Merge "[CLAMP] Configure Ingress for Kibana"

diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index 7706f2c..244fab4 100644 (file)
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -30,6 +30,8 @@ Here's the list of these certificates:
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
  | APPC             | Yes              | No               | No              | kubernetes/appc/resources/config/certs/org.onap.appc.p12                 |
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | MSB              | Yes              | No?              | Yes             | kubernetes/msb/resources/config/certificates                             |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
  | SDC              | Yes              | No?              | No?             | kubernetes/sdc/resources/cert                                            |
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
  | SO               | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |

diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml
index 8eaead5..5a1c5f2 100644 (file)
--- a/kubernetes/aaf/values.yaml
+++ b/kubernetes/aaf/values.yaml
@@ -131,6 +131,12 @@ readiness:
 
 ingress:
   enabled: false
+  service:
+    - baseaddr: "aaf.api"
+      name: "aaf-service"
+      port: 8100
+  config:
+    ssl: "none"
 
 ## Persist data to a persitent volume
 persistence:

diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 12991a8..45a9b4c 100644 (file)
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -143,6 +143,15 @@ dgbuilder:
   service:
     name: appc-dgbuilder
 
+  ingress:
+    enabled: false
+    service:
+      - baseaddr: "appc-dgbuilder"
+        name: "appc-dgbuilder"
+        port: 3000
+    config:
+      ssl: "redirect"
+
 #passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
 appc-cdt:
   nodePort3: 11
@@ -207,7 +216,7 @@ persistence:
 ingress:
   enabled: false
   service:
-    - baseaddr: appc
+    - baseaddr: "appc.api"
       name: "appc"
       port: 8443
   config:

diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
index fa00ffe..5e473bc 100644 (file)
--- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml
@@ -78,11 +78,17 @@ spec:
             name: {{ include "common.fullname" . }}-config
             subPath: sdc-controllers-config.json
           env:
-            - name: SPRING_APPLICATION_JSON
-              valueFrom:
-                configMapKeyRef:
-                  name: {{ template "common.fullname" . }}
-                  key: spring_application_json
+          - name: MYSQL_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+          - name: MYSQL_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+          - name: MYSQL_DATABASE
+            value: {{ tpl .Values.db.databaseName .}}
+          - name: SPRING_APPLICATION_JSON
+            valueFrom:
+              configMapKeyRef:
+                name: {{ template "common.fullname" . }}
+                key: spring_application_json
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}

diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml
new file mode 100644 (file)
index 0000000..57f88ce
--- /dev/null
+++ b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml
@@ -0,0 +1,16 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}

diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml
index ca444aa..f354ad1 100644 (file)
--- a/kubernetes/clamp/charts/clamp-backend/values.yaml
+++ b/kubernetes/clamp/charts/clamp-backend/values.yaml
@@ -23,11 +23,19 @@ global: # global defaults
   readinessImage: readiness-check:2.0.0
   persistence: {}
 
+secrets:
+  - uid: db-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+    passwordPolicy: required
+
 flavor: small
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.0.4
+image: onap/clamp-backend:5.0.6
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -40,6 +48,9 @@ log:
 #################################################################
 # Application configuration defaults.
 #################################################################
+
+db: {}
+
 config:
   log:
     logstashServiceName: log-ls
@@ -47,8 +58,10 @@ config:
   mysqlPassword: strong_pitchou
   dataRootDir: /dockerdata-nfs
   springApplicationJson: >
-    {
-        "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
+        {
+        "spring.datasource.username": "${MYSQL_USER}",
+        "spring.datasource.password": "${MYSQL_PASSWORD}",
+        "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
         "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
         "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
         "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
@@ -63,7 +76,7 @@ config:
         "clamp.config.policy.pap.userName": "healthcheck",
         "clamp.config.policy.pap.password": "zb!XztG34",
         "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095"
-    }
+        }
 
 # default number of instances
 replicaCount: 1

diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh
deleted file mode 100755 (executable)
index 2e2ad2e..0000000
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-
-###
-# ============LICENSE_START=======================================================
-# ONAP CLAMP
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-#                             reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END============================================
-# ===================================================================
-#
-###
-
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql
-## New model creation
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql

diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql
deleted file mode 100644 (file)
index ea4d97c..0000000
--- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# Create CLDS database objects (tables, etc.)
-#
-#
-CREATE DATABASE `cldsdb4`;
-USE `cldsdb4`;
-DROP USER 'clds';
-CREATE USER 'clds';
-GRANT ALL on cldsdb4.* to 'clds' identified by 'sidnnd83K' with GRANT OPTION;
-FLUSH PRIVILEGES;
-

diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql
similarity index 100%
rename from kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql
rename to kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql

diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
index 705c38f..522c5f9 100644 (file)
--- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml
@@ -16,19 +16,6 @@
 #{{ if not .Values.disableClampClampMariadb }}
 apiVersion: v1
 kind: ConfigMap
-metadata:
-  name: clamp-entrypoint-initdb-configmap
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
 metadata:
   name: clamp-entrypoint-bulkload-configmap
   namespace: {{ include "common.namespace" . }}
@@ -38,7 +25,7 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: ConfigMap

diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
index be46f89..7d22930 100644 (file)
--- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml
@@ -52,19 +52,19 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
-            - name: MYSQL_ROOT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "common.fullname" . }}
-                  key: db-root-password
+          - name: MYSQL_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+          - name: MYSQL_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+          - name: MYSQL_ROOT_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }}
+          - name: MYSQL_DATABASE
+            value: {{ tpl .Values.db.databaseName .}}
           volumeMounts:
-          - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh
-            name: docker-entrypoint-initdb
-            subPath: bootstrap-database.sh
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          - mountPath: /docker-entrypoint-initdb.d/bulkload/
+          - mountPath: /docker-entrypoint-initdb.d/
             name: docker-entrypoint-bulkload
           - mountPath: /etc/mysql/conf.d/conf1/
             name:  clamp-mariadb-conf
@@ -88,9 +88,6 @@ spec:
       {{- else }}
           emptyDir: {}
       {{- end }}
-        - name: docker-entrypoint-initdb
-          configMap:
-            name: clamp-entrypoint-initdb-configmap
         - name: docker-entrypoint-bulkload
           configMap:
             name: clamp-entrypoint-bulkload-configmap

diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
index 8f3a217..57f88ce 100644 (file)
--- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
+++ b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml
@@ -13,16 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  db-root-password: {{ .Values.config.mysqlPassword | b64enc | quote }}
+{{ include "common.secretFast" . }}

diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/charts/mariadb/values.yaml
index 8bf6100..df651dd 100644 (file)
--- a/kubernetes/clamp/charts/mariadb/values.yaml
+++ b/kubernetes/clamp/charts/mariadb/values.yaml
@@ -20,18 +20,27 @@ global: # global defaults
   nodePortPrefix: 302
 
   persistence: {}
-
 # application image
 repository: nexus3.onap.org:10001
 image: mariadb:10.3.12
 pullPolicy: Always
 flavor: small
-
 #################################################################
-# Application configuration defaults.
+# Secrets metaconfig
 #################################################################
-config:
-  mysqlPassword: strong_pitchou
+secrets:
+  - uid: db-root-pass
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}'
+    password: '{{ .Values.db.rootPass }}'
+  - uid: db-secret
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+
+# Application configuration
+db: {}
 
 # default number of instances
 replicaCount: 1

diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml
new file mode 100644 (file)
index 0000000..57f88ce
--- /dev/null
+++ b/kubernetes/clamp/templates/secrets.yaml
@@ -0,0 +1,16 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}

diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml
index 0679982..9446ca8 100644 (file)
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -24,6 +24,33 @@ global: # global defaults
   loggingImage: beats/filebeat:5.5.0
   centralizedLoggingEnabled: false
 
+secrets:
+  - uid: db-root-pass
+    name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass'
+    type: password
+    password: '{{ .Values.db.rootPass }}'
+  - uid: db-secret
+    name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass'
+    type: basicAuth
+    login: '{{ .Values.db.user }}'
+    password: '{{ .Values.db.password }}'
+
+db:
+  user: clds
+#  password: sidnnd83K
+  databaseName: &dbName cldsdb4
+#    rootPass: emrys  user: testos
+
+clamp-backend:
+  db:
+    userCredsExternalSecret: *dbUserPass
+    databaseName: *dbName
+mariadb:
+  db:
+    rootCredsExternalSecret: *dbRootPass
+    userCredsExternalSecret: *dbUserPass
+    databaseName: *dbName
+
 subChartsOnly:
   enabled: true
 
@@ -31,7 +58,7 @@ flavor: small
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.0.3
+image: onap/clamp-frontend:5.0.6
 pullPolicy: Always
 
 # flag to enable debugging - application support required
@@ -89,7 +116,7 @@ service:
 ingress:
   enabled: false
   service:
-    - baseaddr: "clamp"
+    - baseaddr: "clamp.api"
       name: "clamp"
       port: 2443
   config:

diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index fba076d..9092279 100644 (file)
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -64,10 +64,10 @@ service:
 ingress:
   enabled: false
   service:
-    - baseaddr: "cli"
+    - baseaddr: "cli.api"
       name: "cli"
       port: 443
-    - baseaddr: "cli2"
+    - baseaddr: "cli2.api"
       name: cli
       port: 9090
   config:

diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index 28c40e6..6586573 100644 (file)
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -152,6 +152,12 @@ service:
 
 ingress:
   enabled: false
+  service:
+    - baseaddr: "dgbuilder"
+      name: "dgbuilder"
+      port: 3000
+  config:
+    ssl: "redirect"
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious

diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml
index d55ea46..34272c6 100644 (file)
--- a/kubernetes/consul/values.yaml
+++ b/kubernetes/consul/values.yaml
@@ -61,7 +61,7 @@ service: {}
 ingress:
   enabled: false
   service:
-    - baseaddr: "consul-server"
+    - baseaddr: "consul.api"
       name: "consul-server"
       port: 8800
   config:

diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml
index 67d13cf..5631528 100755 (executable)
--- a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml
+++ b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
           name: localtime
           readOnly: true
         - name: {{ include "common.fullname" . }}-data
-          mountPath: /var/lib/postgresql/data
+          mountPath: /var/lib/postgresql/
         resources:
 {{ include "common.resources" . | indent 12 }}
       {{- if .Values.nodeSelector }}

diff --git a/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml
index 45468e4..3a4bb90 100755 (executable)
--- a/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml
+++ b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml
@@ -50,7 +50,7 @@ spec:
           name: localtime
           readOnly: true
         - name: {{ include "common.fullname" . }}-data
-          mountPath: /var/lib/postgresql/data
+          mountPath: /var/lib/postgresql/
         resources:
 {{ include "common.resources" . | indent 12 }}
       {{- if .Values.nodeSelector }}

diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml
index 7872116..aca2fc4 100644 (file)
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/kubernetes/dmaap/components/message-router/values.yaml
@@ -95,6 +95,13 @@ prometheus:
 
 ingress:
   enabled: false
+  service:
+    - baseaddr: "mr.api"
+      name: "message-router"
+      port: 3905
+  config:
+    ssl: "none"
+
 
 # Resource Limit flavor -By Default using small
 flavor: small

diff --git a/kubernetes/log/charts/log-kibana/values.yaml b/kubernetes/log/charts/log-kibana/values.yaml
index d69ab8e..8d4b49e 100644 (file)
--- a/kubernetes/log/charts/log-kibana/values.yaml
+++ b/kubernetes/log/charts/log-kibana/values.yaml
@@ -81,7 +81,7 @@ service:
 ingress:
   enabled: false
   service:
-    - baseaddr: "logkibana"
+    - baseaddr: "kibana.api"
       name: "log-kibana"
       port: 5601
   config:
@@ -105,4 +105,4 @@ resources:
     requests:
       cpu: 2
       memory: 4Gi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}

diff --git a/kubernetes/msb/charts/kube2msb/values.yaml b/kubernetes/msb/charts/kube2msb/values.yaml
index af84593..556931d 100644 (file)
--- a/kubernetes/msb/charts/kube2msb/values.yaml
+++ b/kubernetes/msb/charts/kube2msb/values.yaml
@@ -24,7 +24,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/oom/kube2msb:1.1.0
+image: onap/oom/kube2msb:1.2.6
 pullPolicy: Always
 istioSidecar: true
 
@@ -70,4 +70,4 @@ resources:
     requests:
       cpu: 1
       memory: 1Gi
-  unlimited: {}
\ No newline at end of file
+  unlimited: {}

diff --git a/kubernetes/msb/charts/msb-discovery/values.yaml b/kubernetes/msb/charts/msb-discovery/values.yaml
index 268385d..9f8f061 100644 (file)
--- a/kubernetes/msb/charts/msb-discovery/values.yaml
+++ b/kubernetes/msb/charts/msb-discovery/values.yaml
@@ -60,7 +60,7 @@ service:
 ingress:
   enabled: false
   service:
-    - baseaddr: "msbdiscovery"
+    - baseaddr: "msb.api.discovery"
       name: "msb-discovery"
       port: 10081
   config:

diff --git a/kubernetes/msb/charts/msb-eag/values.yaml b/kubernetes/msb/charts/msb-eag/values.yaml
index c5820ae..60c1973 100644 (file)
--- a/kubernetes/msb/charts/msb-eag/values.yaml
+++ b/kubernetes/msb/charts/msb-eag/values.yaml
@@ -24,7 +24,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.6
+image: onap/msb/msb_apigateway:1.2.7
 pullPolicy: Always
 istioSidecar: true
 

diff --git a/kubernetes/msb/charts/msb-iag/values.yaml b/kubernetes/msb/charts/msb-iag/values.yaml
index 00adb83..a927816 100644 (file)
--- a/kubernetes/msb/charts/msb-iag/values.yaml
+++ b/kubernetes/msb/charts/msb-iag/values.yaml
@@ -24,7 +24,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/msb/msb_apigateway:1.2.6
+image: onap/msb/msb_apigateway:1.2.7
 pullPolicy: Always
 istioSidecar: true
 

diff --git a/kubernetes/msb/resources/config/certificates/ca.crt b/kubernetes/msb/resources/config/certificates/ca.crt
new file mode 100644 (file)
index 0000000..62da777
--- /dev/null
+++ b/kubernetes/msb/resources/config/certificates/ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
+Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
+DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
+Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
+bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
+YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
+dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
+Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
+mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
+2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
+6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
+7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
+p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
+5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
+bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
+wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
+ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
+FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
+3lR7lW/J
+-----END CERTIFICATE-----

diff --git a/kubernetes/msb/resources/config/certificates/cert.crt b/kubernetes/msb/resources/config/certificates/cert.crt
new file mode 100644 (file)
index 0000000..7d1314f
--- /dev/null
+++ b/kubernetes/msb/resources/config/certificates/cert.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIJAOQWcdss4Qu5MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
+VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK
+BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs
+ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDQyMjAy
+NTc1MFoXDTIyMDQyMjAyNTc1MFowYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB1Np
+Y2h1YW4xEDAOBgNVBAcMB0NoZW5nZHUxDTALBgNVBAoMBE9OQVAxDDAKBgNVBAsM
+A01TQjEQMA4GA1UEAwwHbXNiLWlhZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2a
+xA7b5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZ
+VMNiL+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqC
+lBi8t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz
+4zFFngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8
+Dx0q2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM8MDowCQYDVR0TBAIwADALBgNV
+HQ8EBAMCBeAwIAYDVR0RBBkwF4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqG
+SIb3DQEBCwUAA4IBAQCXSECDNzsg2MhVIVvviqxhpZWZ3sa7KxXlyd9iSmBzkneS
++XiyUC575ZM3lmh1Kme35bWgz5R/w76XLSMBPxIX6uZ4HVNQqwSPv63Nk9+ON3IN
+iCn6ehHKJgT0rpx/aB3sIcE1hEtIWLGaaKVEb3DOuDbkbBT9eJbIgHKkT80PKynK
+l35dQRMiGBQiD8cBUxTOJaj7QohZ/aUWArZCOl0uvddkrs/IOCMY3BDQ0WZ7RYp3
+LwpgZVPzkVRaSLSq3TS07Re+nZcaht69T6mdMY5V0gW20O4J2nWMaldSmlNqcddb
+Nl5Xn0lRMW651ZzxEkcaXNtR78yLYi2JXtyQBgVA
+-----END CERTIFICATE-----

diff --git a/kubernetes/nbi/templates/ingress.yaml b/kubernetes/nbi/templates/ingress.yaml
new file mode 100644 (file)
index 0000000..0cd8cfb
--- /dev/null
+++ b/kubernetes/nbi/templates/ingress.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}

diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index f6a0af5..6381d83 100644 (file)
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -162,6 +162,12 @@ service:
 
 ingress:
   enabled: false
+  service:
+    - baseaddr: "nbi.api"
+      name: "nbi"
+      port: 8443
+  config:
+    ssl: "redirect"
 # Resource Limit flavor -By Default using small
 flavor: small
 # Segregation for Different environment (Small and Large)

diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 5839add..9e593c2 100755 (executable)
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -147,7 +147,7 @@ global:
 # to customize the ONAP deployment.
 #################################################################
 aaf:
-  enabled: true
+  enabled: false
 aai:
   enabled: false
 appc:

diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
index 1598a8f..90248b8 100644 (file)
--- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
+++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
@@ -63,5 +63,5 @@ BRMS_UEB_API_KEY=
 BRMS_UEB_API_SECRET=
 
 #Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.6.0
-BRMS_MODELS_DEPENDENCY_VERSION=2.2.2
+BRMS_DEPENDENCY_VERSION=1.6.3
+BRMS_MODELS_DEPENDENCY_VERSION=2.2.5

diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
index 95446b2..8d98637 100644 (file)
--- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
+++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
@@ -36,7 +36,7 @@ spec:
         - sh
         args:
         - -c
-        - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done"
+        - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
         env:
         - name: JDBC_USER
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
@@ -55,10 +55,14 @@ spec:
         - name: REPOSITORY_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
         volumeMounts:
-        - mountPath: /config-input
+        - mountPath: /config-input/pe
+          name: pe-input
+        - mountPath: /config-input/pe-brmsgw
+          name: pe-brmsgw-input
+        - mountPath: /config/pe
           name: pe
-        - mountPath: /config
-          name: pe-processed
+        - mountPath: /config/pe-brmsgw
+          name: pe-brmsgw
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
@@ -101,7 +105,6 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
         - name: REPOSITORY_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
-        volumeMounts:
         ports:
         - containerPort: {{ .Values.service.externalPort }}
         {{- if eq .Values.liveness.enabled true }}
@@ -127,7 +130,7 @@ spec:
           name: pe-brmsgw
           subPath: brmsgw.conf
         - mountPath: /tmp/policy-install/config/base.conf
-          name: pe-processed
+          name: pe
           subPath: base.conf
         - mountPath: /tmp/policy-install/do-start.sh
           name: pe-scripts
@@ -146,7 +149,7 @@ spec:
         - name: localtime
           hostPath:
             path: /etc/localtime
-        - name: pe
+        - name: pe-input
           configMap:
             name: {{ include "common.release" . }}-pe-configmap
             defaultMode: 0755
@@ -154,11 +157,14 @@ spec:
           configMap:
             name: {{ include "common.release" . }}-pe-scripts-configmap
             defaultMode: 0777
-        - name: pe-brmsgw
+        - name: pe-brmsgw-input
           configMap:
             name: {{ include "common.fullname" . }}-pe-configmap
             defaultMode: 0755
-        - name: pe-processed
+        - name: pe
+          emptyDir:
+            medium: Memory
+        - name: pe-brmsgw
           emptyDir:
             medium: Memory
       imagePullSecrets:

diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml
index ee47b4a..b906e46 100644 (file)
--- a/kubernetes/policy/charts/brmsgw/values.yaml
+++ b/kubernetes/policy/charts/brmsgw/values.yaml
@@ -56,7 +56,7 @@ secrets:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.2
+image: onap/policy-pe:1.6.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required

diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml
index 05f7c1b..0126c6e 100644 (file)
--- a/kubernetes/policy/charts/drools/values.yaml
+++ b/kubernetes/policy/charts/drools/values.yaml
@@ -40,7 +40,7 @@ secrets:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.6.1
+image: onap/policy-pdpd-cl:1.6.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required

diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml
index ca0c84f..630b205 100644 (file)
--- a/kubernetes/policy/charts/pap/values.yaml
+++ b/kubernetes/policy/charts/pap/values.yaml
@@ -58,7 +58,7 @@ secrets:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.2.1
+image: onap/policy-pap:2.2.2
 pullPolicy: Always
 
 # flag to enable debugging - application support required

diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml
index 0b2f92b..fa6c141 100644 (file)
--- a/kubernetes/policy/charts/pdp/values.yaml
+++ b/kubernetes/policy/charts/pdp/values.yaml
@@ -51,7 +51,7 @@ secrets:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.2
+image: onap/policy-pe:1.6.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required

diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml
index 48eb689..906e86a 100644 (file)
--- a/kubernetes/policy/charts/policy-api/values.yaml
+++ b/kubernetes/policy/charts/policy-api/values.yaml
@@ -46,7 +46,7 @@ secrets:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-api:2.2.2
+image: onap/policy-api:2.2.3
 pullPolicy: Always
 
 # flag to enable debugging - application support required

diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
index 0e47310..ee427af 100644 (file)
--- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
+++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh
@@ -1,4 +1,7 @@
+#!/bin/bash
+
 # Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,7 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#!/bin/bash
 
 # Script to configure and start the Policy components that are to run in the designated container,
 # It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the
@@ -65,7 +67,7 @@ else
        fi
 
        if [[ -f config/policy-truststore ]]; then
-               cp -f config/policy-truststore $[POLICY_HOME]/etc/ssl
+               cp -f config/policy-truststore $POLICY_HOME/etc/ssl
        fi
 
        if [[ -f config/$container-tweaks.sh ]] ; then
@@ -95,13 +97,4 @@ else
 fi
 
 policy.sh start
-
-# on pap, wait for pap, pdp, brmsgw, nexus and drools up,
-# then push the initial default policies
-if [[ $container == pap ]]; then
-       # wait addional 1 minute for all processes to get fully initialized and synched up
-       sleep 60
-       bash -xv config/push-policies.sh
-fi
-
 sleep 1000d

diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh
deleted file mode 100644 (file)
index ec8c914..0000000
--- a/kubernetes/policy/resources/config/pe/push-policies.sh
+++ /dev/null
@@ -1,485 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018-2019 AT&T. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#! /bin/bash
-
-# forked from https://gerrit.onap.org/r/gitweb?p=policy/docker.git;a=blob;f=config/pe/push-policies.sh;h=555ab357e6b4f54237bf07ef5e6777d782564bc0;hb=refs/heads/amsterdam and adapted for OOM
-
-#########################################Upload BRMS Param Template##########################################
-
-echo "Upload BRMS Param Template"
-
-sleep 2
-
-wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl
-
-sleep 2
-
-curl -k -v --silent -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -F "file=@cl-amsterdam-template.drl" -F "importParametersJson={\"serviceName\":\"ClosedLoopControlName\",\"serviceType\":\"BRMSPARAM\"}" 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/policyEngineImport'
-
-echo "PRELOAD_POLICIES is $PRELOAD_POLICIES"
-
-if [ "$PRELOAD_POLICIES" == "false" ]; then
-    exit 0
-fi
-
-#########################################Create BRMS Param policies##########################################
-
-echo "Create BRMSParam Operational Policies"
-
-sleep 2
-
-echo "Create BRMSParamvFirewall Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "policyConfigType": "BRMS_PARAM",
-    "policyName": "com.BRMSParamvFirewall",
-    "policyDescription": "BRMS Param vFirewall policy",
-    "policyScope": "com",
-    "attributes": {
-        "MATCHING": {
-            "controller" : "amsterdam"
-        },
-        "RULE": {
-            "templateName": "ClosedLoopControlName",
-            "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a",
-            "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
-        }
-    }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvDNS Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "policyConfigType": "BRMS_PARAM",
-    "policyName": "com.BRMSParamvDNS",
-    "policyDescription": "BRMS Param vDNS policy",
-    "policyScope": "com",
-    "attributes": {
-        "MATCHING": {
-            "controller" : "amsterdam"
-        },
-        "RULE": {
-            "templateName": "ClosedLoopControlName",
-            "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
-            "controlLoopYaml": "controlLoop%3A%0A++version%3A+2.0.0%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0A++timeout%3A+1200%0A++abatement%3A+false%0Apolicies%3A%0A++-+id%3A+unique-policy-id-1-scale-up%0A++++name%3A+Create+a+new+VF+Module%0A++++description%3A%0A++++actor%3A+SO%0A++++recipe%3A+VF+Module+Create%0A++++target%3A%0A++++++type%3A+VNF%0A++++payload%3A%0A++++++requestParameters%3A+%27%7B%22usePreload%22%3Atrue%2C%22userParams%22%3A%5B%5D%7D%27%0A++++++configurationParameters%3A+%27%5B%7B%22ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B9%5D%22%2C%22oam-ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B16%5D%22%2C%22enabled%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B23%5D%22%7D%5D%27%0A++++retry%3A+0%0A++++timeout%3A+1200%0A++++success%3A+final_success%0A++++failure%3A+final_failure%0A++++failure_timeout%3A+final_failure_timeout%0A++++failure_retries%3A+final_failure_retries%0A++++failure_exception%3A+final_failure_exception%0A++++failure_guard%3A+final_failure_guard"
-        }
-    }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamVOLTE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "policyConfigType": "BRMS_PARAM",
-    "policyName": "com.BRMSParamVOLTE",
-    "policyDescription": "BRMS Param VOLTE policy",
-    "policyScope": "com",
-    "attributes": {
-        "MATCHING": {
-            "controller" : "amsterdam"
-        },
-        "RULE": {
-            "templateName": "ClosedLoopControlName",
-            "closedLoopControlName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b",
-            "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+VFC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
-        }
-    }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvCPE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "policyConfigType": "BRMS_PARAM",
-    "policyName": "com.BRMSParamvCPE",
-    "policyDescription": "BRMS Param vCPE policy",
-    "policyScope": "com",
-    "attributes": {
-        "MATCHING": {
-            "controller" : "amsterdam"
-        },
-        "RULE": {
-            "templateName": "ClosedLoopControlName",
-            "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e",
-            "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+true%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
-        }
-    }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamvPCI Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "policyConfigType": "BRMS_PARAM",
-    "policyName": "com.BRMSParamvPCI",
-    "policyDescription": "BRMS Param vPCI policy",
-    "policyScope": "com",
-    "attributes": {
-        "MATCHING": {
-            "controller" : "casablanca"
-        },
-        "RULE": {
-            "templateName": "ClosedLoopControlName",
-            "closedLoopControlName": "ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459",
-            "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+3.0.0%0D%0A++controlLoopName%3A+ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459%0D%0A++trigger_policy%3A+unique-policy-id-123-modifyconfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-123-modifyconfig%0D%0A++++name%3A+modify+PCI+config%0D%0A++++description%3A%0D%0A++++actor%3A+SDNR%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+These+fields+are+not+used%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
-        }
-    }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create BRMSParamCCVPN Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "policyConfigType": "BRMS_PARAM",
-    "policyName": "com.BRMSParamCCVPN",
-    "policyDescription": "BRMS Param CCVPN policy",
-    "policyScope": "com",
-    "attributes": {
-        "MATCHING": {
-            "controller" : "amsterdam"
-        },
-        "RULE": {
-            "templateName": "ClosedLoopControlName",
-            "closedLoopControlName": "ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b",
-            "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b%0D%0A++trigger_policy%3A+unique-policy-id-16-Reroute%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-16-Reroute%0D%0A++++name%3A+Connectivity Reroute%0D%0A++++description%3A%0D%0A++++actor%3A+SDNC%0D%0A++++recipe%3A+Reroute%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
-        }
-    }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Create Micro Service Config policies##########################################
-
-echo "Create MicroService Config Policies"
-
-sleep 2
-
-echo "Create MicroServicevFirewall Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }",
-    "policyConfigType": "MicroService",
-    "policyName": "com.MicroServicevFirewall",
-    "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-
-sleep 2
-
-echo "Create MicroServicevDNS Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevDNS\", \"description\": \"MicroService vDNS Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vLoadBalancer\", \"controlLoopSchemaType\": \"VM\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }",
-    "policyConfigType": "MicroService",
-    "policyName": "com.MicroServicevDNS",
-    "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-
-sleep 2
-
-echo "Create MicroServicevCPE Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevCPE\", \"description\": \"MicroService vCPE Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"Measurement_vGMUX\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ABATED\" }, { \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"GREATER\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }",
-    "policyConfigType": "MicroService",
-    "policyName": "com.MicroServicevCPE",
-    "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Create SDNC Naming Policies##########################################
-
-echo "Create Generic SDNC Naming Policy for VNF"
-
-sleep 2
-
-echo "Create SDNC vFW Naming Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "configBody": "{ \"service\": \"SDNC-GenerateName\", \"version\": \"CSIT\", \"content\": { \"policy-instance-name\": \"ONAP_VNF_NAMING_TIMESTAMP\", \"naming-models\": [ { \"naming-properties\": [ { \"property-name\": \"AIC_CLOUD_REGION\" }, { \"property-name\": \"CONSTANT\", \"property-value\": \"ONAP-NF\" }, { \"property-name\": \"TIMESTAMP\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNF\", \"naming-recipe\": \"AIC_CLOUD_REGION|DELIMITER|CONSTANT|DELIMITER|TIMESTAMP\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"ENTIRETY\", \"start-value\": \"001\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } }, { \"property-name\": \"NFC_NAMING_CODE\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNFC\", \"naming-recipe\": \"VNF_NAME|DELIMITER|NFC_NAMING_CODE|DELIMITER|SEQUENCE\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" }, { \"property-name\": \"VF_MODULE_LABEL\" }, { \"property-name\": \"VF_MODULE_TYPE\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"PRECEEDING\", \"start-value\": \"01\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } } ], \"naming-type\": \"VF-MODULE\", \"naming-recipe\": \"VNF_NAME|DELIMITER|VF_MODULE_LABEL|DELIMITER|VF_MODULE_TYPE|DELIMITER|SEQUENCE\" } ] } }",
-    "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP",
-    "policyConfigType": "MicroService",
-    "onapName": "SDNC",
-    "riskLevel": "4",
-    "riskType": "test",
-    "guard": "false",
-    "priority": "4",
-    "description": "ONAP_VNF_NAMING_TIMESTAMP"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Creating OOF PCI Policies##########################################
-sleep 2
-
-echo "Create MicroServicevPCI Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-        "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation_pci\", \"uuid\": \"test_pci\", \"policyName\": \"MicroServicevPCI\", \"description\": \"MicroService vPCI Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.executePolicy\", \"thresholdValue\": 1, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }",
-        "policyConfigType": "MicroService",
-        "policyName": "com.MicroServicevPCI",
-        "onapName": "DCAE"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create PCI MS Config Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "policyName": "com.PCIMS_CONFIG_POLICY",
-  "configBody": "{ \"PCI_NEIGHBOR_CHANGE_CLUSTER_TIMEOUT_IN_SECS\":60, \"PCI_MODCONFIG_POLICY_NAME\":\"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"PCI_OPTMIZATION_ALGO_CATEGORY_IN_OOF\":\"OOF-PCI-OPTIMIZATION\", \"PCI_SDNR_TARGET_NAME\":\"SDNR\" }",
-  "policyType": "Config",
-  "attributes" : { "matching" : { "key1" : "value1" } },
-  "policyConfigType": "Base",
-  "onapName": "DCAE",
-  "configName": "PCIMS_CONFIG_POLICY",
-  "configBodyType": "JSON"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Create OOF Config Policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "policyName": "com.OOF_PCI_CONFIG_POLICY",
-  "configBody": "{ \"ALGO_CATEGORY\":\"OOF-PCI-OPTIMIZATION\", \"PCI_OPTMIZATION_ALGO_NAME\":\"OOF-PCI-OPTIMIZATION-LEVEL1\", \"PCI_OPTIMIZATION_NW_CONSTRAINT\":\"MAX5PCICHANGESONLY\", \"PCI_OPTIMIZATION_PRIORITY\": 2, \"PCI_OPTIMIZATION_TIME_CONSTRAINT\":\"ONLYATNIGHT\" }",
-  "attributes" : { "matching" : { "key1" : "value1" } },
-  "policyType": "Config",
-  "policyConfigType": "Base",
-  "onapName": "DCAE",
-  "configName": "OOF_PCI_CONFIG_POLICY",
-  "configBodyType": "JSON"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Creating Decision Guard policies#########################################
-
-sleep 2
-
-echo "Creating Decision Guard policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "policyClass": "Decision",
-    "policyName": "com.AllPermitGuard",
-    "policyDescription": "Testing all Permit YAML Guard Policy",
-    "onapName": "PDPD",
-    "ruleProvider": "GUARD_YAML",
-    "attributes": {
-        "MATCHING": {
-            "actor": ".*",
-            "recipe": ".*",
-            "targets": ".*",
-            "clname": ".*",
-            "limit": "10",
-            "timeWindow": "1",
-            "timeUnits": "minute",
-            "guardActiveStart": "00:00:01-05:00",
-            "guardActiveEnd": "23:59:59-05:00"
-        }
-    }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Creating Decision vDNS Guard - Frequency Limiter policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "policyClass": "Decision",
-    "policyName": "com.vDNS_Frequency",
-    "policyDescription": "Limit vDNS Scale Up over time period",
-    "onapName": "PDPD",
-    "ruleProvider": "GUARD_YAML",
-    "attributes": {
-        "MATCHING": {
-            "actor": "SO",
-            "recipe": "scaleOut",
-            "targets": ".*",
-            "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
-            "limit": "1",
-            "timeWindow": "10",
-            "timeUnits": "minute",
-            "guardActiveStart": "00:00:01-05:00",
-            "guardActiveEnd": "23:59:59-05:00"
-        }
-    }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-sleep 2
-
-echo "Creating Decision vDNS Guard - Min/Max policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-    "policyClass": "Decision",
-    "policyName": "com.vDNS_MinMax",
-    "policyDescription": "Ensure number of instances within a range",
-    "onapName": "SampleDemo",
-    "ruleProvider": "GUARD_MIN_MAX",
-    "attributes": {
-        "MATCHING": {
-            "actor": "SO",
-            "recipe": "scaleOut",
-            "targets": ".*",
-            "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
-            "min": "1",
-            "max": "5",
-            "guardActiveStart": "00:00:01-05:00",
-            "guardActiveEnd": "23:59:59-05:00"
-        }
-    }
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
-
-#########################################Push Decision policy#########################################
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.AllPermitGuard",
-  "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.vDNS_Frequency",
-  "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "Push Decision policy"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.vDNS_MinMax",
-  "policyType": "DECISION"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing BRMS Param policies##########################################
-
-echo "Pushing BRMSParam Operational policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvFirewall"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.BRMSParamvFirewall",
-  "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvDNS"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.BRMSParamvDNS",
-  "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamVOLTE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.BRMSParamVOLTE",
-  "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvCPE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.BRMSParamvCPE",
-  "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamvPCI"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.BRMSParamvPCI",
-  "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 2
-
-echo "pushPolicy : PUT : com.BRMSParamCCVPN"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.BRMSParamCCVPN",
-  "policyType": "BRMS_Param"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing MicroService Config policies##########################################
-
-echo "Pushing MicroService Config policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : com.MicroServicevFirewall"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.MicroServicevFirewall",
-  "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevDNS"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.MicroServicevDNS",
-  "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevCPE"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.MicroServicevCPE",
-  "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing SDNC Naming Policies##########################################
-echo "Pushing SDNC Naming Policies"
-
-sleep 2
-
-echo "pushPolicy : PUT : SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP",
-  "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-#########################################Pushing OOF PCI Policies##########################################
-sleep 10
-
-echo "pushPolicy : PUT : com.MicroServicevPCI"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.MicroServicevPCI",
-  "policyType": "MicroService"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.PCIMS_CONFIG_POLICY"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.PCIMS_CONFIG_POLICY",
-  "policyType": "Base"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
-
-sleep 10
-
-echo "pushPolicy : PUT : com.OOF_PCI_CONFIG_POLICY"
-curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
-  "pdpGroup": "default",
-  "policyName": "com.OOF_PCI_CONFIG_POLICY",
-  "policyType": "Base"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'

diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml
index 7f96888..fec565f 100644 (file)
--- a/kubernetes/policy/templates/deployment.yaml
+++ b/kubernetes/policy/templates/deployment.yaml
@@ -96,9 +96,6 @@ spec:
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          - mountPath: /tmp/policy-install/config/push-policies.sh
-            name: pe-pap
-            subPath: push-policies.sh
           - mountPath: /tmp/policy-install/config/pap-tweaks.sh
             name: pe-pap
             subPath: pap-tweaks.sh

diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 3a2b1f1..f283d90 100644 (file)
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -67,7 +67,7 @@ secrets:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.2
+image: onap/policy-pe:1.6.3
 mariadb_image: library/mariadb:10
 pullPolicy: Always
 
@@ -137,6 +137,12 @@ service:
 
 ingress:
   enabled: false
+  service:
+    - baseaddr: "policy.api"
+      name: "pap"
+      port: 8443
+  config:
+    ssl: "redirect"
 
 mariadb-galera:
   # mariadb-galera.config and global.mariadb.config must be equals

diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
index 63348f0..aeef85e 100755 (executable)
--- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -115,13 +115,12 @@ external_system_notification_url= https://jira.onap.org/browse/
 #cookie domain
 cookie_domain = onap.org
 
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
 # External Central Auth system access
-remote_centralized_system_access = true
-{{- end }}
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file

diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
index 14bbd3c..af00b5f 100644 (file)
--- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
               -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
               /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
         env:
-          - name: _CATALINA_OPTS
+          - name: CATALINA_OPTS
             value: >
               -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
               -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"

diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml
index 2438827..8d18fd0 100644 (file)
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -37,7 +37,7 @@ pullPolicy: Always
 
 #AAF local config
 
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
 aafConfig:
   aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
@@ -121,7 +121,7 @@ messageRouter:
 ingress:
   enabled: false
   service:
-    - baseaddr: portalapp
+    - baseaddr: portal.api
       name: "portal-app"
       port: 8443
   config:

diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
index 063ba3d..45ea9b7 100755 (executable)
--- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
+++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
@@ -82,13 +82,12 @@ authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-co
 #cookie domain
 cookie_domain = onap.org
 
-{{- if .Values.global.aafEnabled }}
-# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = thiswillbereplacedatruntime
-ext_central_access_url = {{ .Values.aafURL }}/authz/
-ext_central_access_user_domain = @people.osaaf.org
-
 # External Central Auth system access
-remote_centralized_system_access = true
-{{- end }}
\ No newline at end of file
+remote_centralized_system_access = {{.Values.global.aafEnabled}}
+
+# External Access System Basic Auth Credentials & Rest endpoint
+# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
+ext_central_access_user_name = portal@portal.onap.org
+ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_url = {{.Values.aafURL}}
+ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file

diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
index 2de9a1b..b78ef34 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
@@ -60,7 +60,7 @@ spec:
         -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
         /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
         env:
-          - name: _CATALINA_OPTS
+          - name: CATALINA_OPTS
             value: >
               -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
               -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"

diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml
index 45af55f..0210441 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/values.yaml
+++ b/kubernetes/portal/charts/portal-sdk/values.yaml
@@ -37,7 +37,7 @@ image: onap/portal-sdk:3.2.0
 pullPolicy: Always
 
 #AAF local config
-aafURL: https://aaf-service:8100/
+aafURL: https://aaf-service:8100/authz/
 aafConfig:
   aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
@@ -115,7 +115,7 @@ messageRouter:
 ingress:
   enabled: false
   service:
-    - baseaddr: portalsdk
+    - baseaddr: portal-sdk
       name: "portal-sdk"
       port: 8443
   config:

diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml
index a40b27d..e0af28f 100644 (file)
--- a/kubernetes/sdc/charts/sdc-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-be/values.yaml
@@ -88,7 +88,7 @@ service:
 ingress:
   enabled: false
   service:
-    - baseaddr: "sdcbe"
+    - baseaddr: "sdc.api.be"
       name: "sdc-be"
       port: 8443
   config:

diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
index d1fe131..0dfed6a 100644 (file)
--- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
@@ -69,6 +69,12 @@ service:
 
 ingress:
   enabled: false
+  service:
+    - baseaddr: "sdc.dcae.plugin"
+      name: "sdc-dcae-be"
+      port: 8282
+  config:
+    ssl: "none"
 
 # Resource Limit flavor -By Default using small
 flavor: small

diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml
index f5d1956..e5d41eb 100644 (file)
--- a/kubernetes/sdc/charts/sdc-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/values.yaml
@@ -81,7 +81,7 @@ service:
 ingress:
   enabled: false
   service:
-    - baseaddr: "sdcfe"
+    - baseaddr: "sdc.api.fe"
       name: "sdc-fe"
       port: 9443
   config:

diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 21513eb..f0d70e2 100644 (file)
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -289,6 +289,15 @@ dgbuilder:
     name: sdnc-dgbuilder
     nodePort: "03"
 
+  ingress:
+    enabled: false
+    service:
+      - baseaddr: "sdnc-dgbuilder"
+        name: "sdnc-dgbuilder"
+        port: 3000
+    config:
+      ssl: "redirect"
+
 # local elasticsearch cluster
 localElasticCluster: true
 elasticsearch:
@@ -409,7 +418,7 @@ certpersistence:
 ingress:
   enabled: false
   service:
-    - baseaddr: "sdnc"
+    - baseaddr: "sdnc.api"
       name: "sdnc"
       port: 8443
   config:

diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 6cbfc74..feb0017 100755 (executable)
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -211,7 +211,7 @@ mariadb-galera:
 ingress:
   enabled: false
   service:
-    - baseaddr: "so"
+    - baseaddr: "so.api"
       name: "so"
       port: 8080
   config:

diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index ca45b68..47182d4 100644 (file)
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -65,7 +65,7 @@ service:
 ingress:
   enabled: false
   service:
-    - baseaddr: uui
+    - baseaddr: "uui.api"
       name: "uui"
       port: 8443
   config:

diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml
index ebac50b..04d7938 100644 (file)
--- a/kubernetes/vid/values.yaml
+++ b/kubernetes/vid/values.yaml
@@ -116,7 +116,7 @@ service:
 ingress:
   enabled: false
   service:
-       - baseaddr: "vid"
+       - baseaddr: "vid.api"
          name: "vid-http"
          port: 8080
   config: