--- /dev/null
+# Copyright © 2020 Samsung Electronics, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (C) 2019, Nordix Foundation. All rights reserved.
-# ================================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.cert.persistence.size}}
- accessModes:
- - {{ .Values.cert.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (C) 2019, Nordix Foundation. All rights reserved.
-# ================================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-cert
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.cert.persistence.annotations }}
- annotations:
-{{ toYaml .Values.cert.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.cert.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.cert.persistence.size }}
-{{- end -}}
--- /dev/null
+# Copyright © 2020 Samsung Electronics, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+ ${JETTY_BASE}/startup.sh
+ {{- end }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: cassandra_ssl_enabled
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
mountPath: /var/lib/jetty/logs
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: HOST_IP
valueFrom:
fieldRef:
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
#################################################################
# Application configuration defaults.
# flag to enable debugging - application support required
debugEnabled: false
+#environment file
+env:
+ name: AUTO
+
+certInitializer:
+ nameOverride: sdc-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
+# SDC Config part
+#################################################################
config:
javaOptions: "-Xmx1536m -Xms1536m"
cassandraSslEnabled: "false"
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
mountPath: /home/sdc/chef-solo/cache
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: RELEASE
value: {{ .Values.config.release }}
- name: SDC_USER
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
#################################################################
# Application configuration defaults.
maxHeapSize: "1536M"
heapNewSize: "512M"
+#environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - sh
+ - sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+ ${JETTY_BASE}/startup.sh
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: HOST_IP
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
mountPath: /var/lib/jetty/chef-solo/environments
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: HOST_IP
valueFrom:
fieldRef:
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-dcae-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
# flag to enable debugging - application support required
debugEnabled: false
+#environment file
+env:
+ name: AUTO
+
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-be/logback-spring.xml
cassandraSslEnabled: "false"
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - sh
+ - sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: HOST_IP
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-dcae-dt-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
+#environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - sh
+ - sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: HOST_IP
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-dcae-fe-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
+#environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: HOST_IP
javaOptions: -XX:MaxPermSize=256m -Xmx1024m
cassandraSslEnabled: "false"
+#environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-job-completion
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - sh
+ - sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
+ ${JETTY_BASE}/startup.sh
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
{{ include "common.resources" . | indent 12 }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: HOST_IP
valueFrom:
fieldRef:
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
spec:
type: {{ .Values.service.type }}
ports:
- {{ if not .Values.global.security.disableHttp }}
+ {{ if not .Values.security.disableHttp }}
# setting http port only if enabled
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-fe-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows"
workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/"
+#environment file
+env:
+ name: AUTO
+
+security:
+ disableHttp: true
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-job-completion
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
- name: {{ include "common.name" . }}-update-config
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - sh
+ - sh
args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
- env:
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: keystore_password
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-sdc-cs-secrets
- key: truststore_password
- volumeMounts:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+ cd /config-input && \
+ for PFILE in `find . -not -type d | grep -v -F ..`
+ do
+ envsubst <${PFILE} >/config-output/${PFILE}
+ chmod 0755 /config-output/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.fullname" . }}-environments
mountPath: /config-input/
- name: sdc-environments-output
mountPath: /config-output/
- - name: volume-permissions
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/sh
- - -c
- - |
- chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: {{ include "common.fullname" . }}-cert-storage
- mountPath: "/onboard/cert"
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
{{ include "common.resources" . | indent 12 }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: SDC_CLUSTER_NAME
- value: "SDC-CS-{{ .Values.global.env.name }}"
+ value: "SDC-CS-{{ .Values.env.name }}"
- name: cassandra_ssl_enabled
value: {{ .Values.config.cassandraSslEnabled | quote }}
- name: HOST_IP
volumeMounts:
- name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/environments/
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
subPath: org.onap.sdc.p12
- - name: sdc-cert
+ - name: sdc-environments-output
mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
subPath: org.onap.sdc.trust.jks
- name: {{ include "common.fullname" . }}-localtime
- name: {{ include "common.fullname" . }}-logback
mountPath: /tmp/logback.xml
subPath: logback.xml
- - name: {{ include "common.fullname" . }}-cert-storage
- mountPath: "{{ .Values.cert.certDir }}"
lifecycle:
postStart:
exec:
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
emptyDir: { medium: "Memory" }
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- - name: {{ include "common.fullname" . }}-cert-storage
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
mountPath: /home/sdc/chef-solo/environments/
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: HOST_IP
valueFrom:
fieldRef:
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+ persistence: {}
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-onboarding-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
javaOptions: "-Xmx1g -Xms1g"
cassandraSslEnabled: "false"
+#environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
{{- if .Values.initJob.enabled }}
- name: {{ include "common.name" . }}-job-completion
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12
+ export KEYMANAGER_PASS=$cadi_keystore_password_p12
+ export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password
+ export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
+ export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
+ ./startup.sh
+ {{- end }}
ports:
- containerPort: {{ template "wfd-be.internalPort" . }}
# disable liveness probe when breakpoints set in debugger
value: "{{ .Values.config.serverSSLEnabled }}"
- name: SERVER_SSL_KEYSTORE_TYPE
value: "{{ .Values.config.serverSSLKeyStoreType }}"
- - name: SERVER_SSL_KEYSTORE_PATH
- value: "{{ .Values.config.serverSSLKeyStorePath }}"
- - name: SERVER_SSL_KEY_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
- name: SERVER_SSL_TRUSTSTORE_TYPE
value: "{{ .Values.config.serverSSLTrustStoreType }}"
- - name: SERVER_SSL_TRUSTSTORE_PATH
- value: "{{ .Values.config.serverSSLTrustStorePath }}"
- - name: SERVER_SSL_TRUST_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
- volumeMounts:
- - name: sdc-cert
- mountPath: /keystore
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /truststore
- subPath: org.onap.sdc.trust.jks
- volumes:
- - name: sdc-cert
- secret:
- secretName: sdc-cert
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+ cassandra:
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be sdc-cs if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ replicaCount: 3
+ clusterName: cassandra
+ dataCenter: Pod
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-wfd-be-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
javaOptions: "-Xmx1536m -Xms1536m"
cassandraAuthenticationEnabled: true
cassandraClientPort: 9042
-
sdcProtocol: HTTPS
sdcEndpoint: sdc-be:8443
sdcExternalUser: workflow
-
serverSSLEnabled: true
-
serverSSLKeyStoreType: jks
- serverSSLKeyStorePath: /home/sdc/etc/keystore
-
serverSSLTrustStoreType: jks
- serverSSLTrustStorePath: /home/sdc/etc/truststore
-
cassandraSSLEnabled: false
cassandraTrustStorePath: /home/sdc/etc/truststore
+# environment file
+env:
+ name: AUTO
+
# default number of instances
replicaCount: 1
externalPort2: 8443
nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
-
ingress:
enabled: false
service:
port: 8443
config:
ssl: "redirect"
-
+
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
fieldPath: metadata.namespace
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-move-cert
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }}
+ cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: sdc-certs
+ mountPath: /sdc-certs
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }}
+ export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }}
+ ./startup.sh
+ {{- end }}
ports:
- containerPort: {{ template "wfd-fe.internalPort" . }}
{{ if .Values.liveness.enabled }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ENVNAME
- value: {{ .Values.global.env.name }}
+ value: {{ .Values.env.name }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: BACKEND
- name: IS_HTTPS
value: "{{ .Values.config.isHttpsEnabled}}"
{{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
- - name: KEYSTORE_PASS
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: keystore_password}
- - name: TRUSTSTORE_PASS
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
- - name: TRUSTSTORE_PATH
- value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
- - name: KEYSTORE_PATH
- value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
- name: TRUST_ALL
value: "{{ .Values.config.isTrustAll}}"
{{ end }}
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- - name: sdc-cert
- mountPath: /var/lib/jetty/etc/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-cert
- mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-certs
+ mountPath: /sdc-certs
+ subpath: mycreds.prop
+ - name: sdc-certs
+ mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }}
+ subPath: {{ .Values.certInitializer.keystoreFile }}
+ - name: sdc-certs
+ mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }}
+ subPath: {{ .Values.certInitializer.truststoreFile }}
+ {{ end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- - name: sdc-cert
- secret:
- secretName: sdc-cert
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-certs
+ emptyDir:
+ medium: "Memory"
+ {{- end }}
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-sdc-filebeat-configmap
readinessImage: onap/oom/readiness:3.0.1
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-wfd-fe-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
# following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
isTrustAll: true
# https relevant settings. Change in case you have other trust files then default ones.
+
+#environment file
+env:
+ name: AUTO
+
security:
isDefaultStore: false
- truststoreFilename: "org.onap.sdc.trust.jks"
- keystoreFilename: "org.onap.sdc.p12"
- storePath: "etc"
# default number of instances
replicaCount: 1
# limitations under the License.
dependencies:
- - name: common
+ - name: sdc-be
version: ~6.x-0
- repository: '@local'
-
- - name: cassandra
+ repository: 'file://components/sdc-be'
+ - name: sdc-cs
version: ~6.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- condition: global.cassandra.localCluster
-
+ repository: 'file://components/sdc-cs'
+ - name: sdc-fe
+ version: ~6.x-0
+ repository: 'file://components/sdc-fe'
+ - name: sdc-onboarding-be
+ version: ~6.x-0
+ repository: 'file://components/sdc-onboarding-be'
+ - name: sdc-wfd-be
+ version: ~6.x-0
+ repository: 'file://components/sdc-wfd-be'
+ condition: sdc-wfd.enabled
+ - name: sdc-wfd-fe
+ version: ~6.x-0
+ repository: 'file://components/sdc-wfd-fe'
+ condition: sdc-wfd.enabled
+ - name: sdc-dcae-be
+ version: ~6.x-0
+ repository: 'file://components/sdc-dcae-be'
+ condition: sdc-dcaed.enabled
+ - name: sdc-dcae-dt
+ version: ~6.x-0
+ repository: 'file://components/sdc-dcae-dt'
+ condition: sdc-dcaed.enabled
+ - name: sdc-dcae-tosca-lab
+ version: ~6.x-0
+ repository: 'file://components/sdc-dcae-tosca-lab'
+ condition: sdc-dcaed.enabled
+ - name: sdc-dcae-fe
+ version: ~6.x-0
+ repository: 'file://components/sdc-dcae-fe'
+ condition: sdc-dcaed.enabled
\ No newline at end of file
{
- "name": "{{ .Values.global.env.name }}",
- "description": "OpenSource-{{ .Values.global.env.name }}",
+ "name": "{{ .Values.env.name }}",
+ "description": "OpenSource-{{ .Values.env.name }}",
"cookbook_versions": {
"Deploy-SDandC": "= 1.0.0"
},
},
"jetty": {
"keystore_pwd": "${KEYSTORE_PASS}",
- "truststore_pwd": "${TRUSTSTORE_PASS}"
+ "truststore_pwd": "${TRUSTSTORE_PASS}",
+ "keymanager_pwd": "${KEYMANAGER_PASS}"
}
}
}
keystore_password: "{{ .Values.global.secrets.keystore_password }}"
# workflow
wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: sdc-cert
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }}
global:
persistence: {}
- env:
- name: AUTO
secrets:
sdc_user: YXNkY191c2Vy
sdc_password: QWExMjM0JV4h
ubuntuInitImage: ubuntu-init:1.0.0
busyboxRepository: registry.hub.docker.com
busyboxImage: library/busybox:latest
+ aafEnabled: true
cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
security:
disableHttp: true
envsubstImage: dibi/envsubst
+
+# Environment file
+env:
+ name: AUTO
+
config:
logstashServiceName: log-ls
logstashPort: 5044
persistence:
mountSubPath: sdc/sdc-cs/CS
enabled: true
+
+# dependency / sub-chart configuration
+sdc-wfd:
+ enabled: true
+sdc-dcaed:
+ enabled: true
\ No newline at end of file
Code Review / oom.git / commitdiff