To deploy all ONAP applications use this command::
> cd oom/kubernetes
- > helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900s
+ > helm deploy dev local/onap --namespace onap --create-namespace --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900s
All override files may be customized (or replaced by other overrides) as per
needs.
The Helm search command reads through all of the repositories configured on the
system, and looks for matches::
- > helm search -l
+ > helm search repo local
NAME VERSION DESCRIPTION
local/appc 2.0.0 Application Controller
local/clamp 2.0.0 ONAP Clamp
aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file'}
aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'}
aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'}
-aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'}
+aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
+aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'}
aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'}
clamp@clamp.onap.org|clamp|local|/opt/app/osaaf/local||mailto:|org.onap.clamp|root|30|{'clamp', 'clamp-onap', 'clamp.api.simpledemo.onap.org', 'clamp.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
+++ /dev/null
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="info" />
-
-</configuration>
\ No newline at end of file
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-[
- {
- "uri": "\/not\/allowed\/at\/all$",
- "permissions": [
- "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
- ]
- },
- {
- "uri": "\/one\/auth\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/multi\/auth\/required$",
- "permissions": [
- "test.auth.access.aMultipleAuth1",
- "test.auth.access.aMultipleAuth2",
- "test.auth.access.aMultipleAuth3"
- ]
- },
- {
- "uri": "\/one\/[^\/]+\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/services\/getAAFRequest$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/admin\/getAAFRequest$",
- "permissions": [
- "test.auth.access|admin|GET,PUT,POST"
- ]
- },
- {
- "uri": "\/service\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/services\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/$",
- "permissions": [
- "\\|services\\|GET",
- "test\\.auth\\.access\\|services\\|GET,PUT"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
- "permissions": [
- "test\\.auth\\.access\\|rest\\|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read",
- "test.auth.access|vservers|read"
- ]
- },
- {
- "uri": "\/backend$",
- "permissions": [
- "test\\.auth\\.access\\|services\\|GET,PUT",
- "\\|services\\|GET"
- ]
- },
- {
- "uri": "\/services\/babel-service\/.*",
- "permissions": [
- "org\\.access\\|\\*\\|\\*"
- ]
- }
-]
+++ /dev/null
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-# Configure AAF
-aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
+++ /dev/null
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="info" />
-
-</configuration>
+++ /dev/null
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 9516
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-transactionid.header.name=X-TransactionId
\ No newline at end of file
+++ /dev/null
-bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
-1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
-xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
-BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
-6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
-QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
-zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
-x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
-8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
-FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
-UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
-banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
-6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
-yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
-xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
-lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
-ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
-fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
-1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
-liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
-0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
-PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
-8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
-dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
--85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
-c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
-uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
-{{ end }}
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
-
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
volumes:
- name: localtime
hostPath:
emptyDir: {}
- name: aai-filebeat
emptyDir: {}
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
-{{ end }}
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
type: {{ .Values.service.type }}
ports:
- {{ if .Values.global.installSidecarSecurity }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.global.rproxy.port }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ else }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ end }}
+ {{- if eq .Values.service.type "NodePort" }}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else }}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end }}
+
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020, 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# Global configuration defaults.
#################################################################
-global:
- installSidecarSecurity: false
+global: {}
#################################################################
# Application configuration defaults.
+++ /dev/null
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="info" />
-
-</configuration>
\ No newline at end of file
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-[
- {
- "uri": "\/not\/allowed\/at\/all$",
- "permissions": [
- "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
- ]
- },
- {
- "uri": "\/one\/auth\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/multi\/auth\/required$",
- "permissions": [
- "test.auth.access.aMultipleAuth1",
- "test.auth.access.aMultipleAuth2",
- "test.auth.access.aMultipleAuth3"
- ]
- },
- {
- "uri": "\/one\/[^\/]+\/required$",
- "permissions": [
- "test.auth.access.aSimpleSingleAuth"
- ]
- },
- {
- "uri": "\/services\/getAAFRequest$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/admin\/getAAFRequest$",
- "permissions": [
- "test.auth.access|admin|GET,PUT,POST"
- ]
- },
- {
- "uri": "\/service\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/services\/aai\/webapp\/index.html$",
- "permissions": [
- "test.auth.access|services|GET,PUT"
- ]
- },
- {
- "uri": "\/$",
- "permissions": [
- "\\|services\\|GET",
- "test\\.auth\\.access\\|services\\|GET,PUT"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
- "permissions": [
- "test\\.auth\\.access\\|rest\\|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read"
- ]
- },
- {
- "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
- "permissions": [
- "test.auth.access|clouds|read",
- "test.auth.access|tenants|read",
- "test.auth.access|vservers|read"
- ]
- },
- {
- "uri": "\/backend$",
- "permissions": [
- "test\\.auth\\.access\\|services\\|GET,PUT",
- "\\|services\\|GET"
- ]
- },
- {
- "uri": "\/aai\/.*",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- },
- {
- "uri": "\/aai\/util\/echo",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- }
-]
+++ /dev/null
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
-cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
-cadi_alias=aai@aai.onap.org
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
+++ /dev/null
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="info">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="info" />
-
-</configuration>
+++ /dev/null
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 8447
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-transactionid.header.name=X-TransactionId
\ No newline at end of file
+++ /dev/null
-2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
-jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
-4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
-moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
-GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
-74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
-iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
-p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
-3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
-hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
-RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
-xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
-8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
-ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
-5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
-GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
-_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
-zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
-S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
-LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
-hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
-nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
-bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
-JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
-Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
-J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
-mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-keys
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-aai-policy-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-security-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
-{{ end }}
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
name: {{ include "common.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- if .Values.global.msbEnabled }}
+ {{ $values := .Values }}
msb.onap.org/service-info: '[
+ {{- range $api_endpoint := $values.aai_enpoints -}}
+ {{- range $api_version := $values.api_list }}
{
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v11",
- "url": "/aai/v11/cloud-infrastructure",
+ "serviceName": "_{{ $api_endpoint.name }}",
+ "version": "v{{ $api_version }}",
+ "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
"protocol": "REST",
"port": "8447",
"enable_ssl": true,
"lb_policy":"ip_hash",
"visualRange": "1",
- "path": "/aai/v11/cloud-infrastructure"
+ "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
},
{
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v12",
- "url": "/aai/v12/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v13",
- "url": "/aai/v13/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v14",
- "url": "/aai/v14/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v15",
- "url": "/aai/v15/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v16",
- "url": "/aai/v16/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v17",
- "url": "/aai/v17/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v18",
- "url": "/aai/v18/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-cloudInfrastructure",
- "version": "v19",
- "url": "/aai/v19/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/cloud-infrastructure"
- },
- {
- "serviceName": "_aai-business",
- "version": "v11",
- "url": "/aai/v11/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v12",
- "url": "/aai/v12/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v13",
- "url": "/aai/v13/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v14",
- "url": "/aai/v14/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v15",
- "url": "/aai/v15/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v16",
- "url": "/aai/v16/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v17",
- "url": "/aai/v17/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v18",
- "url": "/aai/v18/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/business"
- },
- {
- "serviceName": "_aai-business",
- "version": "v19",
- "url": "/aai/v19/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/business"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v11",
- "url": "/aai/v11/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v12",
- "url": "/aai/v12/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v13",
- "url": "/aai/v13/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v14",
- "url": "/aai/v14/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v15",
- "url": "/aai/v15/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v16",
- "url": "/aai/v16/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v17",
- "url": "/aai/v17/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v18",
- "url": "/aai/v18/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/actions"
- },
- {
- "serviceName": "_aai-actions",
- "version": "v19",
- "url": "/aai/v19/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/actions"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v11",
- "url": "/aai/v11/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v12",
- "url": "/aai/v12/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v13",
- "url": "/aai/v13/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v14",
- "url": "/aai/v14/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v15",
- "url": "/aai/v15/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v16",
- "url": "/aai/v16/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v17",
- "url": "/aai/v17/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v18",
- "url": "/aai/v18/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/service-design-and-creation"
- },
- {
- "serviceName": "_aai-service-design-and-creation",
- "version": "v19",
- "url": "/aai/v19/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/service-design-and-creation"
- },
- {
- "serviceName": "_aai-network",
- "version": "v11",
- "url": "/aai/v11/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v12",
- "url": "/aai/v12/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v13",
- "url": "/aai/v13/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v14",
- "url": "/aai/v14/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v15",
- "url": "/aai/v15/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v16",
- "url": "/aai/v16/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v17",
- "url": "/aai/v17/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v18",
- "url": "/aai/v18/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/network"
- },
- {
- "serviceName": "_aai-network",
- "version": "v19",
- "url": "/aai/v19/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/network"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v11",
- "url": "/aai/v11/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v12",
- "url": "/aai/v12/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v13",
- "url": "/aai/v13/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v14",
- "url": "/aai/v14/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v15",
- "url": "/aai/v15/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v16",
- "url": "/aai/v16/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v17",
- "url": "/aai/v17/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v18",
- "url": "/aai/v18/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/external-system"
- },
- {
- "serviceName": "_aai-externalSystem",
- "version": "v19",
- "url": "/aai/v19/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/external-system"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v11",
- "url": "/aai/v11/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v12",
- "url": "/aai/v12/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v13",
- "url": "/aai/v13/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v14",
- "url": "/aai/v14/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v15",
- "url": "/aai/v15/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v16",
- "url": "/aai/v16/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v17",
- "url": "/aai/v17/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v18",
- "url": "/aai/v18/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-cloudInfrastructure",
- "version": "v19",
- "url": "/aai/v19/cloud-infrastructure",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v11",
- "url": "/aai/v11/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v12",
- "url": "/aai/v12/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v13",
- "url": "/aai/v13/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v14",
- "url": "/aai/v14/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v15",
- "url": "/aai/v15/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v16",
- "url": "/aai/v16/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v17",
- "url": "/aai/v17/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v18",
- "url": "/aai/v18/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-business",
- "version": "v19",
- "url": "/aai/v19/business",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v11",
- "url": "/aai/v11/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v12",
- "url": "/aai/v12/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v13",
- "url": "/aai/v13/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v14",
- "url": "/aai/v14/actions",
+ "serviceName": "{{ $api_endpoint.name }}",
+ "version": "v{{ $api_version }}",
+ "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
"protocol": "REST",
"port": "8447",
"enable_ssl": true,
"lb_policy":"ip_hash",
"visualRange": "1"
},
- {
- "serviceName": "aai-actions",
- "version": "v15",
- "url": "/aai/v15/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v16",
- "url": "/aai/v16/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v17",
- "url": "/aai/v17/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v18",
- "url": "/aai/v18/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-actions",
- "version": "v19",
- "url": "/aai/v19/actions",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v11",
- "url": "/aai/v11/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v12",
- "url": "/aai/v12/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v13",
- "url": "/aai/v13/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v14",
- "url": "/aai/v14/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v15",
- "url": "/aai/v15/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v16",
- "url": "/aai/v16/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v17",
- "url": "/aai/v17/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v18",
- "url": "/aai/v18/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-service-design-and-creation",
- "version": "v19",
- "url": "/aai/v19/service-design-and-creation",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v11",
- "url": "/aai/v11/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v12",
- "url": "/aai/v12/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v13",
- "url": "/aai/v13/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v14",
- "url": "/aai/v14/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v15",
- "url": "/aai/v15/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v16",
- "url": "/aai/v16/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v17",
- "url": "/aai/v17/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v18",
- "url": "/aai/v18/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-network",
- "version": "v19",
- "url": "/aai/v19/network",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v11",
- "url": "/aai/v11/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v12",
- "url": "/aai/v12/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v13",
- "url": "/aai/v13/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v14",
- "url": "/aai/v14/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v15",
- "url": "/aai/v15/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v16",
- "url": "/aai/v16/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v17",
- "url": "/aai/v17/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v18",
- "url": "/aai/v18/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-externalSystem",
- "version": "v19",
- "url": "/aai/v19/external-system",
- "protocol": "REST",
- "port": "8447",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- }
+ {{- end }}
+ {{- end }}
]'
+ {{- end }}
spec:
hostname: aai-resources
- {{- if .Values.global.initContainers.enabled }}
- {{- if .Values.global.installSidecarSecurity }}
- hostAliases:
- - ip: {{ .Values.global.aaf.serverIp }}
- hostnames:
- - {{ .Values.global.aaf.serverHostname }}
- {{- end }}
initContainers:
- command:
{{- if .Values.global.jobs.migration.enabled }}
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-migration
- {{- else if .Values.global.jobs.createSchema.enabled }}
+ {{- else }}
+ {{- if .Values.global.jobs.createSchema.enabled }}
- /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-create-db-schema
- {{- else }}
+ {{- else }}
- /app/ready.py
args:
- --container-name
- {{- if .Values.global.cassandra.localCluster }}
+ {{- if .Values.global.cassandra.localCluster }}
- aai-cassandra
- {{- else }}
+ {{- else }}
- cassandra
- {{- end }}
+ {{- end }}
- --container-name
- aai-schema-service
- {{- end }}
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
{{- end }}
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-config
subPath: realm.properties
- {{- if .Values.global.installSidecarSecurity }}
- - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
- name: {{ include "common.fullname" . }}-aai-policy
- subPath: aai_policy.json
- {{- end }}
- mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.keyfile
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.sidecar.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
- subPath: aaf_truststore.jks
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
- subPath: org.onap.aai.p12
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.sidecar.keyStorePassword }}
- - name: TRUST_STORE_PASSWORD
- value: {{ .Values.sidecar.trustStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
- subPath: fproxy_truststore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{- end }}
volumes:
- name: aai-common-aai-auth-mount
secret:
- key: {{ . }}
path: {{ . }}
{{- end }}
- {{- if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-aai-policy
- configMap:
- name: {{ include "common.fullname" . }}-aai-policy-configmap
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-fproxy-auth-config
- {{- end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-keys
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
\ No newline at end of file
spec:
type: {{ .Values.service.type }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
+ {{ if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
name: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#Override it to aai-cassandra if localCluster is enabled.
serviceName: cassandra
- rproxy:
- name: reverse-proxy
-
initContainers:
enabled: true
realtime:
clients: SDNC,MSO,SO,robot-ete
+api_list:
+ - 11
+ - 12
+ - 13
+ - 14
+ - 15
+ - 16
+ - 17
+ - 18
+ - 19
+
+aai_enpoints:
+ - name: aai-cloudInfrastructure
+ url: cloud-infrastructure
+ - name: aai-business
+ url: business
+ - name: aai-actions
+ url: actions
+ - name: aai-service-design-and-creation
+ url: service-design-and-creation
+ - name: aai-network
+ url: network
+ - name: aai-externalSystem
+ url: external-system
+
# application image
image: onap/aai-resources:1.7.2
pullPolicy: Always
+++ /dev/null
-credential.cache.timeout.ms=180000
-transactionid.header.name=X-TransactionId
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/AAF-FPS" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="debug">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </logger>
-
-</configuration>
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-[
- {
- "uri": "\/services\/search-data-service\/.*",
- "method": "GET|PUT|POST|DELETE",
- "permissions": [
- "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
- ]
- }
-
-
-]
+++ /dev/null
-{{/*
-# This is a normal Java Properties File
-# Comments are with Pound Signs at beginning of lines,
-# and multi-line expression of properties can be obtained by backslash at end of line
-
-#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
-#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
-#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
-#to your hosts file on your machine.
-#hostname=test.aic.cip.att.com
-*/}}
-
-cadi_loglevel=DEBUG
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-cadi_keyfile=/opt/app/rproxy/config/security/keyfile
-cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
-cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
-cadi_alias=aai@aai.onap.org
-cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
-cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
-
-aaf_env=DEV
-
-aaf_id=demo@people.osaaf.org
-aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
-
-# This is a colon separated list of client cert issuers
-cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
+++ /dev/null
-forward-proxy.protocol = https
-forward-proxy.host = localhost
-forward-proxy.port = 10680
-forward-proxy.cacheurl = /credential-cache
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <property name="LOGS" value="./logs/reverse-proxy" />
- <property name="FILEPREFIX" value="application" />
-
- <appender name="Console"
- class="ch.qos.logback.core.ConsoleAppender">
- <layout class="ch.qos.logback.classic.PatternLayout">
- <Pattern>
- %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
- </Pattern>
- </layout>
- </appender>
-
- <appender name="RollingFile"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${LOGS}/${FILEPREFIX}.log</file>
- <encoder
- class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
- </encoder>
-
- <rollingPolicy
- class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <!-- rollover daily and when the file reaches 10 MegaBytes -->
- <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
- </fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- </rollingPolicy>
- </appender>
-
- <!-- LOG everything at INFO level -->
- <root level="debug">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </root>
-
- <!-- LOG "com.baeldung*" at TRACE level -->
- <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
- <appender-ref ref="RollingFile" />
- <appender-ref ref="Console" />
- </logger>
-
-</configuration>
+++ /dev/null
-primary-service.protocol = https
-primary-service.host = localhost
-primary-service.port = 9509
+++ /dev/null
-Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
+++ /dev/null
-transactionid.header.name=X-TransactionId
\ No newline at end of file
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
-{{ end }}
-
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2020,2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- {{ if .Values.global.installSidecarSecurity }}
- initContainers:
- - name: {{ .Values.global.tproxyConfig.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- privileged: true
- {{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
name: {{ include "common.fullname" . }}-service-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-service-filebeat
-
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ .Values.global.rproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/rproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.rproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/forward-proxy.properties
- subPath: forward-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/primary-service.properties
- subPath: primary-service.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/reverse-proxy.properties
- subPath: reverse-proxy.properties
- - name: {{ include "common.fullname" . }}-rproxy-config
- mountPath: /opt/app/rproxy/config/cadi.properties
- subPath: cadi.properties
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- mountPath: /opt/app/rproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
- subPath: uri-authorization.json
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
- subPath: org.onap.aai.p12
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- mountPath: /opt/app/rproxy/config/security/keyfile
- subPath: keyfile
-
- ports:
- - containerPort: {{ .Values.global.rproxy.port }}
-
- - name: {{ .Values.global.fproxy.name }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CONFIG_HOME
- value: "/opt/app/fproxy/config"
- - name: KEY_STORE_PASSWORD
- value: {{ .Values.config.keyStorePassword }}
- - name: TRUST_STORE_PASSWORD
- value: {{ .Values.config.trustStorePassword }}
- - name: spring_profiles_active
- value: {{ .Values.global.fproxy.activeSpringProfiles }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-fproxy-config
- mountPath: /opt/app/fproxy/config/fproxy.properties
- subPath: fproxy.properties
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- mountPath: /opt/app/fproxy/config/logback-spring.xml
- subPath: logback-spring.xml
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
- subPath: fproxy_truststore
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
- subPath: tomcat_keystore
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- mountPath: /opt/app/fproxy/config/auth/client-cert.p12
- subPath: client-cert.p12
- ports:
- - containerPort: {{ .Values.global.fproxy.port }}
- {{ end }}
-
volumes:
- name: localtime
hostPath:
- name: {{ include "common.fullname" . }}-service-log-conf
configMap:
name: {{ include "common.fullname" . }}-service-log
- {{ if .Values.global.installSidecarSecurity }}
- - name: {{ include "common.fullname" . }}-rproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-config
- - name: {{ include "common.fullname" . }}-rproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-log-config
- - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- configMap:
- name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-config
- secret:
- secretName: {{ include "common.fullname" . }}-rproxy-auth-config
- - name: {{ include "common.fullname" . }}-rproxy-auth-certs
- secret:
- secretName: aai-rproxy-auth-certs
- - name: {{ include "common.fullname" . }}-rproxy-security-config
- secret:
- secretName: aai-rproxy-security-config
- - name: {{ include "common.fullname" . }}-fproxy-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-config
- - name: {{ include "common.fullname" . }}-fproxy-log-config
- configMap:
- name: {{ include "common.fullname" . }}-fproxy-log-config
- - name: {{ include "common.fullname" . }}-fproxy-auth-certs
- secret:
- secretName: aai-fproxy-auth-certs
- {{ end }}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }}
-
-{{ if .Values.global.installSidecarSecurity }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-rproxy-auth-config
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
-{{ end }}
-
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
type: {{ .Values.service.type }}
ports:
-{{ if .Values.global.installSidecarSecurity }}
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.global.rproxy.port }}
- name: {{ .Values.service.portName }}
- {{- end}}
- {{ else }}
-
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
-{{ end }}
+ {{- if eq .Values.service.type "NodePort" }}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else }}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
service:
type: ClusterIP
portName: aai-search-data
- internalPort: 9509
+ internalPort: "9509"
ingress:
enabled: false
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
name: {{ include "common.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- if .Values.global.msbEnabled }}
+ {{ $values := .Values }}
msb.onap.org/service-info: '[
+ {{- range $api_endpoint := $values.aai_enpoints -}}
+ {{- range $api_version := $values.api_list }}
{
- "serviceName": "_aai-generic-query",
- "version": "v11",
- "url": "/aai/v11/search/generic-query",
+ "serviceName": "_{{ $api_endpoint.name }}",
+ "version": "v{{ $api_version }}",
+ "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
"protocol": "REST",
"port": "8446",
"enable_ssl": true,
"lb_policy":"ip_hash",
"visualRange": "1",
- "path": "/aai/v11/search/generic-query"
+ "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}"
},
{
- "serviceName": "_aai-generic-query",
- "version": "v12",
- "url": "/aai/v12/search/generic-query",
+ "serviceName": "{{ $api_endpoint.name }}",
+ "version": "v{{ $api_version }}",
+ "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}",
"protocol": "REST",
"port": "8446",
"enable_ssl": true,
"lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v13",
- "url": "/aai/v13/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v14",
- "url": "/aai/v14/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v15",
- "url": "/aai/v15/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v16",
- "url": "/aai/v16/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v17",
- "url": "/aai/v17/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v18",
- "url": "/aai/v18/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/search/generic-query"
- },
- {
- "serviceName": "_aai-generic-query",
- "version": "v19",
- "url": "/aai/v19/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/search/generic-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v11",
- "url": "/aai/v11/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v12",
- "url": "/aai/v12/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v13",
- "url": "/aai/v13/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v14",
- "url": "/aai/v14/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v15",
- "url": "/aai/v15/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v16",
- "url": "/aai/v16/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v17",
- "url": "/aai/v17/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v18",
- "url": "/aai/v18/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/search/nodes-query"
- },
- {
- "serviceName": "_aai-nodes-query",
- "version": "v19",
- "url": "/aai/v19/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/search/nodes-query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v11",
- "url": "/aai/v11/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v11/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v12",
- "url": "/aai/v12/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v12/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v13",
- "url": "/aai/v13/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v13/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v14",
- "url": "/aai/v14/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v14/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v15",
- "url": "/aai/v15/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v15/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v16",
- "url": "/aai/v16/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v16/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v17",
- "url": "/aai/v17/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v17/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v18",
- "url": "/aai/v18/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v18/query"
- },
- {
- "serviceName": "_aai-query",
- "version": "v19",
- "url": "/aai/v19/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1",
- "path": "/aai/v19/query"
+ "visualRange": "1"
},
+ {{- end }}
+ {{- end }}
{
"serviceName": "_aai-named-query",
"url": "/aai/search",
"visualRange": "1",
"path": "/aai/search"
},
- {
- "serviceName": "aai-generic-query",
- "version": "v11",
- "url": "/aai/v11/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v12",
- "url": "/aai/v12/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v13",
- "url": "/aai/v13/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v14",
- "url": "/aai/v14/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v15",
- "url": "/aai/v15/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v16",
- "url": "/aai/v16/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v17",
- "url": "/aai/v17/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v18",
- "url": "/aai/v18/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-generic-query",
- "version": "v19",
- "url": "/aai/v19/search/generic-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v11",
- "url": "/aai/v11/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v12",
- "url": "/aai/v12/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v13",
- "url": "/aai/v13/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v14",
- "url": "/aai/v14/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v15",
- "url": "/aai/v15/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v16",
- "url": "/aai/v16/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v17",
- "url": "/aai/v17/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v18",
- "url": "/aai/v18/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-nodes-query",
- "version": "v19",
- "url": "/aai/v19/search/nodes-query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v11",
- "url": "/aai/v11/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v12",
- "url": "/aai/v12/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v13",
- "url": "/aai/v13/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v14",
- "url": "/aai/v14/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v15",
- "url": "/aai/v15/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v16",
- "url": "/aai/v16/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v17",
- "url": "/aai/v17/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v18",
- "url": "/aai/v18/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
- {
- "serviceName": "aai-query",
- "version": "v19",
- "url": "/aai/v19/query",
- "protocol": "REST",
- "port": "8446",
- "enable_ssl": true,
- "lb_policy":"ip_hash",
- "visualRange": "1"
- },
{
"serviceName": "aai-named-query",
"url": "/aai/search",
"visualRange": "1"
}
]'
+ {{- end }}
spec:
hostname: aai-traversal
{{ if .Values.global.initContainers.enabled }}
{{- end }}
- --container-name
- aai-schema-service
- {{ end }}
+ {{ end }}
env:
- name: NAMESPACE
valueFrom:
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
restartPolicy: Always
flavor: small
flavorOverride: small
+
+api_list:
+ - 11
+ - 12
+ - 13
+ - 14
+ - 15
+ - 16
+ - 17
+ - 18
+ - 19
+
+aai_enpoints:
+ - name: aai-generic-query
+ url: search/generic-query
+ - name: aai-nodes-query
+ url: search/nodes-query
+ - name: aai-nquery
+ url: query
+
# application configuration
config:
# be published independently to a repo (at this point)
repository: '@local'
condition: global.cassandra.localCluster
+ - name: certInitializer
+ version: ~7.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~7.x-0
repository: '@local'
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFKzCCBBOgAwIBAgIILW/fiLbps3kwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTIwMDMxNzIwMjg1NloXDTIxMDMxNzIwMjg1Nlow
-WTEMMAoGA1UEAwwDYWFpMR0wGwYDVQQLDBRhYWlAYWFpLm9uYXAub3JnOkRFVjEO
-MAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAov4ddmOzRCWAU/sx2Q9kcYZZ0r/x
-agqwDBcmlS2OP0MAou/f/xY2gzE2ugXXGGEXG6PCUx4YEHGeRxyezEQ/+c+kSjFe
-0FTUa8Z1Ojad3VDsJfjfZ1994NpV99KTrrw1Twq9Ei7dpkypUA8kZxEjg7eM11TU
-F4jS6x5NEyVsxih5uJjIF7ErGwimSEKsympcsXezYgG9Z/VPBpZWmYlYl5MWjzT6
-F0FgGfSbajWauMifEPajmvn8ZXn6Lyx0RCI25+BCcOhS6UvYXFX+jE/uOoEbKgwz
-11tIdryEFrXiLVfD01uhacx02YCrzj1u53RWiD6bCPyatKo1hQsf+aDkEQIDAQAB
-o4ICBzCCAgMwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBeAwIAYDVR0lAQH/BBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1UdIwRNMEuAFIH3mVsQuciM3vNSXupO
-aaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkG
-A1UEBhMCVVOCAQcwHQYDVR0OBBYEFP94WTftXhHcz93nBT6jIdMe6h+6MIIBTQYD
-VR0RBIIBRDCCAUCBH21hcmsuZC5tYW5hZ2VyQHBlb3BsZS5vc2FhZi5jb22CA2Fh
-aYIUYWFpLXNlYXJjaC1kYXRhLm9uYXCCEmFhaS1zcGFya3ktYmUub25hcIIbYWFp
-LmFwaS5zaW1wbGVkZW1vLm9uYXAub3JngiVhYWkuZWxhc3RpY3NlYXJjaC5zaW1w
-bGVkZW1vLm9uYXAub3JngiVhYWkuZ3JlbWxpbnNlcnZlci5zaW1wbGVkZW1vLm9u
-YXAub3Jngh1hYWkuaGJhc2Uuc2ltcGxlZGVtby5vbmFwLm9yZ4IIYWFpLm9uYXCC
-JWFhaS5zZWFyY2hzZXJ2aWNlLnNpbXBsZWRlbW8ub25hcC5vcmeCF2FhaS5zaW1w
-bGVkZW1vLm9uYXAub3JnghphYWkudWkuc2ltcGxlZGVtby5vbmFwLm9yZzANBgkq
-hkiG9w0BAQsFAAOCAQEAVigPPsYd8yscW+U6zpffBc5S6Mg2DQD/gikB0uF//lIq
-oa5qTI3yB0wPoRKmxpeEZiJYDkBs3App2sPM2fPb9GGmGncCLkprqTflM2Y4yxX4
-k/a7w8vEwMoCrBgxEdmniAj9TirsISyLqBIXoGT7WtaXBLZarYhJ4P7TplhyWuwe
-sV6jxkZLIRLj31ihf32adFIhPZQKxaHbbFnyEylLTdPuZGy3nvdmjajZuomOFF8h
-HhDIouSJAtgkuWVsMiX6iR1qG9//6ymnZMvUyDGr8bkZURhMqesAejwP4aKxqDZg
-B0uVjapQTJH4ES0M+2PoY9gP8uh0dc3TusOs1QYJiA==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
-Bag Attributes
- friendlyName: aai@aai.onap.org
- localKeyID: 54 69 6D 65 20 31 35 38 34 34 37 36 39 33 36 35 31 35
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCi/h12Y7NEJYBT
-+zHZD2RxhlnSv/FqCrAMFyaVLY4/QwCi79//FjaDMTa6BdcYYRcbo8JTHhgQcZ5H
-HJ7MRD/5z6RKMV7QVNRrxnU6Np3dUOwl+N9nX33g2lX30pOuvDVPCr0SLt2mTKlQ
-DyRnESODt4zXVNQXiNLrHk0TJWzGKHm4mMgXsSsbCKZIQqzKalyxd7NiAb1n9U8G
-llaZiViXkxaPNPoXQWAZ9JtqNZq4yJ8Q9qOa+fxlefovLHREIjbn4EJw6FLpS9hc
-Vf6MT+46gRsqDDPXW0h2vIQWteItV8PTW6FpzHTZgKvOPW7ndFaIPpsI/Jq0qjWF
-Cx/5oOQRAgMBAAECggEAVYWGSf9IKYKP0gDkh+LmrhZzfPxPnHddJgrjqLSNha4P
-YG8CliK+mZmyAGteECGpcUw8g0YwFDi5dtCSldVdyCLmLjO3bxKDnsUz70aHEIAM
-WGQ8PE5Diz6kivMHoFCKnB2jVS4YCNECqco4LIg2nT8q/DU7T9nv6YQtptUlPNdY
-OmJRXfUfcBSUINqVi/VbEjHtbZqc6dgvaRNEF0CYtqHm7P51BXGa3pH+6drL+U+a
-o3T4yHrEsDKUaQzJZoiJneexwN91x42gcyHzg30UZVgCP+9Zt2GQWXqpENNZjGlI
-bwzouvBj266ViBNbuu3tar58MASOCnCKGA0Jrs3P3QKBgQD0ENenvzaqNzV0A47x
-+RI76DM2eorY2dxh+4txAt1pXlkbMZuWXjs1ysBPYaGHZRitiCFcaSwdP2T0oCET
-ojYEU97bJkKlcuw2scAqznSi7U0uSaStwaWzEviGTsQ51MKghRESMfpt3BxZqyi0
-BV+fPeRk3l3xaw1AuZQ/JTn0qwKBgQCq9msPcbRzKvsmfsAVvjKAodzl6EaM+PcF
-YLnJLurjCtdyjj1lRaCBg9bRbaRbt9YPg4VA5oMYm2SuwbJQQHjqaeN+SpnV8GGc
-nPsZgoSlfZrnLovyGgC3muiA3uSPREZWUlp+IE8qlQ8VztSWkNyxNej4nhxk2UTH
-DOE2ZmNyMwKBgFD+yeKkZUrFuZp/l8+bfb6dx2kb77oZSrbFmLfvYHUYV2/b3atg
-KDwoxftSBh39odvs4k1dpcMrB6DbBz8RxOVYxAtsPg/T/KoGASTzkOeE4ukqjVkQ
-e6Ha+NjxiNM8VT6aCllEdrxAoLPtRju/0MTy8Dm9ReXZRfOl4pm2C+6zAoGAY2D6
-uu+NxaSmeaoUXo9BLCTrE3oCCNBwR2ACnz/2qiQTOTQV3FitBJxusy7Y67fhZwM8
-4o0ch6FM1Yki7iOMJjeHVlJnOkWReEiIbjvAf7KT6O7VytXytMgHf2IR2nYFrQgS
-Ml71pfsf2b1xNlTe9OQxmNPQDY9+u3ZxM/4wsKECgYBPvlYMaZNIOLFf7VXzUYGG
-rkXMpbLgLvIHvhF+4nsvspPVSqPeWjh2KMee3tMamy93H4R66G/KfoQw02JuZH+N
-HbGnnpyLa2jGjY0NkXEo08o2wsqv2QFtT/SFRoDLkah8rwZUwpxIg0akgrwwTslO
-rzAazDQvlb0itUxgU4qgqw==
------END PRIVATE KEY-----
frontend IST_8443
mode http
- bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+ bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
option httplog
frontend IST_8443
mode http
- bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+ bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
option httplog
{{ else }}
{{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }}
{{ end }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: aai-haproxy-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/haproxy/aai.pem").AsSecrets . | indent 2 }}
-# This is a shared key for both resources and traversal
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: aai-auth-truststore-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
-
{{ if .Values.global.installSidecarSecurity }}
---
apiVersion: v1
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- /app/ready.py
args:
subPath: haproxy.cfg
{{ end }}
name: haproxy-cfg
- - mountPath: /etc/ssl/private/aai.pem
- name: aai-pem
- subPath: aai.pem
+ {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
- name: haproxy-cfg
configMap:
name: aai-deployment-configmap
- - name: aai-pem
- secret:
- secretName: aai-haproxy-secret
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright (c) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
restartPolicy: Always
- installSidecarSecurity: false
aafEnabled: true
-
- fproxy:
- name: forward-proxy
- activeSpringProfiles: noHostVerification,cadi
- image: onap/fproxy:2.1.13
- port: 10680
-
- rproxy:
- name: reverse-proxy
- activeSpringProfiles: noHostVerification,cadi
- image: onap/rproxy:2.1.13
- port: 10692
-
- tproxyConfig:
- name: init-tproxy-config
- image: onap/tproxy-config:2.1.13
-
- # AAF server details. Only needed if the AAF DNS does not resolve from the pod
- aaf:
- serverIp: 10.12.6.214
- serverHostname: aaf.osaaf.org
- serverPort: 30247
+ msbEnabled: true
cassandra:
#This will instantiate AAI cassandra cluster, default:shared cassandra.
# since when this is enabled, it prints a lot of information to console
enabled: false
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: "aai"
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: "org.onap.aai"
+ fqi: "aai@aai.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** retrieving passwords from AAF"
+ /opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+ export $(grep '^c' {{ .Values.credsPath }}/mycreds.prop | xargs -0)
+ echo "*** transform AAF certs into pem files"
+ mkdir -p {{ .Values.credsPath }}/certs
+ keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
+ -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
+ -alias ca_local_0 \
+ -storepass $cadi_truststore_password
+ openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+ -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
+ -passin pass:$cadi_keystore_password_p12 \
+ -passout pass:$cadi_keystore_password_p12
+ echo "*** generating needed file"
+ cat {{ .Values.credsPath }}/certs/cert.pem \
+ {{ .Values.credsPath }}/certs/cacert.pem \
+ {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
+ > {{ .Values.credsPath }}/certs/fullchain.pem;
+ chown 1001 {{ .Values.credsPath }}/certs/*
+
# application image
dockerhubRepository: registry.hub.docker.com
image: aaionap/haproxy:1.4.2
cpu: 2
memory: 2Gi
unlimited: {}
-
--- /dev/null
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+name: certManagerCertificate
+description: A Helm chart for Cert-Manager Certificate CRD template
+version: 7.0.0
--- /dev/null
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~7.x-0
+ repository: 'file://../common'
--- /dev/null
+{{/*#
+# Copyright © 2020-2021, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.*/}}
+
+{{/*
+# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
+#
+# To request a certificate following steps are to be done:
+# - create an object 'certificates' in the values.yaml
+# - create a file templates/certificates.yaml and invoke the function "certManagerCertificate.certificate".
+#
+# Here is an example of the certificate request for a component:
+#
+# Directory structure:
+# component
+# templates
+# certifictes.yaml
+# values.yaml
+#
+# To be added in the file certificates.yamll
+#
+# To be added in the file values.yaml
+# 1. Minimal version (certificates only in PEM format)
+# certificates:
+# - commonName: component.onap.org
+#
+# 2. Extended version (with defined own issuer and additional certificate format):
+# certificates:
+# - name: onap-component-certificate
+# secretName: onap-component-certificate
+# commonName: component.onap.org
+# dnsNames:
+# - component.onap.org
+# issuer:
+# group: certmanager.onap.org
+# kind: CMPv2Issuer
+# name: cmpv2-issuer-for-the-component
+# keystore:
+# outputType:
+# - p12
+# - jks
+# passwordSecretRef:
+# name: secret-name
+# key: secret-key
+#
+# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
+# Other mandatory fields for the certificate definition do not have to be defined directly,
+# in that case they will be taken from default values.
+#
+# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
+# and can be overriden during onap installation process.
+#
+*/}}
+
+{{- define "certManagerCertificate.certificate" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+
+{{- $certificates := $dot.Values.certificates -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global }}
+
+{{ range $i, $certificate := $certificates }}
+{{/*# General certifiacate attributes #*/}}
+{{- $name := include "common.fullname" $dot -}}
+{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}}
+{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
+{{- $renewBefore := default $subchartGlobal.certificate.default.renewBefore $certificate.renewBefore -}}
+{{- $duration := default $subchartGlobal.certificate.default.duration $certificate.duration -}}
+{{- $namespace := $dot.Release.Namespace -}}
+{{/*# SAN's #*/}}
+{{- $dnsNames := $certificate.dnsNames -}}
+{{- $ipAddresses := $certificate.ipAddresses -}}
+{{- $uris := $certificate.uris -}}
+{{- $emailAddresses := $certificate.emailAddresses -}}
+{{/*# Subject #*/}}
+{{- $subject := $subchartGlobal.certificate.default.subject -}}
+{{- if $certificate.subject -}}
+{{- $subject = $certificate.subject -}}
+{{- end -}}
+{{/*# Issuer #*/}}
+{{- $issuer := $subchartGlobal.certificate.default.issuer -}}
+{{- if $certificate.issuer -}}
+{{- $issuer = $certificate.issuer -}}
+{{- end -}}
+---
+{{- if $certificate.keystore }}
+ {{- $passwordSecretRef := $certificate.keystore.passwordSecretRef -}}
+ {{- $password := include "common.createPassword" (dict "dot" $dot "uid" $certName) | quote }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $passwordSecretRef.name }}
+ namespace: {{ $namespace }}
+type: Opaque
+stringData:
+ {{ $passwordSecretRef.key }}: {{ $password }}
+{{- end }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: {{ $certName }}
+ namespace: {{ $namespace }}
+spec:
+ secretName: {{ $secretName }}
+ commonName: {{ $commonName }}
+ renewBefore: {{ $renewBefore }}
+ {{- if $duration }}
+ duration: {{ $duration }}
+ {{- end }}
+ subject:
+ organizations:
+ - {{ $subject.organization }}
+ countries:
+ - {{ $subject.country }}
+ localities:
+ - {{ $subject.locality }}
+ provinces:
+ - {{ $subject.province }}
+ organizationalUnits:
+ - {{ $subject.organizationalUnit }}
+ {{- if $dnsNames }}
+ dnsNames:
+ {{- range $dnsName := $dnsNames }}
+ - {{ $dnsName }}
+ {{- end }}
+ {{- end }}
+ {{- if $ipAddresses }}
+ ipAddresses:
+ {{- range $ipAddress := $ipAddresses }}
+ - {{ $ipAddress }}
+ {{- end }}
+ {{- end }}
+ {{- if $uris }}
+ uris:
+ {{- range $uri := $uris }}
+ - {{ $uri }}
+ {{- end }}
+ {{- end }}
+ {{- if $emailAddresses }}
+ emailAddresses:
+ {{- range $emailAddress := $emailAddresses }}
+ - {{ $emailAddress }}
+ {{- end }}
+ {{- end }}
+ issuerRef:
+ group: {{ $issuer.group }}
+ kind: {{ $issuer.kind }}
+ name: {{ $issuer.name }}
+ {{- if $certificate.keystore }}
+ keystores:
+ {{- range $outputType := $certificate.keystore.outputType }}
+ {{- if eq $outputType "p12" }}
+ {{- $outputType = "pkcs12" }}
+ {{- end }}
+ {{ $outputType }}:
+ create: true
+ passwordSecretRef:
+ name: {{ $certificate.keystore.passwordSecretRef.name }}
+ key: {{ $certificate.keystore.passwordSecretRef.key }}
+ {{- end }}
+ {{- end }}
+{{ end }}
+{{- end -}}
+
+{{- define "common.certManager.volumeMounts" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+ {{- range $i, $certificate := $dot.Values.certificates -}}
+ {{- $mountPath := $certificate.mountPath -}}
+- mountPath: {{ $mountPath }}
+ name: certmanager-certs-volume-{{ $i }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certManager.volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- $certificates := $dot.Values.certificates -}}
+ {{- range $i, $certificate := $certificates -}}
+ {{- $name := include "common.fullname" $dot -}}
+ {{- $certificatesSecretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+- name: certmanager-certs-volume-{{ $i }}
+ projected:
+ sources:
+ - secret:
+ name: {{ $certificatesSecretName }}
+ {{- if $certificate.keystore }}
+ items:
+ {{- range $outputType := $certificate.keystore.outputType }}
+ - key: keystore.{{ $outputType }}
+ path: keystore.{{ $outputType }}
+ - key: truststore.{{ $outputType }}
+ path: truststore.{{ $outputType }}
+ {{- end }}
+ - secret:
+ name: {{ $certificate.keystore.passwordSecretRef.name }}
+ items:
+ - key: {{ $certificate.keystore.passwordSecretRef.key }}
+ path: keystore.pass
+ - key: {{ $certificate.keystore.passwordSecretRef.key }}
+ path: truststore.pass
+ {{- end }}
+ {{- end -}}
+{{- end -}}
--- /dev/null
+# Copyright © 2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+global:
+# default values for certificates
+ certificate:
+ default:
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
+++ /dev/null
-{{/*#
-# Copyright © 2020, Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.*/}}
-
-{{/*
-# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
-#
-# To request a certificate following steps are to be done:
-# - create an object 'certificates' in the values.yaml
-# - create a file templates/certificates.yaml and invoke the function "commom.certificate".
-#
-# Here is an example of the certificate request for a component:
-#
-# Directory structure:
-# component
-# templates
-# certifictes.yaml
-# values.yaml
-#
-# To be added in the file certificates.yamll
-#
-# To be added in the file values.yaml
-# 1. Minimal version (certificates only in PEM format)
-# certificates:
-# - commonName: component.onap.org
-#
-# 2. Extended version (with defined own issuer and additional certificate format):
-# certificates:
-# - name: onap-component-certificate
-# secretName: onap-component-certificate
-# commonName: component.onap.org
-# dnsNames:
-# - component.onap.org
-# issuer:
-# group: certmanager.onap.org
-# kind: CMPv2Issuer
-# name: cmpv2-issuer-for-the-component
-# p12Keystore:
-# create: true
-# passwordSecretRef:
-# name: secret-name
-# key: secret-key
-# jksKeystore:
-# create: true
-# passwordSecretRef:
-# name: secret-name
-# key: secret-key
-#
-# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
-# Other mandatory fields for the certificate definition do not have to be defined directly,
-# in that case they will be taken from default values.
-#
-# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
-# and can be overriden during onap installation process.
-#
-*/}}
-
-{{- define "common.certificate" -}}
-{{- $dot := default . .dot -}}
-{{- $certificates := $dot.Values.certificates -}}
-
-{{ range $i, $certificate := $certificates }}
-{{/*# General certifiacate attributes #*/}}
-{{- $name := include "common.fullname" $dot -}}
-{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}}
-{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
-{{- $commonName := default $dot.Values.global.certificate.default.commonName $certificate.commonName -}}
-{{- $renewBefore := default $dot.Values.global.certificate.default.renewBefore $certificate.renewBefore -}}
-{{- $duration := $certificate.duration -}}
-{{- $namespace := default $dot.Release.Namespace $dot.Values.global.certificate.default.namespace -}}
-{{- if $certificate.namespace -}}
-{{- $namespace = default $namespace $certificate.namespace -}}
-{{- end -}}
-{{/*# SAN's #*/}}
-{{- $dnsNames := default $dot.Values.global.certificate.default.dnsNames $certificate.dnsNames -}}
-{{- $ipAddresses := default $dot.Values.global.certificate.default.ipAddresses $certificate.ipAddresses -}}
-{{- $uris := default $dot.Values.global.certificate.default.uris $certificate.uris -}}
-{{- $emailAddresses := default $dot.Values.global.certificate.default.emailAddresses $certificate.emailAddresses -}}
-{{/*# Subject #*/}}
-{{- $subject := $dot.Values.global.certificate.default.subject -}}
-{{- if $certificate.subject -}}
-{{- $subject = mergeOverwrite $subject $certificate.subject -}}
-{{- end -}}
-{{/*# Issuer #*/}}
-{{- $issuer := $dot.Values.global.certificate.default.issuer -}}
-{{- if $certificate.issuer -}}
-{{- $issuer = mergeOverwrite $issuer $certificate.issuer -}}
-{{- end -}}
-{{/*# Keystores #*/}}
-{{- $createJksKeystore := $dot.Values.global.certificate.default.jksKeystore.create -}}
-{{- $jksKeystorePasswordSecretName := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.name -}}
-{{- $jksKeystorePasswordSecreKey := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.key -}}
-{{- $createP12Keystore := $dot.Values.global.certificate.default.p12Keystore.create -}}
-{{- $p12KeystorePasswordSecretName := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.name -}}
-{{- $p12KeystorePasswordSecreKey := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.key -}}
-{{- if $certificate.jksKeystore -}}
-{{- $createJksKeystore = default $createJksKeystore $certificate.jksKeystore.create -}}
-{{- if $certificate.jksKeystore.passwordSecretRef -}}
-{{- $jksKeystorePasswordSecretName = default $jksKeystorePasswordSecretName $certificate.jksKeystore.passwordSecretRef.name -}}
-{{- $jksKeystorePasswordSecreKey = default $jksKeystorePasswordSecreKey $certificate.jksKeystore.passwordSecretRef.key -}}
-{{- end -}}
-{{- end -}}
-{{- if $certificate.p12Keystore -}}
-{{- $createP12Keystore = default $createP12Keystore $certificate.p12Keystore.create -}}
-{{- if $certificate.p12Keystore.passwordSecretRef -}}
-{{- $p12KeystorePasswordSecretName = default $p12KeystorePasswordSecretName $certificate.p12Keystore.passwordSecretRef.name -}}
-{{- $p12KeystorePasswordSecreKey = default $p12KeystorePasswordSecreKey $certificate.p12Keystore.passwordSecretRef.key -}}
-{{- end -}}
-{{- end -}}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- name: {{ $certName }}
- namespace: {{ $namespace }}
-spec:
- secretName: {{ $secretName }}
- commonName: {{ $commonName }}
- renewBefore: {{ $renewBefore }}
- {{- if $duration }}
- duration: {{ $duration }}
- {{- end }}
- subject:
- organizations:
- - {{ $subject.organization }}
- countries:
- - {{ $subject.country }}
- localities:
- - {{ $subject.locality }}
- provinces:
- - {{ $subject.province }}
- organizationalUnits:
- - {{ $subject.organizationalUnit }}
- {{- if $dnsNames }}
- dnsNames:
- {{- range $dnsName := $dnsNames }}
- - {{ $dnsName }}
- {{- end }}
- {{- end }}
- {{- if $ipAddresses }}
- ipAddresses:
- {{- range $ipAddress := $ipAddresses }}
- - {{ $ipAddress }}
- {{- end }}
- {{- end }}
- {{- if $uris }}
- uris:
- {{- range $uri := $uris }}
- - {{ $uri }}
- {{- end }}
- {{- end }}
- {{- if $emailAddresses }}
- emailAddresses:
- {{- range $emailAddress := $emailAddresses }}
- - {{ $emailAddress }}
- {{- end }}
- {{- end }}
- issuerRef:
- group: {{ $issuer.group }}
- kind: {{ $issuer.kind }}
- name: {{ $issuer.name }}
- {{- if or $createJksKeystore $createP12Keystore }}
- keystores:
- {{- if $createJksKeystore }}
- jks:
- create: {{ $createJksKeystore }}
- passwordSecretRef:
- name: {{ $jksKeystorePasswordSecretName }}
- key: {{ $jksKeystorePasswordSecreKey }}
- {{- end }}
- {{- if $createP12Keystore }}
- pkcs12:
- create: {{ $createP12Keystore }}
- passwordSecretRef:
- name: {{ $p12KeystorePasswordSecretName }}
- key: {{ $p12KeystorePasswordSecreKey }}
- {{- end }}
- {{- end }}
-{{ end }}
-
-{{- end -}}
-{{- define "ingress.config.port" -}}
+{{- define "ingress.config.host" -}}
{{- $dot := default . .dot -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
+{{ printf "%s.%s" $baseaddr $burl }}
+{{- end -}}
+
+{{- define "ingress.config.port" -}}
+{{- $dot := default . .dot -}}
{{ range .Values.ingress.service }}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
- - host: {{ printf "%s.%s" $baseaddr $burl }}
+ - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
http:
paths:
- backend:
{{- end -}}
{{- if .Values.ingress.config -}}
{{- if .Values.ingress.config.tls -}}
-{{- $dot := default . .dot -}}
+{{- $dot := default . .dot }}
tls:
- - hosts:
- {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
+ - hosts:
+ {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- end }}
secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }}
{{- end -}}
{{- end -}}
# we should wait for other pods to be up before trying to join
# otherwise we got "no such host" errors when trying to resolve other members
for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do
+ if [ "${SET_NAME}-${i}" == "${HOSTNAME}" ]; then
+ echo "Skipping self-checking"
+ continue
+ fi
while true; do
echo "Waiting for ${SET_NAME}-${i}.${SERVICE_NAME} to come up"
ping -W 1 -c 1 ${SET_NAME}-${i}.${SERVICE_NAME} > /dev/null && break
- name: repositoryGenerator
version: ~7.x-0
repository: 'file://../repositoryGenerator'
+ - name: certInitializer
+ version: ~7.x-0
+ repository: 'file://../certInitializer'
\ No newline at end of file
#logging.file=/opt/app/music/logs/MUSIC/music-app.log
#logging.config=file:/opt/app/music/etc/logback.xml
security.require-ssl=true
-server.ssl.key-store=/opt/app/aafcertman/org.onap.music.jks
+server.ssl.key-store=/opt/app/aafcertman/local/org.onap.music.jks
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.certInitializer.initContainer" . | indent 8 | trim }}
- command:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "export KEYSTORE_PASSWORD=$(cat /opt/app/aafcertman/local/.pass); cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-keystore-pw" "key" "password") | indent 12}}
- name: CASSA_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }}
- name: CASSA_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /config-input
name: properties-music-scrubbed
- mountPath: /config
value: "{{ .Values.javaOpts }}"
- name: DEBUG
value: "{{ .Values.debug }}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: properties-music-scrubbed
mountPath: /opt/app/music/etc/logback.xml
subPath: logback.xml
- - name: certs-aaf
- mountPath: /opt/app/aafcertman/
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: shared-data
emptyDir: {}
- name: certificate-vol
- name: properties-music
emptyDir:
medium: Memory
- - name: certs-aaf
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "music-certs") }}
# Secrets metaconfig
#################################################################
secrets:
- - uid: music-certs
- name: keystore.jks
- type: generic
- filePaths:
- - resources/keys/org.onap.music.jks
- - uid: music-keystore-pw
- name: keystore-pw
- type: password
- password: '{{ .Values.keystorePassword }}'
- passwordPolicy: required
- uid: cassa-secret
type: basicAuth
login: '{{ .Values.properties.cassandraUser }}'
ingress:
enabled: false
-keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew"
-
properties:
lockUsing: "cassandra"
# Comma dilimited list of hosts
metricsLogLevel: info
auditLogLevel: info
# Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
- rootLogLevel: INFO
\ No newline at end of file
+ rootLogLevel: INFO
+
+#sub-charts configuration
+certInitializer:
+ nameOverride: music-cert-initializer
+ fqdn: "music.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "music@music.onap.org"
+ fqi_namespace: org.onap.music
+ public_fqdn: "music.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /opt/app/aafcertman
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1;
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# Modifications (c) 2020 Nokia. All rights reserved.
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: mongo
version: ~7.x-0
repository: '@local'
- - name: cmpv2Config
- version: ~7.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~7.x-0
repository: '@local'
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ if .Values.componentImages.datafile_collector }}
-tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.datafile_collector }}
-{{ end }}
-replicas: 1
-log_directory: "/var/log/ONAP"
-topic_name: "unauthenticated.VES_NOTIFICATION_OUTPUT"
-envs: {}
-use_tls: true
-PM_MEAS_FILES_feed0_location: "loc00"
-feed0_name: "bulk_pm_feed"
-consumer_id: "C12"
-consumer_group: "OpenDcae-c12"
-cert_directory: "/opt/app/datafile/etc/cert/"
-external_port: ":0"
-datafile-collector_memory_limit: "512Mi"
-datafile-collector_memory_request: "512Mi"
-datafile-collector_cpu_limit: "250m"
-datafile-collector_cpu_request: "250m"
-external_cert_use_external_tls: false
-external_cert_ca_name: "RA"
-external_cert_common_name: "dcae-datafile-collector"
-external_cert_sans: "dcae-datafile-collector,datafile-collector,datafile"
-external_cert_cert_type: "P12"
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ if .Values.componentImages.snmptrap }}
-tag_version: {{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.snmptrap }}
-{{ end }}
-external_port: {{ .Values.config.address.snmptrap.port }}
# ================================================================================
# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
# ============LICENSE_END=========================================================
*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dcae-config
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
apiVersion: v1
kind: ConfigMap
metadata:
# ================================================================================
# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
volumeMounts:
- mountPath: /inputs
name: {{ include "common.fullname" . }}-dcae-inputs
- - mountPath: /dcae-configs
- name: {{ include "common.fullname" . }}-dcae-config
- mountPath: /etc/localtime
name: localtime
readOnly: true
- name: {{ include "common.fullname" . }}-dcae-inputs
emptyDir:
medium: Memory
- - name: {{ include "common.fullname" . }}-dcae-config
- configMap:
- name: {{ include "common.fullname" . }}-dcae-config
- name: localtime
hostPath:
path: /etc/localtime
#=================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.0
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version: ~7.x-0
repository: '@local'
- name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
+ - name: cmpv2Config
version: ~7.x-0
repository: '@local'
\ No newline at end of file
# limitations under the License.
# ============LICENSE_END=========================================================
*/}}
-
{
"namespace": "{{ if .Values.dcae_ns }}{{ .Values.dcae_ns}}{{ else }}{{include "common.namespace" . }}{{ end}}",
"consul_dns_name": "{{ .Values.config.address.consul.host }}.{{ include "common.namespace" . }}",
# ================================================================================
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
# ============LICENSE_END=========================================================
*/}}
-
apiVersion: v1
kind: ConfigMap
metadata:
---
apiVersion: v1
kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-plugins
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
metadata:
name: {{ include "common.release" . }}-dcae-filebeat-configmap
namespace: {{include "common.namespace" . }}
# ================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
-# Copyright (c) 2020 J. F. Lucas. All rights reserved.
+# Copyright (c) 2020-2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- ip: "127.0.0.1"
hostnames:
- "dcae-cloudify-manager"
+ # Cloudify requires a fixed hostname across restarts
+ hostname: dcae-cloudify-manager
initContainers:
- name: {{ include "common.name" . }}-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
args:
- --container-name
- aaf-cm
+ - --container-name
+ - consul-server
- "-t"
- "15"
env:
- {{ include "common.namespace" . }}
- --configmap
- {{ .Values.multisiteConfigMapName }}
+ - name: init-consul
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.consulLoaderImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --key
+ - k8s-plugin|/plugin-configs/k8s-plugin.json
+ - --key
+ - dmaap-plugin|/plugin-configs/dmaap-plugin.json
+ resources: {}
+ volumeMounts:
+ - mountPath: /plugin-configs
+ name: plugin-configs
- name: init-tls
env:
- name: POD_IP
- name: {{ include "common.fullname" .}}-kubeconfig
configMap:
name: {{ .Values.multisiteConfigMapName }}
+ - name: plugin-configs
+ configMap:
+ name: {{ include "common.fullname" . }}-plugins
- name: dcae-token
secret:
secretName: dcae-token
# ================================================================================
# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
-# Copyright (c) 2020 J. F. Lucas. All rights reserved.
+# Copyright (c) 2020-2021 J. F. Lucas. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefix: 302
persistence: {}
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
repositoryCred:
user: docker
password: docker
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:4.1.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
# image for cleanup job container
cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0.0
+# default location for k8s deployments via Cloudify
+default_k8s_location: central
+
# probe configuration parameters
liveness:
initialDelaySeconds: 10
mountInitPath: dcaemod
# application image
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.4
# Resource Limit flavor -By Default using small
flavor: small
# Should have a proper readiness endpoint or script
# application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.0
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.1
# Resource Limit flavor -By Default using small
flavor: small
{{- end -}}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
- {{- end -}}
+ {{- end }}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
image: {{ include "repositoryGenerator.image.logging" . }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
- {{- end -}}
+ {{- end }}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
image: {{ include "repositoryGenerator.image.logging" . }}
aafEnabled: true
aafAgentImage: onap/aaf/aaf_agent:2.1.20
- # default values for certificates
+ # Disabling MSB
+ # POC Mode, only for use in development environment
+ msbEnabled: true
+
+ # default values for certificates
certificate:
default:
- renewBefore: 8h
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
subject:
organization: "Linux-Foundation"
country: "US"
group: certmanager.onap.org
kind: CMPv2Issuer
name: cmpv2-issuer-onap
- p12Keystore:
- create: false
- passwordSecretRef:
- name: ""
- key: ""
- jksKeystore:
- create: false
- passwordSecretRef:
- name: ""
- key: ""
# Enabling CMPv2
cmpv2Enabled: true
- name: cmpv2Certificate
version: ~7.x-0
repository: '@local'
+ - name: certManagerCertificate
+ version: ~7.x-0
+ repository: '@local'
- name: logConfiguration
version: ~7.x-0
repository: '@local'
{{/*
-# Copyright © 2020 Nokia
+# Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-{{ if .Values.global.CMPv2CertManagerIntegration }}
-{{ include "common.certificate" . }}
+{{ if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "certManagerCertificate.certificate" . }}
{{ end }}
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
+{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "common.certManager.volumeMounts" . | indent 10 }}
+{{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{ else }}
{{ include "common.certInitializer.volumes" . | nindent 8 }}
{{ include "common.certServiceClient.volumes" . | nindent 8 }}
+{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ include "common.certManager.volumes" . | nindent 8 }}
+{{- end }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- password: secret
- passwordPolicy: required
#################################################################
# Certificates
#################################################################
commonName: sdnc.simpledemo.onap.org
dnsNames:
- sdnc.simpledemo.onap.org
- p12Keystore:
- create: true
- passwordSecretRef:
- name: keystore-password
- key: password
- jksKeystore:
- create: true
+ keystore:
+ outputType:
+ - jks
passwordSecretRef:
- name: keystore-password
+ name: sdnc-cmpv2-keystore-password
key: password
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
#################################################################
# Application configuration defaults.
#################################################################