Merge "[DMAAP] remove field undefined in in statefulset specification"

author Sylvain Desbureaux <sylvain.desbureaux@orange.com>

Wed, 7 Oct 2020 06:46:15 +0000 (06:46 +0000)

committer Gerrit Code Review <gerrit@onap.org>

Wed, 7 Oct 2020 06:46:15 +0000 (06:46 +0000)
author Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Wed, 7 Oct 2020 06:46:15 +0000 (06:46 +0000)
committer Gerrit Code Review <gerrit@onap.org>
Wed, 7 Oct 2020 06:46:15 +0000 (06:46 +0000)
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml

index 827a51d..ac26f9b 100644 (file)
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -30,7 +30,7 @@ secrets:
      passwordPolicy: required
  
  repository: nexus3.onap.org:10001
-image: onap/ccsdk-oran-a1policymanagementservice:1.0.0
+image: onap/ccsdk-oran-a1policymanagementservice:1.1.0
  pullPolicy: IfNotPresent
  replicaCount: 1
  
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml

index bf1179d..84d69ed 100644 (file)
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
+++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
@@ -28,7 +28,7 @@ spec:
    selector:
      matchLabels:
        app: {{ include "common.name" . }}
-  serviceName:
+  serviceName: {{ include "common.servicename" . }}
    template:
      metadata:
        labels:
diff --git a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml

index 45bf399..b50fe77 100644 (file)
--- a/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml
+++ b/kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml
@@ -28,7 +28,7 @@ spec:
    selector:
      matchLabels:
        app: {{ include "common.name" . }}
-  serviceName:
+  serviceName: {{ include "common.servicename" . }}
    template:
      metadata:
        labels:
diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml

index b3745e1..3650990 100644 (file)
--- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
@@ -25,7 +25,6 @@ metadata:
      release: {{ include "common.release" . }}
      heritage: {{ .Release.Service }}
  spec:
-  replicas: {{ .Values.replicaCount }}
    template:
      metadata:
        labels:
diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml

index dccf57c..148d10d 100644 (file)
--- a/kubernetes/aaf/components/aaf-sms/values.yaml
+++ b/kubernetes/aaf/components/aaf-sms/values.yaml
@@ -104,6 +104,11 @@ service:
    internalPort: 10443
    externalPort: 10443
  
+#define value for aaf-sms-quorumclient subchart
+aaf-sms-quorumclient:
+  service:
+    name: aaf-sms
+
  persistence:
    enabled: true
    volumeReclaimPolicy: Retain
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml

similarity index 99%

rename from kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml

rename to kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml

index 53ea995..2715120 100644 (file)
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml
@@ -17,7 +17,7 @@
  {{- if and .Values.global.tpm.enabled .Values.global.abrmd.enabled -}}
  
  apiVersion: apps/v1
-kind: StatefulSet
+kind: Deployment
  metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
  spec:
    selector: {{- include "common.selectors" . | nindent 4 }}
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml

index 23fe79d..90d1899 100644 (file)
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml
@@ -48,17 +48,16 @@ spec:
          - name: {{ include "common.fullname" . }}-tpmconfig
            mountPath: "/abrmd/cred/"
            readOnly: true
-        resources: {{ toYaml .Values.resources | nindent 10 }}
+        resources: {{ include "common.resources" . | nindent 10 }}
        {{- if .Values.nodeSelector }}
        nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
-        {{- end -}}
          {{- if .Values.global.tpm.enabled }}
          {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
          {{- end -}}
+      {{- end -}}
          {{- if .Values.affinity }}
        affinity: {{ toYaml .Values.affinity | nindent 8 }}
          {{- end }}
-      resources: {{ include "common.resources" . | nindent 10 }}
        volumes:
        - name: {{ include "common.fullname" . }}-data
          persistentVolumeClaim:
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml

index c6041d1..c40c6b0 100644 (file)
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml
@@ -20,7 +20,6 @@ apiVersion: batch/v1
  kind: Job
  metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
  spec:
-  replicas: {{ .Values.replicaCount }}
    serviceName:
    template:
      metadata: {{- include "common.templateMetadata" . | nindent 6 }}
diff --git a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml

index 1643c15..021276b 100644 (file)
--- a/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml
@@ -20,7 +20,6 @@ apiVersion: batch/v1
  kind: Job
  metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
  spec:
-  replicas: {{ .Values.replicaCount }}
    template:
      metadata: {{- include "common.templateMetadata" . | nindent 6 }}
      spec:
diff --git a/kubernetes/aai b/kubernetes/aai

index 9449707..628ecd0 160000 (submodule)
--- a/kubernetes/aai
+++ b/kubernetes/aai
@@ -1 +1 @@
-Subproject commit 944970742185cccb73110875d1b4ad9f7305337f
+Subproject commit 628ecd0d519acc6b4717d05aa12fd4f7b7dfc55f
diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile

index 8af301d..248fb05 100644 (file)
--- a/kubernetes/clamp/Makefile
+++ b/kubernetes/clamp/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES := dist resources templates charts docker
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties

index b2cee39..5bea37a 100644 (file)
--- a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
+++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties
@@ -43,7 +43,7 @@ server.ssl.trust-store-password=${cadi_truststore_password}
  spring.datasource.username=${MYSQL_USER}
  spring.datasource.password=${MYSQL_PASSWORD}
  spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
-spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements
  
  #The log folder that will be used in logback.xml file
  clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json
@@ -66,4 +66,4 @@ clamp.config.dcae.deployment.userName=none
  clamp.config.dcae.deployment.password=none
  
  #AAF related parameters
-clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
-\ No newline at end of file
+clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml

index a6d5ca0..97eebeb 100644 (file)
--- a/kubernetes/clamp/components/clamp-backend/values.yaml
+++ b/kubernetes/clamp/components/clamp-backend/values.yaml
@@ -66,7 +66,7 @@ flavor: small
  
  # application image
  repository: nexus3.onap.org:10001
-image: onap/clamp-backend:5.1.0
+image: onap/clamp-backend:5.1.2
  pullPolicy: Always
  
  # flag to enable debugging - application support required
diff --git a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml

index caff1e5..317d5b5 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
    - name: common
      version: ~6.x-0
      repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml

index 1eb20fc..9e04d5a 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
+++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml
@@ -106,14 +106,24 @@ transport.tcp.port: {{.Values.service.externalPort2}}
  
  ######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
  # WARNING: revise all the lines below before you go into production
+{{- if .Values.global.aafEnabled }}
+opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }}
+opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }}
+opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }}
+{{- else }}
  opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
  opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
  opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
  opendistro_security.ssl.http.pemcert_filepath: esnode.pem
  opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
  opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+{{- end }}
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+
  opendistro_security.allow_unsafe_democertificates: true
  opendistro_security.allow_default_init_securityindex: true
  opendistro_security.authcz.admin_dn:
diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml

index 0ec38b0..0e37df7 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml
@@ -59,10 +59,22 @@ spec:
            mountPath: /usr/share/elasticsearch/logs/
          - name: {{ include "common.fullname" . }}-data
            mountPath: /usr/share/elasticsearch/data/
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
        containers:
          - name: {{ include "common.name" . }}
            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{- if .Values.global.aafEnabled }}
+          command:
+          - sh
+          args:
+          - -c
+          - |
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }}
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }}
+            cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }}
+            /usr/local/bin/docker-entrypoint.sh
+          {{- end }}
            ports:
            - containerPort: {{ .Values.service.internalPort }}
              name: {{ include "common.servicename" . }}
@@ -85,7 +97,7 @@ spec:
              periodSeconds: {{ .Values.readiness.periodSeconds }}
              timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
            env:
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
            - mountPath: /etc/localtime
              name: localtime
              readOnly: true
@@ -104,7 +116,7 @@ spec:
          affinity:
  {{ toYaml .Values.affinity | indent 10 }}
          {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
          - name: localtime
            hostPath:
              path: /etc/localtime
diff --git a/kubernetes/clamp/components/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml

index 27158a6..04580a0 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-es/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-es/values.yaml
@@ -20,6 +20,44 @@ global:
    nodePortPrefix: 302
    repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
    persistence: {}
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-es-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
+
  flavor: small
  
  #################################################################
@@ -32,7 +70,7 @@ busyboxImage: library/busybox:latest
  
  # application image
  repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:5.0.3
+image: onap/clamp-dashboard-elasticsearch:5.0.4
  pullPolicy: Always
  
  # flag to enable debugging - application support required
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml

index caff1e5..317d5b5 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
    - name: common
      version: ~6.x-0
      repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml

index db81e3d..acfb4cc 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml
@@ -18,9 +18,13 @@ server.host: "0"
  server.port: {{.Values.service.externalPort}}
  
  server.ssl.enabled: {{.Values.config.sslEnabled}}
+{{- if .Values.global.aafEnabled }}
+server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }}
+server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }}
+{{ else }}
  server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
  server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-
+{{- end }}
  # The URL of the Elasticsearch instance to use for all your queries.
  elasticsearch.hosts: ${elasticsearch_base_url}
  
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml

index 0e5f65c..d9a3035 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml
@@ -49,6 +49,7 @@ spec:
          image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
        containers:
          - name: {{ include "common.name" . }}
            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -73,7 +74,7 @@ spec:
            env:
            - name: elasticsearch_base_url
              value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
            - mountPath: /etc/localtime
              name: localtime
              readOnly: true
@@ -90,7 +91,7 @@ spec:
          affinity:
  {{ toYaml .Values.affinity | indent 10 }}
          {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
          - name: localtime
            hostPath:
              path: /etc/localtime
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml

index 0cd8cfb..e5d7174 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung, Orange
+{{/* # Copyright © 2020 Samsung, Orange
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -11,5 +11,6 @@
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
+*/}}
  
  {{ include "common.ingress" . }}
diff --git a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml

index 11f2957..37dae0f 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml
@@ -21,6 +21,44 @@ global:
    repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
    readinessImage: onap/oom/readiness:3.0.1
    persistence: {}
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-kibana-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
+
  flavor: small
  
  #################################################################
@@ -33,7 +71,7 @@ busyboxImage: library/busybox:latest
  
  # application image
  repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:5.0.3
+image: onap/clamp-dashboard-kibana:5.0.4
  pullPolicy: Always
  
  # flag to enable debugging - application support required
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml

index caff1e5..317d5b5 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml
@@ -17,3 +17,6 @@ dependencies:
    - name: common
      version: ~6.x-0
      repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
+\ No newline at end of file
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf

index c005fcc..87c8f06 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
+++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf
@@ -46,7 +46,11 @@ input {
          request_timeout => 30
          schedule => { "every" => "1m" }
          codec => "plain"
+{{- if .Values.global.aafEnabled }}
+        cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
          cacert => "/certs.d/aafca.pem"
+{{- end }}
      }
  }
  
@@ -217,8 +221,13 @@ output {
  
      if "error" in [tags] {
          elasticsearch {
+            ilm_enabled => false
              codec => "json"
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
              cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
              ssl_certificate_verification => false
              hosts => ["${elasticsearch_base_url}"]
              user => ["${logstash_user}"]
@@ -229,9 +238,14 @@ output {
  
      } else if "event-cl-aggs" in [tags] {
          elasticsearch {
+            ilm_enabled => false
              codec => "json"
              hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
              cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
              ssl_certificate_verification => false
              user => ["${logstash_user}"]
              password => ["${logstash_pwd}"]
@@ -243,9 +257,14 @@ output {
  
      } else {
          elasticsearch {
+            ilm_enabled => false
              codec => "json"
              hosts => ["${elasticsearch_base_url}"]
+{{- if .Values.global.aafEnabled }}
+            cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}"
+{{- else }}
              cacert => "/clamp-cert/ca-certs.pem"
+{{- end }}
              ssl_certificate_verification => false
              user => ["${logstash_user}"]
              password => ["${logstash_pwd}"]
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml

index acd108d..887f722 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml
@@ -49,6 +49,7 @@ spec:
          image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
        containers:
          - name: {{ include "common.name" . }}
            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -91,7 +92,7 @@ spec:
              periodSeconds: {{ .Values.liveness.periodSeconds }}
              timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
            {{ end -}}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
            - mountPath: /etc/localtime
              name: localtime
              readOnly: true
@@ -111,7 +112,7 @@ spec:
          affinity:
  {{ toYaml .Values.affinity | indent 10 }}
          {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
          - name: localtime
            hostPath:
              path: /etc/localtime
diff --git a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml

index c2a522b..2b3c9f1 100644 (file)
--- a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
+++ b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml
@@ -21,6 +21,44 @@ global:
    repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
    readinessImage: onap/oom/readiness:3.0.1
    persistence: {}
+  centralizedLoggingEnabled: true
+  #AAF service
+  aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  keystoreFile: "org.onap.clamp.p12"
+  truststoreFile: "org.onap.clamp.trust.jks"
+  keyFile: "org.onap.clamp.keyfile"
+  truststoreFileONAP: "truststoreONAPall.jks"
+  clamp_key: "org.onap.clamp.crt.key"
+  clamp_pem: "org.onap.clamp.key.pem"
+  clamp_ca_certs_pem: "clamp-ca-certs.pem"
+  nameOverride: clamp-logstash-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: clamp
+  fqi: clamp@clamp.onap.org
+  public_fqdn: clamp.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop;
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+    cd {{ .Values.credsPath }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+    openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+    chmod a+rx *;
+
  flavor: small
  
  #################################################################
@@ -29,7 +67,7 @@ flavor: small
  
  # application image
  repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:5.0.3
+image: onap/clamp-dashboard-logstash:5.0.4
  pullPolicy: Always
  
  # flag to enable debugging - application support required
diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml

index d180fbf..7a76099 100644 (file)
--- a/kubernetes/clamp/values.yaml
+++ b/kubernetes/clamp/values.yaml
@@ -93,7 +93,7 @@ flavor: small
  
  # application image
  repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:5.1.0
+image: onap/clamp-frontend:5.1.2
  pullPolicy: Always
  
  # flag to enable debugging - application support required
diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile

index eb782b4..0e923b7 100644 (file)
--- a/kubernetes/common/Makefile
+++ b/kubernetes/common/Makefile
@@ -22,7 +22,7 @@ COMMON_CHARTS_DIR := common
  EXCLUDES :=
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
  
-HELM_VER != helm version --template "{{.Version}}"
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml

index 1a18835..f6feee6 100644 (file)
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -14,7 +14,8 @@
  global:
    platform:
      certServiceClient:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+      secretName: oom-cert-service-client-tls-secret
        envVariables:
          # Certificate related
          cmpv2Organization: "Linux-Foundation"
@@ -27,3 +28,6 @@ global:
          requestTimeout: "30000"
          keystorePassword: "secret"
          truststorePassword: "secret"
+    certPostProcessor:
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0
+
diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml

index 5624bee..a9e3d78 100644 (file)
--- a/kubernetes/common/elasticsearch/components/data/values.yaml
+++ b/kubernetes/common/elasticsearch/components/data/values.yaml
@@ -46,7 +46,7 @@ service:
    - name: http-transport
      port: 9300
  
-image: bitnami/elasticsearch:6.8.6-debian-9-r23
+image: bitnami/elasticsearch:7.6.1
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml

index 22c4987..2330233 100644 (file)
--- a/kubernetes/common/elasticsearch/components/master/values.yaml
+++ b/kubernetes/common/elasticsearch/components/master/values.yaml
@@ -43,7 +43,7 @@ replicaCount: 3
  ## master acts as master only node, choose 'no' if no further data nodes are deployed)
  dedicatednode: "yes"
  ## dedicatednode: "no"
-image: bitnami/elasticsearch:6.8.6-debian-9-r23
+image: bitnami/elasticsearch:7.6.1
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml

index e6e532d..31edcab 100644 (file)
--- a/kubernetes/common/elasticsearch/values.yaml
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -40,7 +40,7 @@ sysctlImage:
    enabled: true
  
  # application image
-image: bitnami/elasticsearch:6.8.6-debian-9-r23
+image: bitnami/elasticsearch:7.6.1
  ## Specify a imagePullPolicy
  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json

index 3979dd2..d041319 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
@@ -49,8 +49,12 @@
        "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}",
        "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
        "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}",
+      "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}",
        "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
        "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
+    },
+  "truststore_merger":
+    {
+      "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
      }
  }
-
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml

index a0cbbbd..f571aff 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
@@ -1,6 +1,7 @@
  #============LICENSE_START========================================================
  #=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia. All rights reserved.
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -19,4 +20,9 @@
  tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }}
  {{ end }}
  use_tls: true
-security_ssl_disable: false
-\ No newline at end of file
+security_ssl_disable: false
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-hv-ves-collector"
+external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves"
+external_cert_cert_type: "JKS"
+external_cert_use_external_tls: false
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml

index 5074cb8..02e4dd6 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml
@@ -19,4 +19,4 @@
  tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }}
  {{ end }}
  tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
-tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/"
+tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.DCAE_CL_OUTPUT/"
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml

index 5a2a595..4ff23b7 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
@@ -30,4 +30,13 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/
  ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
  ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
  ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/"
+ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/"
+ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/"
+ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
  user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
+external_cert_ca_name: "RA"
+external_cert_common_name: "dcae-ves-collector"
+external_cert_sans: "dcae-ves-collector:ves-collector:ves"
+external_cert_cert_type: "JKS"
+external_cert_use_external_tls: false
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml

index dda75dd..0cbe71a 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml
@@ -31,3 +31,7 @@ ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/
  ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
  ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
  ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+ves_3gpp_fault_supervision_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT/"
+ves_3gpp_provisioning_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT/"
+ves_3gpp_hearbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT/"
+ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT/"
+\ No newline at end of file
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml

index afacc26..4d10bcc 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
@@ -1,6 +1,6 @@
  #============LICENSE_START========================================================
  # ================================================================================
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
  # Modifications Copyright © 2018 Amdocs, Bell Canada
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -128,10 +128,7 @@ spec:
              - name: CMADDR
                value: {{ .Values.config.address.cm.host }}
              - name: CMPASS
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "common.name" . }}-cmpass
-                  key: password
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14}}
              - name: CMPROTO
                value: {{ .Values.config.address.cm.proto }}
              - name: CMPORT
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml

index 44395e4..6489659 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml
@@ -1,6 +1,6 @@
  #============LICENSE_START========================================================
  # ================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
  # Modifications Copyright © 2018 Amdocs, Bell Canada
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,18 +16,4 @@
  # limitations under the License.
  # ============LICENSE_END=========================================================
  
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.name" . }}-cmpass
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-  password: YWRtaW4=
----
  {{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml

index 367014d..f35a686 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -36,6 +36,10 @@ secrets:
      externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
      password: '{{ .Values.postgres.config.pgRootpassword }}'
      policy: generate
+  - uid: 'cm-pass'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.cloudifyManagerPassword }}'
  
  config:
    logstashServiceName: log-ls
@@ -104,7 +108,7 @@ mongo:
  
  # application image
  repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.6
  default_k8s_location: central
  
  # DCAE component images to be deployed via Cloudify Manager
@@ -113,10 +117,10 @@ componentImages:
    holmes_rules: onap/holmes/rule-management:1.2.7
    holmes_engine: onap/holmes/engine-management:1.2.6
    tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0
-  ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3
+  ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.6
    snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
-  prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
-  hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
+  prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
+  hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
  
  # Resource Limit flavor -By Default using small
  flavor: small
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml

index 539d202..428c781 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
@@ -1,7 +1,8 @@
  #============LICENSE_START========================================================
  # ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
  # Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2020 J. F. Lucas.  All rights reserved.
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -68,7 +69,6 @@ spec:
            - {{ include "common.namespace" . }}
            - --configmap
            - {{ .Values.multisiteConfigMapName }}
-        restartPolicy: Never
        - name: init-tls
          env:
            - name: POD_IP
@@ -116,6 +116,7 @@ spec:
                port: {{ .Values.service.internalPort }}
              initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
              periodSeconds: {{ .Values.liveness.periodSeconds }}
+            timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
            {{ end }}
            readinessProbe:
              exec:
@@ -123,6 +124,7 @@ spec:
                - /scripts/readiness-check.sh
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
+            timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
            volumeMounts:
            - mountPath: /opt/onap/config.txt
              subPath: config.txt
@@ -144,6 +146,9 @@ spec:
              name: cm-persistent
            - mountPath: /opt/onap/certs
              name: tls-info
+          - mountPath: /opt/onap/cm-secrets
+            name: cm-secrets
+            readOnly: true
            securityContext:
              privileged: True
        volumes:
@@ -171,5 +176,8 @@ spec:
          {{- end }}
          - emptyDir: {}
            name: tls-info
+        - name: cm-secrets
+          secret:
+            secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "cm-pass") }}
        imagePullSecrets:
        - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml

index 57cbe89..960ec78 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml
@@ -1,3 +1,4 @@
+{{/*
  #============LICENSE_START========================================================
  # ================================================================================
  # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
@@ -15,7 +16,7 @@
  # See the License for the specific language governing permissions and
  # limitations under the License.
  # ============LICENSE_END=========================================================
-
+*/}}
  {{ if .Values.dcae_ns}}
  # Create the namespace
  apiVersion: v1
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml

index dee9200..876b971 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml
@@ -41,3 +41,5 @@ metadata:
    annotations:
      kubernetes.io/service-account.name: default
  type: kubernetes.io/service-account-token
+---
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml

index a727b1a..0de6f03 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -1,7 +1,8 @@
  #============LICENSE_START========================================================
  # ================================================================================
-# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
  # Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2020 J. F. Lucas.  All rights reserved.
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -31,7 +32,15 @@ global:
      user: docker
      password: docker
  
+secrets:
+  - uid: 'cm-pass'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.cloudifyManagerPassword }}'
+    policy: required
+
  config:
+  cloudifyManagerPassword: "override me"
    logstashServiceName: log-ls
    logstashPort: 5044
    # Addresses of other ONAP entities
@@ -45,7 +54,7 @@ config:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.3
  pullPolicy: Always
  
  # name of shared ConfigMap with kubeconfig for multiple clusters
@@ -61,6 +70,7 @@ cleanupImage: onap/org.onap.dcaegen2.deployments.dcae-k8s-cleanup-container:1.0.
  liveness:
    initialDelaySeconds: 10
    periodSeconds: 10
+  timeoutSeconds: 5
    # necessary to disable liveness probe when setting breakpoints
    # in debugger so K8s doesn't restart unresponsive container
    # liveness not desirable for Cloudify Manager container
@@ -68,7 +78,13 @@ liveness:
  
  readiness:
    initialDelaySeconds: 60
-  periodSeconds: 10
+  # In some environments we see CM coming up
+  # properly but readiness probe timing out.
+  # Increasing the timeout and adjusting the
+  # period so it's longer than the timeout.
+  # (DCAEGEN2-2465)
+  periodSeconds: 30
+  timeoutSeconds: 10
  
  service:
    type: ClusterIP
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml

index 299e3ef..e0e45c4 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
@@ -89,7 +89,7 @@ spec:
                port: {{ .Values.service.secure.internalPort }}
              initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
              periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end -}}
+          {{ end }}
            readinessProbe:
              httpGet:
                scheme: "HTTPS"
@@ -139,7 +139,7 @@ spec:
                port: {{ .Values.service.insecure.internalPort }}
              initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
              periodSeconds: {{ .Values.liveness.periodSeconds }}
-          {{ end -}}
+          {{ end }}
            readinessProbe:
              httpGet:
                scheme: "HTTP"
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml

index 0d30828..a7be74a 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
@@ -44,7 +44,7 @@ config:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.configbinding:2.5.2
+image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3
  pullPolicy: Always
  
  # probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml

index e46901b..404927c 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
@@ -1,6 +1,6 @@
  #============LICENSE_START========================================================
  # ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -105,7 +105,7 @@ spec:
              successThreshold: 1
              timeoutSeconds: 1
            volumeMounts:
-            - mountPath: /usr/local/share/ca-certificates/
+            - mountPath: /opt/app/osaaf/
                name: tls-info
              - mountPath: /opt/logs/dcae/dashboard
                name: component-log
@@ -119,7 +119,7 @@ spec:
              - name: postgres_port
                value: "{{ .Values.postgres.config.pgPort }}"
              - name: cloudify_password
-              value: admin
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
              - name: dhandler_url
                value: {{ .Values.config.dhandler_url }}
              - name: cfy_url
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml

index b143034..34932b7 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml
@@ -1,16 +1,17 @@
  {{/*
  # Copyright © 2020 Samsung Electronics
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# #       http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
  */}}
+
  {{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml

index 884a753..a86a1ee 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -34,8 +34,14 @@ secrets:
      login: '{{ .Values.postgres.config.pgUserName }}'
      password: '{{ .Values.postgres.config.pgUserPassword }}'
      passwordPolicy: generate
+  - uid: 'cm-pass'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.cloudifyManagerPassword }}'
+    policy: required
  
  config:
+  cloudifyManagerPassword: "override me"
    logstashServiceName: log-ls
    logstashPort: 5044
    dhandler_url: https://deployment-handler:8443
@@ -52,7 +58,7 @@ config:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.4.0
  pullPolicy: Always
  
  # probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml

index 1a28bc4..88ec5cb 100755 (executable)
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
@@ -1,6 +1,6 @@
  #============LICENSE_START========================================================
  # ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
  # Modifications Copyright © 2020 Nokia
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -124,7 +124,7 @@ spec:
              - name: CLOUDIFY_USER
                value: admin
              - name: CLOUDIFY_PASSWORD
-              value: admin
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
              - name: CONFIG_BINDING_SERVICE
                value: config-binding-service
              - name: NODE_EXTRA_CA_CERTS
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml

new file mode 100644 (file)

index 0000000..34932b7
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml

index fd70549..7e340db 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
@@ -31,7 +31,15 @@ global:
      user: docker
      password: docker
  
+secrets:
+  - uid: 'cm-pass'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.cloudifyManagerPassword }}'
+    policy: required
+
  config:
+  cloudifyManagerPassword: "override me"
    logstashServiceName: log-ls
    logstashPort: 5044
    # Addresses of other ONAP entities
@@ -45,7 +53,7 @@ config:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0
+image: onap/org.onap.dcaegen2.platform.deployment-handler:4.4.1
  pullPolicy: Always
  
  # probe configuration parameters
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml

index ee2c03e..3fec537 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
@@ -53,7 +53,7 @@ config:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1
+image: onap/org.onap.dcaegen2.platform.inventory-api:3.5.1
  
  pullPolicy: Always
  
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml

index a29e334..61084fa 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
@@ -1,6 +1,6 @@
  #============LICENSE_START========================================================
  # ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
  # ================================================================================
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -117,7 +117,7 @@ spec:
              - name: CLOUDIFY_USER
                value: admin
              - name: CLOUDIFY_PASSWORD
-              value: admin
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cm-pass" "key" "password") | indent 14 }}
              - name: CONFIG_BINDING_SERVICE
                value: config-binding-service
              - name: POD_IP
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml

new file mode 100644 (file)

index 0000000..34932b7
--- /dev/null
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml

index 2d09308..4a587d8 100644 (file)
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
@@ -31,7 +31,15 @@ global:
      user: docker
      password: docker
  
+secrets:
+  - uid: 'cm-pass'
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+    password: '{{ .Values.config.cloudifyManagerPassword }}'
+    policy: required
+
  config:
+  cloudifyManagerPassword: "override me"
    logstashServiceName: log-ls
    logstashPort: 5044
    # Addresses of other ONAP entities
diff --git a/kubernetes/dcaegen2/templates/secrets.yaml b/kubernetes/dcaegen2/templates/secrets.yaml

new file mode 100644 (file)

index 0000000..34932b7
--- /dev/null
+++ b/kubernetes/dcaegen2/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml

index 939bd11..1918a8f 100644 (file)
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml
@@ -1,5 +1,6 @@
  # Copyright © 2018 Amdocs, Bell Canada
  # Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2020 Samsung Electronics
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -25,22 +26,47 @@ global:
    busyboxRepository: docker.io
    busyboxImage: library/busybox:1.30
  
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+- name: &cmPassSecretName '{{ include "common.release" . }}-dcaegen2-cm-pass'
+  type: password
+  externalSecret: '{{ tpl (default "" .Values.config.cloudifyManagerPasswordExternalSecret) . }}'
+  password: '{{ .Values.config.cloudifyManagerPassword }}'
+
+config: {}
+
+# To work around DCAEGEN2-2450, set password strength to "basic"
+# to ensure password contains only alphanumerics
+passwordStrengthOverride: basic
+
  # Enable all DCAE components by default
  dcae-bootstrap:
    enabled: true
+  config:
+    cloudifyManagerPasswordExternalSecret: *cmPassSecretName
  dcae-cloudify-manager:
    enabled: true
+  config:
+    cloudifyManagerPasswordExternalSecret: *cmPassSecretName
  dcae-config-binding-service:
    enabled: true
  dcae-dashboard:
    enabled: true
+  config:
+    cloudifyManagerPasswordExternalSecret: *cmPassSecretName
  dcae-deployment-handler:
    enabled: true
+  config:
+    cloudifyManagerPasswordExternalSecret: *cmPassSecretName
  dcae-healthcheck:
    enabled: true
  dcae-inventory-api:
    enabled: true
  dcae-policy-handler:
    enabled: true
+  config:
+    cloudifyManagerPasswordExternalSecret: *cmPassSecretName
  dcae-servicechange-handler:
    enabled: true
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml

index f373888..c717ca3 100644 (file)
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
@@ -35,7 +35,7 @@ config:
  
  # application image
  repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.1
+image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.0
  
  service:
    type: ClusterIP
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml

index a83770e..161b362 100644 (file)
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
@@ -92,7 +92,7 @@ postgres:
  
  # application image
  repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.2
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.3
  
  # Resource Limit flavor -By Default using small
  flavor: small
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml

index e2251e0..aa3e245 100644 (file)
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -71,7 +71,7 @@ readiness:
  
  # application image
  repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.1.0
  
  # Resource Limit flavor -By Default using small
  flavor: small
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml

index 2b4b722..1e08954 100644 (file)
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -24,7 +24,7 @@ global:
  # Application configuration defaults.
  #################################################################
  # application image
-image: onap/dmaap/datarouter-node:2.1.6
+image: onap/dmaap/datarouter-node:2.1.7
  pullPolicy: Always
  
  # flag to enable debugging - application support required
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml

index c4ca4ed..d33cb29 100644 (file)
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
@@ -15,7 +15,7 @@
  apiVersion: v1
  kind: Service
  metadata:
-  name: {{ .Values.global.dmaapDrProvName }}
+  name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }}
    namespace: {{ include "common.namespace" . }}
    labels:
      app: {{ include "common.name" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml

index 1cf2e58..3d4febc 100644 (file)
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -35,7 +35,7 @@ secrets:
  # Application configuration defaults.
  #################################################################
  # application image
-image: onap/dmaap/datarouter-prov:2.1.6
+image: onap/dmaap/datarouter-prov:2.1.7
  pullPolicy: Always
  
  # flag to enable debugging - application support required
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml

index bd7efa3..ad9e531 100644 (file)
--- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
@@ -135,7 +135,7 @@ spec:
            periodSeconds: {{ .Values.readiness.periodSeconds }}
            timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
          resources:
-{{ toYaml .Values.resources | indent 10 }}
+{{ include "common.resources" . | indent 10 }}
          env:
          - name : KAFKA_HEAP_OPTS
            value: "{{ .Values.zkConfig.heapOptions }}"
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml

index 7fdc969..7d89fef 100644 (file)
--- a/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml
@@ -19,3 +19,11 @@ dependencies:
    - name: mariadb-galera
      version: ~6.x-0
      repository: '@local'
+    condition: global.mariadbGalera.localCluster
+  - name: mariadb-init
+    version: ~6.x-0
+    repository: '@local'
+    condition: not global.mariadbGalera.localCluster
+  - name: readinessCheck
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml

index 91fa483..014013a 100644 (file)
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml
@@ -39,8 +39,8 @@ spec:
        - command:
          - /app/ready.py
          args:
-        - --container-name
-        - modeling-mariadb
+        - -j
+        - "{{ include "common.release" . }}-{{ include "common.name" . }}-config-job"
          env:
          - name: NAMESPACE
            valueFrom:
@@ -49,7 +49,8 @@ spec:
                fieldPath: metadata.namespace
          image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+        name: {{ include "common.name" . }}-job-readiness
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for.msb ) | indent 6 | trim }}
        - command:
          - /bin/sh
          - -c
@@ -62,11 +63,6 @@ spec:
            mountPath: /service/modeling/etsicatalog/static
        containers:
          - name: {{ include "common.name" . }}
-          command:
-            - bash
-          args:
-            - -c
-            - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
            ports:
@@ -87,15 +83,19 @@ spec:
              periodSeconds: {{ .Values.readiness.periodSeconds }}
            env:
            - name: MSB_PROTO
-            value: "{{ .Values.global.config.msbProtocol }}"
+            value: "{{ .Values.config.msbProtocol }}"
            - name: SSL_ENABLED
-            value: "{{ .Values.global.config.ssl_enabled }}"
+            value: "{{ .Values.config.ssl_enabled }}"
            - name: MSB_ADDR
-            value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
-          - name: MYSQL_ADDR
-            value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
-          - name: MYSQL_ROOT_PASSWORD
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
+            value: "{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}"
+          - name: DB_IP
+            value: "{{ include "common.mariadbService" . }}"
+          - name: DB_PORT
+            value: "{{ include "common.mariadbPort" . }}"
+          - name: DB_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "login") | indent 12 }}
+          - name: DB_PASSWD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-db-secret" "key" "password") | indent 12 }}
            volumeMounts:
            - name: {{ include "common.fullname" . }}-etsicatalog
              mountPath: /service/modeling/etsicatalog/static
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml

index b0cc27b..8bfebf1 100644 (file)
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml
@@ -1,4 +1,4 @@
-# Copyright (c) 2020 Samsung Electronics
+{{/*# Copyright (c) 2020 Samsung Electronics
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -11,5 +11,6 @@
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
+*/}}
  
  {{ include "common.secretFast" . }}
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml

index 61aefa5..4dbace3 100644 (file)
--- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml
@@ -30,7 +30,7 @@ metadata:
            "url": "/api/parser/v1",
            "protocol": "REST",
            "port": "{{.Values.service.externalPort}}",
-          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+          "enable_ssl": {{ .Values.config.ssl_enabled }},
            "visualRange":"1"
        },
        {
@@ -39,7 +39,7 @@ metadata:
            "url": "/api/catalog/v1",
            "protocol": "REST",
            "port": "{{.Values.service.externalPort}}",
-          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+          "enable_ssl": {{ .Values.config.ssl_enabled }},
            "visualRange":"1"
        },
           {
@@ -48,7 +48,7 @@ metadata:
            "url": "/api/nsd/v1",
            "protocol": "REST",
            "port": "{{.Values.service.externalPort}}",
-          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+          "enable_ssl": {{ .Values.config.ssl_enabled }},
            "visualRange":"1"
        },
           {
@@ -57,7 +57,7 @@ metadata:
            "url": "/api/vnfpkgm/v1",
            "protocol": "REST",
            "port": "{{.Values.service.externalPort}}",
-          "enable_ssl": {{ .Values.global.config.ssl_enabled }},
+          "enable_ssl": {{ .Values.config.ssl_enabled }},
            "visualRange":"1"
        }
        ]'
diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml

index d4719da..5926584 100644 (file)
--- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml
@@ -21,29 +21,43 @@ global:
    loggingRepository: docker.elastic.co
    loggingImage: beats/filebeat:5.5.0
  
-  config:
-    ssl_enabled: false
-    msbProtocol: https
-    msbServiceName: msb-iag
-    msbPort: 443
-
    persistence:
      mountPath: /dockerdata-nfs
  
+  mariadbGalera:
+    #This flag allows Modeling to instantiate its own mariadb-galera cluster
+    localCluster: false
+    service: mariadb-galera
+    internalPort: 3306
+    nameOverride: mariadb-galera
+
+readinessCheck:
+  wait_for:
+    msb:
+      name: msb
+      containers:
+          - msb-iag
+
  #################################################################
  # Secrets metaconfig
  #################################################################
  secrets:
-  - uid: "db-root-pass"
-    externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
-    type: password
+  - uid: modeling-db-secret
+    name: &dbSecretName '{{ include "common.release" . }}-modeling-db-secret'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+    login: '{{ .Values.config.db.userName }}'
+    password: '{{ .Values.config.db.userPassword }}'
  
  #################################################################
  # Dependencies configuration
  #################################################################
  
  mariadb-galera:
-  nameOverride: modeling-mariadb
+  config: &mariadbConfig
+    userCredentialsExternalSecret: *dbSecretName
+    mysqlDatabase: etsicatalog
+  nameOverride: modeling-db
    service:
      name: modeling-db
      portName: modeling-db
@@ -54,14 +68,31 @@ mariadb-galera:
      enabled: true
    disableNfsProvisioner: true
  
+mariadb-init:
+  config: *mariadbConfig
+  # nameOverride should be the same with common.name
+  nameOverride: modeling-etsicatalog
+
  #################################################################
  # Application configuration defaults.
  #################################################################
+config:
+  #application configuration about  msb
+  ssl_enabled: false
+  msbProtocol: https
+  msbServiceName: msb-iag
+  msbPort: 443
+  #application configuration user password about mariadb
+  db:
+    userName: etsicatalog
+    # userPassword: password
+    # userCredentialsExternalSecret: some-secret
+
  # application image
  flavor: small
  
  repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.6
+image: onap/modeling/etsicatalog:1.0.7
  initImage: busybox:latest
  pullPolicy: Always
  
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml

index 631cb7c..febb8a9 100644 (file)
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -51,7 +51,7 @@ spec:
            # so K8s doesn't restart unresponsive container
            {{- if .Values.global.aafEnabled }}
            command:
-          - bash
+          - sh
            args:
            - -c
            - |
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml

index 1fc1600..0f3fd1a 100644 (file)
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -71,7 +71,7 @@ subChartsOnly:
  
  # application image
  repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:7.0.0
+image: onap/externalapi/nbi:7.0.2
  pullPolicy: IfNotPresent
  sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
  aai_authorization: Basic QUFJOkFBSQ==
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml

index 5f44954..3413c38 100755 (executable)
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -125,7 +125,7 @@ global:
    cmpv2Enabled: true
    platform:
      certServiceClient:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.0.0
+      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
        secret:
          name: oom-cert-service-client-tls-secret
          mountPath: /etc/onap/oom/certservice/certs/
diff --git a/kubernetes/oof/Makefile b/kubernetes/oof/Makefile

index 8af301d..4628206 100644 (file)
--- a/kubernetes/oof/Makefile
+++ b/kubernetes/oof/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES := dist resources templates charts docker
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,12 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/oof/components/Makefile b/kubernetes/oof/components/Makefile

index 2fc0cbe..0237136 100755 (executable)
--- a/kubernetes/oof/components/Makefile
+++ b/kubernetes/oof/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES :=
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/oof/components/oof-cmso/Makefile b/kubernetes/oof/components/oof-cmso/Makefile

index 52df18a..48cebe9 100644 (file)
--- a/kubernetes/oof/components/oof-cmso/Makefile
+++ b/kubernetes/oof/components/oof-cmso/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES := dist resources templates charts docker
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/oof/components/oof-cmso/components/Makefile b/kubernetes/oof/components/oof-cmso/components/Makefile

index 35be214..f7a698d 100755 (executable)
--- a/kubernetes/oof/components/oof-cmso/components/Makefile
+++ b/kubernetes/oof/components/oof-cmso/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES :=
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/oof/components/oof-has/Makefile b/kubernetes/oof/components/oof-has/Makefile

index 52df18a..48cebe9 100644 (file)
--- a/kubernetes/oof/components/oof-has/Makefile
+++ b/kubernetes/oof/components/oof-has/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES := dist resources templates charts docker
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/kubernetes/oof/components/oof-has/components/Makefile

index 35be214..f7a698d 100755 (executable)
--- a/kubernetes/oof/components/oof-has/components/Makefile
+++ b/kubernetes/oof/components/oof-has/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES :=
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml

index c61be42..1538b47 100755 (executable)
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
@@ -93,7 +93,7 @@ spec:
            image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
            command: ["/bin/bash","-c"]
-          args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
+          args: ["/usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port={{ .Values.uwsgi.internalPort }} --die-on-term --exit-on-reload --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --protocol=uwsgi --socket 0.0.0.0:{{ .Values.uwsgi.internalPort }}"]
            ports:
            - containerPort: {{ .Values.uwsgi.internalPort }}
            # disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml

index 0cd8cfb..2afc5da 100644 (file)
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung, Orange
+{{/*# Copyright © 2020 Samsung, Orange
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -11,5 +11,6 @@
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
+*/}}
  
  {{ include "common.ingress" . }}
diff --git a/kubernetes/oof/components/oof-has/resources/config/log.conf b/kubernetes/oof/components/oof-has/resources/config/log.conf

index c476d0b..374d02a 100755 (executable)
--- a/kubernetes/oof/components/oof-has/resources/config/log.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/log.conf
@@ -1,5 +1,6 @@
  # Copyright © 2017 Amdocs, Bell Canada
  # Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -25,7 +26,7 @@ handlers=trfhand,consoleHandler,audithand,metrichand,errhand,debughand
  
  [handler_consoleHandler]
  class=StreamHandler
-level=NOTSET
+level=INFO
  formatter=generic
  args=(sys.stdout,)
  
diff --git a/kubernetes/oof/resources/config/log.yml b/kubernetes/oof/resources/config/log.yml

new file mode 100644 (file)

index 0000000..3966ea2
--- /dev/null
+++ b/kubernetes/oof/resources/config/log.yml
@@ -0,0 +1,101 @@
+version: 1
+disable_existing_loggers: True
+
+loggers:
+  error:
+    handlers: [error_handler, console_handler]
+    level: "WARN"
+    propagate: True
+  debug:
+    handlers: [debug_handler, console_handler]
+    level: "DEBUG"
+    propagate: True
+  metrics:
+    handlers: [metrics_handler, console_handler]
+    level: "INFO"
+    propagate: True
+  audit:
+    handlers: [audit_handler, console_handler]
+    level: "INFO"
+    propagate: True
+handlers:
+  debug_handler:
+    level: "DEBUG"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/debug.log"
+    formatter: "debugFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  error_handler:
+    level: "WARN"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/error.log"
+    formatter: "errorFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  metrics_handler:
+    level: "INFO"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/metrics.log"
+    formatter: "metricsFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  audit_handler:
+    level: "INFO"
+    class: "logging.handlers.TimedRotatingFileHandler"
+    filename: "logs/audit.log"
+    formatter: "auditFormat"
+    when: midnight
+    interval: 1
+    utc: True
+    delay: False
+    backupCount: 10
+  console_handler:
+    level: "DEBUG"
+    class: "logging.StreamHandler"
+    formatter: "metricsFormat"
+
+formatters:
+  standard:
+    format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
+  debugFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{server}|%(levelname)s|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  errorFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "%(asctime)s.%(msecs)03d+00:00|{requestID}|%(threadName)s|{serviceName}|{partnerName}\
+    |{targetEntity}|{targetServiceName}|%(levelname)s|{errorCode}|{errorDescription}|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  auditFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+        |%(threadName)s|{server}|{serviceName}|{partnerName}|{statusCode}|{responseCode}|{responseDescription}\
+        |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+        |{processKey}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  metricsFormat:
+    format: "%(mdc)s"
+    datefmt: "%Y-%m-%dT%H:%M:%S"
+    mdcfmt: "{entryTimestamp}+00:00|%(asctime)s.%(msecs)03d+00:00|{requestID}|{serviceInstanceID}\
+        |%(threadName)s|{server}|{serviceName}|{partnerName}|{targetEntity}|{targetServiceName}|{statusCode}|{responseCode}|{responseDescription}\
+        |{instanceUUID}|%(levelname)s|{severity}|{serverIPAddress}|{timer}|{server}|{IPAddress}||{unused}\
+        |{processKey}|{TargetVirtualEntity}|{customField1}|{customField2}|{customField3}|{customField4}|%(message)s"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+  mdcFormat:
+    format: "%(asctime)s.%(msecs)03d+00:00|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s"
+    mdcfmt: "{requestID} {invocationID} {serviceName} {serverIPAddress}"
+    (): osdf.logging.oof_mdc_formatter.OOFMDCFormatter
+
diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml

index 70eadd9..76d1a62 100644 (file)
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/kubernetes/oof/templates/deployment.yaml
@@ -1,5 +1,6 @@
  # Copyright © 2017 Amdocs, Bell Canada
  # Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -103,6 +104,9 @@ spec:
            - mountPath: /opt/osdf/config/common_config.yaml
              name: {{ include "common.fullname" . }}-config
              subPath: common_config.yaml
+          - mountPath: /opt/osdf/config/log.yml
+            name: {{ include "common.fullname" . }}-config
+            subPath: log.yml
            resources:
  {{ include "common.resources" . | indent 12 }}
          {{- if .Values.nodeSelector }}
@@ -129,5 +133,7 @@ spec:
                path: aaf_root_ca.cer
              - key: common_config.yaml
                path: common_config.yaml
+            - key: log.yml
+              path: log.yml
        imagePullSecrets:
        - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/platform/Makefile b/kubernetes/platform/Makefile

index 7a55c2e..d3fa8b7 100644 (file)
--- a/kubernetes/platform/Makefile
+++ b/kubernetes/platform/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES := dist resources templates charts
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/platform/components/Makefile b/kubernetes/platform/components/Makefile

index 27e17db..cf69fa6 100644 (file)
--- a/kubernetes/platform/components/Makefile
+++ b/kubernetes/platform/components/Makefile
@@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES :=
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -40,7 +41,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile

new file mode 100644 (file)

index 0000000..c4723df
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/Makefile
@@ -0,0 +1,148 @@
+CERTS_DIR = resources
+CURRENT_DIR := ${CURDIR}
+DOCKER_CONTAINER = generate-certs
+DOCKER_EXEC = docker exec ${DOCKER_CONTAINER}
+
+all: start_docker \
+     clear_all \
+     root_generate_keys \
+     root_create_certificate \
+     root_self_sign_certificate \
+     client_generate_keys \
+     client_generate_csr \
+     client_sign_certificate_by_root \
+     client_import_root_certificate \
+     client_convert_certificate_to_jks \
+     server_generate_keys \
+     server_generate_csr \
+     server_sign_certificate_by_root \
+     server_import_root_certificate \
+     server_convert_certificate_to_jks \
+     server_convert_certificate_to_p12 \
+     clear_unused_files \
+     stop_docker
+
+.PHONY: all
+
+# Starts docker container for generating certificates - deletes first, if already running
+start_docker:
+       @make stop_docker
+       docker run -d --rm --name ${DOCKER_CONTAINER}  --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
+
+# Stops docker container for generating  certificates. 'true' is used to return 0 status code, if container is already deleted
+stop_docker:
+       docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true
+
+#Clear all files related to certificates
+clear_all:
+       @make clear_existing_certificates
+       @make clear_unused_files
+
+#Clear certificates
+clear_existing_certificates:
+       @echo "Clear certificates"
+       ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+       @echo "#####done#####"
+
+#Generate root private and public keys
+root_generate_keys:
+       @echo "Generate root private and public keys"
+       ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
+    -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
+    -storepass secret -ext BasicConstraints:critical="ca:true"
+       @echo "#####done#####"
+
+#Export public key as certificate
+root_create_certificate:
+       @echo "(Export public key as certificate)"
+       ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
+       @echo "#####done#####"
+
+#Self-signed root (import root certificate into truststore)
+root_self_sign_certificate:
+       @echo "(Self-signed root (import root certificate into truststore))"
+       ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
+       @echo "#####done#####"
+
+#Generate certService's client private and public keys
+client_generate_keys:
+       @echo "Generate certService's client private and public keys"
+       ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \
+    -keystore certServiceClient-keystore.jks -storetype JKS \
+    -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+    -keypass secret -storepass secret
+       @echo "####done####"
+
+#Generate certificate signing request for certService's client
+client_generate_csr:
+       @echo "Generate certificate signing request for certService's client"
+       ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
+       @echo "####done####"
+
+#Sign certService's client certificate by root CA
+client_sign_certificate_by_root:
+       @echo "Sign certService's client certificate by root CA"
+       ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
+    -outfile certServiceClientByRoot.crt -rfc -ext bc=0  -ext ExtendedkeyUsage="serverAuth,clientAuth"
+       @echo "####done####"
+
+#Import root certificate into client
+client_import_root_certificate:
+       @echo "Import root certificate into intermediate"
+       ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
+       @echo "####done####"
+
+#Import signed certificate into certService's client
+client_convert_certificate_to_jks:
+       @echo "Import signed certificate into certService's client"
+       ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
+       @echo "####done####"
+
+#Generate certService private and public keys
+server_generate_keys:
+       @echo "Generate certService private and public keys"
+       ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \
+    -keystore certServiceServer-keystore.jks -storetype JKS \
+    -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+    -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
+       @echo "####done####"
+
+#Generate certificate signing request for certService
+server_generate_csr:
+       @echo "Generate certificate signing request for certService"
+       ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
+       @echo "####done####"
+
+#Sign certService certificate by root CA
+server_sign_certificate_by_root:
+       @echo "Sign certService certificate by root CA"
+       ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
+    -outfile certServiceServerByRoot.crt -rfc -ext bc=0  -ext ExtendedkeyUsage="serverAuth,clientAuth" \
+    -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
+       @echo "####done####"
+
+#Import root certificate into server
+server_import_root_certificate:
+       @echo "Import root certificate into intermediate(server)"
+       ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
+       @echo "####done####"
+
+#Import signed certificate into certService
+server_convert_certificate_to_jks:
+       @echo "Import signed certificate into certService"
+       ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
+    -storepass secret -noprompt
+       @echo "####done####"
+
+#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
+server_convert_certificate_to_p12:
+       @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+       ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
+        -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
+       @echo "#####done#####"
+
+#Clear unused certificates
+clear_unused_files:
+       @echo "Clear unused certificates"
+       ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt  certServiceServer.csr
+       @echo "#####done#####"
diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks

deleted file mode 100644 (file)

index c089764..0000000

Binary files a/kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks and /dev/null differ
diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks

deleted file mode 100644 (file)

index e3882b1..0000000

Binary files a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks and /dev/null differ
diff --git a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12

deleted file mode 100644 (file)

index ce92611..0000000

Binary files a/kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12 and /dev/null differ
diff --git a/kubernetes/platform/components/oom-cert-service/resources/root.crt b/kubernetes/platform/components/oom-cert-service/resources/root.crt

deleted file mode 100644 (file)

index 242e437..0000000
--- a/kubernetes/platform/components/oom-cert-service/resources/root.crt
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFnjCCA4agAwIBAgIEHn8h9TANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV
-UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ
-MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE
-AxMIb25hcC5vcmcwHhcNMjAwODI3MDg1MjQ3WhcNMzAwODI1MDg1MjQ3WjB3MQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy
-YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B
-UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQCOQ8TArFljhDu9EXKqAppV/eslelFAGG1NhDnh3PI6jK7qKKSTIcUpKPiG
-u9CagyNq4Y1dNt1LsP/KSDDkm6CGYW2z4E0Nm0ckcGc4izdoFDFhoXkrMoKvQxct
-az3YD1AiEH7kIYqDp7S3LMP8FbAXlcV62J2AEPqWtbFGszi6Pj65InNnFTGT4Oon
-E46egKcSWAhNR6vN29MO9/0wZHxwXWlcS2CKt6+2QKpfimHf48EJ0idntsKpj302
-i93jWGVNtORZbDddmVZG6XaVQkfRrJiivPQHvIXU5bWCsV7OQsrzbbsSscnqDuAr
-5DjR1Jbm2394e3DkXZTnqLGKReaaz0roA7ybLSesU1Fu0ZjD5Zq6ZezpXEQvcxcd
-wmq1A8ugeuRKhizeBO9YddjYTHWflHLBpiEyIwDCUsXfdNdS0nHQNKMDNbkC9512
-SLbG1N6iLGt85BriMLzJrlMP48feuheu3G/Mrit01yBzIgbqP30DcAIox5bgnJOY
-knxPctNaGsBup76msBzk+aBeDU5N/zirEJYxTmC3okeISzcLFlqYUUSsEzlqh8SS
-pNDK6ZbnX1khJJdUbCJGmgFS6N4RPXdxX12OCJDyjjCXcn7RXcZsYb3A+eF09+EM
-l0Vp3P+Aj6+eSN+t1Ez0sjGfSv/I8q1zV/trYZBq/LZIznfBFwIDAQABozIwMDAd
-BgNVHQ4EFgQUC0e3vObokYFDHM21OlRF4UO6L7EwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQwFAAOCAgEAWLrsWPcRJb81ozx1O8lytX4aUagjYyWIDOst1mqI
-VH+U5bHo7oReKdfFcy4Zen2bKh9DITGD7jweqTxAVx3scLq/3PE2HSG+6fNJ6wt7
-amrMZA6IdWqDWnaFMZQug3JTMH7s6v3rD7FU7awVc6lY+7TjR3qunU2m8F5GvATF
-ag+VmMSLiaBBbbmQqd1JkvCzPXlwwN3rg2u81zMys1AIbgeOlE5ZmWppOQpi7UrZ
-C8PTsRKzapgENlgxtsqVjsAMJI6OGk20bNcQKDn5fU6QwYLfnLPlkuRmFD8FeluI
-jz+ROjzxdC7E/BA80uZctvEEvn2VnD01IlEm6HoC+71erT+zmvM4AGd7EJa6mklb
-X+tGSkfzbIAR2gcn9sdNdhYA2hXXpQaeEp19bB8MAoSp5raCtbqZDQVHofJFY7gG
-FW+yKLlqBTCTm1XOPriUwbP6gkpLlkeTxeIAx8QbucoFx11J7jAeXY7oTXfSQw3h
-OR0/CHlG0BjVep6RNGA0k9cDNRyIdkxvA31rtgYCSbtepR5IhZyFhiN25Djxu/g9
-krspoxAS9ModBSiswjl4Q26eoYT4pnFXMfYbh5E4qNZNv0/S3YQ0HSTupls6M77J
-KHMx17m8EWtdsv2KyUkFqu1Q1nGky7SjpFUsVlp65Q+au3ftKxUDIRWK6jgpRH1e
-YIk=
------END CERTIFICATE-----
diff --git a/kubernetes/platform/components/oom-cert-service/resources/truststore.jks b/kubernetes/platform/components/oom-cert-service/resources/truststore.jks

deleted file mode 100644 (file)

index 3d857e3..0000000

Binary files a/kubernetes/platform/components/oom-cert-service/resources/truststore.jks and /dev/null differ
diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml

index 666e83c..a6ce282 100644 (file)
--- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
  # Modifications Copyright  © 2020, Nordix Foundation
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,7 +11,7 @@
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
  
  {{- if .Values.global.cmpv2Enabled }}
  apiVersion: apps/v1
diff --git a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml

index 33056c7..280922a 100644 (file)
--- a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
  # Modifications Copyright  © 2020, Nordix Foundation
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,7 +11,7 @@
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
  
  {{- if .Values.global.cmpv2Enabled }}
  {{ include "common.secretFast" . }}
diff --git a/kubernetes/platform/components/oom-cert-service/templates/service.yaml b/kubernetes/platform/components/oom-cert-service/templates/service.yaml

index 60e2afa..5ae6b36 100644 (file)
--- a/kubernetes/platform/components/oom-cert-service/templates/service.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/service.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+{{/*# Copyright © 2020, Nokia
  # Modifications Copyright  © 2020, Nordix Foundation
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,7 +11,7 @@
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License.*/}}
  {{- if .Values.global.cmpv2Enabled }}
    {{ include "common.service" . }}
  {{ end -}}
 \ No newline at end of file
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml

index 64ed1a3..3ab9895 100644 (file)
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -47,7 +47,7 @@ service:
  
  # Deployment configuration
  repository: nexus3.onap.org:10001
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.0.0
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
  pullPolicy: Always
  replicaCount: 1
  
diff --git a/kubernetes/policy/components/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json

index 8db1f5a..cdc477c 100755 (executable)
--- a/kubernetes/policy/components/policy-api/resources/config/config.json
+++ b/kubernetes/policy/components/policy-api/resources/config/config.json
@@ -35,7 +35,7 @@
          "persistenceUnit": "PolicyMariaDb"
      },
      "preloadPolicyTypes": [
-        "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml",
+        "policytypes/onap.policies.monitoring.tcagen2.yaml",
          "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
          "policytypes/onap.policies.Optimization.yaml",
          "policytypes/onap.policies.optimization.Resource.yaml",
@@ -53,9 +53,10 @@
          "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
          "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
          "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
+        "policytypes/onap.policies.controlloop.guard.common.Filter.yaml",
          "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
-        "policytypes/onap.policies.controlloop.Operational.yaml",
          "policytypes/onap.policies.Naming.yaml",
+        "policytypes/onap.policies.Match.yaml",
          "policytypes/onap.policies.native.Drools.yaml",
          "policytypes/onap.policies.native.Xacml.yaml",
          "policytypes/onap.policies.native.Apex.yaml",
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml

index a4d060c..40f0fab 100755 (executable)
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
@@ -119,8 +119,6 @@ spec:
              readOnly: true
            - mountPath: /opt/app/policy/pdpx/etc/mounted
              name: pdpxconfig-processed
-            emptyDir:
-              medium: Memory
            resources:
  {{ include "common.resources" . }}
          {{- if .Values.nodeSelector }}
diff --git a/kubernetes/portal/Makefile b/kubernetes/portal/Makefile

index 8af301d..248fb05 100644 (file)
--- a/kubernetes/portal/Makefile
+++ b/kubernetes/portal/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES := dist resources templates charts docker
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/portal/components/Makefile b/kubernetes/portal/components/Makefile

index 2fc0cbe..0237136 100644 (file)
--- a/kubernetes/portal/components/Makefile
+++ b/kubernetes/portal/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES :=
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties

new file mode 100644 (file)

index 0000000..368cbe7
--- /dev/null
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties
@@ -0,0 +1,2 @@
+# Encrypted Properties
+cipher.enc.key = ${CIPHER_ENC_KEY}
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml

index 99fe917..ece7089 100644 (file)
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml
@@ -40,6 +40,8 @@
         <!-- specify the component name -->\r
         <property name="componentName" value="onapportal"></property>\r
  \r
+       <!--  specify the application name -->\r
+    <property name="application_name" value="Portal"></property>\r
         <!-- specify the base path of the log directory -->\r
         <property name="logDirPrefix" value="/var/log/onap"></property>\r
  \r
@@ -67,7 +69,7 @@
                 value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
  \r
         <property name="errorLoggerPattern"\r
-               value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
+               value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
  \r
         <property name="defaultLoggerPattern"\r
                 value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
@@ -274,15 +276,15 @@
                 <appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"\r
                 level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->\r
  \r
-       <logger name="com.att.eelf.audit" level="info" additivity="false">\r
+       <logger name="EELFAudit" level="info" additivity="false">\r
                 <appender-ref ref="asyncEELFAudit" />\r
         </logger>\r
  \r
-       <logger name="com.att.eelf.metrics" level="info" additivity="false">\r
+       <logger name="EELFMetrics" level="info" additivity="false">\r
                 <appender-ref ref="asyncEELFMetrics" />\r
         </logger>\r
  \r
-       <logger name="com.att.eelf.error" level="info" additivity="false">\r
+       <logger name="EELFError" level="info" additivity="false">\r
                 <appender-ref ref="asyncEELFError" />\r
         </logger>\r
  \r
@@ -292,6 +294,7 @@
  \r
         <root level="INFO">\r
                 <appender-ref ref="asyncEELF" />\r
+               <appender-ref ref="STDOUT" />\r
         </root>\r
  \r
  </configuration>\r
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties

index 37544d1..e0724c6 100644 (file)
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties
@@ -27,7 +27,7 @@ music.serialize.compress = true
  
  #By default it's eventual
  music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
  cassandra.host={{.Values.cassandra.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
diff --git a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties

index b5b4e48..c8a292f 100755 (executable)
--- a/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -16,8 +16,8 @@
  #mysql
  db.driver = org.mariadb.jdbc.Driver
  db.connectionURL = jdbc:mariadb:failover://portal-db:3306/portal
-db.userName =root
-db.password =Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
  db.hib.dialect = org.hibernate.dialect.MySQLDialect
  db.min_pool_size = 5
  db.max_pool_size = 10
@@ -122,4 +122,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}}
  ext_central_access_user_name = aaf_admin@people.osaaf.org
  ext_central_access_password = demo123456!
  ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
-\ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml

index 6964715..8c434c5 100644 (file)
--- a/kubernetes/portal/components/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml
@@ -49,6 +49,42 @@ spec:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-portal-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - sh
+        args:
+        - "-c"
+        - |
+          cd /config-input && \
+          for PFILE in `ls -1 *.xml`
+          do
+            cp ${PFILE} /config
+            chmod 0755 /config/${PFILE}
+          done
+          cd /config-input && \
+          for PFILE in `ls -1 *.properties`
+          do
+            envsubst <${PFILE} >/config/${PFILE}
+            chmod 0755 /config/${PFILE}
+          done
+        env:
+          - name: CASSA_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+          - name: CASSA_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+          - name: CIPHER_ENC_KEY
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+          - name: PORTAL_DB_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+          - name: PORTAL_DB_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: properties-onapportal-scrubbed
+        - mountPath: /config
+          name: properties-onapportal
  {{ include "common.certInitializer.initContainer" . | indent 6 }}
        containers:
        - name: {{ include "common.name" . }}
@@ -102,6 +138,9 @@ spec:
          - name: properties-onapportal
            mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties"
            subPath: portal.properties
+        - name: properties-onapportal
+          mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+          subPath: key.properties
          - name: properties-onapportal
            mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties"
            subPath: music.properties
@@ -114,6 +153,8 @@ spec:
          - name: properties-onapportal
            mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
            subPath: web.xml
+        - name: properties-onapportal
+          mountPath: "{{ .Values.global.env.tomcatDir }}/temp"
          - name: var-log-onap
            mountPath: /var/log/onap
          resources:
@@ -122,7 +163,7 @@ spec:
        nodeSelector:
  {{ toYaml .Values.nodeSelector | indent 10 }}
        {{- end -}}
-      {{- if .Values.affinity }}
+{{- if .Values.affinity }}
        affinity:
  {{ toYaml .Values.affinity | indent 10 }}
        {{- end }}
@@ -143,6 +184,9 @@ spec:
            hostPath:
              path: /etc/localtime
          - name: properties-onapportal
+          emptyDir:
+            medium: Memory
+        - name: properties-onapportal-scrubbed
            configMap:
              name: {{ include "common.fullname" . }}-onapportal
              defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml

index 73306ba..bd1ed58 100644 (file)
--- a/kubernetes/portal/components/portal-app/values.yaml
+++ b/kubernetes/portal/components/portal-app/values.yaml
@@ -23,9 +23,33 @@ global:
    readinessImage: onap/oom/readiness:3.0.1
    loggingRepository: docker.elastic.co
    loggingImage: beats/filebeat:5.5.0
+  envsubstImage: dibi/envsubst
    #AAF service
    aafEnabled: true
  
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+  - uid: portal-cass
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+    login: '{{ .Values.cassandra.config.cassandraUsername }}'
+    password: '{{ .Values.cassandra.config.cassandraPassword }}'
+    passwordPolicy: required
+  - uid: cipher-enc-key
+    type: password
+    externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+    password: '{{ .Values.config.cipherEncKey }}'
+    passwordPolicy: required
+  - uid: portal-backend-db
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+    login: '{{ .Values.mariadb.config.backendUserName }}'
+    password: '{{ .Values.mariadb.config.backendPassword }}'
+    passwordPolicy: required
+
  #################################################################
  # Application configuration defaults.
  #################################################################
@@ -35,6 +59,11 @@ repository: nexus3.onap.org:10001
  image: onap/portal-app:3.2.3
  pullPolicy: Always
  
+# application configuration
+config:
+  # cipherEncKeyExternalSecret: some secret
+  cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==!
+
  #AAF local config
  
  aafURL: https://aaf-service:8100/authz/
@@ -97,6 +126,10 @@ service:
  mariadb:
    service:
      name: portal-db
+  config:
+    # backendDbExternalSecret: some secret
+    backendUserName: portal
+    backendPassword: portal
  widget:
    service:
      name: portal-widget
@@ -104,6 +137,7 @@ cassandra:
    service:
      name: portal-cassandra
    config:
+    # cassandraExternalSecret: some secret
      cassandraUsername: root
      cassandraPassword: Aa123456
  messageRouter:
diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml

index 5b4bf0c..16b8971 100644 (file)
--- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml
@@ -64,9 +64,9 @@ spec:
            periodSeconds: {{ .Values.readiness.periodSeconds }}
          env:
            - name: CASSUSER
-            value: "{{ .Values.config.cassandraUsername }}"
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}}
            - name: CASSPASS
-            value: "{{ .Values.config.cassandraPassword }}"
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}}
            - name: JVM_OPTS
              value: "{{ .Values.config.cassandraJvmOpts }}"
            - name: POD_IP
diff --git a/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml

new file mode 100644 (file)

index 0000000..34932b7
--- /dev/null
+++ b/kubernetes/portal/components/portal-cassandra/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml

index 65fcdbe..eb6fc12 100644 (file)
--- a/kubernetes/portal/components/portal-cassandra/values.yaml
+++ b/kubernetes/portal/components/portal-cassandra/values.yaml
@@ -26,10 +26,21 @@ repository: nexus3.onap.org:10001
  image: onap/music/cassandra_music:3.0.0
  pullPolicy: Always
  
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: 'db-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}'
+    login: '{{ .Values.config.cassandraUsername }}'
+    password: '{{ .Values.config.cassandraPassword }}'
+
  # application configuration
  config:
    cassandraUsername: root
    cassandraPassword: Aa123456
+#  cassandraCredsExternalSecret: some secret
    cassandraJvmOpts: -Xmx2536m -Xms2536m
  
  # default number of instances
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh

index 28fcee1..93d2b67 100644 (file)
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -182,6 +182,13 @@ if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
                         echo
                 done
  
+               file_env 'PORTAL_DB_TABLES'
+               for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
+                       do
+                           echo "Granting portal user ALL PRIVILEGES for table $i"
+                                       echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+                       done
+
                 if ! kill -s TERM "$pid" || ! wait "$pid"; then
                         echo >&2 'MySQL init process failed.'
                         exit 1
@@ -193,4 +200,4 @@ if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
         fi
  fi
  
-exec "$@"
-\ No newline at end of file
+exec "$@"
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql

index 7502e93..1e28067 100644 (file)
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -23,7 +23,7 @@ while the OOM K8s version has these service split up.
  */
  -- app_url is the FE, app_rest_endpoint is the BE
  --portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
  --dmaap-bc => the dmaap-bc doesn't open a node port..
  update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
  --sdc-be => 8443:30204
@@ -74,6 +74,9 @@ update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS
  -- aai sparky
  update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7;
  
+-- Disabled Policy APP
+UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy';
+
  
  /*
  Replace spaces with underscores for role names to match AAF role names
diff --git a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml

index ec6cc50..196a2d1 100644 (file)
--- a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml
@@ -69,6 +69,18 @@ spec:
                  secretKeyRef:
                    name: {{ template "common.fullname" . }}
                    key: db-root-password
+            - name: MYSQL_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "common.fullname" . }}
+                  key: backend-db-user
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "common.fullname" . }}
+                  key: backend-db-password
+            - name: PORTAL_DB_TABLES
+              value: {{ .Values.config.backend_portal_tables }}
            volumeMounts:
            - mountPath: /var/lib/mysql
              name: mariadb-data
diff --git a/kubernetes/portal/components/portal-mariadb/templates/job.yaml b/kubernetes/portal/components/portal-mariadb/templates/job.yaml

index e8a6e0f..b05b920 100644 (file)
--- a/kubernetes/portal/components/portal-mariadb/templates/job.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/job.yaml
@@ -72,7 +72,9 @@ spec:
            value: "{{ .Values.service.internalPort }}"
          - name: DB_PASS
            valueFrom:
-            secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password}
+            secretKeyRef:
+              name: {{ include "common.fullname" . }}
+              key: db-root-password
          command:
          - /bin/sh
          - -x
diff --git a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml

index ad1db77..4415c5e 100644 (file)
--- a/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
+++ b/kubernetes/portal/components/portal-mariadb/templates/secrets.yaml
@@ -26,3 +26,6 @@ metadata:
  type: Opaque
  data:
    db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
+stringData:
+  backend-db-user: {{ .Values.config.backendDbUser }}
+  backend-db-password: {{ .Values.config.backendDbPassword }}
diff --git a/kubernetes/portal/components/portal-mariadb/values.yaml b/kubernetes/portal/components/portal-mariadb/values.yaml

index 3435feb..fc1eca8 100644 (file)
--- a/kubernetes/portal/components/portal-mariadb/values.yaml
+++ b/kubernetes/portal/components/portal-mariadb/values.yaml
@@ -35,6 +35,11 @@ mariadbInitImage: "oomk8s/mariadb-client-init:3.0.0"
  config:
    mariadbUser: root
    mariadbRootPassword: Aa123456
+  backendDbUser: portal
+  backendDbPassword: portal
+  #backend_portal_tables is a comma delimited string listing back-end tables
+  #that backendDbUser needs access to, such as to portal and ecomp_sdk tables
+  backend_portal_tables: portal,ecomp_sdk
    #The directory where sql files are found in the projects gerrit repo.
    sqlSourceDirectory: portal/deliveries
    # sdc frontend assignment for port 9443
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties

new file mode 100644 (file)

index 0000000..0025a58
--- /dev/null
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties
@@ -0,0 +1,40 @@
+###
+# ============LICENSE_START==========================================
+# ONAP Portal SDK
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#             http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#             https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+#
+###
+
+# Properties read by the ECOMP Framework library (epsdk-fw)
+cipher.enc.key = ${CIPHER_ENC_KEY}
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml

index 85e1eed..e1fee17 100644 (file)
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml
@@ -41,6 +41,8 @@
    <!--<jmxConfigurator /> -->\r
    <!--  specify the component name -->\r
    <property name="componentName" value="onapsdk"></property>\r
+  <!--  specify the application name -->\r
+  <property name="application_name" value="PortalSDK"></property>\r
    <!--  specify the base path of the log directory -->\r
    <property name="logDirPrefix" value="/var/log/onap"></property>\r
    <!-- The directories where logs are written -->\r
@@ -60,7 +62,7 @@
    <!-- 1610 Logging Fields Format Revisions -->\r
    <property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
    <property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
-  <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ClassName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
+  <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{AlertSeverity}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
    <property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
    <!-- use %class so library logging calls yield their class name -->\r
    <property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />\r
@@ -204,19 +206,20 @@
    <logger name="org.onap.eelf" level="info" additivity="false">\r
      <appender-ref ref="asyncEELF" />\r
    </logger>\r
-  <logger name="org.onap.eelf.audit" level="info" additivity="false">\r
+  <logger name="EELFAudit" level="info" additivity="false">\r
      <appender-ref ref="asyncEELFAudit" />\r
    </logger>\r
    <logger name="org.onap.eelf.debug" level="debug" additivity="false">\r
      <appender-ref ref="asyncEELFDebug" />\r
    </logger>\r
-  <logger name="org.onap.eelf.error" level="info" additivity="false">\r
+  <logger name="EELFError" level="info" additivity="false">\r
      <appender-ref ref="asyncEELFError" />\r
    </logger>\r
-  <logger name="org.onap.eelf.metrics" level="info" additivity="false">\r
+  <logger name="EELFMetrics" level="info" additivity="false">\r
      <appender-ref ref="asyncEELFMetrics" />\r
    </logger>\r
    <root level="DEBUG">\r
      <appender-ref ref="asyncEELF" />\r
+    <appender-ref ref="STDOUT" />\r
    </root>\r
  </configuration>\r
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties

index 83ce9ca..a4c0acc 100644 (file)
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties
@@ -27,8 +27,8 @@ music.serialize.compress = true
  
  #By default it's eventual
  music.atomic.get = false
-music.atomic.put = true
+music.atomic.put = false
  
  cassandra.host={{.Values.cassandra.service.name}}
-cassandra.user={{.Values.cassandra.config.cassandraUsername}}
-cassandra.password={{.Values.cassandra.config.cassandraPassword}}
+cassandra.user=${CASSA_USER}
+cassandra.password=${CASSA_PASSWORD}
diff --git a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties

index 2a2ec59..1faed41 100755 (executable)
--- a/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
+++ b/kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties
@@ -40,8 +40,8 @@ decryption_key                                  = AGLDdG4D04BKm2IxIWEr8o==
  
  db.driver = org.mariadb.jdbc.Driver
  db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk
-db.userName = root
-db.password = Aa123456
+db.userName =${PORTAL_DB_USER}
+db.password =${PORTAL_DB_PASSWORD}
  db.min_pool_size = 5
  db.max_pool_size = 10
  hb.dialect = org.hibernate.dialect.MySQLDialect
@@ -90,4 +90,4 @@ remote_centralized_system_access = {{.Values.global.aafEnabled}}
  ext_central_access_user_name = aaf_admin@people.osaaf.org
  ext_central_access_password = demo123456!
  ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
-\ No newline at end of file
+ext_central_access_user_domain = @people.osaaf.org
diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml

index 104c2df..52bf49b 100644 (file)
--- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml
@@ -49,6 +49,42 @@ spec:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-portalsdk-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - sh
+        args:
+        - "-c"
+        - |
+          cd /config-input && \
+          for PFILE in `ls -1 *.xml`
+          do
+            cp ${PFILE} /config
+            chmod 0755 /config/${PFILE}
+          done
+          cd /config-input && \
+          for PFILE in `ls -1 *.properties`
+          do
+            envsubst <${PFILE} >/config/${PFILE}
+            chmod 0755 /config/${PFILE}
+          done
+        env:
+          - name: CASSA_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
+          - name: CASSA_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
+          - name: CIPHER_ENC_KEY
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
+          - name: PORTAL_DB_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+          - name: PORTAL_DB_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+        volumeMounts:
+        - mountPath: /config-input
+          name: properties-onapportalsdk-scrubbed
+        - mountPath: /config
+          name: properties-onapportalsdk
  {{ include "common.certInitializer.initContainer" . | indent 6 }}
        containers:
        - name: {{ include "common.name" . }}
@@ -99,6 +135,9 @@ spec:
          - name: properties-onapportalsdk
            mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties"
            subPath: portal.properties
+        - name: properties-onapportalsdk
+          mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
+          subPath: key.properties
          - name: properties-onapportalsdk
            mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties"
            subPath: music.properties
@@ -135,6 +174,9 @@ spec:
            hostPath:
              path: /etc/localtime
          - name: properties-onapportalsdk
+          emptyDir:
+            medium: Memory
+        - name: properties-onapportalsdk-scrubbed
            configMap:
              name: {{ include "common.fullname" . }}-onapportalsdk
              defaultMode: 0755
diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml

index ebe49e0..4056b2a 100644 (file)
--- a/kubernetes/portal/components/portal-sdk/values.yaml
+++ b/kubernetes/portal/components/portal-sdk/values.yaml
@@ -24,9 +24,33 @@ global:
    loggingRepository: docker.elastic.co
    loggingImage: beats/filebeat:5.5.0
    persistence: {}
+  envsubstImage: dibi/envsubst
    #AAF service
    aafEnabled: true
  
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+  - uid: portal-cass
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
+    login: '{{ .Values.cassandra.config.cassandraUsername }}'
+    password: '{{ .Values.cassandra.config.cassandraPassword }}'
+    passwordPolicy: required
+  - uid: portal-backend-db
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+    login: '{{ .Values.mariadb.config.backendUserName }}'
+    password: '{{ .Values.mariadb.config.backendPassword }}'
+    passwordPolicy: required
+  - uid: cipher-enc-key
+    type: password
+    externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
+    password: '{{ .Values.config.cipherEncKey }}'
+    passwordPolicy: required
+
  #################################################################
  # Application configuration defaults.
  #################################################################
@@ -36,6 +60,12 @@ repository: nexus3.onap.org:10001
  image: onap/portal-sdk:3.2.0
  pullPolicy: Always
  
+# application configuration
+config:
+  # cipherEncKeyExternalSecret: some secret
+  cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==
+
+
  #AAF local config
  aafURL: https://aaf-service:8100/authz/
  certInitializer:
@@ -91,6 +121,10 @@ service:
  mariadb:
    service:
      name: portal-db
+  config:
+    # backendDbExternalSecret: some secret
+    backendUserName: portal
+    backendPassword: portal
  widget:
    service:
      name: portal-widget
@@ -98,6 +132,7 @@ cassandra:
    service:
      name: portal-cassandra
    config:
+    # cassandraExternalSecret: some secret
      cassandraUsername: root
      cassandraPassword: Aa123456
  messageRouter:
diff --git a/kubernetes/portal/templates/secrets.yaml b/kubernetes/portal/templates/secrets.yaml

new file mode 100644 (file)

index 0000000..34932b7
--- /dev/null
+++ b/kubernetes/portal/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml

index a7d1e09..0d4b023 100644 (file)
--- a/kubernetes/portal/values.yaml
+++ b/kubernetes/portal/values.yaml
@@ -21,14 +21,42 @@ global:
    portalFEPort: "30225"
    # application's front end hostname.  Must be resolvable on the client side environment
    portalHostName: "portal.api.simpledemo.onap.org"
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: portal-cass
+    name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}'
+    login: '{{ .Values.config.cassandraUsername }}'
+    password: '{{ .Values.config.cassandraPassword }}'
+  - uid: portal-backend-db
+    name: &backendDbSecretName '{{ include "common.release" . }}-portal-backend-creds'
+    type: basicAuth
+    externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+    login: '{{ .Values.mariadb.config.backendUserName }}'
+    password: '{{ .Values.mariadb.config.backendPassword }}'
+    passwordPolicy: required
+
  config:
    logstashServiceName: log-ls
    logstashPort: 5044
+  cassandraUsername: root
+  cassandraPassword: Aa123456
+# casandraCredsExternalSecret: some secret
+
  portal-mariadb:
    nameOverride: portal-db
  mariadb:
    service:
      name: portal-db
+  config:
+#   backendDbExternalSecret: some secret
+    backendUserName: portal
+    backendPassword: portal
+
  widget:
    service:
      name: portal-widget
@@ -36,8 +64,21 @@ cassandra:
    service:
      name: portal-cassandra
    config:
-    cassandraUsername: root
-    cassandraPassword: Aa123456
+    cassandraExternalSecret: *dbSecretName
+portal-app:
+  mariadb:
+    config:
+      backendDbExternalSecret: *backendDbSecretName
+  cassandra:
+    config:
+      cassandraExternalSecret: *dbSecretName
+portal-sdk:
+  mariadb:
+    config:
+      backendDbExternalSecret: *backendDbSecretName
+  cassandra:
+    config:
+      cassandraExternalSecret: *dbSecretName
  messageRouter:
    service:
      name: message-router
diff --git a/kubernetes/robot b/kubernetes/robot

index b093c77..d4d20fe 160000 (submodule)
--- a/kubernetes/robot
+++ b/kubernetes/robot
@@ -1 +1 @@
-Subproject commit b093c77b4faa2c4f0bfc67e481f724b6d67c7229
+Subproject commit d4d20fe81e2fb4ee98e16c2b350b0981202f57d6
diff --git a/kubernetes/sdc/Makefile b/kubernetes/sdc/Makefile

index f2670c5..3dab31f 100644 (file)
--- a/kubernetes/sdc/Makefile
+++ b/kubernetes/sdc/Makefile
@@ -20,6 +20,8 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  EXCLUDES := dist resources templates charts docker
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
  
+HELM_VER := $(shell helm version --template "{{.Version}}")
+
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
  all: $(HELM_CHARTS)
@@ -39,7 +41,12 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
+
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/sdc/components/Makefile b/kubernetes/sdc/components/Makefile

index 8d3bf2b..0d5b9e0 100644 (file)
--- a/kubernetes/sdc/components/Makefile
+++ b/kubernetes/sdc/components/Makefile
@@ -19,6 +19,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES :=
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -39,7 +40,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml

index e2329d7..d3a47de 100644 (file)
--- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
@@ -37,6 +37,13 @@ spec:
                fieldPath: metadata.namespace
          image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        - name: {{ include "common.name" . }}-job-completion
          image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
          imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
@@ -51,6 +58,13 @@ spec:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        {{- if .Values.global.aafEnabled }}
        - name: {{ include "common.name" . }}-update-config
          image: "{{ .Values.global.envsubstImage }}"
@@ -72,6 +86,13 @@ spec:
              envsubst <${PFILE} >/config-output/${PFILE}
              chmod 0755 /config-output/${PFILE}
            done
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
          - name: {{ include "common.fullname" . }}-environments
            mountPath: /config-input/
@@ -154,6 +175,13 @@ spec:
              mountPath: /var/log/onap
            - name: {{ include "common.fullname" . }}-data-filebeat
              mountPath: /usr/share/filebeat/data
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+            requests:
+              cpu: 3m
+              memory: 20Mi
        volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
        - name: {{ include "common.fullname" . }}-localtime
          hostPath:
diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml

index d9c3e51..554b3c3 100644 (file)
--- a/kubernetes/sdc/components/sdc-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml
@@ -39,19 +39,28 @@ spec:
          args:
          - --container-name
          - sdc-be
+        - "-t"
+        - "35"
          env:
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        containers:
        - name: {{ include "common.name" . }}-job
          image: "{{ include "common.repository" . }}/{{ .Values.backendInitImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          volumeMounts:
          - name: {{ include "common.fullname" . }}-environments
-          mountPath: /home/sdc/chef-solo/environments/
+          mountPath: /home/onap/chef-solo/environments/
          - name: sdc-logs
            mountPath: /var/lib/jetty/logs
          env:
@@ -61,6 +70,13 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
+        resources:
+          limits:
+            cpu: 800m
+            memory: 1024Mi
+          requests:
+            cpu: 200m
+            memory: 200Mi
        volumes:
          - name: {{ include "common.fullname" . }}-environments
            configMap:
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml

index 0389486..b825b70 100644 (file)
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -39,8 +39,8 @@ global:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.7
-backendInitImage: onap/sdc-backend-init:1.6.7
+image: onap/sdc-backend-all-plugins:1.7.1
+backendInitImage: onap/sdc-backend-init:1.7.1
  pullPolicy: Always
  
  # flag to enable debugging - application support required
@@ -140,15 +140,15 @@ resources:
    small:
      limits:
        cpu: 1
-      memory: 4Gi
+      memory: 2Gi
      requests:
-      cpu: 10m
+      cpu: 100m
        memory: 1Gi
    large:
      limits:
        cpu: 2
-      memory: 8Gi
+      memory: 4Gi
      requests:
-      cpu: 20m
+      cpu: 200m
        memory: 2Gi
    unlimited: {}
diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml

index 0c98d67..19dd112 100644 (file)
--- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml
@@ -45,12 +45,21 @@ spec:
          {{- else }}
          - cassandra
          {{- end }}
+        - "-t"
+        - "15"
          env:
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        containers:
        - name: {{ include "common.name" . }}-job
          image: "{{ include "common.repository" . }}/{{ .Values.cassandraInitImage }}"
@@ -78,6 +87,13 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
+        resources:
+          limits:
+            cpu: 800m
+            memory: 1024Mi
+          requests:
+            cpu: 200m
+            memory: 300Mi
        volumes:
        - name: {{ include "common.fullname" . }}-environments
          configMap:
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml

index 0738ca7..e80f648 100644 (file)
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -38,8 +38,8 @@ global:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.7
-cassandraInitImage: onap/sdc-cassandra-init:1.6.7
+image: onap/sdc-cassandra:1.7.1
+cassandraInitImage: onap/sdc-cassandra-init:1.7.1
  
  pullPolicy: Always
  
@@ -104,23 +104,3 @@ persistence:
  
  ingress:
    enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
-  small:
-    limits:
-      cpu: 1
-      memory: 4Gi
-    requests:
-      cpu: 10m
-      memory: 1Gi
-  large:
-    limits:
-      cpu: 2
-      memory: 8Gi
-    requests:
-      cpu: 20m
-      memory: 2Gi
-  unlimited: {}
diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml

index 0571f4b..bca3c47 100644 (file)
--- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
@@ -43,12 +43,21 @@ spec:
          args:
          - --job-name
          - {{ include "common.release" . }}-sdc-be-config-backend
+        - "-t"
+        - "35"
          env:
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        {{- if .Values.global.aafEnabled }}
        - name: {{ include "common.name" . }}-update-config
          image: "{{ .Values.global.envsubstImage }}"
@@ -75,6 +84,13 @@ spec:
              mountPath: /config-input/
            - name: sdc-environments-output
              mountPath: /config-output/
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        {{- end }}
        containers:
          - name: {{ include "common.name" . }}
@@ -106,8 +122,7 @@ spec:
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
              timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
-          resources:
-{{ include "common.resources" . | indent 12 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
            env:
            - name: ENVNAME
              value: {{ .Values.env.name }}
@@ -153,6 +168,13 @@ spec:
              mountPath: /var/log/onap
            - name: {{ include "common.fullname" . }}-data-filebeat
              mountPath: /usr/share/filebeat/data
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+            requests:
+              cpu: 3m
+              memory: 20Mi
        volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
          - name: {{ include "common.fullname" . }}-localtime
            hostPath:
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml

index e9ff284..1389d05 100644 (file)
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -51,7 +51,7 @@ certInitializer:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.7
+image: onap/sdc-frontend:1.7.1
  pullPolicy: Always
  
  config:
@@ -123,16 +123,16 @@ flavor: small
  resources:
    small:
      limits:
-      cpu: 1
-      memory: 4Gi
+      cpu: 500m
+      memory: 2Gi
      requests:
-      cpu: 10m
+      cpu: 40m
        memory: 1Gi
    large:
      limits:
-      cpu: 2
-      memory: 8Gi
+      cpu: 1
+      memory: 4Gi
      requests:
-      cpu: 20m
+      cpu: 80m
        memory: 2Gi
    unlimited: {}
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml

index 6f1e2a9..527ddde 100644 (file)
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
@@ -49,6 +49,13 @@ spec:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        {{- if .Values.global.aafEnabled }}
        - name: {{ include "common.name" . }}-update-config
          image: "{{ .Values.global.envsubstImage }}"
@@ -75,6 +82,13 @@ spec:
              mountPath: /config-input/
            - name: sdc-environments-output
              mountPath: /config-output/
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        {{- end }}
        containers:
          - name: {{ include "common.name" . }}
@@ -99,8 +113,7 @@ spec:
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
              timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
-          resources:
-{{ include "common.resources" . | indent 12 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
            env:
            - name: ENVNAME
              value: {{ .Values.env.name }}
@@ -155,6 +168,13 @@ spec:
              mountPath: /var/log/onap
            - name: {{ include "common.fullname" . }}-data-filebeat
              mountPath: /usr/share/filebeat/data
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+            requests:
+              cpu: 3m
+              memory: 20Mi
        volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
        - name: {{ include "common.fullname" . }}-localtime
          hostPath:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml

index 936c7c4..c3003e2 100644 (file)
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml
@@ -41,12 +41,21 @@ spec:
          args:
          - --job-name
          - {{ include "common.release" . }}-sdc-cs-config-cassandra
+        - "-t"
+        - "20"
          env:
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        containers:
        - name: {{ include "common.name" . }}-job
          image: "{{ include "common.repository" . }}/{{ .Values.onboardingInitImage }}"
@@ -72,6 +81,13 @@ spec:
              secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password}
          - name: CS_HOST_IP
            value: "{{ .Values.global.cassandra.serviceName }}"
+        resources:
+          limits:
+            cpu: 800m
+            memory: 1024Mi
+          requests:
+            cpu: 200m
+            memory: 200Mi
        volumes:
        - name: {{ include "common.fullname" . }}-environments
          configMap:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml

index 2e5d91e..6ec08db 100644 (file)
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -63,8 +63,8 @@ certInitializer:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.7
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.7
+image: onap/sdc-onboard-backend:1.7.1
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.7.1
  pullPolicy: Always
  
  # flag to enable debugging - application support required
@@ -155,16 +155,16 @@ flavor: small
  resources:
    small:
      limits:
-      cpu: 1
-      memory: 4Gi
+      cpu: 500m
+      memory: 2Gi
      requests:
-      cpu: 10m
+      cpu: 40m
        memory: 1Gi
    large:
      limits:
-      cpu: 2
-      memory: 8Gi
+      cpu: 1
+      memory: 4Gi
      requests:
-      cpu: 20m
+      cpu: 80m
        memory: 2Gi
    unlimited: {}
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml

index b188cda..c61c41f 100644 (file)
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
@@ -50,6 +50,13 @@ spec:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        {{ end }}
        containers:
          - name: {{ include "common.name" . }}
@@ -123,6 +130,7 @@ spec:
            - name: SERVER_SSL_TRUSTSTORE_TYPE
              value: "{{ .Values.config.serverSSLTrustStoreType }}"
            volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
        volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
        imagePullSecrets:
        - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml

index 9235cb4..be7d519 100644 (file)
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
@@ -34,37 +34,47 @@ spec:
      spec:
        restartPolicy: Never
        initContainers:
-      - name: {{ include "common.name" . }}-init-readiness
-        image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-        - /app/ready.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-sdc-cs-config-cassandra
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
+        - name: {{ include "common.name" . }}-init-readiness
+          image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command:
+          - /app/ready.py
+          args:
+          - --job-name
+          - {{ include "common.release" . }}-sdc-cs-config-cassandra
+          - "-t"
+          - "20"
+          env:
+          - name: NAMESPACE
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.namespace
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+            requests:
+              cpu: 3m
+              memory: 20Mi
        containers:
-      - name: {{ include "common.name" . }}-job
-        image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        env:
-        - name: CS_HOST
-          value: "{{ .Values.global.cassandra.serviceName }}"
-        - name: CS_PORT
-          value: "{{ .Values.config.cassandraClientPort }}"
-        - name: CS_AUTHENTICATE
-          value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
-        - name: CS_USER
-          valueFrom:
-            secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
-        - name: CS_PASSWORD
-          valueFrom:
-            secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+        - name: {{ include "common.name" . }}-job
+          image: "{{ include "common.repository" . }}/{{ .Values.configInitImage }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+          - name: CS_HOST
+            value: "{{ .Values.global.cassandra.serviceName }}"
+          - name: CS_PORT
+            value: "{{ .Values.config.cassandraClientPort }}"
+          - name: CS_AUTHENTICATE
+            value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
+          - name: CS_USER
+            valueFrom:
+              secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
+          - name: CS_PASSWORD
+            valueFrom:
+              secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
+          resources: {{ include "common.resources" . | nindent 12 }}
        imagePullSecrets:
        - name: "{{ include "common.namespace" . }}-docker-registry-key"
  {{ end }}
diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml

index da5ae38..893a1b9 100644 (file)
--- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
@@ -62,8 +62,8 @@ certInitializer:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.4
-configInitImage: onap/workflow-init:1.6.4
+image: onap/sdc-workflow-backend:1.7.0
+configInitImage: onap/sdc-workflow-init:1.7.0
  pullPolicy: Always
  
  initJob:
@@ -123,21 +123,22 @@ ingress:
    config:
      ssl: "redirect"
  
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 500m
+      memory: 2Gi
+    requests:
+      cpu: 40m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 80m
+      memory: 2Gi
+  unlimited: {}
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml

index ad10480..a5d312f 100644 (file)
--- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
@@ -48,6 +48,13 @@ spec:
                fieldPath: metadata.namespace
          image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        {{- if .Values.global.aafEnabled }}
        - name: {{ include "common.fullname" . }}-move-cert
          command:
@@ -63,6 +70,13 @@ spec:
          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
            - name: sdc-certs
              mountPath: /sdc-certs
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+          requests:
+            cpu: 3m
+            memory: 20Mi
        {{- end }}
        containers:
          - name: {{ include "common.name" . }}
@@ -114,8 +128,8 @@ spec:
              readOnly: true
            {{- if .Values.global.aafEnabled }}
            - name: sdc-certs
-            mountPath: /sdc-certs
-            subpath: mycreds.prop
+            mountPath: /sdc-certs/mycreds.prop
+            subPath: mycreds.prop
            - name: sdc-certs
              mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }}
              subPath: {{ .Values.certInitializer.keystoreFile }}
@@ -123,8 +137,7 @@ spec:
              mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }}
              subPath: {{ .Values.certInitializer.truststoreFile }}
            {{ end }}
-          resources:
-{{ include "common.resources" . | indent 12 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
          {{- if .Values.nodeSelector }}
          nodeSelector:
  {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -145,6 +158,13 @@ spec:
              mountPath: /var/log/onap
            - name: {{ include "common.fullname" . }}-data-filebeat
              mountPath: /usr/share/filebeat/data
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+            requests:
+              cpu: 3m
+              memory: 20Mi
        volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
          - name: {{ include "common.fullname" . }}-localtime
            hostPath:
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml

index 7bb1b24..e881398 100644 (file)
--- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
@@ -51,7 +51,7 @@ certInitializer:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.4
+image: onap/sdc-workflow-frontend:1.7.0
  pullPolicy: Always
  
  # flag to enable debugging - application support required
@@ -114,21 +114,22 @@ ingress:
      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
      nginx.ingress.kubernetes.io/rewrite-target: "/workflows/"
  
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  #
-  # Example:
-  # Configure resource requests and limits
-  # ref: http://kubernetes.io/docs/user-guide/compute-resources/
-  # Minimum memory for development is 2 CPU cores and 4GB memory
-  # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-#  limits:
-#    cpu: 2
-#    memory: 4Gi
-#  requests:
-#    cpu: 2
-#    memory: 4Gi
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (Small and Large)
+flavor: small
+resources:
+  small:
+    limits:
+      cpu: 500m
+      memory: 2Gi
+    requests:
+      cpu: 40m
+      memory: 1Gi
+  large:
+    limits:
+      cpu: 1
+      memory: 4Gi
+    requests:
+      cpu: 80m
+      memory: 2Gi
+  unlimited: {}
diff --git a/kubernetes/sdnc/Makefile b/kubernetes/sdnc/Makefile

index e4b5dda..1518f3c 100644 (file)
--- a/kubernetes/sdnc/Makefile
+++ b/kubernetes/sdnc/Makefile
@@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES := dist resources templates charts
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -40,7 +41,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/sdnc/components/Makefile b/kubernetes/sdnc/components/Makefile

index 4e73763..c38171c 100644 (file)
--- a/kubernetes/sdnc/components/Makefile
+++ b/kubernetes/sdnc/components/Makefile
@@ -20,6 +20,7 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
  
  EXCLUDES :=
  HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell helm version --template "{{.Version}}")
  
  .PHONY: $(EXCLUDES) $(HELM_CHARTS)
  
@@ -40,7 +41,11 @@ lint-%: dep-%
  
  package-%: lint-%
         @mkdir -p $(PACKAGE_DIR)
+ifeq "$(findstring v3,$(HELM_VER))" "v3"
+       @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$(helm package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && helm push -f $$PACKAGE_NAME local; fi
+else
         @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+endif
         @helm repo index $(PACKAGE_DIR)
  
  clean:
diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml

index b434c40..e3be4bc 100644 (file)
--- a/kubernetes/sdnc/templates/service.yaml
+++ b/kubernetes/sdnc/templates/service.yaml
@@ -49,9 +49,9 @@ spec:
        targetPort: {{ .Values.service.internalPort4 }}
        {{ end }}
        nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
-      {{ if .Values.config.sdnr.enabled }}
-      Session Affinity:  ClientIP
-      {{ end }}
+  {{ if .Values.config.sdnr.enabled }}
+  sessionAffinity:  ClientIP
+  {{ end }}
    selector:
      app.kubernetes.io/name: {{ include "common.name" . }}
      app.kubernetes.io/instance: {{ include "common.release" . }}
diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml

index 2dbfa4e..ee84d60 100755 (executable)
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
@@ -72,7 +72,7 @@ spec:
            readOnly: true
          - name: {{ include "common.fullname" . }}-truststore
            mountPath: /app/client
-          readonly: true
+          readOnly: true
          livenessProbe:
            tcpSocket:
              port: {{ index .Values.livenessProbe.port }}
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml

index 123bb29..844f993 100644 (file)
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
          level: "DEBUG"
          propagate: False
  handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
      gvnfmdriverlocal_handler:
          level: "DEBUG"
          class:
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml

index c6987f1..a9c92ef 100644 (file)
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml
@@ -56,12 +56,10 @@ spec:
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
            env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: SSL_ENABLED
                value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: REG_TO_MSB_WHEN_START
                value: "{{ .Values.global.config.reg_to_msb_when_start }}"
            volumeMounts:
diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml

index 2111860..96736f6 100644 (file)
--- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml
@@ -28,7 +28,7 @@ global:
  flavor: small
  
  repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.9
+image: onap/vfc/gvnfmdriver:1.4.0
  pullPolicy: Always
  
  #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml

index 4ae7ab1..c886062 100644 (file)
--- a/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
          level: "DEBUG"
          propagate: False
  handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
      nslcmlocal_handler:
          level: "DEBUG"
          class:
diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml

index 9b085f8..544834d 100644 (file)
--- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml
@@ -76,12 +76,10 @@ spec:
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
            env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: SSL_ENABLED
                value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: MYSQL_ADDR
                value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
              - name: MYSQL_ROOT_USER
diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml

index 5478741..7d37810 100644 (file)
--- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml
+++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml
@@ -38,7 +38,7 @@ secrets:
  flavor: small
  
  repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.9
+image: onap/vfc/nslcm:1.4.0
  pullPolicy: Always
  
  #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml

index 9eee5c7..8b32fa4 100644 (file)
--- a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml
@@ -53,11 +53,6 @@ spec:
                port: {{ .Values.service.internalPort }}
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
-          env:
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
-            - name: REG_TO_MSB_WHEN_START
-              value: "{{ .Values.global.config.reg_to_msb_when_start }}"
            resources:
  {{ include "common.resources" . | indent 12 }}
          {{- if .Values.nodeSelector }}
diff --git a/kubernetes/vfc/charts/vfc-redis/values.yaml b/kubernetes/vfc/charts/vfc-redis/values.yaml

index 80924a8..2761d05 100644 (file)
--- a/kubernetes/vfc/charts/vfc-redis/values.yaml
+++ b/kubernetes/vfc/charts/vfc-redis/values.yaml
@@ -28,7 +28,7 @@ global:
  flavor: small
  
  repository: nexus3.onap.org:10001
-image: onap/vfc/db:1.3.3
+image: onap/vfc/db:1.3.4
  pullPolicy: Always
  
  # flag to enable debugging - application support required
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml

index 4af8faa..9dbf475 100644 (file)
--- a/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
          level: "DEBUG"
          propagate: False
  handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
      vnfmgrlocal_handler:
          level: "DEBUG"
          class:
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml

index d61dc9d..7fd74b9 100644 (file)
--- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml
@@ -76,12 +76,10 @@ spec:
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
            env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: SSL_ENABLED
                value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: MYSQL_ADDR
                value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
              - name: MYSQL_ROOT_USER
diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml

index 89847ca..fafef0c 100644 (file)
--- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml
@@ -38,7 +38,7 @@ secrets:
  flavor: small
  
  repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.9
+image: onap/vfc/vnflcm:1.4.0
  pullPolicy: Always
  
  #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml

index 4af8faa..9dbf475 100644 (file)
--- a/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
          level: "DEBUG"
          propagate: False
  handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
      vnfmgrlocal_handler:
          level: "DEBUG"
          class:
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml

index 3eede19..bd0b377 100644 (file)
--- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml
@@ -76,12 +76,10 @@ spec:
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
            env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: SSL_ENABLED
                value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: MYSQL_ADDR
                value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
              - name: REDIS_HOST
diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml

index 6fbc033..67b087f 100644 (file)
--- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml
@@ -38,7 +38,7 @@ secrets:
  flavor: small
  
  repository: nexus3.onap.org:10001
-image: onap/vfc/vnfmgr:1.3.8
+image: onap/vfc/vnfmgr:1.3.9
  pullPolicy: Always
  
  #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml

index c4cc1e3..7644af1 100644 (file)
--- a/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
          level: "DEBUG"
          propagate: False
  handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
      vnflcmlocal_handler:
          level: "DEBUG"
          class:
diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml

index 32c7cd2..9f2a4c7 100644 (file)
--- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml
@@ -76,12 +76,10 @@ spec:
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
            env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: SSL_ENABLED
                value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: MYSQL_ADDR
                value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
              - name: REDIS_HOST
diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml

index 82b74e0..1b6fc79 100644 (file)
--- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml
+++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml
@@ -38,7 +38,7 @@ secrets:
  flavor: small
  
  repository: nexus3.onap.org:10001
-image: onap/vfc/vnfres:1.3.7
+image: onap/vfc/vnfres:1.3.8
  pullPolicy: Always
  
  #Istio sidecar injection policy
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml

index a0bf170..6c00048 100644 (file)
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml
+++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml
@@ -11,6 +11,9 @@ loggers:
          level: "DEBUG"
          propagate: False
  handlers:
+    console:
+        class: "logging.StreamHandler"
+        formatter: "standard"
      ztevnfmdriverlocal_handler:
          level: "DEBUG"
          class:
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml

index bcae4ac..32e4133 100644 (file)
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml
+++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml
@@ -72,12 +72,10 @@ spec:
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
            env:
-            - name: MSB_PROTO
-              value: "{{ .Values.global.config.msbprotocol }}"
+            - name: MSB_HOST
+              value: "{{ .Values.global.config.msbprotocol }}://{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: SSL_ENABLED
                value: "{{ .Values.global.config.ssl_enabled }}"
-            - name: MSB_ADDR
-              value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
              - name: REG_TO_MSB_WHEN_START
                value: "{{ .Values.global.config.reg_to_msb_when_start }}"
            volumeMounts:
diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml

index 18cd207..7ebd3a5 100644 (file)
--- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml
@@ -28,7 +28,7 @@ global:
  flavor: small
  
  repository: nexus3.onap.org:10001
-image: onap/vfc/ztevnfmdriver:1.3.6
+image: onap/vfc/ztevnfmdriver:1.3.7
  pullPolicy: Always
  
  #Istio sidecar injection policy
diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/kubernetes/vnfsdk/resources/config/configuration.xml

index 6bd4e1c..09b6551 100644 (file)
--- a/kubernetes/vnfsdk/resources/config/configuration.xml
+++ b/kubernetes/vnfsdk/resources/config/configuration.xml
@@ -23,7 +23,7 @@ PUBLIC "//mybatis.org//DTD Config 3.0//EN"
              <transactionManager type="JDBC" />
              <dataSource type="UNPOOLED">
                  <property name="driver" value="org.postgresql.Driver" />
-                <property name="url" value="jdbc:postgresql://{{ .Values.postgres.service.name }}:{{ .Values.postgres.service.externalPort }}/marketplaceDB" />
+                <property name="url" value="jdbc:postgresql://{{.Values.postgres.service.name2}}:{{.Values.postgres.service.externalPort}}/marketplaceDB" />
                  <property name="username" value="${PG_USER}" />
                  <property name="password" value="${PG_PASSWORD}" />
              </dataSource>
diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml

index 06ce212..60edcff 100644 (file)
--- a/kubernetes/vnfsdk/templates/deployment.yaml
+++ b/kubernetes/vnfsdk/templates/deployment.yaml
@@ -73,7 +73,7 @@ spec:
          name: {{ include "common.name" . }}
          resources:
  {{ include "common.resources" . | indent 12 }}
-        volumes:
+        volumeMounts:
          - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
            name: init-data
            subPath: configuration.xml
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml

index b72f396..3e0e235 100644 (file)
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -43,7 +43,7 @@ secrets:
  #################################################################
  # application image
  repository: nexus3.onap.org:10001
-image: onap/vnfsdk/refrepo:1.5.2
+image: onap/vnfsdk/refrepo:1.6.0
  postgresRepository: crunchydata
  postgresImage: crunchy-postgres:centos7-10.3-1.8.2
  pullPolicy: Always
author	Sylvain Desbureaux <sylvain.desbureaux@orange.com>
	Wed, 7 Oct 2020 06:46:15 +0000 (06:46 +0000)
committer	Gerrit Code Review <gerrit@onap.org>
	Wed, 7 Oct 2020 06:46:15 +0000 (06:46 +0000)
kubernetes/a1policymanagement/values.yaml		patch \| blob \| history
kubernetes/aaf/components/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml		patch \| blob \| history
kubernetes/aaf/components/aaf-sms/charts/aaf-sms-vault/templates/statefulset.yaml		patch \| blob \| history
kubernetes/aaf/components/aaf-sms/templates/job.yaml		patch \| blob \| history
kubernetes/aaf/components/aaf-sms/values.yaml		patch \| blob \| history
kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/deployment.yaml	[moved from kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/statefulset.yaml with 99% similarity]	patch \| blob \| history
kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-abrmd/templates/job.yaml		patch \| blob \| history
kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-distcenter/templates/job.yaml		patch \| blob \| history
kubernetes/aaf/components/aaf-sshsm/charts/aaf-sshsm-testca/templates/job.yaml		patch \| blob \| history
kubernetes/aai		patch \| blob \| history
kubernetes/clamp/Makefile		patch \| blob \| history
kubernetes/clamp/components/clamp-backend/resources/config/application.properties		patch \| blob \| history
kubernetes/clamp/components/clamp-backend/values.yaml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-es/requirements.yaml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-es/values.yaml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-kibana/values.yaml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml		patch \| blob \| history
kubernetes/clamp/components/clamp-dash-logstash/values.yaml		patch \| blob \| history
kubernetes/clamp/values.yaml		patch \| blob \| history
kubernetes/common/Makefile		patch \| blob \| history
kubernetes/common/cmpv2Config/values.yaml		patch \| blob \| history
kubernetes/common/elasticsearch/components/data/values.yaml		patch \| blob \| history
kubernetes/common/elasticsearch/components/master/values.yaml		patch \| blob \| history
kubernetes/common/elasticsearch/values.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/namespace.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/secret.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-dashboard/values.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-deployment-handler/templates/secrets.yaml	[new file with mode: 0644]	patch \| blob
kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml		patch \| blob \| history
kubernetes/dcaegen2/components/dcae-policy-handler/templates/secrets.yaml	[new file with mode: 0644]	patch \| blob
kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml		patch \| blob \| history
kubernetes/dcaegen2/templates/secrets.yaml	[new file with mode: 0644]	patch \| blob
kubernetes/dcaegen2/values.yaml		patch \| blob \| history
kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml		patch \| blob \| history
kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml		patch \| blob \| history
kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml		patch \| blob \| history
kubernetes/dmaap/components/dmaap-dr-node/values.yaml		patch \| blob \| history
kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml		patch \| blob \| history
kubernetes/dmaap/components/dmaap-dr-prov/values.yaml		patch \| blob \| history
kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml		patch \| blob \| history
kubernetes/modeling/charts/modeling-etsicatalog/requirements.yaml		patch \| blob \| history
kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml		patch \| blob \| history
kubernetes/modeling/charts/modeling-etsicatalog/templates/secrets.yaml		patch \| blob \| history
kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml		patch \| blob \| history
kubernetes/modeling/charts/modeling-etsicatalog/values.yaml		patch \| blob \| history
kubernetes/nbi/templates/deployment.yaml		patch \| blob \| history
kubernetes/nbi/values.yaml		patch \| blob \| history
kubernetes/onap/values.yaml		patch \| blob \| history
kubernetes/oof/Makefile		patch \| blob \| history
kubernetes/oof/components/Makefile		patch \| blob \| history
kubernetes/oof/components/oof-cmso/Makefile		patch \| blob \| history
kubernetes/oof/components/oof-cmso/components/Makefile		patch \| blob \| history
kubernetes/oof/components/oof-has/Makefile		patch \| blob \| history
kubernetes/oof/components/oof-has/components/Makefile		patch \| blob \| history
kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml		patch \| blob \| history
kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml		patch \| blob \| history
kubernetes/oof/components/oof-has/resources/config/log.conf		patch \| blob \| history
kubernetes/oof/resources/config/log.yml	[new file with mode: 0644]	patch \| blob
kubernetes/oof/templates/deployment.yaml		patch \| blob \| history
kubernetes/platform/Makefile		patch \| blob \| history
kubernetes/platform/components/Makefile		patch \| blob \| history
kubernetes/platform/components/oom-cert-service/Makefile	[new file with mode: 0644]	patch \| blob
kubernetes/platform/components/oom-cert-service/resources/certServiceClient-keystore.jks	[deleted file]	patch \| blob \| history
kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.jks	[deleted file]	patch \| blob \| history
kubernetes/platform/components/oom-cert-service/resources/certServiceServer-keystore.p12	[deleted file]	patch \| blob \| history
kubernetes/platform/components/oom-cert-service/resources/root.crt	[deleted file]	patch \| blob \| history
kubernetes/platform/components/oom-cert-service/resources/truststore.jks	[deleted file]	patch \| blob \| history
kubernetes/platform/components/oom-cert-service/templates/deployment.yaml		patch \| blob \| history
kubernetes/platform/components/oom-cert-service/templates/secret.yaml		patch \| blob \| history
kubernetes/platform/components/oom-cert-service/templates/service.yaml		patch \| blob \| history
kubernetes/platform/components/oom-cert-service/values.yaml		patch \| blob \| history
kubernetes/policy/components/policy-api/resources/config/config.json		patch \| blob \| history
kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml		patch \| blob \| history
kubernetes/portal/Makefile		patch \| blob \| history
kubernetes/portal/components/Makefile		patch \| blob \| history
kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/key.properties	[new file with mode: 0644]	patch \| blob
kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/logback.xml		patch \| blob \| history
kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/music.properties		patch \| blob \| history
kubernetes/portal/components/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties		patch \| blob \| history
kubernetes/portal/components/portal-app/templates/deployment.yaml		patch \| blob \| history
kubernetes/portal/components/portal-app/values.yaml		patch \| blob \| history
kubernetes/portal/components/portal-cassandra/templates/deployment.yaml		patch \| blob \| history
kubernetes/portal/components/portal-cassandra/templates/secrets.yaml	[new file with mode: 0644]	patch \| blob
kubernetes/portal/components/portal-cassandra/values.yaml		patch \| blob \| history
kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh		patch \| blob \| history
kubernetes/portal/components/portal-mariadb/resources/config/mariadb/oom_updates.sql		patch \| blob \| history
kubernetes/portal/components/portal-mariadb/templates/deployment.yaml		patch \| blob \| history
kubernetes/portal/components/portal-mariadb/templates/job.yaml		patch \| blob \| history
kubernetes/portal/components/portal-mariadb/templates/secrets.yaml		patch \| blob \| history
kubernetes/portal/components/portal-mariadb/values.yaml		patch \| blob \| history
kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/key.properties	[new file with mode: 0644]	patch \| blob
kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/logback.xml		patch \| blob \| history
kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/music.properties		patch \| blob \| history
kubernetes/portal/components/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties		patch \| blob \| history
kubernetes/portal/components/portal-sdk/templates/deployment.yaml		patch \| blob \| history
kubernetes/portal/components/portal-sdk/values.yaml		patch \| blob \| history
kubernetes/portal/templates/secrets.yaml	[new file with mode: 0644]	patch \| blob
kubernetes/portal/values.yaml		patch \| blob \| history
kubernetes/robot		patch \| blob \| history
kubernetes/sdc/Makefile		patch \| blob \| history
kubernetes/sdc/components/Makefile		patch \| blob \| history
kubernetes/sdc/components/sdc-be/templates/deployment.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-be/templates/job.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-be/values.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-cs/templates/job.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-cs/values.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-fe/templates/deployment.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-fe/values.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-onboarding-be/values.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-wfd-be/values.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml		patch \| blob \| history
kubernetes/sdc/components/sdc-wfd-fe/values.yaml		patch \| blob \| history
kubernetes/sdnc/Makefile		patch \| blob \| history
kubernetes/sdnc/components/Makefile		patch \| blob \| history
kubernetes/sdnc/templates/service.yaml		patch \| blob \| history
kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-generic-vnfm-driver/resources/config/logging/log.yml		patch \| blob \| history
kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-nslcm/resources/config/logging/log.yml		patch \| blob \| history
kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-nslcm/values.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-redis/values.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-vnflcm/resources/config/logging/log.yml		patch \| blob \| history
kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-vnflcm/values.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-vnfmgr/resources/config/logging/log.yml		patch \| blob \| history
kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-vnfmgr/values.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-vnfres/resources/config/logging/log.yml		patch \| blob \| history
kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-vnfres/values.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-zte-vnfm-driver/resources/config/logging/log.yml		patch \| blob \| history
kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml		patch \| blob \| history
kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml		patch \| blob \| history
kubernetes/vnfsdk/resources/config/configuration.xml		patch \| blob \| history
kubernetes/vnfsdk/templates/deployment.yaml		patch \| blob \| history
kubernetes/vnfsdk/values.yaml		patch \| blob \| history