enabled: true
port: tcp-cql
-image: onap/aaf/aaf_cass:2.1.20
+image: onap/aaf/aaf_cass:2.1.22
config:
cluster_name: osaaf
replicaCount: 0
-image: onap/aaf/aaf_hello:2.1.20
+image: onap/aaf/aaf_hello:2.1.22
service:
name: aaf-hello
aafUsername: aaf_admin@people.osaaf.org
aafPassword: demo123456!
- policyPlatUsername: testpdp
- policyPlatPassword: alpha123
+ policyPlatUsername: healthcheck
+ policyPlatPassword: zb!XztG34
- policyCliUsername: python
- policyCliPassword: test
+ policyCliUsername: healthcheck
+ policyCliPassword: zb!XztG34
osdfPlacementUsername: test
osdfPlacementPassword: testpwd
aaf:
readiness: false
- image: onap/aaf/aaf_core:2.1.20
+ image: onap/aaf/aaf_core:2.1.22
aaf_env: "DEV"
public_fqdn: "aaf.osaaf.org"
- aaf_release: "El Alto"
+ aaf_release: "Frankfurt"
# DUBLIN ONLY - for M4 compatibility with Casablanca
# aaf_locator_name: "public.%NS.%N"
# aaf_locator_name_oom: "%NS.%N"
cadi_x509_issuers: "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US"
config:
- image: onap/aaf/aaf_config:2.1.20
+ image: onap/aaf/aaf_config:2.1.22
service:
fqdn: "aaf-service"
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - bash
+ args:
+ - '-c'
+ - 'export POL_BASIC_AUTH=`echo -n $POL_BASIC_AUTH_USER:$POL_BASIC_AUTH_PASSWORD | base64`; /startService.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: POL_CLIENT_AUTH
value: "{{ .Values.config.polClientAuth }}"
- - name: POL_BASIC_AUTH
- value: "{{ .Values.config.polBasicAuth }}"
+ - name: POL_BASIC_AUTH_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "login") | indent 10}}
+ - name: POL_BASIC_AUTH_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}}
- name: POL_URL
value: "{{ .Values.config.polUrl }}"
- name: POL_ENV
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.db.userName }}'
password: '{{ .Values.config.db.userPassword }}'
+ - uid: pol-basic-auth-secret
+ name: '{{ include "common.release" . }}-pol-basic-auth-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.polBasicAuthSecret) . }}'
+ login: '{{ .Values.config.polBasicAuthUser }}'
+ password: '{{ .Values.config.polBasicAuthPassword }}'
# sub-chart config
mariadb-galera:
# userCredentialsExternalSecret: some-secret
springProfile: live
polClientAuth: cHl0aG9uOnRlc3Q=
- polBasicAuth: dGVzdHBkcDphbHBoYTEyMw==
- polUrl: https://pdp:8081/pdp/api/getConfig
+ polBasicAuthUser: healthcheck
+ polBasicAuthPassword: zb!XztG34
+ polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
polEnv: TEST
polReqId: xx
aaiCertPass: changeit
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2020 Bell Canada.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ type: {{ .Values.service.type }}
ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
+ {{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2020 Bell Canada.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
+ nodePortPrefixExt: 304
persistence: {}
envsubstImage: dibi/envsubst
portName: policy-pap
internalPort: 6969
externalPort: 6969
+ nodePort: 42
ingress:
enabled: false
remote_centralized_system_access = {{.Values.global.aafEnabled}}
# External Access System Basic Auth Credentials & Rest endpoint
-# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
-ext_central_access_user_name = portal@portal.onap.org
-ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+ext_central_access_user_name = aaf_admin@people.osaaf.org
+ext_central_access_password = demo123456!
ext_central_access_url = {{.Values.aafURL}}
ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:3.2.1
+image: onap/portal-app:3.2.2
pullPolicy: Always
#AAF local config
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-db:3.2.0
+image: onap/portal-db:3.2.2
pullPolicy: Always
remote_centralized_system_access = {{.Values.global.aafEnabled}}
# External Access System Basic Auth Credentials & Rest endpoint
-# The credentials are placeholders as these are replaced by AAF X509 identity at runtime
-ext_central_access_user_name = portal@portal.onap.org
-ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert
+# External Access System Basic Auth Credentials & Rest endpoint
+ext_central_access_user_name = aaf_admin@people.osaaf.org
+ext_central_access_password = demo123456!
ext_central_access_url = {{.Values.aafURL}}
ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-wms:3.2.0
+image: onap/portal-wms:3.2.2
pullPolicy: Always
# flag to enable debugging - application support required
- name: common
version: ~6.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
- name: network-name-gen
version: ~6.x-0
repository: '@local'
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Get "resources/env.yaml") . | indent 2 }}
-
-{{ if .Values.global.aafEnabled }}
-{{- if .Values.aafConfig.addconfig -}}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "aaf-add-config" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
- aaf-add-config.sh: |-
- cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.aafConfig.credsPath }}/.pass 2>&1
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-
-{{ if .Values.certpersistence.enabled }}
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-certs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-certs
-spec:
- capacity:
- storage: {{ .Values.certpersistence.size }}
- accessModes:
- - {{ .Values.certpersistence.accessMode }}
- storageClassName: "{{ include "common.fullname" . }}-certs"
- persistentVolumeReclaimPolicy: {{ .Values.certpersistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.certpersistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.certpersistence.mountSubPath }}
-{{ end }}
+++ /dev/null
-{{- if and .Values.certpersistence.enabled (not .Values.certpersistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" .}}-certs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}-certs
-{{- if .Values.certpersistence.annotations }}
- annotations:
-{{ toYaml .Values.certpersistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.certpersistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.certpersistence.size }}
-{{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-certs"
-{{- else }}
- storageClassName: {{ include "common.storageClass" . }}
- {{- end }}
-{{- end -}}
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- {{ if .Values.global.aafEnabled }}
-{{ include "common.aaf-config" . | indent 6 }}
- {{ end }}
+
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+
- name: {{ include "common.name" . }}-chown
image: "busybox"
- command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certpersistence.certPath }}"]
+ command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
-{{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
-{{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- name: JAVA_HOME
value: "{{ .Values.config.javaHome}}"
volumeMounts:
- {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volume-mountpath" . | indent 10 }}
- {{- end }}
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
{{ else }}
- {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volumes" . | indent 8 }}
- {{- end }}
+{{ include "common.certInitializer.volumes" . | nindent 8 }}
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- - uid: &aaf_secret_uid aaf-creds
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aaf_init.deploy_fqi }}'
- password: '{{ .Values.aaf_init.deploy_pass }}'
- passwordPolicy: required
- uid: netbox-apikey
type: password
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
numberGGLogFiles: 10
# dependency / sub-chart configuration
-aafConfig:
- addconfig: true
+certInitializer:
+ nameOverride: sdnc-cert-initializer
fqdn: "sdnc"
app_ns: "org.osaaf.aaf"
fqi: "sdnc@sdnc.onap.org"
aafDeployPass: demo123456!
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
- secret_uid: *aaf_secret_uid
credsPath: /opt/app/osaaf/local
-
-aaf_init:
- agentImage: onap/aaf/aaf_agent:2.1.15
- app_ns: "org.osaaf.aaf"
- fqi: "sdnc@sdnc.onap.org"
- fqdn: "sdnc"
- public_fqdn: "sdnc.onap.org"
- deploy_fqi: "deployer@people.osaaf.org"
- deploy_pass: "demo123456!"
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1
mariadb-galera: &mariadbGalera
nameOverride: sdnc-db
mountSubPath: sdnc/mdsal
mdsalPath: /opt/opendaylight/current/daexim
-certpersistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
-
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 50Mi
- mountPath: /dockerdata-nfs
- mountSubPath: sdnc/certs
- certPath: /opt/app/osaaf
- ##storageClass: "manual"
-
ingress:
enabled: false
service:
Code Review / oom.git / commitdiff