certServiceServer-key.pem:
+ {{ (.Files.Glob "resources/certServiceServer-key.pem").AsSecrets }}
+ certServiceServer-cert.pem:
+ {{ (.Files.Glob "resources/certServiceServer-cert.pem").AsSecrets }}
+ truststore.pem:
+ {{ (.Files.Glob "resources/truststore.pem").AsSecrets }}
+{{ end -}}
port_protocol: http
# Certificates generation configuration
-certificateGenerationImage: onap/integration-java11:7.1.0
+certificateGenerationImage: onap/integration-java11:7.2.0
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.1
pullPolicy: Always
replicaCount: 1
client:
secret:
defaultName: oom-cert-service-client-tls-secret
+ provider:
+ secret:
+ name: cmpv2-issuer-secret
envs:
keystore:
jksName: certServiceServer-keystore.jks
p12Name: certServiceServer-keystore.p12
+ pemName: certServiceServer-keystore.pem
truststore:
jksName: truststore.jks
crtName: root.crt
+ pemName: truststore.pem
httpsPort: 8443
# External secrets with credentials can be provided to override default credentials defined below,
dependencies:
- name: oom-cert-service
version: ~7.x-0
- repository: 'file://components/oom-cert-service'
\ No newline at end of file
+ repository: 'file://components/oom-cert-service'
+ - name: cmpv2-cert-provider
+ version: ~7.x-0
+ repository: 'file://components/cmpv2-cert-provider'
-Subproject commit 4b76d896522b113eff620a732a6ce7b363529f7f
+Subproject commit 85b5af5058bbda19b557add185d917f60c2188ee
cmpv2Enabled: true
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
/certificates/msb-ca.crt -keystore \
"{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
-storepass $cadi_truststore_password -noprompt
- keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
- -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
- -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -deststorepass $cadi_truststore_password -noprompt
+ export EXIT_VALUE=$?
+ if [ "${EXIT_VALUE}" != "0" ]
+ then
+ echo "issue with password: $cadi_truststore_password"
+ exit $EXIT_VALUE
+ else
+ keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
+ -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
+ -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+ -deststorepass $cadi_truststore_password -noprompt
+ export EXIT_VALUE=$?
+ fi
+ exit $EXIT_VALUE
volumeMounts:
{{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
- name: {{ include "common.name" $dot }}-msb-certificate
version: ~7.x-0
repository: '@local'
condition: not global.mariadbGalera.localCluster
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- end }}
# side car containers
- name: filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /usr/share/filebeat/filebeat.yml
# Declare variables to be passed into your templates.
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
mariadbGalera: &mariadbGalera
#This flag allows VID to instantiate its own mariadb-galera cluster
localCluster: false
enabled: true
# application image
-repository: nexus3.onap.org:10001
image: onap/vid:7.0.0
pullPolicy: Always
roleaccesscentralized: remote
mariadb-galera:
- # '&mariadbConfig' means we "store" the values for later use in the file
- # with '*mariadbConfig' pointer.
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
config: &mariadbConfig
userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret'
mysqlDatabase: vid_openecomp_epsdk
ingress:
enabled: false
service:
- - baseaddr: "vid.api"
- name: "vid-http"
- port: 8443
+ - baseaddr: "vid.api"
+ name: "vid-http"
+ port: 8443
config:
- ssl: "redirect"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
flavor: small
Code Review / oom.git / commitdiff