**Step 6.** Build a local Helm repository (from the kubernetes directory)::
- > make SKIP_LINT=TRUE all; make SKIP_LINT=TRUE onap
+ > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all ; make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] onap
+
+`HELM_BIN`
+ Sets the helm binary to be used. The default value use helm from PATH. Allow the user to have
+ multiple version of helm in operating system and choose which one to use.
**Step 7.** Display the onap charts that available to be deployed::
Then build your local Helm repository::
- > make SKIP_LINT=TRUE all
+ > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all
+
+`HELM_BIN`
+ Sets the helm binary to be used. The default value use helm from PATH. Allow the user to have
+ multiple version of helm in operating system and choose which one to use.
The Helm search command reads through all of the repositories configured on the
system, and looks for matches::
OUTPUT_DIR := $(ROOT_DIR)/dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_BIN := helm
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := helm lint
+ HELM_LINT_CMD := $(HELM_BIN) lint
else
HELM_LINT_CMD := echo "Skipping linting of"
endif
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
@if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
# publish helm plugins via distrubtion directory
plugins:
- @cp -R helm $(PACKAGE_DIR)/
+ @cp -R $(HELM_BIN) $(PACKAGE_DIR)/
# start up a local helm repo to serve up helm chart packages
repo:
@mkdir -p $(PACKAGE_DIR)
- @helm serve --repo-path $(PACKAGE_DIR) &
+ @$(HELM_BIN) serve --repo-path $(PACKAGE_DIR) &
@sleep 3
- @helm repo index $(PACKAGE_DIR)
- @helm repo add local http://127.0.0.1:8879
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo add local http://127.0.0.1:8879
# stop local helm repo
repo-stop:
- @pkill helm
- @helm repo remove local
+ @pkill $(HELM_BIN)
+ @$(HELM_BIN) repo remove local
%:
@:
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
-Subproject commit 628ecd0d519acc6b4717d05aa12fd4f7b7dfc55f
+Subproject commit a8c4e701f9c26038a9ac9f22d5dd95fd54ebc1ca
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
@rm -f *tgz */charts/*tgz
@rm -rf $(PACKAGE_DIR)
%:
- @:
\ No newline at end of file
+ @:
- -c
- |
export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0)
- java -Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx1g -jar ./app.jar
+ java -Djava.security.egd=file:/dev/./urandom -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75 -jar ./app.jar
{{- else }}
args:
- ""
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.1.2
+image: onap/clamp-backend:5.1.3
pullPolicy: Always
# flag to enable debugging - application support required
liveness:
initialDelaySeconds: 120
periodSeconds: 10
+ timeoutSeconds: 3
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
initialDelaySeconds: 10
periodSeconds: 10
-
+ timeoutSeconds: 3
service:
type: ClusterIP
small:
limits:
cpu: 1
- memory: 1.2Gi
+ memory: 1Gi
requests:
cpu: 10m
- memory: 800Mi
+ memory: 1Gi
large:
limits:
cpu: 1
- memory: 1.2Gi
+ memory: 3Gi
requests:
cpu: 10m
- memory: 800Mi
+ memory: 3Gi
unlimited: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 30
periodSeconds: 10
+ timeoutSeconds: 3
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 30
periodSeconds: 10
+ timeoutSeconds: 3
## Persist data to a persitent volume
persistence:
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.1.2
+image: onap/clamp-frontend:5.1.3
pullPolicy: Always
# flag to enable debugging - application support required
liveness:
initialDelaySeconds: 120
periodSeconds: 10
+ timeoutSeconds: 3
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
initialDelaySeconds: 10
periodSeconds: 10
-
+ timeoutSeconds: 3
service:
type: NodePort
COMMON_CHARTS_DIR := common
EXCLUDES :=
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
curr_time=$1
echo "Clearing snapshots!!!"
command="nodetool clearsnapshot -t $curr_time"
- /app/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
}
{{ $root := . }}
curr_time=`date +%s`
echo "Executing cleanup!!"
command="nodetool cleanup"
- /app/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
echo "Cleaned Node!! Backing up database now!!!"
command="nodetool snapshot -t $curr_time"
- /app/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
retCode=$?
if [ $retCode -ne 0 ]; then
echo "Backup Failed!!!"
{{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
{{/* when linted, the name must be lower cased. When used from a component,
name should be overriden in order to avoid collision so no need to do it */}}
- {{- if eq (printf "common/%s/templates" $name) $dot.Template.BasePath -}}
+ {{- if eq (printf "%s/templates" $name) $dot.Template.BasePath -}}
{{- $name = lower $name -}}
{{- end -}}
{{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
"version": "{{ default "v1" $msb_information.version }}",
"url": "{{ default "/" $msb_information.url }}",
"protocol": "{{ default "REST" $msb_information.protocol }}",
+ "enable_ssl": {{ default false $msb_information.enable_ssl }},
"port": "{{ $msb_information.port }}",
"visualRange":"{{ default "1" $msb_information.visualRange }}"
}
- mountPath: /backup
name: {{ include "common.fullname" $dot }}-backup
readOnly: true
- resources:
-{{ include "common.resources" $dot | indent 12 }}
+ resources: {{ include "common.resources" $dot | nindent 12 }}
{{- if $dot.Values.nodeSelector }}
nodeSelector:
{{ toYaml $dot.Values.nodeSelector | indent 10 }}
ingress:
enabled: false
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
make-contrib: make-contrib-awx make-contrib-netbox make-contrib-ejbca make-contrib-core
make-contrib-awx:
- cd components && helm dep up awx && helm lint awx
+ cd components && $(HELM_BIN) dep up awx && $(HELM_BIN) lint awx
make-contrib-ejbca:
- cd components && helm dep up ejbca && helm lint ejbca
+ cd components && $(HELM_BIN) dep up ejbca && $(HELM_BIN) lint ejbca
make-contrib-netbox:
- cd components && helm dep up netbox && helm lint netbox
+ cd components && $(HELM_BIN) dep up netbox && $(HELM_BIN) lint netbox
make-contrib-core:
- helm dep up . && helm lint .
+ $(HELM_BIN) dep up . && $(HELM_BIN) lint .
clean:
@find . -type f -name '*.tgz' -delete
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
make-awx:
- cd charts && helm dep up awx-postgres
+ cd charts && $(HELM_BIN) dep up awx-postgres
</void>
<void method="put">
<int>37</int>
- <string>-477565695</string>
+ <string>-1501801709</string>
</void>
<void method="put">
<int>20037</int>
</void>
<void method="put">
<int>20011</int>
- <boolean>true</boolean>
+ <boolean>false</boolean>
</void>
<void method="put">
<int>10011</int>
</void>
<void method="put">
<int>20013</int>
- <boolean>true</boolean>
+ <boolean>false</boolean>
</void>
<void method="put">
<int>10013</int>
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
make-netbox:
- cd charts && helm dep up netbox-postgres && helm dep up netbox-nginx && helm dep up netbox-app
+ cd charts && $(HELM_BIN) dep up netbox-postgres && $(HELM_BIN) dep up netbox-nginx && $(HELM_BIN) dep up netbox-app
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
+
make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard
make-dcae-bootstrap:
- cd components && helm dep up dcae-bootstrap && helm lint dcae-bootstrap
+ cd components && $(HELM_BIN) dep up dcae-bootstrap && $(HELM_BIN) lint dcae-bootstrap
make-dcae-cloudify-manager:
- cd components && helm dep up dcae-cloudify-manager && helm lint dcae-cloudify-manager
+ cd components && $(HELM_BIN) dep up dcae-cloudify-manager && $(HELM_BIN) lint dcae-cloudify-manager
make-dcae-config-binding-service:
- cd components && helm dep up dcae-config-binding-service && helm lint dcae-config-binding-service
+ cd components && $(HELM_BIN) dep up dcae-config-binding-service && $(HELM_BIN) lint dcae-config-binding-service
make-dcae-healthcheck:
- cd components && helm dep up dcae-healthcheck && helm lint dcae-healthcheck
+ cd components && $(HELM_BIN) dep up dcae-healthcheck && $(HELM_BIN) lint dcae-healthcheck
make-dcae-servicechange-handler:
- cd components && helm dep up dcae-servicechange-handler && helm lint dcae-servicechange-handler
+ cd components && $(HELM_BIN) dep up dcae-servicechange-handler && $(HELM_BIN) lint dcae-servicechange-handler
make-dcae-inventory-api:
- cd components && helm dep up dcae-inventory-api && helm lint dcae-inventory-api
+ cd components && $(HELM_BIN) dep up dcae-inventory-api && $(HELM_BIN) lint dcae-inventory-api
make-dcae-deployment-handler:
- cd components && helm dep up dcae-deployment-handler && helm lint dcae-deployment-handler
+ cd components && $(HELM_BIN) dep up dcae-deployment-handler && $(HELM_BIN) lint dcae-deployment-handler
make-dcae-policy-handler:
- cd components && helm dep up dcae-policy-handler && helm lint dcae-policy-handler
+ cd components && $(HELM_BIN) dep up dcae-policy-handler && $(HELM_BIN) lint dcae-policy-handler
make-dcae-dashboard:
- cd components && helm dep up dcae-dashboard && helm lint dcae-dashboard
+ cd components && $(HELM_BIN) dep up dcae-dashboard && $(HELM_BIN) lint dcae-dashboard
clean:
@find . -type f -name '*.tgz' -delete
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
+
make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry make-dcaemod-healthcheck
make-dcaemod-distributor-api:
- cd components && helm dep up dcaemod-genprocessor && helm lint dcaemod-genprocessor
+ cd components && $(HELM_BIN) dep up dcaemod-genprocessor && $(HELM_BIN) lint dcaemod-genprocessor
make-dcaemod-genprocessor:
- cd components && helm dep up dcaemod-distributor-api && helm lint dcaemod-distributor-api
+ cd components && $(HELM_BIN) dep up dcaemod-distributor-api && $(HELM_BIN) lint dcaemod-distributor-api
make-dcaemod-designtool:
- cd components && helm dep up dcaemod-designtool && helm lint dcaemod-designtool
+ cd components && $(HELM_BIN) dep up dcaemod-designtool && $(HELM_BIN) lint dcaemod-designtool
make-dcaemod-onboarding-api:
- cd components && helm dep up dcaemod-onboarding-api && helm lint dcaemod-onboarding-api
+ cd components && $(HELM_BIN) dep up dcaemod-onboarding-api && $(HELM_BIN) lint dcaemod-onboarding-api
make-dcaemod-runtime-api:
- cd components && helm dep up dcaemod-runtime-api && helm lint dcaemod-runtime-api
+ cd components && $(HELM_BIN) dep up dcaemod-runtime-api && $(HELM_BIN) lint dcaemod-runtime-api
make-dcaemod-nifi-registry:
- cd components && helm dep up dcaemod-nifi-registry && helm lint dcaemod-nifi-registry
+ cd components && $(HELM_BIN) dep up dcaemod-nifi-registry && $(HELM_BIN) lint dcaemod-nifi-registry
make-dcaemod-healthcheck:
- cd components && helm dep up dcaemod-healthcheck && helm lint dcaemod-healthcheck
+ cd components && $(HELM_BIN) dep up dcaemod-healthcheck && $(HELM_BIN) lint dcaemod-healthcheck
clean:
@find . -type f -name '*.tgz' -delete
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
make-dmaap: make-dmaap-bc make-message-router make-dmaap-dr-node make-dmaap-dr-prov
make-dmaap-bc:
- cd components && helm dep up dmaap-bc && helm lint dmaap-bc
+ cd components && $(HELM_BIN) dep up dmaap-bc && $(HELM_BIN) lint dmaap-bc
make-message-router:
- cd components && helm dep up message-router && helm lint message-router
+ cd components && $(HELM_BIN) dep up message-router && $(HELM_BIN) lint message-router
make-dmaap-dr-node:
- cd components && helm dep up dmaap-dr-node && helm lint dmaap-dr-node
+ cd components && $(HELM_BIN) dep up dmaap-dr-node && $(HELM_BIN) lint dmaap-dr-node
make-dmaap-dr-prov:
- cd components && helm dep up dmaap-dr-prov && helm lint dmaap-dr-prov
+ cd components && $(HELM_BIN) dep up dmaap-dr-prov && $(HELM_BIN) lint dmaap-dr-prov
clean:
@find . -type f -name '*.tgz' -delete
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
make-modeling: make-modeling-etsicatalog
make-modeling-etsicatalog:
- cd charts && helm dep up modeling-etsicatalog && helm lint modeling-etsicatalog
+ cd charts && $(HELM_BIN) dep up modeling-etsicatalog && $(HELM_BIN) lint modeling-etsicatalog
clean:
@find . -type f -name '*.tgz' -delete
@find . -type f -name '*.lock' -delete
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+HELM_BIN := helm
make-multicloud: make-multicloud-k8s
make-multicloud-k8s:
- cd charts && helm dep up multicloud-k8s && helm lint multicloud-k8s
+ cd charts && $(HELM_BIN) dep up multicloud-k8s && $(HELM_BIN) lint multicloud-k8s
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/k8s:0.6.0
+image: onap/multicloud/k8s:0.7.0
pullPolicy: Always
# flag to enable debugging - application support required
value: {{ .Values.config.openStackVNFTenantId | quote }}
- name: ONAP_CLOUDOWNER
value: {{ .Values.config.cloudOwner }}
+ - name: ONAP_K8SCLOUDREGIONID
+ value: {{ .Values.config.k8sCloudRegionId }}
+ - name: ONAP_K8SCLOUDOWNER
+ value: {{ .Values.config.k8sCloudOwner }}
- name: NBI_URL
value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4"
- name: SDC_HOST
logstashServiceName: log-ls
logstashPort: 5044
cloudOwner: CloudOwner
+ k8sCloudRegionId: k8sregionfour
+ k8sCloudOwner: k8scloudowner4
ecompInstanceId: OOM
openStackRegion: RegionOne
openStackVNFTenantId: 31047205ce114b60833b23e400d6a535
initialDelaySeconds: 60
readiness:
initialDelaySeconds: 60
+ clamp-mariadb:
+ liveness:
+ initialDelaySeconds: 30
+ readiness:
+ initialDelaySeconds: 30
dcaegen2:
dcae-cloudify-manager:
liveness:
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: log.conf
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
- name: {{ include "common.name" . }}-nginx
image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
+ cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
+ /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- if .Values.liveness.enabled }}
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
+ - mountPath: /tmp/AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
+ - mountPath: /tmp/intermediate_root_ca.pem
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: intermediate_root_ca.pem
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: conductor.conf
- key: log.conf
path: log.conf
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
service:
type: NodePort
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: aai_key.key
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: aai_cert.cer
- key: aai_key.key
path: aai_key.key
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
-
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
listen 8091 ssl;
server_name oof;
- ssl_certificate /opt/bitnami/nginx/ssl/local/org.onap.oof.crt;
+ ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
repository: nexus3.onap.org:10001
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
filebeat: docker.elastic.co/beats/filebeat:5.5.0
persistence:
enabled: true
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
pullPolicy: Always
nodePortPrefix: 302
dataRootDir: /dockerdata-nfs
#component overrides
oof-has-api:
enabled: true
+ certSecret: *oof-certs
oof-has-controller:
enabled: true
+ certSecret: *oof-certs
oof-has-data:
enabled: true
+ certSecret: *oof-certs
oof-has-reservation:
enabled: true
+ certSecret: *oof-certs
oof-has-solver:
enabled: true
+ certSecret: *oof-certs
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP OOF helm templates
+name: oof-templates
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+
--- /dev/null
+{{- define "oof.certificate.volume" -}}
+- name: {{ include "common.fullname" . }}-onap-certs
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }}
+ items:
+ - key: aaf_root_ca.cer
+ path: aaf_root_ca.cer
+ - key: intermediate_root_ca.pem
+ path: intermediate_root_ca.pem
+{{- end -}}
+
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
version: ~6.x-0
repository: 'file://components/oof-has'
condition: oof-has.enabled
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://components/oof-templates'
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
+
external: 8698 # clients use this port on DockerHost
osdf_ip_default: 0.0.0.0
# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: ['/opt/osdf/osaaf/local/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
+ ssl_context: ['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
resource_sharing_level:
source: request
value: serviceProfile.resourceSharingLevel
+ slice_scope:
+ source: request
+ value: slice_scope
reuse_preference:
source: request
value: preferReuse
policy_scope:
-
scope:
- - get_param: resource_sharing_level
- - get_param: reuse_preference
+ - get_param: slice_scope
services:
- get_param: service_name
+ resources:
+ - get_param: service_name
subnet_selection:
policy_fetch: by_scope
- OSDF_GUILIN
services:
- get_param: service_name
+ resources:
+ - get_param: service_name
placement:
policy_fetch: by_scope
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/conf/*").AsConfig . | indent 2 }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
+ cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
+ ./osdfapp.sh -x osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
- name: {{ include "common.fullname" . }}-config
+ name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: intermediate_root_ca.pem
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
items:
- key: osdf_config.yaml
path: osdf_config.yaml
- - key: aaf_root_ca.cer
- path: aaf_root_ca.cer
- key: common_config.yaml
path: common_config.yaml
- key: log.yml
path: log.yml
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certs/intermediate_root_ca.pem
+ - resources/config/certs/aaf_root_ca.cer
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:3.0.0
+image: onap/optf-osdf:3.0.1
pullPolicy: Always
# flag to enable debugging - application support required
enabled: true
oof-has:
enabled: true
+ certSecret: *oof-certs
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
- @helm repo index $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
"parameters":{
"asdcAddress": "sdc-be:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "${SDCBE_USER}",
"password": "${SDCBE_PASSWORD}",
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.7.2
+image: onap/policy-pdpd-cl:1.7.3
pullPolicy: Always
# flag to enable debugging - application support required
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
-Subproject commit 34913f2223539640c81ae9e7a65744a09a95c9ce
+Subproject commit da28d1cdc573a726d3fc8a19638ebc8b3679295f
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
name: sdc-be
both_tls_and_plain: true
msb:
- - port: 8080
+ - port: 8443
url: "/sdc/v1"
version: "v1"
protocol: "REST"
visualRange: "1"
serviceName: sdc
+ enable_ssl: true
- port: 8080
url: "/sdc/v1"
version: "v1"
logstashPort: 5044
environment:
workflowUrl: 10.0.2.15
- vnfRepoPort: 8702
+ vnfRepoPort: 8703
#Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster
cassandra:
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES := dist resources templates charts
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
SECRET_DIR := $(OUTPUT_DIR)/secrets
EXCLUDES :=
+HELM_BIN := helm
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell helm version --template "{{.Version}}")
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
@if [ -f $*/Makefile ]; then make -C $*; fi
dep-%: make-%
- @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi
else
- @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
endif
- @helm repo index $(PACKAGE_DIR)
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
clean:
@rm -f */requirements.lock
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := soHelpers
+HELM_BIN := helm
+HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
ssl-enable: false
mso:
logPath: ./logs/soappcorch
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
msoKey: {{ .Values.global.app.msoKey }}
config:
- {{ if eq .Values.global.security.aaf.enabled true }}
- cadi: {{ include "cadi.keys" . | nindent 8}}
+ {{ if .Values.global.security.aaf.enabled }}
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
{{- else }}
cadi:
aafId: {{ .Values.mso.basicUser }}
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
- sh
args:
- -c
- - export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"; ./start-app.sh
+ - |
+ export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ {{- end }}
+ /app/start-app.sh
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ACTUATOR_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{- include "common.containerPorts" . | nindent 10 }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: encoder
- name: config
mountPath: /app/config
readOnly: true
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
medium: Memory
- name: config
configMap:
- name: {{ include "common.fullname" . }}-app-configmap
+ name: {{ include "common.fullname" . }}-app-configmap
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# Copyright © 2020 AT&T USA
+# Copyright © 2020 Huawei
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ envsubstImage: dibi/envsubst
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
persistence:
mountPath: /dockerdata-nfs
htpasswdImage: xmartlabs/htpasswd
dockerHubRepository: docker.io
+ security:
+ aaf:
+ enabled: false
+ app:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
#################################################################
# Secrets metaconfig
#################################################################
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: server-actuator-creds
name: '{{ include "common.release" . }}-so-appc-actuator-creds'
type: basicAuth
password: password1$
replicaCount: 1
minReadySeconds: 10
-containerPort: 8080
+containerPort: &containerPort 8080
logPath: ./logs/soappcorch
app: appc-orchestrator
service:
name: so-appc-orchestrator
type: ClusterIP
ports:
- - port: 8080
+ - port: *containerPort
name: http
updateStrategy:
type: RollingUpdate
maxSurge: 1
# Resource Limit flavor -By Default using small
flavor: small
+
+
+#################################################################
+# soHelper part
+#################################################################
+
+soHelpers:
+ nameOverride: so-appc-cert-init
+ certInitializer:
+ nameOverride: so-appc-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ containerPort: *containerPort
+
# Segregation for Different environment (Small and Large)
resources:
small:
nodeSelector: {}
tolerations: []
affinity: {}
+
+auth:
+ rest:
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+
+mso:
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ basicUser: poBpmn
+
+appc:
+ client:
+ topic:
+ read:
+ name: APPC-LCM-WRITE
+ timeout: 360000
+ write: APPC-LCM-READ
+ sdnc:
+ read: SDNC-LCM-WRITE
+ write: SDNC-LCM-READ
+ response:
+ timeout: 3600000
+ key: VIlbtVl6YLhNUrtU
+ secret: 64AG2hF4pYeG2pq7CT6XwUOT
+ service: ueb
# limitations under the License.
apiVersion: v1
appVersion: "1.0"
-description: A Helm chart for Kubernetes
+description: A Helm chart for SO Bpmn Infra
name: so-bpmn-infra
-version: 6.0.0
\ No newline at end of file
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
dme2:
timeout: '30000'
endpoint: https://aai.{{ include "common.namespace" . }}:8443
timeout: 60
logPath: logs
config:
- cadi: {{ include "cadi.keys" . | nindent 8}}
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
async:
core-pool-size: 50
max-pool-size: 50
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
db:
auth: {{ .Values.mso.adapters.db.auth }}
password: {{ .Values.mso.adapters.db.password }}
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
nssmf:
endpoint: http://so-nssmf-adapter.{{ include "common.namespace" . }}:8088
+ oof:
+ endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/v1
+ timeout: PT5M
+ callback:
+ endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/callback/v1
bpmn:
process:
historyTimeToLive: '30'
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
default:
adapter:
namespace: http://org.onap.mso
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
env:
- name: DB_HOST
valueFrom:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
# Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
#This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
#secretsFilePaths: |
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
+
+
#################################################################
# Application configuration defaults.
#################################################################
adminName: so_admin
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
+
+aai:
+ auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+
+cds:
+ auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ db:
+ auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ password: wLg4sjrAFUS8rfVfdvTXeQ==
+ po:
+ auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ sdnc:
+ password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+ sniro:
+ auth: test:testpwd
+ oof:
+ auth: test:testpwd
+so:
+ vnfm:
+ adapter:
+ auth: Basic dm5mbTpwYXNzd29yZDEk
+sniro:
+ endpoint: http://replaceme:28090/optimizationInstance/V1/create
+
replicaCount: 1
minReadySeconds: 10
-containerPort: 8081
+containerPort: &containerPort 8081
logPath: ./logs/bpmn/
app: so-bpmn-infra
service:
- type: ClusterIP
- internalPort: 8081
- externalPort: 8081
- portName: so-bpmn-port
+ type: ClusterIP
+ internalPort: *containerPort
+ externalPort: 8081
+ portName: so-bpmn-port
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelper part
+#################################################################
+soHelpers:
+ nameOverride: so-bpmn-cert-init
+ certInitializer:
+ nameOverride: so-bpmn-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.bpmnPerm
+ containerPort: *containerPort
+
+
# Resource Limit flavor -By Default using small
flavor: large
# Segregation for Different environment (Small and Large)
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
logPath: logs
site-name: onapheat
config:
- cadi: {{ include "cadi.keys" . | nindent 8}}
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
spring:
datasource:
hikari:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
env:
- name: DB_HOST
valueFrom:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
# Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ app:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
#secretsFilePaths: |
# - 'my file 1'
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
+mso:
+ adapters:
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
replicaCount: 1
minReadySeconds: 10
-containerPort: 8082
+containerPort: &containerPort 8082
logPath: ./logs/catdb/
app: catalog-db-adapter
service:
type: ClusterIP
- internalPort: 8082
- externalPort: 8082
+ internalPort: *containerPort
+ externalPort: *containerPort
portName: so-catdb-port
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
+
+#################################################################
+# soHelper part
+#################################################################
+soHelpers:
+ nameOverride: so-catalogdb-cert-init
+ certInitializer:
+ nameOverride: so-catalogdb-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.catalogDbAdapterPerm
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ mariadbGalera:
+ serviceName: mariadb-galera
+ servicePort: "3306"
db_admin_username: so_admin
db_admin_password: so_Admin123
db_username: so_user
db_password: so_User123
-
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP SO ETSI NFVO NS LCM
+name: so-etsi-nfvo-ns-lcm
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ version: v19
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+spring:
+ datasource:
+ hikari:
+ camunda:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: bpmn-pool
+ registerMbeans: true
+ nfvo:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/nfvo
+ username: ${DB_ADMIN_USERNAME}
+ password: ${DB_ADMIN_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: nfvo-pool
+ registerMbeans: true
+ security:
+ usercredentials:
+ - username: ${ETSI_NFVO_USERNAME}
+ password: ${ETSI_NFVO_PASSWORD}
+ role: ETSI-NFVO-Client
+server:
+ port: {{ .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+mso:
+ key: {{ .Values.mso.key }}
+so:
+ adapters:
+ sol003-adapter:
+ url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
+ auth: {{ .Values.so.sol003.adapter.auth }}
+etsi-catalog-manager:
+ base:
+ {{- if .Values.global.msbEnabled }}
+ endpoint: https://msb-iag:443/api
+ http:
+ client:
+ ssl:
+ trust-store: ${TRUSTSTORE}
+ trust-store-password: ${TRUSTSTORE_PASSWORD}
+ {{- else }}
+ endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api
+ {{- end }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ {{- end }}
+ ./start-app.sh
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: ETSI_NFVO_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }}
+ - name: ETSI_NFVO_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }}
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+ {{ include "so.certificates.env" . | indent 12 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readonly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ index .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: etsi-nfvo-nslcm-creds
+ name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}'
+ login: '{{ .Values.etsi.nfvo.nslcm.username }}'
+ password: '{{ .Values.etsi.nfvo.nslcm.password }}'
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/so-etsi-nfvo-ns-lcm:1.7.4
+pullPolicy: Always
+
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+etsi:
+ nfvo:
+ nslcm:
+ username: so-etsi-nfvo-ns-lcm
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+so:
+ sol003:
+ adapter:
+ auth: Basic dm5mbTpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 9095
+logPath: ./logs/so-etsi-nfvo-ns-lcm/
+app: so-etsi-nfvo-ns-lcm
+service:
+ type: ClusterIP
+ name: so-etsi-nfvo-ns-lcm
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
+ msb.onap.org/service-info: |
+ {{ if not .Values.global.msbDisabled -}}[
+ {
+ "serviceName": "{{ include "common.servicename" . }}",
+ "version": "v1",
+ "url": "/so/so-etsi-nfvo-ns-lcm/v1",
+ "protocol": "REST",
+ "port": "{{ include "common.getPort" (dict "global" . "name" "nfvo-nslcm-port") }}",
+ "visualRange":"1"
+ }
+ ]{{ end }}
+ ports:
+ - name: http-api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-nfvo-cert-init
+ certInitializer:
+ nameOverride: so-nfvo-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.nfvoAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+
+livenessProbe:
+ port: 9095
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'soetsinfvonslcm'
+ name: 'so-etsi-nfvo-ns-lcm'
+ port: 9095
+ config:
+ ssl: 'redirect'
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+DB_PASSWORD=`prepare_password $DB_PASSWORD`
+
mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
DROP USER IF EXISTS '${DB_USER}';
CREATE USER '${DB_USER}';
echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD`
+
mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
DROP USER IF EXISTS '${DB_ADMIN}';
CREATE USER '${DB_ADMIN}';
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
ubuntuInitRepository: registry.hub.docker.com
-
+ mariadbGalera:
+ nameOverride: mariadb-galera
+ serviceName: mariadb-galera
+ servicePort: "3306"
+ migration:
+ enabled: false
+ dbHost: mariadb-galera
+ dbPort: 3306
+ dbUser: root
+ dbPassword: secretpassword
#################################################################
# Secrets metaconfig
#################################################################
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ initContainers:
- name: so-chown
image: alpine:3.6
volumeMounts:
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: DB_HOST
valueFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Copyright (C) 2020 Huawei
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
#secretsFilePaths: |
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
+#################################################################
+# AAF part
+#################################################################
+soHelpers:
+ nameOverride: so-monitoring-cert-init
+ certInitializer:
+ nameOverride: so-monitoring-cert-init
+ credsPath: /opt/app/osaaf/local
+
#################################################################
# Application configuration defaults.
#################################################################
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
logging:
path: logs
adapters:
requestDb:
endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
#Actuator
management:
endpoints:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
---
apiVersion: v1
kind: ConfigMap
- sh
args:
- -c
- - export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh
+ - |
+ export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ {{- end }}
+ ./start-app.sh
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
ports: {{- include "common.containerPorts" . | nindent 12 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
- - name: TRUSTSTORE
- value: {{ .Values.global.client.certs.truststore }}
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- name: BPEL_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }}
- name: BPEL_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
- name: ACTUATOR_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: KEYSTORE
- value: {{ .Values.global.client.certs.keystore }}
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-env
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
- name: logs
mountPath: /app/logs
- name: config
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: server-bpel-creds
name: '{{ include "common.release" . }}-so-server-bpel-creds'
type: basicAuth
password: '{{ .Values.server.actuator.password }}'
passwordPolicy: required
-
#secretsFilePaths: |
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
bpel:
username: bpel
password: password1$
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
replicaCount: 1
minReadySeconds: 10
-containerPort: 8088
+containerPort: &containerPort 8088
logPath: ./logs/nssmf/
app: nssmf-adapter
service:
type: ClusterIP
ports:
- name: api
- port: 8088
+ port: *containerPort
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
+
+soHelpers:
+ nameOverride: so-nssmf-cert-init
+ certInitializer:
+ nameOverride: so-nssmf-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.nssmfAdapterPerm
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
--- /dev/null
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: so-oof-adapter
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+logging:
+ path: logs
+spring:
+ security:
+ usercredentials:
+ - username: ${BPEL_USERNAME}
+ password: ${BPEL_PASSWORD}
+ role: BPEL-Client
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/oof
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+ msoKey: ${MSO_KEY}
+ camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
+ camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}}
+ workflow:
+ message:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
+ oof:
+ auth: ${OOF_LOGIN}:${OOF_PASSWORD}
+ endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ env:
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: MSO_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-adapter-mso-key" "key" "password") | indent 10 }}
+ - name: OOF_LOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }}
+ - name: OOF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+# Secrets metaconfig
+#################################################################
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: oof-adapter-mso-key
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+ password: '{{ .Values.mso.msoKey }}'
+ - uid: oof-auth
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mso.oof.authSecret) . }}'
+ login: '{{ .Values.mso.oof.login }}'
+ password: '{{ .Values.mso.oof.password }}'
+ passwordPolicy: required
+
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/so-oof-adapter:1.7.2
+pullPolicy: Always
+
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ oof:
+ login: test
+ password: testpwd
+
+replicaCount: 1
+containerPort: &containerPort 8090
+minReadySeconds: 10
+containerPort: *containerPort
+logPath: ./logs/oof/
+app: so-oof-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+
+soHelpers:
+ nameOverride: so-oof-adapter-cert-init
+ certInitializer:
+ nameOverride: so-oof-adapter-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.oofadapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: *containerPort
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
server:
port: {{ index .Values.containerPort }}
default_keystone_url_version: /v2.0
default_keystone_reg_ex: "/[vV][0-9]"
vnf:
- bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
+ bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
checkRequiredParameters: true
addGetFilesOnVolumeReq: false
sockettimeout: 30
valet_enabled: false
fail_requests_on_valet_failure: false
network:
- bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
+ bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
sockettimeout: 5
connecttimeout: 5
retrycount: 5
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag
msb-port: 443
msoKey: {{ .Values.mso.msoKey }}
config:
{{ if eq .Values.global.security.aaf.enabled true }}
- cadi: {{ include "cadi.keys" . | nindent 8}}
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
{{- else }}
cadi:
aafId: {{ .Values.mso.basicUser }}
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
site-name: localDevEnv
async:
core-pool-size: 50
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
env:
- name: DB_HOST
valueFrom:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
# Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
#secretsFilePaths: |
# - 'my file 1'
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+aaf:
+ auth:
+ encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
+org:
+ onap:
+ so:
+ adapters:
+ bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ basicUser: poBpmn
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
replicaCount: 1
minReadySeconds: 10
-containerPort: 8087
+containerPort: &containerPort 8087
logPath: ./logs/openstack/
app: openstack-adapter
service:
type: ClusterIP
- internalPort: 8087
- externalPort: 8087
+ internalPort: *containerPort
+ externalPort: *containerPort
portName: so-optack-port
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
+
+#################################################################
+# soHelper part
+#################################################################
+soHelpers:
+ nameOverride: so-openstack-cert-init
+ certInitializer:
+ nameOverride: so-openstack-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
logPath: logs
site-name: localSite
config:
- cadi: {{- include "cadi.keys" . | nindent 8}}
+ cadi: {{- include "so.cadi.keys" . | nindent 8}}
adapters:
requestDb:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
spring:
datasource:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
env:
- name: DB_HOST
valueFrom:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
# Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
#secretsFilePaths: |
# - 'my file 1'
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
replicaCount: 1
minReadySeconds: 10
-containerPort: 8083
+containerPort: &containerPort 8083
logPath: ./logs/reqdb/
app: request-db-adapter
service:
type: ClusterIP
- internalPort: 8083
- externalPort: 8083
+ internalPort: *containerPort
+ externalPort: *containerPort
portName: so-reqdb-port
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-requestdb-cert-init
+ certInitializer:
+ nameOverride: so-requestdb-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.requestDbAdapterPerm
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
msoKey: {{ index .Values.mso.msoKey }}
logPath: ./logs/sdc
config:
- cadi: {{ include "cadi.keys" . | nindent 8}}
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
site-name: onapheat
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
asdc-connections:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
env:
- name: DB_HOST
valueFrom:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
# Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
#secretsFilePaths: |
# - 'my file 1'
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ asdc:
+ config:
+ key: 566B754875657232314F5548556D3665
+ asdc-connections:
+ asdc-controller1:
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+
replicaCount: 1
minReadySeconds: 10
-containerPort: 8085
+containerPort: &containerPort 8085
logPath: ./logs/sdc/
app: sdc-controller
service:
type: ClusterIP
- internalPort: 8085
- externalPort: 8085
+ internalPort: *containerPort
+ externalPort: *containerPort
portName: so-sdc-port
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-sdc-cert-init
+ certInitializer:
+ nameOverride: so-sdc-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.sdcControllerPerm
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
queue-capacity: 500
logPath: ./logs/sdnc
config:
- cadi: {{ include "cadi.keys" . | nindent 14}}
+ cadi: {{ include "so.cadi.keys" . | nindent 14}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
site-name: onapheat
org:
onap:
changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
+ bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
opticalservice:
optical-service-create:
myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify
rest:
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
+ sdncauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
sdncconnecttime: 5000
sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:'
sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:'
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
env:
- name: DB_HOST
valueFrom:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
# Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
#This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
#secretsFilePaths: |
# - 'my file 1'
image: onap/so/sdnc-adapter:1.6.4
pullPolicy: Always
+org:
+ onap:
+ so:
+ adapters:
+ sdnc:
+ bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
+ sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
+ network:
+ encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
db:
userName: so_user
userPassword: so_User123
replicaCount: 1
minReadySeconds: 10
-containerPort: 8086
+containerPort: &containerPort 8086
logPath: ./logs/sdnc/
app: sdnc-adapter
service:
type: ClusterIP
- internalPort: 8086
- externalPort: 8086
+ internalPort: *containerPort
+ externalPort: *containerPort
portName: so-sdnc-port
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
+
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-sdnc-cert-init
+ certInitializer:
+ nameOverride: so-sdnc-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.sdncAdapterPerm
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
--- /dev/null
+# Copyright (c) 2020 Orange
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ client:
+ certs:
+ trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
- name: logs
mountPath: /app/logs
- name: config
global:
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
#################################################################
# Application configuration defaults.
#################################################################
ports:
- name: http
port: 9098
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-vevnfm-cert-init
+ certInitializer:
+ nameOverride: so-vevnfm-cert-init
+ credsPath: /opt/app/osaaf/local
+
flavor: small
resources:
small:
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
site-name: localSite
logPath: ./logs/vfc
config:
- cadi: {{ include "cadi.keys" . | nindent 8}}
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
msb-ip: msb-iag
msb-port: 80
adapters:
requestDb:
endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
#Actuator
management:
security:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
env:
- name: DB_HOST
valueFrom:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
# Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
persistence:
mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
#secretsFilePaths: |
# - 'my file 1'
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
replicaCount: 1
minReadySeconds: 10
-containerPort: 8084
+containerPort: &containerPort 8084
logPath: ./logs/vfc/
app: vfc-adapter
service:
type: ClusterIP
- internalPort: 8084
- externalPort: 8084
+ internalPort: *containerPort
+ externalPort: *containerPort
portName: so-vfc-port
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
+
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-vfc-cert-init
+ certInitializer:
+ nameOverride: so-vfc-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.vfcAdapterPerm
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
version: v15
endpoint: https://aai.{{ include "common.namespace" . }}:8443
spring:
site-name: localSite
logPath: ./logs/vnfm-adapter
config:
- cadi: {{ include "cadi.keys" . | nindent 8}}
+ cadi: {{ include "so.cadi.keys" . | nindent 8}}
msb-ip: msb-iag
msb-port: 80
sdc:
- username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
- password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
+ username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
+ password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
key: {{ .Values.sdc.key }}
endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
vnfmadapter:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: TRUSTSTORE
- value: {{ .Values.global.client.certs.truststore }}
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- {{ if eq .Values.global.security.aaf.enabled true }}
- - name: KEYSTORE
- value: {{ .Values.global.client.certs.keystore }}
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
{{- end }}
+ env:
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
# Copyright © 2019 Nordix Foundation
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "so-onap-certs"
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
#################################################################
# Application configuration defaults.
image: onap/so/vnfm-adapter:1.6.4
pullPolicy: Always
+aaf:
+ auth:
+ username: so@so.onap.org
+ password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+sdc:
+ username: mso
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ key: 566B754875657232314F5548556D3665
+
replicaCount: 1
minReadySeconds: 10
-containerPort: 9092
+containerPort: &containerPort 9092
logPath: ./logs/vnfm-adapter/
app: vnfm-adapter
service:
type: NodePort
- internalPort: 9092
- externalPort: 9092
+ internalPort: *containerPort
+ externalPort: *containerPort
nodePort: "06"
portName: so-vnfm-port
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-vnfm-cert-init
+ certInitializer:
+ nameOverride: so-vnfm-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.vnfmAdapterPerm
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
--- /dev/null
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+description: A Helm chart for SO helpers
+name: soHelpers
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
--- /dev/null
+{{- define "so.cadi.keys" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+cadiLoglevel: {{ $initRoot.cadi.logLevel }}
+cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }}
+cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }}
+cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
+cadiLatitude: {{ $initRoot.cadi.latitude }}
+cadiLongitude: {{ $initRoot.cadi.longitude }}
+aafEnv: {{ $initRoot.cadi.aafEnv }}
+aafApiVersion: {{ $initRoot.cadi.aafApiVersion }}
+aafRootNs: {{ $initRoot.cadi.aafRootNs }}
+aafId: {{ $initRoot.cadi.aafId }}
+aafPassword: {{ $initRoot.cadi.aafPassword }}
+aafLocateUrl: {{ $initRoot.cadi.aafLocateUrl }}
+aafUrl: {{ $initRoot.cadi.aafUrl }}
+apiEnforcement: {{ $initRoot.cadi.apiEnforcement }}
+{{- if ($initRoot.cadi.noAuthn) }}
+noAuthn: {{ $initRoot.cadi.noAuthn }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- define "so.certificate.container_importer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.initContainer" $subchartDot }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: {{ include "common.name" $dot }}-msb-cert-importer
+ image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.aafAgentImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ command:
+ - "/bin/sh"
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ keytool -import -trustcacerts -alias msb_root -file \
+ /certificates/msb-ca.crt -keystore \
+ "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+ -keypass $cadi_truststore_password -noprompt
+ volumeMounts:
+ {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
+ - name: {{ include "common.name" $dot }}-msb-certificate
+ mountPath: /certificates
+{{- end }}
+{{- end -}}
+
+{{- define "so.certificate.volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.volumes" $subchartDot }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: {{ include "common.name" $dot }}-msb-certificate
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }}
+{{- end }}
+{{- end -}}
+
+{{- define "so.certificate.volumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{ include "common.certInitializer.volumeMount" $subchartDot }}
+{{- end -}}
+
+{{- define "so.certificates.env" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+{{- if $dot.Values.global.aafEnabled }}
+- name: TRUSTSTORE
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
+{{- if $dot.Values.global.security.aaf.enabled }}
+- name: KEYSTORE
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.jks
+{{- end }}
+{{- end }}
+{{- end -}}
--- /dev/null
+{{- define "so.helpers.livenessProbe" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
+livenessProbe:
+ httpGet:
+ path: {{ $subchartDot.Values.livenessProbe.path }}
+ port: {{ $subchartDot.Values.containerPort }}
+ scheme: {{ $subchartDot.Values.livenessProbe.scheme }}
+ {{- if $subchartDot.Values.global.security.aaf.enabled }}
+ httpHeaders:
+ - name: Authorization
+ value: {{ $subchartDot.Values.global.aaf.auth.header }}
+ {{- end }}
+ initialDelaySeconds: {{ $subchartDot.Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ $subchartDot.Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ $subchartDot.Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ $subchartDot.Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ $subchartDot.Values.livenessProbe.failureThreshold }}
+{{- end -}}
--- /dev/null
+{{- define "so.helpers.profileProperty" -}}
+ {{ if .condition }}{{ .value1 }}{{ else }}{{ .value2 }}{{ end }}
+{{- end -}}
--- /dev/null
+# Copyright © 2018 AT&T USA
+# Copyright © 2020 Huawei
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ soBaseImage: onap/so/base-image:1.0
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ msbEnabled: true
+ security:
+ aaf:
+ enabled: false
+ app:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ client:
+ certs:
+ truststore: /app/client/org.onap.so.trust.jks
+ keystore: /app/client/org.onap.so.jks
+ trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
+ keyStorePassword: c280b25hcA==
+ certificates:
+ path: /etc/ssl/certs
+ share_path: /usr/local/share/ca-certificates/
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "so-onap-certs"
+ name: '{{ include "common.release" . }}-so-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certificates/msb-ca.crt
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: so
+ fqi: so@so.onap.org
+ public_fqdn: so.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+aafConfig:
+ permission_user: 1000
+ permission_group: 999
+
+aaf:
+ trustore: org.onap.so.trust.jks
+ keyFile: org.onap.so.keyfile
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+livenessProbe:
+ path: /manage/health
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+cadi:
+ logLevel: DEBUG
+ latitude: 38.4329
+ longitude: -90.43248
+ aafEnv: IST
+ aafApiVersion: 2.1
+ aafRootNs: org.onap.so
+ aafLocateUrl: https://aaf-locate.onap:8095
+ aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.apihPerm
+ noAuthn: /manage/health
version: ~6.x-0
repository: '@local'
condition: global.mariadbGalera.localCluster
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://components/soHelpers'
+ - name: so-appc-orchestrator
+ version: ~6.x-0
+ repository: 'file://components/so-appc-orchestrator'
+ condition: so-appc-orchestrator.enabled
+ - name: so-bpmn-infra
+ version: ~6.x-0
+ repository: 'file://components/so-bpmn-infra'
+ - name: so-catalog-db-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-catalog-db-adapter'
+ condition: so-catalog-db-adapter.enabled
+ - name: so-db-secrets
+ version: ~6.x-0
+ repository: 'file://components/so-db-secrets'
+ condition: so-etsi-nfvo-ns-lcm.enabled
+ - name: so-etsi-nfvo-ns-lcm
+ version: ~6.x-0
+ repository: 'file://components/so-etsi-nfvo-ns-lcm'
+ condition: so-etsi-nfvo-ns-lcm.enabled
+ - name: so-mariadb
+ version: ~6.x-0
+ repository: 'file://components/so-mariadb'
+ - name: so-monitoring
+ version: ~6.x-0
+ repository: 'file://components/so-monitoring'
+ condition: so-monitoring.enabled
+ - name: so-nssmf-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-nssmf-adapter'
+ condition: so-nssmf-adapter.enabled
+ - name: so-oof-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-oof-adapter'
+ condition: so-oof-adapter.enabled
+ - name: so-openstack-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-openstack-adapter'
+ condition: so-openstack-adapter.enabled
+ - name: so-request-db-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-request-db-adapter'
+ - name: so-sdc-controller
+ version: ~6.x-0
+ repository: 'file://components/so-sdc-controller'
+ - name: so-sdnc-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-sdnc-adapter'
+ condition: so-sdnc-adapter.enabled
+ - name: so-secrets
+ version: ~6.x-0
+ repository: 'file://components/so-secrets'
+ - name: so-ve-vnfm-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-ve-vnfm-adapter'
+ condition: so-ve-vnfm-adapter.enabled
+ - name: so-vfc-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-vfc-adapter'
+ condition: so-vfc-adapter.enabled
+ - name: so-vnfm-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-vnfm-adapter'
+ condition: so-vnfm-adapter.enabled
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
server:
port: {{ index .Values.containerPort }}
tomcat:
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
config:
path: /src/main/resources/
- cadi: {{ include "cadi.keys" . | nindent 10}}
+ cadi: {{ include "so.cadi.keys" . | nindent 10}}
infra:
default:
alacarte:
default:
testApi: GR_API
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
- camundaAuth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
+ camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
async:
core-pool-size: 50
max-pool-size: 50
queue-capacity: 500
sdc:
client:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
activate:
instanceid: test
userid: cs0008
count: 3
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
extApi:
endpoint: http://nbi.onap:8080/nbi/api/v3
username: testuser
password: VjR5NDcxSzA=
host: http://dmaap-bc.{{ include "common.namespace" . }}:8080
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
publisher:
topic: com.att.ecomp.mso.operationalEnvironmentEvent
health:
- auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
endpoints:
- subsystem: apih
uri: http://so-bpmn-infra:8081
+++ /dev/null
-{{- define "cadi.keys" -}}
-cadiLoglevel: DEBUG
-cadiKeyFile: /org.onap.so.keyfile
-cadiTrustStore: /app/org.onap.so.trust.jks
-cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }}
-cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }}
-cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }}
-aafEnv: {{ .Values.global.app.cadi.aafEnv }}
-aafApiVersion: 2.0
-aafRootNs: {{ .Values.global.app.cadi.aafRootNs }}
-aafId: {{ .Values.mso.config.cadi.aafId }}
-aafPassword: {{ .Values.mso.config.cadi.aafPassword }}
-aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }}
-aafUrl: {{ .Values.global.app.cadi.aafUrl }}
-apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }}
-{{- if (.Values.global.app.cadi.noAuthn) }}
-noAuthn: {{ .Values.mso.config.cadi.noAuthn }}
-{{- end }}
-{{- end }}
+++ /dev/null
-{{- define "so.certificate.container_importer" -}}
-- name: {{ include "common.name" . }}-certs-importer
- image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - "/bin/sh"
- args:
- - "-c"
- - "update-ca-certificates --fresh && \
- cp -r {{ .Values.global.certificates.path }}/* /certificates"
- volumeMounts:
- - name: {{ include "common.name" . }}-certificates
- mountPath: /certificates
- - name: {{ include "common.name" . }}-onap-certificates
- mountPath: {{ .Values.global.certificates.share_path }}
-{{- end -}}
-
-{{- define "so.certificate.volume-mounts" -}}
-- name: {{ include "common.name" . }}-certificates
- mountPath: {{ .Values.global.certificates.path }}
-- name: {{ include "common.name" . }}-onap-certificates
- mountPath: {{ .Values.global.certificates.share_path }}
-{{- end -}}
-
-{{- define "so.certificate.volumes" -}}
-- name: {{ include "common.name" . }}-certificates
- emptyDir:
- medium: Memory
-- name: {{ include "common.name" . }}-onap-certificates
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }}
-{{- end -}}
+++ /dev/null
-{{- define "helpers.livenessProbe" -}}
-livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- {{- if eq .Values.global.security.aaf.enabled true }}
- httpHeaders:
- - name: Authorization
- value: {{ index .Values.global.aaf.auth.header }}
- {{- end }}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
-{{- end -}}
+++ /dev/null
-{{- define "helpers.profileProperty" -}}
- {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }}
-{{- end -}}
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ initContainers:
+ {{ include "so.certificate.container_importer" . | indent 6 | trim }}
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
fieldPath: metadata.namespace
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ /app/start-app.sh
+ {{- end }}
env:
- name: DB_HOST
valueFrom:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{- if eq .Values.global.security.aaf.enabled true }}
- - name: TRUSTSTORE
- value: /app/org.onap.so.trust.jks
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: trustStorePassword
- - name: KEYSTORE
- value: /app/org.onap.so.jks
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Release.Name}}-so-client-certs-secret
- key: keyStorePassword
- {{- end }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
-{{ include "helpers.livenessProbe" .| indent 8 }}
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
# Copyright © 2018 AT&T USA
-#
+# Copyright © 2020 Huawei
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
soBaseImage: onap/so/base-image:1.0
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
- servicePort: "3306"
+ servicePort: '3306'
# mariadbRootPassword: secretpassword
# rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
siteName: onapheat
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- cadi:
- cadiLoglevel: DEBUG
- cadiKeyFile: /app/client/org.onap.so.keyfile
- cadiTrustStore: /app/client/org.onap.so.trust.jks
- cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
- cadiLatitude: 38.4329
- cadiLongitude: -90.43248
- aafEnv: IST
- aafApiVersion: 2.1
- aafRootNs: org.onap.so
- aafLocateUrl: https://aaf-locate.onap:8095
- aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
client:
certs:
passwordPolicy: required
annotations:
helm.sh/hook: pre-upgrade,pre-install
- helm.sh/hook-weight: "0"
+ helm.sh/hook-weight: '0'
helm.sh/hook-delete-policy: before-hook-creation
- uid: db-user-creds
name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
login: '{{ .Values.dbCreds.adminName }}'
password: '{{ .Values.dbCreds.adminPassword }}'
passwordPolicy: generate
- - uid: "so-onap-certs"
+ - uid: 'so-onap-certs'
name: &so-certs '{{ include "common.release" . }}-so-certs'
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
filePaths:
- - resources/config/certificates/onap-ca.crt
- resources/config/certificates/msb-ca.crt
+ - uid: "mso-key"
+ name: &mso-key '{{ include "common.release" . }}-mso-key'
+ type: password
+ password: '{{ .Values.global.app.msoKey }}'
+ - uid: mso-oof-auth
+ name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
+ type: basicAuth
+ login: '{{ .Values.mso.oof.login }}'
+ password: '{{ .Values.mso.oof.password }}'
+ passwordPolicy: required
+
+aafConfig:
+ permission_user: 1000
+ permission_group: 999
+
+aaf:
+ trustore: org.onap.so.trust.jks
#################################################################
# Application configuration defaults.
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
-containerPort: 8080
+containerPort: &containerPort 8080
logPath: ./logs/apih/
app: api-handler-infra
service:
- type: NodePort
- nodePort: 77
- internalPort: 8080
- externalPort: 8080
- portName: so-apih-port
+ type: NodePort
+ nodePort: 77
+ internalPort: *containerPort
+ externalPort: *containerPort
+ portName: so-apih-port
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-apih-cert-init
+ certInitializer:
+ nameOverride: so-apih-cert-init
+ credsPath: /opt/app/osaaf/local
+ certSecret: *so-certs
+ containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
cpu: 1000m
memory: 2Gi
unlimited: {}
-livenessProbe:
- path: /manage/health
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
nodeSelector: {}
affinity: {}
ingress:
enabled: false
service:
- - baseaddr: "so.api"
- name: "so"
+ - baseaddr: 'so.api'
+ name: 'so'
port: 8080
config:
- ssl: "none"
+ ssl: 'none'
mso:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.apihPerm
- noAuthn: /manage/health
camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
sdc:
client:
auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
aai:
auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ oof:
+ login: test
+ password: testpwd
so:
operationalEnv:
dmaap:
health:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+so-appc-orchestrator:
+ enabled: true
+ db:
+ <<: *dbSecrets
+
so-bpmn-infra:
- certSecret: *so-certs
db:
<<: *dbSecrets
- cds:
- auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
- aai:
- auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
- mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
- db:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
- password: wLg4sjrAFUS8rfVfdvTXeQ==
- po:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
- config:
- cadi:
- aafId: so@so.onap.org
- aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.bpmnPerm
- noAuthn: /manage/health
- sdnc:
- password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
- sniro:
- auth: test:testpwd
- endpoint: http://replaceme:28090/optimizationInstance/V1/create
- oof:
- auth: test:testpwd
- so:
- vnfm:
- adapter:
- auth: Basic dm5mbTpwYXNzd29yZDEk
so-catalog-db-adapter:
- certSecret: *so-certs
+ enabled: true
+ db:
+ <<: *dbSecrets
+
+so-etsi-nfvo-ns-lcm:
+ enabled: true
db:
<<: *dbSecrets
- mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.catalogDbAdapterPerm
- noAuthn: /manage/health
- adapters:
- db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
so-monitoring:
- certSecret: *so-certs
+ enabled: true
db:
<<: *dbSecrets
so-openstack-adapter:
- certSecret: *so-certs
+ enabled: true
db:
<<: *dbSecrets
- aaf:
- auth:
- encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
- org:
- onap:
- so:
- adapters:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
- valet:
- basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg==
- mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
- basicUser: poBpmn
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.openStackAdapterPerm
- noAuthn: /manage/health
- db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
so-request-db-adapter:
- certSecret: *so-certs
db:
<<: *dbSecrets
- mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.requestDbAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
so-sdc-controller:
- certSecret: *so-certs
db:
<<: *dbSecrets
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
- mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.sdcControllerPerm
- noAuthn: /manage/health
- asdc:
- config:
- key: 566B754875657232314F5548556D3665
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
- asdc-connections:
- asdc-controller1:
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
so-sdnc-adapter:
- certSecret: *so-certs
+ enabled: true
db:
<<: *dbSecrets
- org:
- onap:
- so:
- adapters:
- sdnc:
- bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
- sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
- network:
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
- mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.sdncAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
- rest:
- aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
so-ve-vnfm-adapter:
- certSecret: *so-certs
+ enabled: true
so-vfc-adapter:
- certSecret: *so-certs
+ enabled: true
db:
<<: *dbSecrets
- mso:
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.vfcAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
so-nssmf-adapter:
- certSecret: *so-certs
+ enabled: true
+ db:
+ <<: *dbSecrets
+
+so-oof-adapter:
+ enabled: true
db:
<<: *dbSecrets
- aaf:
- auth:
- username: so@so.onap.org
- password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.nssmfAdapterPerm
- noAuthn: /manage/health
- adapters:
- requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ msoKeySecret: *mso-key
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ oof:
+ authSecret: *mso-oof-auth
so-vnfm-adapter:
- certSecret: *so-certs
- aaf:
- auth:
- username: so@so.onap.org
- password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
- aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
- sdc:
- username: mso
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
- key: 566B754875657232314F5548556D3665
- mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.vnfmAdapterPerm
- noAuthn: /manage/health
+ enabled: true
so-mariadb:
db:
backupCredsExternalSecret: *dbBackupCredsSecretName
userCredsExternalSecret: *dbUserCredsSecretName
adminCredsExternalSecret: *dbAdminCredsSecretName
-so-appc-orchestrator:
- certSecret: *so-certs
- db:
- <<: *dbSecrets
- mso:
- basicUser: poBpmn
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
- config:
- cadi:
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.openStackAdapterPerm
- noAuthn: /manage/health
- appc:
- client:
- topic:
- read:
- name: APPC-LCM-WRITE
- timeout: 360000
- write: APPC-LCM-READ
- sdnc:
- read: SDNC-LCM-WRITE
- write: SDNC-LCM-READ
- response:
- timeout: 3600000
- key: VIlbtVl6YLhNUrtU
- secret: 64AG2hF4pYeG2pq7CT6XwUOT
- service: ueb
- auth:
- rest:
- aaf: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
- aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/huawei:1.3.6
+image: onap/vfc/nfvo/svnfm/huawei:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
Code Review / oom.git / commitdiff