"password": "${AAF_PASS}",
"aaf_conductor_user": "oof@oof.onap.org"
}
+ },
+ {
+ "name": "sdc",
+ "values": {
+ "username": "${SDC_USER}",
+ "password": "${SDC_PASS}"
+ }
}
]
}
export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN};
export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN};
export SO_PASS=${SO_PASS_PLAIN};
+ export SDC_PASS=${SDC_PASS_PLAIN};
cd /config-input;
for PFILE in `find . -not -type d | grep -v -F ..`; do
envsubst <${PFILE} >/config/${PFILE};
- name: SO_PASS_PLAIN
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "password") | indent 10 }}
+ - name: SDC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "login") | indent 10 }}
+ - name: SDC_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }}
+
volumeMounts:
- mountPath: /config-input
name: {{ include "common.name" . }}-preload-input
login: '{{ .Values.oofCreds.soUsername }}'
password: '{{ .Values.oofCreds.soPassword }}'
passwordPolicy: required
-
+ - uid: sdc-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.sdcUsername }}'
+ password: '{{ .Values.oofCreds.sdcPassword }}'
+ passwordPolicy: required
oofCreds:
aaiUsername: oof@oof.onap.org
aaiPassword: demo123456!
soUsername: apihBpmn
soPassword: password1$
+ sdcUsername: aai
+ sdcPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
# Configure resource requests and limits
resources:
small:
#################################################################
# application image
-image: onap/babel:1.7.1
+image: onap/babel:1.8.0
flavor: small
flavorOverride: small
# application image
-image: onap/model-loader:1.7.0
+image: onap/model-loader:1.8.0
pullPolicy: Always
restartPolicy: Always
flavor: small
serviceName: aai-search-data
# application image
-image: onap/sparky-be:2.0.2
+image: onap/sparky-be:2.0.3
pullPolicy: Always
restartPolicy: Always
flavor: small
{"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}}
]
}
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-nginx-conf
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ helm.sh/chart: {{ include "common.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+ nginx.conf: |
+ worker_processes 1;
+ pid /tmp/nginx.pid;
+ events {
+ worker_connections 1024;
+ }
+ http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+ server_tokens off;
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+ access_log /dev/stdout main;
+ map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+ }
+ sendfile on;
+ #tcp_nopush on;
+ #gzip on;
+ upstream uwsgi {
+ server 127.0.0.1:8050;
+ }
+ upstream daphne {
+ server 127.0.0.1:8051;
+ }
+ server {
+ listen 8052 default_server;
+ # If you have a domain name, this is where to add it
+ server_name _;
+ keepalive_timeout 65;
+ # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
+ add_header Strict-Transport-Security max-age=15768000;
+ add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
+ add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
+ # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
+ add_header X-Frame-Options "DENY";
+ location /nginx_status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+ }
+ location /static/ {
+ alias /var/lib/awx/public/static/;
+ }
+ location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
+ location /websocket {
+ # Pass request to the upstream alias
+ proxy_pass http://daphne;
+ # Require http version 1.1 to allow for upgrade requests
+ proxy_http_version 1.1;
+ # We want proxy_buffering off for proxying to websockets.
+ proxy_buffering off;
+ # http://en.wikipedia.org/wiki/X-Forwarded-For
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ # enable this if you use HTTPS:
+ proxy_set_header X-Forwarded-Proto https;
+ # pass the Host: header from the client for the sake of redirects
+ proxy_set_header Host $http_host;
+ # We've set the Host header, so we don't need Nginx to muddle
+ # about with redirects
+ proxy_redirect off;
+ # Depending on the request value, set the Upgrade and
+ # connection headers
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ }
+ location / {
+ # Add trailing / if missing
+ rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
+ uwsgi_read_timeout 120s;
+ uwsgi_pass uwsgi;
+ include /etc/nginx/uwsgi_params;
+ proxy_set_header X-Forwarded-Port 443;
+ }
+ }
+ }
name: awx-secret-key
readOnly: true
subPath: SECRET_KEY
+ - mountPath: /etc/nginx/nginx.conf
+ name: awx-nginx-conf
+ subPath: "nginx.conf"
+
- command: ["/bin/sh","-c"]
args: ["/usr/bin/launch_awx_task.sh"]
env:
name: awx-secret-key
readOnly: true
subPath: SECRET_KEY
+ - mountPath: /etc/nginx/nginx.conf
+ name: awx-nginx-conf
+ subPath: "nginx.conf"
- env:
- name: MY_POD_IP
valueFrom:
path: rabbitmq_definitions.json
name: {{ include "common.fullname" . }}-rabbitmq
name: rabbitmq-config
+ - configMap:
+ defaultMode: 420
+ items:
+ - key: nginx.conf
+ path: nginx.conf
+ name: {{ include "common.fullname" . }}-nginx-conf
+ name: awx-nginx-conf
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
type: NodePort
portName: web
internalPort: 8052
- externalPort: 80
+ externalPort: 8052
nodePort: 78
rabbitmq:
type: ClusterIP
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.2
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.3
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
holmes_rules: onap/holmes/rule-management:1.2.9
holmes_engine: onap/holmes/engine-management:1.2.9
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9
- snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.5
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.8.0
+ snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.4
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0
- datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.0
+ datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.4
# Resource Limit flavor -By Default using small
flavor: small
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0
+image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.1
pullPolicy: Always
# probe configuration parameters
value: {{ .Values.config.importDMaaP }}
- name: ONAP_USEDMAAPPLUGIN
value: {{ .Values.config.useDmaapPlugin | quote }}
+ - name: BP_RESOURCES_CPU_LIMIT
+ value: {{ .Values.config.bpResourcesCpuLimit }}
+ - name: BP_RESOURCES_MEMORY_LIMIT
+ value: {{ .Values.config.bpResourcesMemoryLimit }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
#dashboardPassword: doesntmatter
mrTopicURL: http://message-router:3904/events
importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
- importK8S: plugin:k8splugin?version=>=3.4.3,<4.0.0
+ importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0
importPostgres: plugin:pgaas?version=1.3.0
importClamp: plugin:clamppolicyplugin?version=1.1.0
importDMaaP: plugin:dmaap?version=1.5.0
useDmaapPlugin: false
+ bpResourcesCpuLimit: 250m
+ bpResourcesMemoryLimit: 128Mi
secrets:
- uid: "dashsecret"
# Should have a proper readiness endpoint or script
# application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.2
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.2.3
# Resource Limit flavor -By Default using small
flavor: small
cmso.minizinc.command.timelimit=60000
cmso.minizinc.command.mzn=scripts/minizinc/generic_attributes.mzn
-mechid.user=oof@oof.onap.org
-mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+mechid.user=${AAF_USER}
+mechid.pass=${AAF_PASSWORD}
aaf.urls=https://aaf-locate:8095
aaf.user.role.properties=/share/etc/certs/AAFUserRoles.properties
value: {{ .Values.global.truststorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ - name: AAF_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
+ - name: AAF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
command:
- /bin/sh
args:
enabled: true
# application image
-image: onap/optf-cmso-optimizer:2.3.1
+image: onap/optf-cmso-optimizer:2.3.2
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.3.1
+ image: onap/optf-cmso-dbinit:2.3.2
# flag to enable debugging - application support required
debugEnabled: false
login: '{{ .Values.config.db.user }}'
password: '{{ .Values.config.db.password }}'
passwordPolicy: required
+ - uid: cmso-aaf-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.aaf.user }}'
+ password: '{{ .Values.config.aaf.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
config:
+ aaf:
+ user: user
+ password: pass
+# userCredentialsExternalSecret: some-secret
db:
port: 3306
# rootPassword: pass
## loopback settings
so.url=http://127.0.0.1:5000/onap/so/infra/orchestrationRequests/v7
-so.user=oof@oof.onap.org
-so.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+so.user=${AAF_USER}
+so.pass=${AAF_USER}
-mechid.user=oof@oof.onap.org
-mechid.pass=enc:vfxQdJ1mgdcI7S6SPrzNaw==
+mechid.user=${AAF_USER}
+mechid.pass=${AAF_PASSWORD}
cmso.dispatch.url=http://localhost:8089
value: {{ .Values.global.truststorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ - name: AAF_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
+ - name: AAF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
command:
- /bin/sh
args:
enabled: true
# application image
-image: onap/optf-cmso-service:2.3.1
-robotimage: onap/optf-cmso-robot:2.3.1
+image: onap/optf-cmso-service:2.3.2
+robotimage: onap/optf-cmso-robot:2.3.2
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.3.1
+ image: onap/optf-cmso-dbinit:2.3.2
# flag to enable debugging - application support required
debugEnabled: false
login: '{{ .Values.config.db.user }}'
password: '{{ .Values.config.db.password }}'
passwordPolicy: required
+ - uid: cmso-aaf-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.aaf.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.aaf.user }}'
+ password: '{{ .Values.config.aaf.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
config:
+ aaf:
+ user: user
+ password: pass
+# userCredentialsExternalSecret: some-secret
db:
port: 3306
# rootPassword: pass
optimizer_host: oof-cmso-optimizer
optimizer_port: 7997
+
ingress:
enabled: false
enabled: true
# application image
-image: onap/optf-cmso-ticketmgt:2.3.1
+image: onap/optf-cmso-ticketmgt:2.3.2
pullPolicy: Always
enabled: true
# application image
-image: onap/optf-cmso-topology:2.3.1
+image: onap/optf-cmso-topology:2.3.2
pullPolicy: Always
login: '{{ .Values.config.db.optimizer.userName }}'
password: '{{ .Values.config.db.optimizer.userPassword }}'
passwordPolicy: generate
+ - uid: cmso-aaf-creds
+ name: &aafCreds '{{ include "common.release" . }}-cmso-aaf-creds'
+ type: basicAuth
+ login: '{{ .Values.config.aaf.user }}'
+ password: '{{ .Values.config.aaf.password }}'
mariadb-galera:
replicaCount: 1
flavor: small
config:
+ aaf:
+ user: oof@oof.onap.org
+ password: demo123456!
log:
logstashServiceName: log-ls
logstashPort: 5044
host: *dbName
container: *dbName
mysqlDatabase: cmso
+ aaf:
+ userCredentialsExternalSecret: *aafCreds
oof-cmso-optimizer:
enabled: true
host: *dbName
container: *dbName
mysqlDatabase: optimizer
+ aaf:
+ userCredentialsExternalSecret: *aafCreds
oof-cmso-topology:
enabled: true
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
#################################################################
# Secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
#################################################################
# secrets metaconfig
global:
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
#################################################################
# secrets metaconfig
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.1.3
+ optf_has: onap/optf-has:2.1.5
persistence:
enabled: true
# Application configuration defaults.
#################################################################
# application image
-image: onap/optf-osdf:3.0.3
+image: onap/optf-osdf:3.0.4
pullPolicy: Always
# flag to enable debugging - application support required
GLOBAL_INJECTED_CLOUD_ENV = 'openstack'
GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}"
GLOBAL_INJECTED_DCAE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-healthcheck") }}'
+GLOBAL_INJECTED_DCAE_MS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ms-healthcheck") }}'
GLOBAL_INJECTED_DCAE_VES_HOST = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ves-collector") }}'
GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}'
GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}'
GLOBAL_DCAE_USERNAME = '{{ .Values.dcaeUsername }}'
GLOBAL_DCAE_PASSWORD = '{{ .Values.dcaePassword}}'
GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD]
+# dcae microservice info - everything is from the private oam network (also called onap private network)
+GLOBAL_DCAE_MS_SERVER_PROTOCOL = "http"
+GLOBAL_DCAE_MS_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-healthcheck" "port" 8080) }}'
+GLOBAL_DCAE_MS_USERNAME = '{{ .Values.dcaeMsUsername }}'
+GLOBAL_DCAE_MS_PASSWORD = '{{ .Values.dcaeMsPassword}}'
+GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD]
# dcae hv-ves info
GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}'
GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}'
# DCAE
dcaeUsername: "dcae@dcae.onap.org"
dcaePassword: "demo123456!"
+dcaeMsUsername: "dcae@dcae.onap.org"
+dcaeMsPassword: "demo123456!"
# DROOLS
droolsUsername: "demo@people.osaaf.org"
droolsPassword: "demo123456!"
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.7.3
-backendInitImage: onap/sdc-backend-init:1.7.3
+image: onap/sdc-backend-all-plugins:1.8.4
+backendInitImage: onap/sdc-backend-init:1.8.4
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.7.3
-cassandraInitImage: onap/sdc-cassandra-init:1.7.3
-
+image: onap/sdc-cassandra:1.8.4
+cassandraInitImage: onap/sdc-cassandra-init:1.8.4
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.7.3
-
+image: onap/sdc-frontend:1.8.4
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.7.3
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.3
+image: onap/sdc-onboard-backend:1.8.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.8.4
pullPolicy: Always
# flag to enable debugging - application support required
enabled: true
# application image
-image: onap/vid:7.0.0
+image: onap/vid:8.0.2
pullPolicy: Always
# application configuration