time: '14:00 UTC'
repositories:
- 'oom'
- - 'oom-offline-installer'
- - 'oom-registrator'
committers:
- <<: *onap_releng_ptl
- name: 'Alexis de Talhouët'
company: 'Orange'
id: 'sdesbure'
timezone: 'Paris/France'
+ - name: 'Krzysztof Opasiak'
+ email: 'k.opasiak@samsung.com'
+ company: 'Samsung'
+ id: 'kopasiak'
+ timezone: 'Poland/Warsaw'
tsc:
approval: 'https://lists.onap.org/pipermail/onap-tsc'
changes:
- type: 'Addition'
- name: 'Brian Freeman'
- name: 'Yang Xu'
- link: 'TBD'
\ No newline at end of file
+ name: 'Krzysztof Opasiak'
+ # yamllint disable-line rule:line-length
+ link: 'https://lists.onap.org/g/onap-tsc/topic/committer_promotion_request/70242499?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,70242499'
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+ifneq ($(SKIP_LINT),TRUE)
+ HELM_LINT_CMD := helm lint
+else
+ HELM_LINT_CMD := echo "Skipping linting of"
+endif
+
SUBMODS := robot aai
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART)
@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
resources:
small:
limits:
- cpu: 20m
+ cpu: 400m
memory: 300Mi
requests:
cpu: 1m
resources:
small:
limits:
- cpu: 40m
+ cpu: 100m
memory: 320Mi
requests:
cpu: 1m
small:
limits:
cpu: 100m
- memory: 15Mi
+ memory: 30Mi
requests:
- cpu: 10m
+ cpu: 25m
memory: 10Mi
large:
limits:
-Subproject commit 1c9c9bba658057f6147276fba4f84e7db9117e70
+Subproject commit 23f076495d36081f34a367067918d15fcc5ada8d
SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
APPC_HOME=${APPC_HOME:-/opt/onap/appc}
SLEEP_TIME=${SLEEP_TIME:-120}
-MYSQL_PASSWD=${MYSQL_ROOT_PASSWORDD}
+MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
ENABLE_AAF=${ENABLE_AAF:-true}
DBINIT_DIR=${DBINIT_DIR:-/opt/opendaylight/current/daexim}
blueprintsprocessor.grpcclient.remote-python.host=cds-command-executor
blueprintsprocessor.grpcclient.remote-python.port=50051
blueprintsprocessor.grpcclient.remote-python.token=Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
-
+blueprintsprocessor.grpcclient.py-executor.host=py-executor-default:50052
+blueprintsprocessor.grpcclient.py-executor.trustCertCollection=/opt/app/onap/config/certs/py-executor/py-executor-chain.pem
+blueprintsprocessor.grpcclient.py-executor.type=tls-auth
# Config Data REST client settings
blueprintsprocessor.restclient.sdnc.type=basic-auth
blueprintsprocessor.restclient.sdnc.url=http://sdnc:8282
# Self Service Response Kafka Message Producer
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
+# Executor Options
+blueprintsprocessor.resourceResolution.enabled=true
+blueprintsprocessor.netconfExecutor.enabled=true
+blueprintsprocessor.restConfExecutor.enabled=true
+blueprintsprocessor.cliExecutor.enabled=true
+blueprintsprocessor.remoteScriptCommand.enabled=true
# Used in Health Check
blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
--- /dev/null
+hazelcast:
+ cp-subsystem:
+ cp-member-count: {{ .Values.replicaCount }}
+ group-size: {{ .Values.cluster.groupSize }}
+ session-time-to-live-seconds: 10
+ session-heartbeat-interval-seconds: 5
+ missing-cp-member-auto-removal-seconds: 120
+ fail-on-indeterminate-operation-state: false
+ raft-algorithm:
+ leader-election-timeout-in-millis: 2000
+ leader-heartbeat-period-in-millis: 5000
+ max-missed-leader-heartbeat-count: 5
+ append-request-max-entry-count: 50
+ commit-index-advance-count-to-snapshot: 1000
+ uncommitted-entry-count-to-reject-new-appends: 100
+ append-request-backoff-timeout-in-millis: 100
+ network:
+ enabled: true
+ rest-api:
+ enabled: true
+ endpoint-groups:
+ HEALTH_CHECK:
+ enabled: true
+ CP:
+ enabled: true
+ join:
+ multicast:
+ enabled: false
+ kubernetes:
+ enabled: true
+ namespace: {{ include "common.namespace" . }}
+ service-name: {{ include "common.servicename" . }}-cluster
+ resolve-not-ready-addresses: true
+ # service-label-name: MY-SERVICE-LABEL-NAME
+ # service-label-value: MY-SERVICE-LABEL-VALUE
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ # This allow a new pod to be ready before terminating the old one
+ # causing no downtime when replicas is set to 1
+ maxUnavailable: 0
+
+ # maxSurge to 1 is very important for the hazelcast integration
+ # we only want one pod at a time to restart not multiple
+ # and break the hazelcast cluster. We should not use % maxSurge value
+ # ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/
+ maxSurge: 1
template:
metadata:
labels:
env:
- name: APP_CONFIG_HOME
value: {{ .Values.config.appConfigDir }}
+ - name: USE_SCRIPT_COMPILE_CACHE
+ value: {{ .Values.config.useScriptCompileCache | quote }}
+ # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly
+ - name: CLUSTER_ENABLED
+ value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
+ - name: CLUSTER_ID
+ value: {{ .Values.cluster.clusterName }}
+ - name: CLUSTER_NODE_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: CLUSTER_CONFIG_FILE
+ value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- containerPort: {{ .Values.service.grpc.internalPort }}
+ - containerPort: {{ .Values.service.cluster.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
- mountPath: {{ .Values.config.appConfigDir }}/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
+ - mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+ name: {{ include "common.fullname" . }}-config
+ subPath: hazelcast.yaml
- mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer
name: {{ include "common.fullname" . }}-config
path: application.properties
- key: logback.xml
path: logback.xml
+ - key: hazelcast.yaml
+ path: hazelcast.yaml
- key: ONAP_RootCA.cer
path: ONAP_RootCA.cer
- name: {{ include "common.fullname" . }}-blueprints
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-cluster
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.cluster.type }}
+ ports:
+ - port: {{ .Values.service.cluster.externalPort }}
+ targetPort: {{ .Values.service.cluster.internalPort }}
+ {{- if eq .Values.service.cluster.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.cluster.portName | default "cluster" }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
# application configuration
config:
appConfigDir: /opt/app/onap/config
+ useScriptCompileCache: true
# default number of instances
replicaCount: 1
portName: blueprints-processor-grpc
internalPort: 9111
externalPort: 9111
+ cluster:
+ type: ClusterIP
+ portName: blueprints-processor-cluster
+ internalPort: 5701
+ externalPort: 5701
persistence:
volumeReclaimPolicy: Retain
mountSubPath: cds/blueprints/deploy
deployedBlueprint: /opt/app/onap/blueprints/deploy
+cluster:
+ # Cannot have cluster enabled if the replicaCount is not at least 3
+ # AND config value useScriptCompileCache is not set to false
+ enabled: false
+
+ clusterName: cds-cluster
+
+ # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be
+ # between 3 and 7 only.
+ groupSize: 3
+
ingress:
enabled: false
service:
"sharedDir": "releases/sdnc1.0/flows/shared",
"userDir": "releases/sdnc1.0",
"httpAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_USER}",
+ "pass": "${HTTP_PASSWORD}"
},
"dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}",
"dbPort": "3306",
- "dbName": "sdnctl",
- "dbUser": "sdnctl",
- "dbPassword": "{{.Values.config.dbSdnctlPassword}}",
+ "dbName": "{{.Values.config.db.dbName}}",
+ "dbUser": "${DB_USER}",
+ "dbPassword": "${DB_PASSWORD}",
"gitLocalRepository": "",
"restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph",
- "restConfUser": "admin",
- "restConfPassword": "admin",
+ "restConfUser": "${REST_CONF_USER}",
+ "restConfPassword": "${REST_CONF_PASSWORD}",
"formatXML": "Y",
"formatJSON": "Y",
"httpRoot": "/",
"disableEditor": false,
"httpAdminRoot": "/",
"httpAdminAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_ADMIN_USER}",
+ "pass": "${HTTP_ADMIN_PASSWORD}"
},
"httpNodeRoot": "/",
"httpNodeAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_NODE_USER}",
+ "pass": "${HTTP_NODE_PASSWORD}"
},
"uiHost": "0.0.0.0",
"version": "0.9.1",
# limitations under the License.
org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/bin/bash
-export PATH=$PATH:.
-appDir=$(pwd)
-if [ "$#" != 3 -a "$#" != 4 ]
-then
- echo "Usage $0 releaseDir loginId emailAddress [gitLocalRepository]"
- echo "Note: Specify the gitLocalRepository path if you would want to be able to import flows from your local git repository"
- exit
-fi
-if [ ! -e "releases" ]
-then
- mkdir releases
-fi
-releaseDir="$1"
-name="Release $releaseDir"
-loginId="$2"
-emailid="$3"
-dbHost="{{.Values.config.dbServiceName}}.{{.Release.Namespace}}"
-dbPort="3306"
-dbName="sdnctl"
-dbUser="sdnctl"
-dbPassword="{{.Values.config.dbSdnctlPassword}}"
-gitLocalRepository="$4"
-
-lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1)
-echo $lastPort|grep uiPort >/dev/null 2>&1
-if [ "$?" == "0" ]
-then
-lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f3|sed -e s/,//|sort|tail -1)
-fi
-#echo $lastPort
-if [ "${lastPort}" == "" ]
-then
- lastPort="3099"
-fi
-let nextPort=$(expr $lastPort+1)
-#echo $nextPort
-if [ ! -e "releases/$releaseDir" ]
-then
-mkdir releases/$releaseDir
-cd releases/$releaseDir
-mkdir flows
-mkdir flows/shared
-mkdir flows/shared/backups
-mkdir html
-mkdir xml
-mkdir lib
-mkdir lib/flows
-mkdir logs
-mkdir conf
-mkdir codecloud
-customSettingsFile="customSettings.js"
-if [ ! -e "./$customSettingsFile" ]
-then
- echo "module.exports = {" >$customSettingsFile
- echo " 'name' : '$name'," >>$customSettingsFile
- echo " 'emailAddress' :'$emailid'," >>$customSettingsFile
- echo " 'uiPort' :$nextPort," >>$customSettingsFile
- echo " 'mqttReconnectTime': 15000," >>$customSettingsFile
- echo " 'serialReconnectTime' : 15000," >>$customSettingsFile
- echo " 'debugMaxLength': 1000," >>$customSettingsFile
- echo " 'htmlPath': 'releases/$releaseDir/html/'," >>$customSettingsFile
- echo " 'xmlPath': 'releases/$releaseDir/xml/'," >>$customSettingsFile
- echo " 'flowFile' : 'releases/$releaseDir/flows/flows.json'," >>$customSettingsFile
- echo " 'sharedDir': 'releases/$releaseDir/flows/shared'," >>$customSettingsFile
- echo " 'userDir' : 'releases/$releaseDir'," >>$customSettingsFile
- echo " 'httpAuth': {user:'$loginId',pass:'cc03e747a6afbbcbf8be7668acfebee5'}," >>$customSettingsFile
- echo " 'dbHost': '$dbHost'," >>$customSettingsFile
- echo " 'dbPort': '$dbPort'," >>$customSettingsFile
- echo " 'dbName': '$dbName'," >>$customSettingsFile
- echo " 'dbUser': '$dbUser'," >>$customSettingsFile
- echo " 'dbPassword': '$dbPassword'," >>$customSettingsFile
- echo " 'gitLocalRepository': '$gitLocalRepository'" >>$customSettingsFile
- echo " 'restConfUrl': '$restConfUrl'," >>$customSettingsFile
- echo " 'restConfUser': '$restConfUser'," >>$customSettingsFile
- echo " 'restConfPassword': '$restConfPassword'," >>$customSettingsFile
- echo " 'formatXML': '$formatXML'," >>$customSettingsFile
- echo " 'formatJSON': '$formatJSON'," >>$customSettingsFile
- echo " 'enableHttps': true" >>$customSettingsFile
- echo " }" >>$customSettingsFile
-fi
- #echo "Created custom settings file $customSettingsFile"
- echo "Done ....."
-else
- echo "ERROR:customSettings file $customSettingsFile already exists for $releaseDir"
- exit
-fi
-#echo "Content of custom settings file"
-#echo "============================================================================"
-# cat $customSettingsFile
-#echo "============================================================================"
-svclogicPropFile="./conf/svclogic.properties"
-if [ ! -d "${appDir}/yangFiles" ]
-then
- mkdir -p "${appDir}/yangFiles"
-fi
-if [ ! -d "${appDir}/generatedJS" ]
-then
- mkdir -p "${appDir}/generatedJS"
-fi
-
-if [ ! -e "./$svclogicPropFile" ]
-then
- echo "org.onap.ccsdk.sli.dbtype=jdbc" >$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile
-fi
-if [ ! -e "${appDir}/flowShareUsers.js" ]
-then
- echo "module.exports = {\"flowShareUsers\":" >${appDir}/flowShareUsers.js
- echo " [" >>${appDir}/flowShareUsers.js
- echo " ]" >>${appDir}/flowShareUsers.js
- echo "}" >>${appDir}/flowShareUsers.js
-fi
-grep "$releaseDir" ${appDir}/flowShareUsers.js >/dev/null 2>&1
-if [ "$?" != "0" ]
-then
- num_of_lines=$(cat ${appDir}/flowShareUsers.js|wc -l)
- if [ $num_of_lines -gt 4 ]
- then
- content=$(head -n -2 ${appDir}/flowShareUsers.js)
- echo "${content}," > ${appDir}/flowShareUsers.js
- else
- content=$(head -n -2 ${appDir}/flowShareUsers.js)
- echo "$content" > ${appDir}/flowShareUsers.js
- fi
- echo " {" >> ${appDir}/flowShareUsers.js
- echo " \"name\" : \"$name\"," >> ${appDir}/flowShareUsers.js
- echo " \"rootDir\" : \"$releaseDir\"" >> ${appDir}/flowShareUsers.js
- echo " }" >> ${appDir}/flowShareUsers.js
- echo " ]" >> ${appDir}/flowShareUsers.js
- echo "}" >> ${appDir}/flowShareUsers.js
-fi
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }}
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: HTTP_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
+ - name: HTTP_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
+ - name: HTTP_ADMIN_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
+ - name: HTTP_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
+ - name: HTTP_NODE_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
+ - name: HTTP_NODE_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
+ - name: REST_CONF_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: REST_CONF_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
- name: SDNC_CONFIG_DIR
value: /opt/onap/sdnc/data/properties
volumeMounts:
- name: config
mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties
subPath: svclogic.properties
- - name: scripts
- mountPath: /opt/onap/ccsdk/dgbuilder/createReleaseDir.sh
- subPath: createReleaseDir.sh
- - name: scripts
+ - name: config
mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js
subPath: customSettings.js
resources:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}-config
- - name: scripts
- configMap:
- name: {{ include "common.fullname" . }}-scripts
- defaultMode: 0755
+ - name: config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
\ No newline at end of file
+{{ include "common.secret" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
# image pull policy
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: true
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'db-root-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.dbRootPassword }}'
+ - uid: 'db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.dbSdnctlPassword }}'
+ - uid: 'http-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
+ login: '{{ .Values.config.httpUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.config.adminUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'node-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}'
+ login: '{{ .Values.config.nodeUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'restconf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}'
+ login: '{{ .Values.config.restconfUser }}'
+ password: '{{ .Values.config.restconfPassword }}'
+
#################################################################
# Application configuration defaults.
#################################################################
# application configuration
config:
+ db:
+ dbName: sdnctl
+ # unused for now to preserve the API
+ rootPassword: openECOMP1.0
+ # rootPasswordExternalSecret: some secret
+ userName: sdnctl
+ # unused for now to preserve the API
+ userPassword: gamma
+ # userCredentialsExternalSecret: some secret
+ httpUser: dguser
+ # unused for now to preserve the API
+ httpPassword: cc03e747a6afbbcbf8be7668acfebee5
+ # httpCredsExternalSecret: some secret
+ adminUser: dguser
+ # unused for now to preserve the API
+ adminPassword: cc03e747a6afbbcbf8be7668acfebee5
+ # adminCredsExternalSecret: some secret
+ nodeUser: dguser
+ # unused for now to preserve the API
+ nodePassword: cc03e747a6afbbcbf8be7668acfebee5
+ # nodeCredsExternalSecret: some secret
+ restconfUser: admin
+ # unused for now to preserve the API
+ restconfPassword: admin
+ # restconfCredsExternalSecret: some secret
+
dbRootPassword: openECOMP1.0
dbSdnctlPassword: gamma
dbPodName: mysql-db
password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
- uid: '{{ .Values.config.mysqlDatabase }}'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.mysqlExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.userName }}'
password: '{{ .Values.config.userPassword }}'
passwordPolicy: required
userPassword: Ci@shsOd3pky1Vji
userName: u5WZ1GMSIS1wHZF
# set this value if you would like to use external secret instead of providing a password
- # mysqlExternalsecret: some-secret-name
+ # userCredentialsExternalsecret: some-secret-name
mysqlDatabase: ynsaUCru6mUNwGal
mysqlAdditionalDatabases: {}
# add addtional dabases
repository: '@local'\r
- name: mariadb-galera\r
version: ~5.x-0\r
- repository: file://../mariadb-galera/\r
+ repository: '@local'\r
+ condition: global.mariadbGalera.localCluster\r
+ - name: mariadb-init\r
+ version: ~5.x-0\r
+ repository: '@local'\r
+ condition: not global.mariadbGalera.localCluster\r
release: {{ include "common.release" . }}
spec:
initContainers:
+{{- if .Values.global.mariadbGalera.localCluster }}
- command:
- /root/ready.py
args:
- --container-name
- {{ index .Values "mariadb-galera" "nameOverride" }}
+{{- else }}
+ - command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
+{{- end }}
env:
- name: NAMESPACE
valueFrom:
- name: SPRING_PROFILE
value: "{{ .Values.config.springProfile }}"
- name: NENG_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10}}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
- name: NENG_DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
- name: NENG_DB_URL
- value: {{ .Values.config.dbUrl }}
+ value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: POL_CLIENT_AUTH
value: "{{ .Values.config.polClientAuth }}"
- name: POL_BASIC_AUTH
# image pull policy
pullPolicy: IfNotPresent
+ mariadbGalera: &mariadbGalera
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-user-creds"
- externalSecret: '{{- include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+ - uid: neng-db-secret
+ name: '{{ include "common.release" . }}-neng-db-secret'
type: basicAuth
- - uid: "db-root-pass"
- externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
- type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
# sub-chart config
mariadb-galera:
- config:
- userName: nenguser
- userPassword: nenguser123
- mariadbRootPassword: nenguser123
- mysqlDatabase: nengdb
+ config: &mariadbConfig
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-neng-db-secret'
+ mysqlDatabase: nengdb
nameOverride: nengdb
service:
name: nengdb
enabled: true
mountSubPath: network-name-gen/data
+mariadb-init:
+ config: *mariadbConfig
+ nameOverride: nengdb-init
#################################################################
# Application configuration defaults.
# application configuration
config:
- dbUrl: jdbc:mysql://nengdb:3306/nengdb
+ db:
+ userName: nenguser
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
springProfile: live
polClientAuth: cHl0aG9uOnRlc3Q=
polBasicAuth: dGVzdHBkcDphbHBoYTEyMw==
{{- else }}
storageClassName: {{ include "common.storageClass" . }}
{{- end }}
- storageClassName: "{{ include "common.fullname" . }}-primary"
{{- end -}}
busyboxImage: library/busybox:latest
postgresRepository: crunchydata
-image: crunchy-postgres:centos7-10.4-2.0.0
+image: crunchy-postgres:centos7-10.11-4.2.1
pullPolicy: Always
# application configuration
--- /dev/null
+# Motivations
+Ingress controller implementation in the ONAP cluster is based on the virtual host routing.
+Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
+Adding many entries into the configuration files on testing machines is quite problematic and error prone.
+The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
+
+# How to deploy test DNS server:
+Run script ./deploy\_dns.sh
+
+# How to add DNS address on testing machines:
+See post deploy info
+
+# Test DNS inside cluster (optional)
+1. You can add the following entry after DNS deploy on running cluster at the end of cluster.yaml file (rke)
+~~~yaml
+dns:
+ provider: coredns
+ upstreamnameservers:
+ - <cluster_ip>:31555
+~~~
+2. You can edit coredns configuration with command:
+ kubectl -n kube-system edit configmap coredns
+
--- /dev/null
+#
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+#
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+appVersion: "1.0"
+description: bind9 DNS server for kubernetes cluster
+name: bind9dns
+version: 0.1.0
--- /dev/null
+1. Get the installed DNS host and port by running this commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+ {{- range $.Values.ingress.paths }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }}
+ {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bind9dns.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo DNS host: $NODE_IP dns port: $NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "bind9dns.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bind9dns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bind9dns.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:80
+{{- end }}
--- /dev/null
+{{/*
+
+ Copyright 2020 Samsung Electronics Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "bind9dns.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "bind9dns.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "bind9dns.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- /dev/null
+{{/*
+ Copyright 2020 Samsung Electronics Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "bind9dns.fullname" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ helm.sh/chart: {{ include "bind9dns.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: DNS_FORWARDER
+ value: {{ .Values.dnsconf.forwarder }}
+ - name: WILDCARD_DNS
+ value: {{ .Values.dnsconf.wildcard }}
+ - name: ALLOW_RECURSION
+ value: any
+ - name: ALLOW_QUERY
+ value: any
+ ports:
+ - name: dnsport
+ containerPort: {{ .Values.service.port }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
--- /dev/null
+{{/*
+ Copyright 2020 Samsung Electronics Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "bind9dns.fullname" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ helm.sh/chart: {{ include "bind9dns.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ nodePort: {{ .Values.service.nodePort }}
+ protocol: TCP
+ name: dnstcp
+ - port: {{ .Values.service.port }}
+ nodePort: {{ .Values.service.nodePort }}
+ protocol: UDP
+ name: dnsudp
+ selector:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
--- /dev/null
+{{/*
+ Copyright 2020 Samsung Electronics Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "bind9dns.fullname" . }}-test-connection"
+ labels:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ helm.sh/chart: {{ include "bind9dns.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": test-success
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "bind9dns.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
--- /dev/null
+#
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+replicaCount: 1
+
+image:
+ repository: luccksam/docker-bind
+ tag: 0.1.0
+ pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+ type: NodePort
+ port: 53
+ nodePort: 31555
+
+ingress:
+ enabled: false
+ annotations: {}
+ paths: []
+ hosts:
+ - dnsserver.local
+ tls: []
+
+resources: {}
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
+dnsconf:
+ forwarder: "8.8.8.8,8.8.4.4"
+ wildcard: "simpledemo.onap.org=0.0.0.0"
--- /dev/null
+#!/bin/bash -e
+#
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+DNS_PORT=31555
+CLUSTER_CONTROL=$( kubectl get no -l node-role.kubernetes.io/controlplane=true -o jsonpath='{.items..metadata.name}')
+CLUSTER_IP=$(kubectl get no $CLUSTER_CONTROL -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+SPATH="$( dirname "$( which "$0" )" )"
+
+
+
+usage() {
+cat << ==usage
+$0 [cluster_domain] [helm_chart_args ...]
+ [cluster_domain] Default value simpledemo.onap.org
+ [helm_chart_args...] Optional arguments passed to helm install command
+==usage
+}
+
+
+target_machine_notice_info() {
+cat << ==infodeploy
+Extra DNS server already deployed:
+1. You can add the DNS server to the target machine using following commands:
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
+2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
+==infodeploy
+}
+
+deploy() {
+ pushd "$SPATH/bind9dns" > /dev/null
+ if [ $# -eq 0 ]; then
+ local cl_domain="simpledemo.onap.org"
+ else
+ local cl_domain=$1
+ shift
+ fi
+ helm install . --set dnsconf.wildcard="$cl_domain=$CLUSTER_IP" $@
+ popd > /dev/null
+ target_machine_notice_info
+}
+
+if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
+ usage
+else
+ deploy $@
+fi
kind: ConfigMap
apiVersion: v1
+data:
+ enable-underscores-in-headers: "on"
metadata:
name: nginx-configuration
namespace: ingress-nginx
"config_path": "/usr/share/filebeat/filebeat.yml",
"config_subpath": "filebeat.yml",
"image" : "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}",
- "config_map" : "dcae-filebeat-configmap"
+ "config_map" : "{{ include "common.release" . }}-dcae-filebeat-configmap"
},
"tls":
{
- "cert_path": "/opt/tls/shared",
+ "cert_path": "/opt/app/osaaf",
"image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}",
"component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
"ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-{{ if .Values.componentImages.dashboard }}
-dashboard_docker_image: {{ include "common.repository" . }}/{{ .Values.componentImages.dashboard }}
-{{ end }}
-external_port: {{ .Values.config.address.dashboard.port }}
-external_tls_port: {{ .Values.config.address.dashboard.portSecure }}
-database_cluster_name: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }}
-database_cluster_fqdn: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }}.{{ .Values.postgres.suffix }}
-database_name: "dashboard_pg"
-cloudify_ip: {{ .Values.config.address.cm.host }}
-cloudify_user: "admin"
-cloudify_password: "admin"
-consul_url: {{ .Values.config.address.consul_ui }}
-postgres_port: "5432"
-replicas: 1
fieldRef:\r
apiVersion: v1\r
fieldPath: status.podIP\r
+ - name: aaf_locator_fqdn\r
+ value: dcae\r
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}\r
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
resources: {}\r
volumeMounts:\r
- - mountPath: /opt/tls/shared\r
+ - mountPath: /opt/app/osaaf\r
name: tls-info\r
containers:\r
- name: {{ include "common.name" . }}\r
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
config:
logstashServiceName: log-ls
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.9.0
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
componentImages:
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
- tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.2
+ tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.2
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0
apiVersion: v1
kind: ConfigMap
metadata:
- name: dcae-filebeat-configmap
+ name: {{ include "common.release" . }}-dcae-filebeat-configmap
namespace: {{include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: dcae-filebeat-configmap
+ name: {{ include "common.release" . }}-dcae-filebeat-configmap
namespace: {{ .Values.dcae_ns }}
data:
{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ tlsRepository: nexus3.onap.org:10001
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: aaf_locator_fqdn
+ value: dcae
{{- if .Values.service.secure.enabled }}
- name: init-tls
env:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
{{ end }}
containers:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
config:
logstashServiceName: log-ls
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
- name: init-consul
image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
repositoryCred:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
- name: init-consul
image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
repositoryCred:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
global:
nodePortPrefix: 302
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+# Have to use locally-define tlsImage until inventory API can use 2.x.y
+# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
redis:
- -exec
- |
chown -R 1000:1000 /opt/kafka/data;
+ rm -rf '/opt/kafka/data/lost+found';
cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/;
chown 1000:1000 /opt/kafka/config/server.properties;
cd /opt/kafka/config;
value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
- name: MYSQL_ROOT_PASSWORD
{{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
config:
msbServiceName: msb-iag
- msbPort: 80
- redisServiceName: vfc-redis
- redisPort: 6379
+ msbPort: 443
persistence:
mountPath: /dockerdata-nfs
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }}
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
disable_existing_loggers: False
loggers:
+ starlingx_base:
+ handlers: [starlingx_handler]
+ level: "DEBUG"
+ propagate: False
starlingx:
handlers: [starlingx_handler]
level: "DEBUG"
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }}
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }}
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }}
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: {{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}
- name: MSB_PORT
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
- mysqlExternalSecret: '{{ include "common.release" . }}-nbi-db-secret'
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-nbi-db-secret'
mysqlDatabase: nbi
nameOverride: nbi-galera
service:
openStackUserName: "OPENSTACK_USERNAME_HERE"
openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
+ # For Support of Keystone v3, uncomment and fill
+ # openStackKeystoneVersion: "KEYSTONE_V3"
+ # openStackProjectDomainName: "DEFAULT"
+ # openStackUserDomainName: "DEFAULT"
nbi:
config:
# openstack configuration
openStackRegion: "Yolo"
- openStackVNFTenantId: "1234"
\ No newline at end of file
+ openStackVNFTenantId: "1234"
- /root/ready.py
args:
- --container-name
- - {{ .Values.mariadb.nameOverride }}
+ - {{ .Values.config.db.container }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-root-password
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-root-password
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
# flag to enable debugging - application support required
debugEnabled: false
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ type: password
+ password: '{{ .Values.config.db.rootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ policy: required
+ - uid: cmso-db-user-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.user }}'
+ password: '{{ .Values.config.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
- db_root: root
- db_user: cmso-admin
- mysqlDatabase: optimizer
- db_host: oof-cmso-dbhost
- db_port: 3306
+ db:
+ port: 3306
+ root: root
+# rootPassword: pass
+# rootPasswordExternalSecret: some secret
+# user: cmso-admin
+# password: pass
+# userCredentialsExternalSecret: some-secret
+# host: host
+# container: container
+# mysqlDatabase: optimizer
topology_host: oof-cmso-topology
topology_port: 7998
ticketmgt_host: oof-cmso-ticketmgt
ticketmgt_port: 7999
-mariadb:
- nameOverride: cmso-db
-
ingress:
enabled: false
- /root/ready.py
args:
- --container-name
- - {{ .Values.mariadb.nameOverride }}
+ - {{ .Values.config.db.container }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-root-password
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_user }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db-db-user-credentials
- key: password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
# flag to enable debugging - application support required
debugEnabled: false
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ type: password
+ password: '{{ .Values.config.db.rootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ policy: required
+ - uid: cmso-db-user-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.user }}'
+ password: '{{ .Values.config.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
- db_root: root
- db_user: cmso-admin
- mysqlDatabase: cmso
- db_host: oof-cmso-dbhost
- db_port: 3306
+ db:
+ port: 3306
+ root: root
+# rootPassword: pass
+# rootPasswordExternalSecret: some secret
+# user: cmso-admin
+# password: pass
+# userCredentialsExternalSecret: some-secret
+# host: host
+# container: container
+# mysqlDatabase: cmso
optimizer_host: oof-cmso-optimizer
optimizer_port: 7997
-mariadb:
- nameOverride: cmso-db
-
ingress:
enabled: false
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+{{ include "common.secret" . }}
+---
apiVersion: v1
kind: Secret
metadata:
# See the License for the specific language governing permissions and
# limitations under the License.
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ name: '{{ include "common.release" . }}-cmso-db-root-password'
+ type: password
+ password: ''
+ policy: generate
+ - uid: cmso-db-secret
+ name: '{{ include "common.release" . }}-cmso-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+ passwordPolicy: generate
+
mariadb-galera:
replicaCount: 1
nameOverride: cmso-db
enabled: true
disableNfsProvisioner: true
config:
- mariadbRootPassword: beer
- userName: cmso-admin
- userPassword: nimda-osmc
+ mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
mysqlDatabase: cmso
externalConfig: |
[mysqld]
config:
log:
logstashServiceName: log-ls
- logstashPort: 5044
\ No newline at end of file
+ logstashPort: 5044
+ db:
+ # userCredentialsExternalsecret: some secret
+ userName: cmso-admin
+ # userPassword: password
+
+oof-cmso-service:
+ config:
+ db:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: cmso
+
+oof-cmso-optimizer:
+ config:
+ db:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: optimizer
-Subproject commit df719f4a3e63cff0d5d832945f0b8ba18230635c
+Subproject commit 591bfdea4f1d833abee3c7e60f084da546d9082a
persistence:
enabled: true
size: 10Mi
- accessMode: ReadOnlyMany
+ accessMode: ReadWriteOnce
volumeReclaimPolicy: Retain
mountSubPath: /sdc/onbaording/cert
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
dme2:
timeout: '30000'
endpoint: https://aai.{{ include "common.namespace" . }}:8443
cds:
endpoint: cds-blueprints-processor-grpc
port: 9111
- auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ auth: {{ .Values.cds.auth }}
timeout: 600
camunda:
bpm:
rainyDay:
retryDurationMultiplier: 2
maxRetries: 5
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ .Values.mso.key }}
correlation:
timeout: 60
logPath: logs
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
async:
core-pool-size: 50
max-pool-size: 50
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
db:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
- password: wLg4sjrAFUS8rfVfdvTXeQ==
+ auth: {{ .Values.mso.adapters.db.auth }}
+ password: {{ .Values.mso.adapters.db.password }}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
spring:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
db:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
po:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ auth: {{ .Values.mso.adapters.po.auth }}
sdnc:
endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter
rest:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
default:
adapter:
namespace: http://org.onap.mso
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/
rollback: 'true'
sdnc:
- password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+ password: {{ .Values.mso.sdnc.password }}
service:
agnostic:
sniro:
host: http://sniro-emulator:80
site-name: CamundaEngine
sniro:
- auth: test:testpwd
+ auth: {{ .Values.mso.sniro.auth }}
callback: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/adapters/rest/SDNCNotify
- endpoint: http://replaceme:28090/optimizationInstance/V1/create
+ endpoint: {{ .Values.mso.sniro.endpoint }}
timeout: PT30M
oof:
- auth: test:testpwd
+ auth: {{ .Values.mso.oof.auth }}
callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698/api/oof/v1/placement
timeout: PT30M
vnfm:
adapter:
url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
- auth: Basic dm5mbTpwYXNzd29yZDEk
+ auth: {{ .Values.so.vnfm.adapter.auth }}
org:
onap:
so:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
mso:
logPath: logs
site-name: onapheat
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
spring:
datasource:
hikari:
admin_tenant: "{{ .Values.config.openStackServiceTenantName }}"
member_role: "admin"
tenant_metadata: true
- identity_server_type: "KEYSTONE"
+ identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}"
identity_authentication_type: "USERNAME_PASSWORD"
project_domain_name: "{{ .Values.config.openStackProjectDomainName }}"
user_domain_name: "{{ .Values.config.openStackUserDomainName }}"
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
openStackProjectDomainName: "openStackProjectDomainName"
openStackUserDomainName: "openStackUserDomainName"
+ # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
+ openStackKeystoneVersion: "KEYSTONE"
nodeSelector: {}
tolerations: []
affinity: {}
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
server:
port: {{ index .Values.containerPort }}
default_keystone_url_version: /v2.0
default_keystone_reg_ex: "/[vV][0-9]"
vnf:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
checkRequiredParameters: true
addGetFilesOnVolumeReq: false
sockettimeout: 30
valet_enabled: false
fail_requests_on_valet_failure: false
network:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
sockettimeout: 5
connecttimeout: 5
retrycount: 5
pollTimeout: 7500
pollInterval: 15
mso:
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
workflow:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ .Values.mso.msoKey }}
config:
- cadi:
- aafId: poBpmn
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
site-name: localDevEnv
async:
core-pool-size: 50
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
mso:
logPath: logs
site-name: localSite
+ config:
+ cadi: {{- include "cadi.keys" . | nindent 8}}
adapters:
requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
spring:
datasource:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{.Values.aai.auth}}
server:
port: {{ index .Values.containerPort }}
spring:
pool-name: reqdb-pool
registerMbeans: false
mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ index .Values.mso.msoKey }}
logPath: ./logs/sdc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
site-name: onapheat
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
asdc-connections:
consumerId: SO-COpenSource-Env11
environmentName: AUTO
asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
pollingInterval: 60
pollingTimeout: 60
relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
config:
activity:
endpoint: http://sdc-wfd-be:8080
- key: 566B754875657232314F5548556D3665
+ key: {{ .Values.mso.asdc.config.key }}
components:
count: 3,
componentNames: SO,AAI,SDNC
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
max-pool-size: 50
queue-capacity: 500
logPath: ./logs/sdnc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 14}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
site-name: onapheat
org:
onap:
changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
generic-resource:
network-topology-operation:
myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify
rest:
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
+ sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
sdncconnecttime: 5000
sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:'
sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:'
'':
query: GET|60000|sdncurl12|
network:
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }}
spring:
security:
usercredentials:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
--- /dev/null
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+description: A Helm chart for so secrets
+name: so-secrets
+version: 5.0.0
--- /dev/null
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Release.Name }}-so-client-certs-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
+ keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
+type: Opaque
mso:
site-name: localSite
logPath: ./logs/vfc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
adapters:
requestDb:
endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
#Actuator
management:
security:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
version: v15
endpoint: https://aai.{{ include "common.namespace" . }}:8443
spring:
trust-store: classpath:org.onap.so.trust.jks
trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
+ key: {{ .Values.mso.key }}
site-name: localSite
logPath: ./logs/vnfm-adapter
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
sdc:
- username: mso
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
- key: 566B754875657232314F5548556D3665
+ username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
+ password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
+ key: {{ .Values.sdc.key }}
endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
vnfmadapter:
endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
-# Copyright © 2019 Nordix Foundation
+# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ env:
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
max-threads: 50
ssl-enable: false
mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- logPath: logs
- site-name: onapheat
+ msoKey: {{ .Values.global.app.msoKey }}
+ logPath: ./logs/apih
+ site-name: {{ index .Values.global.app.siteName }}
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
config:
path: /src/main/resources/
+ cadi: {{ include "cadi.keys" . | nindent 10}}
infra:
default:
alacarte:
default:
testApi: GR_API
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
- camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ camundaAuth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
async:
core-pool-size: 50
max-pool-size: 50
queue-capacity: 500
sdc:
client:
- auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
activate:
instanceid: test
userid: cs0008
count: 3
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
- auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+
extApi:
endpoint: http://nbi.onap:8080/nbi/api/v3
so:
username: testuser
password: VjR5NDcxSzA=
host: http://dmaap-bc.{{ include "common.namespace" . }}:8080
- auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
publisher:
topic: com.att.ecomp.mso.operationalEnvironmentEvent
health:
- auth: Basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
endpoints:
- subsystem: apih
uri: http://so-bpmn-infra:8081
- subsystem: catalogdb
uri: http://so-catalog-db-adapter:8082
-
spring:
datasource:
hikari:
cloud-owner: CloudOwner
adapters:
network:
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ encryptionKey: {{ .Values.global.app.msoKey }}
--- /dev/null
+{{- define "cadi.keys" -}}
+cadiLoglevel: DEBUG
+cadiKeyFile: /org.onap.so.keyfile
+cadiTrustStore: /app/org.onap.so.trust.jks
+cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }}
+cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }}
+cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }}
+aafEnv: {{ .Values.global.app.cadi.aafEnv }}
+aafApiVersion: 2.0
+aafRootNs: {{ .Values.global.app.cadi.aafRootNs }}
+aafId: {{ .Values.mso.config.cadi.aafId }}
+aafPassword: {{ .Values.mso.config.cadi.aafPassword }}
+aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }}
+aafUrl: {{ .Values.global.app.cadi.aafUrl }}
+apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }}
+{{- if (.Values.global.app.cadi.noAuthn) }}
+noAuthn: {{ .Values.mso.config.cadi.noAuthn }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- define "helpers.livenessProbe" -}}
+livenessProbe:
+ httpGet:
+ path: {{- index .Values.livenessProbe.path|indent 2}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ httpHeaders:
+ - name: Authorization
+ value: {{ index .Values.global.aaf.auth.header }}
+ {{- end }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{- end -}}
--- /dev/null
+{{- define "helpers.profileProperty" -}}
+ {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }}
+{{- end -}}
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
secretKeyRef:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.admin.password
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
dbUser: root
dbPassword: secretpassword
msbEnabled: true
-
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ app:
+ siteName: onapheat
+ auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ defaultCloudOwner: onap
+ cadi:
+ cadiLoglevel: DEBUG
+ cadiKeyFile: /app/org.onap.so.keyfile
+ cadiTrustStore: /app/org.onap.so.trust.jks
+ cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
+ cadiLatitude: 38.4329
+ cadiLongitude: -90.43248
+ aafEnv: IST
+ aafApiVersion: 2.1
+ aafRootNs: org.onap.so
+ aafLocateUrl: https://aaf-locate.onap:8095
+ aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ client:
+ certs:
+ trustStorePassword: b25hcDRzbw==
+ keyStorePassword: c280b25hcA==
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
image: onap/so/api-handler-infra:1.5.3
pullPolicy: Always
-
replicaCount: 1
minReadySeconds: 10
containerPort: 8080
port: 8080
config:
ssl: "none"
+
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.apihPerm
+ noAuthn: /manage/health
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ sdc:
+ client:
+ auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
+ aai:
+ auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ so:
+ operationalEnv:
+ dmaap:
+ auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
+ health:
+ auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+so-bpmn-infra:
+ cds:
+ auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ aai:
+ auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+ mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ db:
+ auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ password: wLg4sjrAFUS8rfVfdvTXeQ==
+ po:
+ auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.bpmnPerm
+ noAuthn: /manage/health
+ sdnc:
+ password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+ sniro:
+ auth: test:testpwd
+ endpoint: http://replaceme:28090/optimizationInstance/V1/create
+ oof:
+ auth: test:testpwd
+ so:
+ vnfm:
+ adapter:
+ auth: Basic dm5mbTpwYXNzd29yZDEk
+so-catalog-db-adapter:
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.catalogDbAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+so-openstack-adapter:
+ aaf:
+ auth:
+ encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ org:
+ onap:
+ so:
+ adapters:
+ bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ valet:
+ basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg==
+ mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ noAuthn: /manage/health
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+so-request-db-adapter:
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.requestDbAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+so-sdc-controller:
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.sdcControllerPerm
+ noAuthn: /manage/health
+ asdc:
+ config:
+ key: 566B754875657232314F5548556D3665
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ asdc-connections:
+ asdc-controller1:
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+so-sdnc-adapter:
+ org:
+ onap:
+ so:
+ adapters:
+ sdnc:
+ bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
+ sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
+ network:
+ encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.sdncAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ rest:
+ aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+so-vfc-adapter:
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.vfcAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+so-vnfm-adapter:
+ aaf:
+ auth:
+ username: so@so.onap.org
+ password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ sdc:
+ username: mso
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ key: 566B754875657232314F5548556D3665
+ mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.vnfmAdapterPerm
+ noAuthn: /manage/health
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/catalog/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: VES_ADDR
"url": "/api/emsdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
volumeMounts:
"url": "/api/gvnfmdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
volumeMounts:
"url": "/api/huaweivnfmdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName}}:{{ .Values.global.config.msbPort }}"
volumeMounts:
"url": "/api/jujuvnfmdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
resources:
"url": "/api/multivimproxy/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
env:
- name: EXTERNAL_PORT
value: "8089"
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
resources:
"url": "/api/NokiaSVNFM/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/nslcm/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
volumeMounts:
"url": "/api/resmgr/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/vnflcm/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/vnfmgr/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
"url": "/api/vnfres/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: SERVICE_IP
valueFrom:
fieldRef:
"url": "/activiti-rest",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: SERVICE_IP
valueFrom:
fieldRef:
"url": "/api/workflow/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
resources:
"url": "/api/ztesdncdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
volumeMounts:
"url": "/api/ztevnfmdriver/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
global:
config:
+ ssl_enabled: false
+ msbprotocol: https
msbServiceName: msb-iag
- msbPort: 80
+ msbPort: 443
dbServiceName: vfc-db
dbPort: 3306
dbUser: root
mariadbRootPassword: secretpassword
redisServiceName: vfc-redis
redisPort: 6379
- reg_to_msb_when_start: True
+ reg_to_msb_when_start: False
persistence:
mountPath: /dockerdata-nfs
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: VID_MYSQL_DBNAME
value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: VID_MYSQL_USER
- value: {{ index .Values "mariadb-galera" "config" "userName" }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }}
- name: VID_MYSQL_PASS
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-db
- key: db-user-password
- #valueFrom:
- # secretKeyRef: {name: {{ include "common.fullname" . }}, key: vid-password}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }}
- name: VID_MYSQL_MAXCONNECTIONS
value: "{{ .Values.config.vidmysqlmaxconnections }}"
volumeMounts:
# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- /dbcmd-config/db_cmd.sh
env:
- name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-db
- key: db-user-password
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }}
- name: MYSQL_HOST
value: {{ index .Values "mariadb-galera" "service" "name" }}
- name: MYSQL_USER
- value: {{ index .Values "mariadb-galera" "config" "userName" }}
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
restartPolicy: Never
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- vid-password: {{ .Values.config.vidmysqlpassword | b64enc | quote }}
+{{ include "common.secret" . }}
---
apiVersion: v1
kind: Secret
type: Opaque
data:
{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-db
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-type: Opaque
-data:
- db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }}
- db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }}
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: vid-db-user-secret
+ name: '{{ include "common.release" . }}-vid-db-user-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+
subChartsOnly:
enabled: true
# application configuration
config:
- vidmysqlpassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ db:
+ userName: vidadmin
+# userCredentialsExternalSecret: some secret
+# userPassword: password
vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!'
asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
asdcclientrestport: "8443"
mariadb-galera:
config:
- userName: vidadmin
- userPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- mariadbRootPassword: kjgsdhjqhawxvnbpoiawsfgjsqhsgjhjhdqihhjqdvcbxkjchizpw
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret'
mysqlDatabase: vid_openecomp_epsdk
nameOverride: vid-galera
service:
Code Review / oom.git / commitdiff