--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2018 Amdocs, Bell Canada
+
+.. Links
+.. _hardcoded-certiticates-label:
+
+ONAP Hardcoded certificates
+###########################
+
+ONAP current installation have hardcoded certificates.
+Here's the list of these certificates:
+
+ +-----------------------------------------------------------------------------------------------------------------------------------------------------+
+ | Project | ONAP Certificate | Own Certificate | MSB Certificate | Path |
+ +==================+==================+==================+============================================================================================+
+ | AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/BPMN | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/Catalog | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/Monitoring | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/OpenStack | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/RequestDb | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/SDC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/SDNC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VE/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VFC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | VID | No | Yes | No | kubernetes/vid/resources/cert |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- :ref:`user-guide-label` - a guide for operators of an ONAP instance
- :ref:`developer-guide-label` - a guide for developers of OOM and ONAP
- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use
+- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation
The :ref:`release-notes-label` for OOM describe the incremental features per release.
-Subproject commit 3d1bbe894ff20bc8b1512591c6d8993b4d2009b1
+Subproject commit 734cab7fc193e701b59bacc9c234030b52449fa4
if $ENABLE_AAF
then
cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
- else
- cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
fi
fi
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
env:
- name: APPC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 10 }}
- name: APPC_DB_PASSWD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 10 }}
- name: SDNC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input/appc-data-properties
name: onap-appc-data-properties-input
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: APPC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 14 }}
- name: APPC_DB_PASSWD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 14 }}
- name: SDNC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 14 }}
- name: SDNC_DB_PASSWD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 14 }}
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
- name: APPC_CONFIG_DIR
blueprintsprocessor.grpcPort=9111
# db
-blueprintsprocessor.db.url=jdbc:mysql://cds-db:3306/sdnctl
-blueprintsprocessor.db.username=sdnctl
-blueprintsprocessor.db.password=sdnctl
+blueprintsprocessor.db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
+blueprintsprocessor.db.username=${CDS_DB_USERNAME}
+blueprintsprocessor.db.password=${CDS_DB_PASSWORD}
blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver
blueprintsprocessor.db.hibernateHbm2ddlAuto=update
blueprintsprocessor.db.hibernateDDLAuto=update
# processor-db endpoint
blueprintsprocessor.db.processor-db.type=maria-db
-blueprintsprocessor.db.processor-db.url=jdbc:mysql://mariadb-galera:3306/sdnctl
+blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
blueprintsprocessor.db.processor-db.username=root
-blueprintsprocessor.db.processor-db.password=secretpassword
+blueprintsprocessor.db.processor-db.password=${CDS_DB_ROOT_PASSWORD}
# Python executor
blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu
security.user.name: ccsdkapps
+# Error Managements
+error.catalog.applicationId=cds
+error.catalog.type=properties
+error.catalog.errorDefinitionFileDirectory=/opt/app/onap/config
+
# SDN-C's ODL Restconf Connection Details
blueprintsprocessor.restconfEnabled=true
blueprintsprocessor.restclient.sdncodl.type=basic-auth
blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
-blueprintprocessor.remoteScriptCommand.enabled=true
-
#Encrypted username and password for health check service
endpoints.user.name=eHbVUbJAj4AG2522cSbrOQ==
endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ==
--- /dev/null
+#
+# Copyright © 2020 IBM, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+org.onap.ccsdk.cds.blueprintsprocessor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Self Service API
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_failure=cause=Internal error in Self Service API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_process_failure=cause=Internal error while processing REST call to the Self Service API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Designer API
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.generic_failure=cause=Internal error while processing REST call to the Designer API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Resource API
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.generic_failure=cause=Internal error while processing REST call to the Resource API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+
+# Configs API
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.generic_failure=cause=Internal error while processing REST call to the Configs API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+
+# Python Executor
+org.onap.ccsdk.cds.blueprintsprocessor.functions.python.executor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
+
+# Resource resolution
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.resource_not_found=cause=No response was found for this resolution in CDS.,action=Verify definition of the resource in CBA.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.internal_error=cause=Internal error while processing Resource Resolution.,action=Verify the payload.
+
+org.onap.ccsdk.cds.sdclistener.generic_failure=cause=Internal error in SDC Listener.,action=Contact CDS administrator team.
# Copyright (c) 2019 IBM, Bell Canada
+# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${CDS_DB_ROOT_PASSWORD}' <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: CDS_DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}}
+ - name: CDS_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}}
+ - name: CDS_DB_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-root-pass" "key" "password") | indent 10}}
+
+ volumeMounts:
+ - mountPath: /config-input/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ - mountPath: /config
+ name: processed-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
name: localtime
readOnly: true
- mountPath: {{ .Values.config.appConfigDir }}/application.properties
- name: {{ include "common.fullname" . }}-config
+ name: processed-config
subPath: application.properties
+ - mountPath: {{ .Values.config.appConfigDir }}/error-messages_en.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: error-messages_en.properties
- mountPath: {{ .Values.config.appConfigDir }}/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
items:
- key: application.properties
path: application.properties
+ - key: error-messages_en.properties
+ path: error-messages_en.properties
- key: logback.xml
path: logback.xml
- key: hazelcast.yaml
- name: {{ include "common.fullname" . }}-blueprints
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-cds-blueprints
+ - name: processed-config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-# Copyright (c) 2020 Samsung Electronics
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
# Copyright (c) 2019 IBM, Bell Canada
+# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
persistence:
mountPath: /dockerdata-nfs
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'cds-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.config.cdsDB.dbUser }}'
+ password: '{{ .Values.config.cdsDB.dbPassword }}'
+ passwordPolicy: required
+ - uid: 'cds-db-root-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbRootPassExternalSecret) . }}'
+ password: '{{ .Values.config.cdsDB.dbRootPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
appConfigDir: /opt/app/onap/config
useScriptCompileCache: true
+ cdsDB:
+ dbServer: cds-db
+ dbPort: 3306
+ dbName: sdnctl
+ # dbUser: sdnctl
+ # dbPassword: sdnctl
+ # dbCredsExternalSecret: <some secret name>
+ # dbRootPassword: password
+ # dbRootPassExternalSecret
# default number of instances
replicaCount: 1
# custom kafka cluster.
dmaapEnabled: true
+
# probe configuration parameters
liveness:
initialDelaySeconds: 120
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-description: ONAP VFC - Catalog
-name: vfc-catalog
-version: 5.0.0
\ No newline at end of file
+{{ include "common.secretFast" . }}
+# Copyright © 2020 Samsung Electronics
# Copyright © 2019 Orange, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
#
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - name: &dbUserSecretName '{{ include "common.release" . }}-cds-db-secret'
+ uid: 'cds-db-secret'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ - name: &dbRootPasswordSecretName '{{ include "common.release" . }}-cds-db-root-pass'
+ uid: 'cds-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "cds-db-root-pass" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
+ password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+
#################################################################
# Application configuration defaults.
#################################################################
ingress:
enabled: false
-
mariadb-galera:
config:
- userName: sdnctl
- userPassword: sdnctl
- mariadbRootPassword: sdnctl
- mysqlDatabase: sdnctl
- nameOverride: cds-db
+ userName: sdnctl
+ # userPassword: sdnctl
+ userCredentialsExternalSecret: *dbUserSecretName
+ mariadbRootPasswordExternalSecret: *dbRootPasswordSecretName
+ mysqlDatabase: &mysqlDbName sdnctl
+ nameOverride: &dbServer cds-db
service:
name: cds-db
portName: cds-db
enabled: true
mountSubPath: cds/data
+cds-blueprints-processor:
+ config:
+ cdsDB:
+ dbServer: *dbServer
+ dbPort: 3306
+ dbName: *mysqlDbName
+ dbCredsExternalSecret: *dbUserSecretName
+ dbRootPassExternalSecret: *dbRootPasswordSecretName
+
#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:4.1.3
+image: onap/clamp-backend:5.0.1
pullPolicy: Always
# flag to enable debugging - application support required
springApplicationJson: >
{
"spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
- "spring.profiles.active": "clamp-default,clamp-default-user,clamp-sdc-controller-new",
- "clamp.config.sdc.catalog.url": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/",
- "clamp.config.sdc.hostUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/",
- "clamp.config.sdc.serviceUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/services",
- "clamp.config.sdc.serviceUsername": "clamp",
- "clamp.config.sdc.servicePassword": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+ "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
"clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
"clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
"clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
"clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969",
"clamp.config.policy.pap.userName": "healthcheck",
"clamp.config.policy.pap.password": "zb!XztG34",
- "clamp.config.policy.pdpUrl1": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123",
- "clamp.config.policy.pdpUrl2": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123",
- "clamp.config.policy.papUrl": "https://pap.{{ include "common.namespace" . }}:9091/pap/ , testpap, alpha123",
- "clamp.config.policy.clientKey": "dGVzdA==",
"clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095",
"com.att.eelf.logging.path": "/opt/clamp",
"com.att.eelf.logging.file": "logback.xml"
+ create table dictionary (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ dictionary_second_level integer,
+ dictionary_type varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
+ create table dictionary_elements (
+ short_name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ description varchar(255) not null,
+ name varchar(255) not null,
+ subdictionary_name varchar(255),
+ type varchar(255) not null,
+ primary key (short_name)
+ ) engine=InnoDB;
+
+ create table dictionary_to_dictionaryelements (
+ dictionary_name varchar(255) not null,
+ dictionary_element_short_name varchar(255) not null,
+ primary key (dictionary_name, dictionary_element_short_name)
+ ) engine=InnoDB;
+
create table hibernate_sequence (
next_val bigint
) engine=InnoDB;
insert into hibernate_sequence values ( 1 );
+ create table loop_element_models (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ blueprint_yaml MEDIUMTEXT,
+ dcae_blueprint_id varchar(255),
+ loop_element_type varchar(255) not null,
+ short_name varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
create table loop_logs (
id bigint not null,
log_component varchar(255) not null,
primary key (id)
) engine=InnoDB;
- create table loops (
+ create table loop_templates (
name varchar(255) not null,
- blueprint_yaml MEDIUMTEXT not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ allowed_loop_type varchar(255),
+ blueprint_yaml MEDIUMTEXT,
dcae_blueprint_id varchar(255),
+ maximum_instances_allowed integer,
+ svg_representation MEDIUMTEXT,
+ unique_blueprint boolean default false,
+ service_uuid varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
+ create table loopelementmodels_to_policymodels (
+ loop_element_name varchar(255) not null,
+ policy_model_type varchar(255) not null,
+ policy_model_version varchar(255) not null,
+ primary key (loop_element_name, policy_model_type, policy_model_version)
+ ) engine=InnoDB;
+
+ create table loops (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
dcae_deployment_id varchar(255),
dcae_deployment_status_url varchar(255),
global_properties_json json,
last_computed_state varchar(255) not null,
- model_properties_json json,
- operational_policy_schema json,
svg_representation MEDIUMTEXT,
+ loop_template_name varchar(255) not null,
+ service_uuid varchar(255),
primary key (name)
) engine=InnoDB;
- create table loops_microservicepolicies (
- loop_id varchar(255) not null,
- microservicepolicy_id varchar(255) not null,
- primary key (loop_id, microservicepolicy_id)
+ create table loops_to_microservicepolicies (
+ loop_name varchar(255) not null,
+ microservicepolicy_name varchar(255) not null,
+ primary key (loop_name, microservicepolicy_name)
+ ) engine=InnoDB;
+
+ create table looptemplates_to_loopelementmodels (
+ loop_element_model_name varchar(255) not null,
+ loop_template_name varchar(255) not null,
+ flow_order integer not null,
+ primary key (loop_element_model_name, loop_template_name)
) engine=InnoDB;
create table micro_service_policies (
name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ configurations_json json,
json_representation json not null,
- model_type varchar(255) not null,
- policy_tosca MEDIUMTEXT not null,
- properties json,
+ pdp_group varchar(255),
+ pdp_sub_group varchar(255),
+ context varchar(255),
+ dcae_blueprint_id varchar(255),
+ dcae_deployment_id varchar(255),
+ dcae_deployment_status_url varchar(255),
+ device_type_scope varchar(255),
shared bit not null,
+ loop_element_model_id varchar(255),
+ policy_model_type varchar(255),
+ policy_model_version varchar(255),
primary key (name)
) engine=InnoDB;
create table operational_policies (
name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
configurations_json json,
+ json_representation json not null,
+ pdp_group varchar(255),
+ pdp_sub_group varchar(255),
+ loop_element_model_id varchar(255),
+ policy_model_type varchar(255),
+ policy_model_version varchar(255),
loop_id varchar(255) not null,
primary key (name)
) engine=InnoDB;
- alter table loop_logs
- add constraint FK1j0cda46aickcaoxqoo34khg2
- foreign key (loop_id)
+ create table policy_models (
+ policy_model_type varchar(255) not null,
+ version varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ policy_acronym varchar(255),
+ policy_tosca MEDIUMTEXT,
+ policy_pdp_group json,
+ primary key (policy_model_type, version)
+ ) engine=InnoDB;
+
+ create table services (
+ service_uuid varchar(255) not null,
+ name varchar(255) not null,
+ resource_details json,
+ service_details json,
+ version varchar(255),
+ primary key (service_uuid)
+ ) engine=InnoDB;
+
+ alter table dictionary_to_dictionaryelements
+ add constraint FK68hjjinnm8nte2owstd0xwp23
+ foreign key (dictionary_element_short_name)
+ references dictionary_elements (short_name);
+
+ alter table dictionary_to_dictionaryelements
+ add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe
+ foreign key (dictionary_name)
+ references dictionary (name);
+
+ alter table loop_logs
+ add constraint FK1j0cda46aickcaoxqoo34khg2
+ foreign key (loop_id)
references loops (name);
- alter table loops_microservicepolicies
- add constraint FKem7tp1cdlpwe28av7ef91j1yl
- foreign key (microservicepolicy_id)
+ alter table loop_templates
+ add constraint FKn692dk6281wvp1o95074uacn6
+ foreign key (service_uuid)
+ references services (service_uuid);
+
+ alter table loopelementmodels_to_policymodels
+ add constraint FK23j2q74v6kaexefy0tdabsnda
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+ alter table loopelementmodels_to_policymodels
+ add constraint FKjag1iu0olojfwryfkvb5o0rk5
+ foreign key (loop_element_name)
+ references loop_element_models (name);
+
+ alter table loops
+ add constraint FK844uwy82wt0l66jljkjqembpj
+ foreign key (loop_template_name)
+ references loop_templates (name);
+
+ alter table loops
+ add constraint FK4b9wnqopxogwek014i1shqw7w
+ foreign key (service_uuid)
+ references services (service_uuid);
+
+ alter table loops_to_microservicepolicies
+ add constraint FKle255jmi7b065fwbvmwbiehtb
+ foreign key (microservicepolicy_name)
references micro_service_policies (name);
- alter table loops_microservicepolicies
- add constraint FKsvx91jekgdkfh34iaxtjfgebt
- foreign key (loop_id)
+ alter table loops_to_microservicepolicies
+ add constraint FK8avfqaf7xl71l7sn7a5eri68d
+ foreign key (loop_name)
references loops (name);
- alter table operational_policies
- add constraint FK1ddoggk9ni2bnqighv6ecmuwu
- foreign key (loop_id)
+ alter table looptemplates_to_loopelementmodels
+ add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9
+ foreign key (loop_element_model_name)
+ references loop_element_models (name);
+
+ alter table looptemplates_to_loopelementmodels
+ add constraint FKj29yxyw0x7ue6mwgi6d3qg748
+ foreign key (loop_template_name)
+ references loop_templates (name);
+
+ alter table micro_service_policies
+ add constraint FKqvvdypacbww07fuv8xvlvdjgl
+ foreign key (loop_element_model_id)
+ references loop_element_models (name);
+
+ alter table micro_service_policies
+ add constraint FKn17j9ufmyhqicb6cvr1dbjvkt
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+ alter table operational_policies
+ add constraint FKi9kh7my40737xeuaye9xwbnko
+ foreign key (loop_element_model_id)
+ references loop_element_models (name);
+
+ alter table operational_policies
+ add constraint FKlsyhfkoqvkwj78ofepxhoctip
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+ alter table operational_policies
+ add constraint FK1ddoggk9ni2bnqighv6ecmuwu
+ foreign key (loop_id)
references loops (name);
---
apiVersion: v1
kind: ConfigMap
-metadata:
- name: clamp-entrypoint-drop-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/drop/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
metadata:
name: clamp-entrypoint-bulkload-configmap
namespace: {{ include "common.namespace" . }}
name: {{ template "common.fullname" . }}
key: db-root-password
volumeMounts:
- - mountPath: /docker-entrypoint-initdb.d/load-sql-files-tests-automation.sh
+ - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh
name: docker-entrypoint-initdb
- subPath: load-sql-files-tests-automation.sh
+ subPath: bootstrap-database.sh
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /docker-entrypoint-initdb.d/drop/
- name: docker-entrypoint-clds-drop
- mountPath: /docker-entrypoint-initdb.d/bulkload/
name: docker-entrypoint-bulkload
- mountPath: /etc/mysql/conf.d/conf1/
- name: docker-entrypoint-initdb
configMap:
name: clamp-entrypoint-initdb-configmap
- - name: docker-entrypoint-clds-drop
- configMap:
- name: clamp-entrypoint-drop-configmap
- name: docker-entrypoint-bulkload
configMap:
name: clamp-entrypoint-bulkload-configmap
server {
- listen 443 default ssl;
+ listen 2443 default ssl;
ssl_protocols TLSv1.2;
ssl_certificate /etc/ssl/clamp.pem;
ssl_certificate_key /etc/ssl/clamp.key;
volumeMounts:
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/nginx/
- - mountPath: /etc/nginx/conf.d/nginx.conf
+ - mountPath: /etc/nginx/conf.d/default.conf
name: {{ include "common.fullname" . }}-config
- subPath: nginx.conf
+ subPath: default.conf
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
configMap:
name: {{ include "common.fullname" . }}
items:
- - key: nginx.conf
- path: nginx.conf
+ - key: default.conf
+ path: default.conf
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-clamp-filebeat-configmap
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:4.1.3
+image: onap/clamp-frontend:5.0.1
pullPolicy: Always
# flag to enable debugging - application support required
type: NodePort
name: clamp-external
portName: clamp-external
- internalPort: 443
+ internalPort: 2443
nodePort: 58
# as of 20180904 port 58 is reserved for clamp from log/logdemonode
type2: ClusterIP
name2: clamp
portName2: clamp-internal
- internalPort2: 443
+ internalPort2: 2443
externalPort2: 8443
ingress:
service:
- baseaddr: "clamp"
name: "clamp"
- port: 443
+ port: 2443
config:
ssl: "redirect"
--- /dev/null
+{{/*
+# Copyright © 2020 Amdocs, Bell Canada, highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ common templates to enable aaf configs for applictaions
+
+ Parameter for aafConfig to be defined in values.yaml
+ aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" "<yourkey>" "dot" .)
+ # additional scripts can be defined to handle certs
+ addconfig: true|false
+ fqdn: "sdnc"
+ image: onap/aaf/aaf_agent:2.1.15
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "aaf.osaaf.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ persistence:
+ enabled: true
+ config.volumeReclaimPolicy: Delete
+ config.accessMode: ReadWriteMany
+ config.size: 40M
+ config.storageClass: "manual"
+ config.mountPath: "/dockerdata-nfs"
+ config.mountSubPath: "sdnc/aaf"
+ # secrets configuration, Note: create a secrets template
+ secrets:
+ - uid: aaf-deploy-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{ include "common.aaf-config" . | nindent XX}}
+
+ containers:
+ volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- end }}
+ volumes:
+ {{- include "common.aaf-config-volumes" . | nindent XX}}
+
+ If persistence.enabled = true
+ Create pvc:
+ {{ include "common.aaf-config-pvc" . }}
+ Create pv
+ {{ include "common.aaf-config-pv" . }}
+
+*/}}
+{{- define "common.aaf-config" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+{{ if .Values.global.aafEnabled }}
+- name: {{ include "common.name" . }}-aaf-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
+
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+- name: {{ include "common.name" . }}-aaf-config
+ image: {{ .Values.global.repository }}/{{index .Values $aafRoot "image" }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- if (index .Values $aafRoot "addconfig") }}
+ - name: aaf-add-config
+ mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
+ subPath: aaf-add-config.sh
+ {{- end }}
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash
+ /opt/app/aaf_config/bin/agent.sh
+ {{- if (index .Values $aafRoot "addconfig") }}
+ /opt/app/aaf_config/bin/aaf-add-config.sh
+ {{- end }}
+ env:
+ - name: APP_FQI
+ value: "{{ index .Values $aafRoot "fqi" }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ index .Values $aafRoot "fqdn" }}"
+ - name: aaf_locator_app_ns
+ value: "{{ index .Values $aafRoot "app_ns" }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 6 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 6 }}
+ #Note: want to put this on Nodes, evenutally
+ - name: cadi_longitude
+ value: "{{ default "52.3" (index .Values $aafRoot "cadi_longitude") }}"
+ - name: cadi_latitude
+ value: "{{ default "13.2" (index .Values $aafRoot "cadi_latitude") }}"
+ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+ - name: aaf_locator_public_fqdn
+ value: "{{ (index .Values $aafRoot "public_fqdn") | default "" }}"
+{{- end -}}
+{{- end -}}
+
+
+{{- define "common.aaf-config-volume-mountpath" -}}
+{{ if .Values.global.aafEnabled }}
+- mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+{{- end -}}
+{{- end -}}
+
+{{- define "common.aaf-config-volumes" -}}
+{{ if .Values.global.aafEnabled }}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+- name: {{ include "common.fullname" . }}-aaf-config-vol
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-aaf-config-pvc
+{{- if (index .Values $aafRoot "addconfig") }}
+- name: aaf-add-config
+ configMap:
+ name: {{ include "common.fullname" . }}-aaf-add-config
+ defaultMode: 0700
+{{- end }}
+{{- end -}}
+{{- end }}
+
+{{- define "common.aaf-config-pv" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-config-pv
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-aaf-config-pv
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ index .Values $aafRoot "persistence" "config" "size"}}
+ accessModes:
+ - {{ index .Values $aafRoot "persistence" "config" "accessMode" }}
+ persistentVolumeReclaimPolicy: {{ index .Values $aafRoot "persistence" "config" "volumeReclaimPolicy" }}
+ hostPath:
+ path: {{ index .Values $aafRoot "persistence" "config" "mountPath" }}/{{ .Release.Name }}/{{ index .Values $aafRoot "persistence" "config" "mountSubPath" }}
+{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }}
+{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{- define "common.aaf-config-pvc" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-config-pvc
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if (index .Values $aafRoot "persistence" "annotations") }}
+ annotations:
+{{ toYaml (index .Values $aafRoot "persistence" "annotations" ) | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}-aaf-config-pv
+ accessModes:
+ - {{ index .Values $aafRoot "persistence" "config" "accessMode" }}
+ resources:
+ requests:
+ storage: {{ index .Values $aafRoot "persistence" "config" "size" }}
+{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }}
+{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}"
+{{- end }}
+{{- end }}
+{{- end -}}
{{/*
Common labels
+The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .labels : labels to add (dict)
*/}}
{{- define "common.labels" -}}
-app.kubernetes.io/name: {{ include "common.name" . }}
-helm.sh/chart: {{ include "common.chart" . }}
-app.kubernetes.io/instance: {{ include "common.release" . }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- $dot := default . .dot -}}
+app.kubernetes.io/name: {{ include "common.name" $dot }}
+helm.sh/chart: {{ include "common.chart" $dot }}
+app.kubernetes.io/instance: {{ include "common.release" $dot }}
+app.kubernetes.io/managed-by: {{ $dot.Release.Service }}
+{{ if .labels }}
+{{- include "common.tplValue" (dict "value" .labels "context" $dot) }}
+{{- end -}}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
+The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .matchLabels: selectors/matchlLabels to add (dict)
*/}}
{{- define "common.matchLabels" -}}
-app.kubernetes.io/name: {{ include "common.name" . }}
-app.kubernetes.io/instance: {{ include "common.release" . }}
+{{- $dot := default . .dot -}}
+{{- if not .matchLabels.nameNoMatch -}}
+app.kubernetes.io/name: {{ include "common.name" $dot }}
+{{- end }}
+app.kubernetes.io/instance: {{ include "common.release" $dot }}
+{{ if .matchLabels }}
+{{$_ := unset .matchLabels "nameNoMatch"}}
+{{- include "common.tplValue" (dict "value" .matchLabels "context" $dot) }}
+{{- end -}}
{{- end -}}
{{/*
Generate "top" metadata for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .labels: labels to add (dict)
+ - .suffix: suffix to name
+
*/}}
{{- define "common.resourceMetadata" -}}
-name: {{ include "common.fullname" . }}
-namespace: {{ include "common.namespace" . }}
-labels: {{- include "common.labels" . | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" .suffix -}}
+{{- $labels := default (dict) .labels -}}
+{{- $annotations := default (dict) .annotations -}}
+name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}}
+namespace: {{ include "common.namespace" $dot }}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }}
+{{- if $annotations }}
+annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2}}
+{{- end -}}
{{- end -}}
{{/*
Generate selectors for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .matchLabels: labels to add (dict)
*/}}
{{- define "common.selectors" -}}
-matchLabels: {{- include "common.matchLabels" . | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+matchLabels: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 2 }}
{{- end -}}
{{/*
Generate "template" metadata for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary)
+ - .dot : environment (.)
+ - .labels: labels to add (dict)
*/}}
{{- define "common.templateMetadata" -}}
-{{- if .Values.podAnnotations }}
-annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $labels := default (dict) .labels -}}
+{{- if $dot.Values.podAnnotations }}
+annotations: {{- include "common.tplValue" (dict "value" $dot.Values.podAnnotations "context" $) | nindent 2 }}
{{- end }}
-labels: {{- include "common.labels" . | nindent 2 }}
-name: {{ include "common.name" . }}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }}
+name: {{ include "common.name" $dot }}
{{- end -}}
{{/*
Expand the name of a chart.
+ The function takes from one to two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix : add a suffix to the name
*/}}
{{- define "common.name" -}}
- {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+ {{- $dot := default . .dot -}}
+ {{- $suffix := .suffix -}}
+ {{- default $dot.Chart.Name $dot.Values.nameOverride | trunc 63 | trimSuffix "-" -}}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
{{- end -}}
{{/*
{{- define "common.fullnameExplicit" -}}
{{- $dot := .dot }}
{{- $name := .chartName }}
- {{- printf "%s-%s" (include "common.release" $dot) $name | trunc 63 | trimSuffix "-" -}}
+ {{- $suffix := default "" .suffix -}}
+ {{- printf "%s-%s-%s" (include "common.release" $dot) $name $suffix | trunc 63 | trimSuffix "-" | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified application name.
Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+ Usage:
+ include "common.fullname" .
+ include "common.fullname" (dict "suffix" "mySuffix" "dot" .)
+ The function takes from one to two arguments:
+ - .dot : environment (.)
+ - .suffix : add a suffix to the fullname
*/}}
{{- define "common.fullname" -}}
- {{- $name := default .Chart.Name .Values.nameOverride -}}
- {{- include "common.fullnameExplicit" (dict "dot" . "chartName" $name) }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" .suffix -}}
+ {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
+ {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
{{- end -}}
{{/*
{{- end }}
{{- end -}}
+{{/*
+ For internal use only!
+
+ Pick a value based on "user input" and generation policy.
+
+ The template takes below arguments:
+ - .global: environment (.)
+ - .secretName: name of the secret where the value will be placed
+ - .secretEnv: map of values which configures this secret. This can contain below keys:
+ - value: Value of secret key provided by user (can be a template inside a string)
+ - policy: What to do if value is missing or empty. Possible options are:
+ - generate: Generate a new password deriving it from master password
+ - required: Fail the deployment if value has not been provided
+ Defaults to generate.
+ - name: Name of the key to which this value should be assigned
+*/}}
+{{- define "common.secret._valueFast" -}}
+ {{- $global := .global }}
+ {{- $name := .secretName }}
+ {{- $secretEnv := .secretEnv }}
+ {{- $value := $secretEnv.value }}
+ {{- $policy := default "generate" $secretEnv.policy }}
+
+ {{- if $value }}
+ {{- $value | quote }}
+ {{- else if eq $policy "generate" }}
+ {{- include "common.createPassword" (dict "dot" $global "uid" $name) | quote }}
+ {{- else }}
+ {{- fail (printf "Value for %s secret %s key not provided" $name $secretEnv.name) }}
+ {{- end }}
+{{- end -}}
+
{{/*
Generate a secret name based on provided name or UID.
{{- default (printf "%s-%s" $fullname $uid) $name }}
{{- end -}}
+{{- define "common.secret.genNameFast" -}}
+ {{- $global := .global }}
+ {{- $uid := (default "" .uid) }}
+ {{- $name := (default "" .name) }}
+ {{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }}
+ {{- default (printf "%s-%s" $fullname $uid) $name }}
+{{- end -}}
+
{{/*
Get the real secret name by UID or name, based on the configuration provided by user.
User may decide to not create a new secret but reuse existing one for this deployment
{{- $uid := tpl (default "" .uid) $global }}
{{- $targetName := default (include "common.secret.genName" (dict "global" $global "uid" $uid "name" .name)) $name}}
{{- range $secret := $global.Values.secrets }}
- {{- $givenName := tpl (default "" $secret.name) $global }}
{{- $currUID := tpl (default "" $secret.uid) $global }}
+ {{- $givenName := tpl (default "" $secret.name) $global }}
{{- $currName := default (include "common.secret.genName" (dict "global" $global "uid" $currUID "name" $secret.name)) $givenName }}
{{- if or (eq $uid $currUID) (eq $currName $targetName) }}
{{- $externalSecret := tpl (default "" $secret.externalSecret) $global }}
{{- end }}
{{- end -}}
+{{- define "common.secret.getSecretNameFast" -}}
+ {{- $global := .global }}
+ {{- include "common.secret.buildCache" $global }}
+ {{- $secretsCache := $global.Values._secretsCache }}
+ {{- $uid := tpl .uid $global }}
+ {{- $secret := index $secretsCache $uid }}
+ {{- $secret.realName }}
+{{- end -}}
+
+{{- define "common.secret.buildCache" -}}
+ {{- $global := . }}
+ {{- if not $global.Values._secretsCache }}
+ {{- $secretCache := dict }}
+ {{- range $secret := .Values.secrets }}
+ {{- $entry := dict }}
+ {{- $uid := tpl (default "" $secret.uid) $global }}
+ {{- $keys := keys $secret }}
+ {{- range $key := (without $keys "annotations" "filePaths" )}}
+ {{- $_ := set $entry $key (tpl (index $secret $key) $global) }}
+ {{- end }}
+ {{- if $secret.annotations }}
+ {{- $_ := set $entry "annotations" $secret.annotations }}
+ {{- end }}
+ {{- if $secret.filePaths }}
+ {{- if kindIs "string" $secret.filePaths }}
+ {{- $evaluated := tpl (default "" $secret.filePaths) $global }}
+ {{- if and $evaluated (ne $evaluated "\"\"") }}
+ {{- $fstr := printf "val:\n%s" ($evaluated | indent 2) }}
+ {{- $flist := (index (tpl $fstr $global | fromYaml) "val") }}
+ {{- $_ := set $entry "filePaths" $flist }}
+ {{- else }}
+ {{- $_ := set $entry "filePaths" (list) }}
+ {{- end }}
+ {{- else }}
+ {{- $_ := set $entry "filePaths" $secret.filePaths }}
+ {{- end }}
+ {{- end }}
+ {{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }}
+ {{- $_ := set $entry "realName" $realName }}
+ {{- $_ := set $secretCache $uid $entry }}
+ {{- end }}
+ {{- $_ := set $global.Values "_secretsCache" $secretCache }}
+ {{- end }}
+{{- end -}}
+
{{/*
Convenience template which can be used to easily set the value of environment variable
to the value of a key in a secret.
key: {{ $key }}
{{- end -}}
+{{- define "common.secret.envFromSecretFast" -}}
+ {{- $key := .key }}
+valueFrom:
+ secretKeyRef:
+ name: {{ include "common.secret.getSecretNameFast" . }}
+ key: {{ $key }}
+{{- end -}}
+
{{/*
Define secrets to be used by chart.
Every secret has a type which is one of:
{{- end }}
{{- end }}
{{- end -}}
+
+{{/*
+ Define secrets to be used by chart.
+ Every secret has a type which is one of:
+ - generic:
+ Generic secret template that allows to input some raw data (from files).
+ File Input can be passed as list of files (filePaths) or as a single string
+ (filePath)
+ - genericKV:
+ Type of secret which allows you to define a list of key value pairs.
+ The list is assiged to envs value. Every item may define below items:
+ - name:
+ Identifier of this value within secret
+ - value:
+ String that defines a value associated with given key.
+ This can be a simple string or a template.
+ - policy:
+ Defines what to do if value is not provided by the user.
+ Available options are:
+ - generate:
+ Generate a value by derriving it from master password
+ - required:
+ Fail the deployment
+ - password:
+ Type of secret that holds only the password.
+ Only two items can be defined for this type:
+ - password:
+ Equivalent of value field from genericKV
+ - policy:
+ The same meaning as for genericKV policy field
+ - basicAuth:
+ Type of secret that holds both username and password.
+ Below fields are available:
+ - login:
+ The value for login key.
+ This can be a simple string or a template.
+ Providing a value for login is always required.
+ - password:
+ The value for password key.
+ This can be a simple string or a template.
+ - passwordPolicy:
+ The same meaning as the policy field in genericKV.
+ Only the policy for password can be set.
+
+ Every secret can be identified using:
+ - uid:
+ A string to be appended to the chart fullname to generate a secret name.
+ - name:
+ Overrides default secret name generation and allows to set immutable
+ and globaly unique name
+ - annotations:
+ List of annotations to be used while defining a secret
+
+ To allow sharing a secret between the components and allow to pre-deploy secrets
+ before ONAP deployment it is possible to use already existing secret instead of
+ creating a new one. For this purpose externalSecret field can be used. If value of
+ this field is evaluated to true no new secret is created, only the name of the
+ secret is aliased to the external one.
+
+ Example usage:
+ secrets.yaml:
+ {{ include "common.secretFast" . }}
+
+ values.yaml:
+ mysqlLogin: "root"
+
+ mysqlExternalSecret: "some-other-secret-name"
+
+ secrets:
+ - uid: "mysql"
+ externalSecret: '{{ tpl .Values.passExternalSecret . }}'
+ type: basicAuth
+ login: '{{ .Values.mysqlLogin }}'
+ mysqlPassword: '{{ .Values.mysqlPassword }}'
+ passwordPolicy: generate
+
+ In the above example new secret is not going to be created.
+ Already existing one (some-other-secret-name) is going to be used.
+ To force creating a new one, just make sure that mysqlExternalSecret
+ is not set.
+
+*/}}
+{{- define "common.secretFast" -}}
+ {{- $global := . }}
+ {{- include "common.secret.buildCache" $global }}
+ {{- range $secret := .Values._secretsCache }}
+ {{- $uid := $secret.uid }}
+ {{- $externalSecret := $secret.externalSecret }}
+ {{- if not $externalSecret }}
+ {{- $name := $secret.realName }}
+ {{- $annotations := default "" $secret.annotations }}
+ {{- $type := default "generic" $secret.type }}
+---
+ {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }}
+
+ {{- if eq $type "generic" }}
+data:
+ {{- range $curFilePath := $secret.filePaths }}
+ {{- fail (printf "%s" $curFilePath) }}
+ {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }}
+ {{- end }}
+ {{- if $secret.filePath }}
+ {{ tpl ($global.Files.Glob $secret.filePath).AsSecrets $global | indent 2 }}
+ {{- end }}
+ {{- else if eq $type "genericKV" }}
+stringData:
+ {{- if $secret.envs }}
+ {{- range $secretEnv := $secret.envs }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ {{ $secretEnv.name }}: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- end }}
+ {{- end }}
+ {{- else if eq $type "password" }}
+ {{- $secretEnv := (dict "policy" (default "generate" $secret.policy) "name" "password" "value" $secret.password) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+stringData:
+ password: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- else if eq $type "basicAuth" }}
+stringData:
+ {{- $secretEnv := (dict "policy" "required" "name" "login" "value" $secret.login) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ login: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- $secretEnv := (dict "policy" (default "generate" $secret.passwordPolicy) "name" "password" "value" $secret.password) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ password: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
{{- end -}}
{{/* Define the metadata of Service
- The function takes from one to three arguments (inside a dictionary):
+ The function takes from one to four arguments (inside a dictionary):
- .dot : environment (.)
- .suffix : a string which will be added at the end of the name (with a '-').
- .annotations: the annotations to add
- .msb_informations: msb information in order to create msb annotation
+ - .labels : labels to add
Usage example:
{{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }}
{{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }}
{{- $suffix := default "" .suffix -}}
{{- $annotations := default "" .annotations -}}
{{- $msb_informations := default "" .msb_informations -}}
+ {{- $labels := default (dict) .labels -}}
{{- if or $annotations $msb_informations -}}
annotations:
{{- if $annotations }}
{{- end }}
{{- if $msb_informations }}
msb.onap.org/service-info: '[
+{{- range $index, $msb_information := $msb_informations }}
+{{- if ne $index 0 }}
+ ,
+{{- end }}
{
- "serviceName": "{{ include "common.servicename" $dot }}",
- "version": "{{ default "v1" $msb_informations.version }}",
- "url": "{{ default "/" $msb_informations.url }}",
- "protocol": "{{ default "REST" $msb_informations.protocol }}",
- "port": "{{ $msb_informations.port }}",
- "visualRange":"{{ default "1" $msb_informations.visualRange }}"
+ "serviceName": "{{ default (include "common.servicename" $dot) $msb_information.serviceName }}",
+ "version": "{{ default "v1" $msb_information.version }}",
+ "url": "{{ default "/" $msb_information.url }}",
+ "protocol": "{{ default "REST" $msb_information.protocol }}",
+ "port": "{{ $msb_information.port }}",
+ "visualRange":"{{ default "1" $msb_information.visualRange }}"
}
- ]'
+{{- end }}
+ ]'
{{- end}}
{{- end }}
name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
namespace: {{ include "common.namespace" $dot }}
-labels: {{- include "common.labels" $dot | nindent 2 -}}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 -}}
{{- end -}}
{{/* Define the ports of Service
- .publishNotReadyAddresses: if we publish not ready address
- .headless: if the service is headless
- .add_plain_port: add tls port AND plain port
+ - .labels : labels to add (dict)
+ - .matchLabels: selectors/machLabels to add (dict)
+ - .sessionAffinity: ClientIP - enables sticky sessions based on client IP, default: None
*/}}
{{- define "common.genericService" -}}
{{- $dot := default . .dot -}}
{{- $ports := .ports -}}
{{- $headless := default false .headless -}}
{{- $add_plain_port := default false .add_plain_port }}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+{{- $sessionAffinity := default "None" $dot.Values.service.sessionAffinity -}}
apiVersion: v1
kind: Service
-metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot) | nindent 2 }}
+metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "labels" $labels "dot" $dot) | nindent 2 }}
spec:
{{- if $headless }}
clusterIP: None
publishNotReadyAddresses: true
{{- end }}
type: {{ $serviceType }}
- selector: {{- include "common.matchLabels" $dot | nindent 4 }}
+ selector: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 4 }}
+ sessionAffinity: {{ $sessionAffinity }}
{{- end -}}
{{/*
ports and the other one is NodePort (or LoadBalancer) with crypted port only.
*/}}
{{- define "common.service" -}}
-{{- $suffix := default "" .Values.service.suffix -}}
-{{- $annotations := default "" .Values.service.annotations -}}
-{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}}
-{{- $msb_informations := default "" .Values.service.msb -}}
-{{- $serviceType := .Values.service.type -}}
-{{- $ports := .Values.service.ports -}}
-{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" $dot.Values.service.suffix -}}
+{{- $annotations := default "" $dot.Values.service.annotations -}}
+{{- $publishNotReadyAddresses := default false $dot.Values.service.publishNotReadyAddresses -}}
+{{- $msb_informations := default "" $dot.Values.service.msb -}}
+{{- $serviceType := $dot.Values.service.type -}}
+{{- $ports := $dot.Values.service.ports -}}
+{{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+
{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
{{- if (ne $serviceType "ClusterIP") }}
---
{{- if $suffix }}
{{- else }}
{{- $suffix = "external" }}
{{- end }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
{{- end }}
{{- else }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
{{- end }}
{{- end -}}
{{/* Create headless service template */}}
{{- define "common.headlessService" -}}
-{{- $suffix := include "common._makeHeadlessSuffix" . -}}
-{{- $annotations := default "" .Values.service.headless.annotations -}}
-{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}}
-{{- $ports := .Values.service.headlessPorts -}}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true ) }}
+{{- $dot := default . .dot -}}
+{{- $suffix := include "common._makeHeadlessSuffix" $dot -}}
+{{- $annotations := default "" $dot.Values.service.headless.annotations -}}
+{{- $publishNotReadyAddresses := default false $dot.Values.service.headless.publishNotReadyAddresses -}}
+{{- $ports := $dot.Values.service.headlessPorts -}}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }}
{{- end -}}
{{/*
-{/*
+{{/*
# Copyright © 2020 Amdocs, Bell Canada, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: HTTP_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
- name: HTTP_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
- name: HTTP_ADMIN_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
- name: HTTP_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
- name: HTTP_NODE_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
- name: HTTP_NODE_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
- name: REST_CONF_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
- name: REST_CONF_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: config-input
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
echo "Backup Successful!!!"
env:
- name: DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
volumeMounts:
- name: backup-dir
mountPath: /backup
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
command:
- /bin/bash
- -c
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.externalConfig }}
apiVersion: v1
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
{{- if eq "True" (include "common.needPV" .) -}}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2019 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+*/}}
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1beta1
kind: StatefulSet
apiVersion: v1
fieldPath: metadata.namespace
- name: MYSQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}}
- name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}}
- name: MYSQL_DATABASE
value: {{ default "" .Values.config.mysqlDatabase | quote }}
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
+{{/*
# Copyright (C) 2018 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
- name: SPRING_PROFILE
value: "{{ .Values.config.springProfile }}"
- name: NENG_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
- name: NENG_DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
- name: NENG_DB_URL
value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: POL_CLIENT_AUTH
+{{/*
# Copyright (c) 2018 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
data:
+{{/*
# Copyright (C) 2018 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
+
apiVersion: v1
kind: Service
metadata:
- name: PG_PRIMARY_USER
value: primaryuser
- name: PG_PRIMARY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input/setup.sql
name: config
- name: PG_PRIMARY_PORT
value: "{{ $dot.Values.service.internalPort }}"
- name: PG_PRIMARY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- name: PG_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- name: config
mountPath: /pgconf/pool_hba.conf
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
usage() {
cat << ==usage
-$0 [cluster_domain] [helm_chart_args ...]
+$0 [cluster_domain] [lb_ip] [helm_chart_args] ...
[cluster_domain] Default value simpledemo.onap.org
- [helm_chart_args...] Optional arguments passed to helm install command
+ [lb_ip] Default value LoadBalancer IP
+ [helm_chart_args] ... Optional arguments passed to helm install command
$0 --help This message
$0 --info Display howto configure target machine
==usage
==infodeploy
}
+
+list_node_with_external_addrs()
+{
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ break
+ fi
+ done
+}
+
+ingress_controller_ip() {
+ local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
+ if [ -z $metal_ns ]; then
+ echo $CLUSTER_IP
+ else
+ list_node_with_external_addrs
+ fi
+}
+
deploy() {
+ local ingress_ip=$(ingress_controller_ip)
pushd "$SPATH/bind9dns" > /dev/null
if [ $# -eq 0 ]; then
local cl_domain="simpledemo.onap.org"
local cl_domain=$1
shift
fi
- helm install . --set dnsconf.wildcard="$cl_domain=$CLUSTER_IP" $@
+ if [ $# -ne 0 ]; then
+ ingress_ip=$1
+ shift
+ fi
+ helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
popd > /dev/null
target_machine_notice_info
}
if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
usage
elif [[ $# -eq 1 ]] && [[ $1 == "--info" ]]; then
- target_machine_notice_info
+ target_machine_notice_info
else
deploy $@
fi
{{ if .Values.componentImages.hv_ves }}
tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }}
{{ end }}
-use_tls: true
\ No newline at end of file
+use_tls: true
+security_ssl_disable: false
\ No newline at end of file
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.0
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.3
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.3
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
# Resource Limit flavor -By Default using small
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.1
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2
pullPolicy: Always
# probe configuration parameters
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
- name: NIFI_REGISTRY_DB_URL
value: {{ .Values.config.dbURL }}
- name: NIFI_REGISTRY_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }}
- name: NIFI_REGISTRY_DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }}
volumes:
- name: flow-storage
persistentVolumeClaim:
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
-{{ include "common.secret" . }}
\ No newline at end of file
+{{ include "common.secretFast" . }}
- name: PG_USER
value: postgres
- name: PG_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14 }}
- name: PG_PORT
value: "5432"
- name: PG_DB_NAME
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- name: DASHBOARD_URL
value: {{ .Values.config.dashboardURL }}
- name: DASHBOARD_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }}
- name: DASHBOARD_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }}
- - name: ONAPDUBLIN_TOPICURL
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }}
+ - name: ONAP_TOPICURL
value: {{ .Values.config.mrTopicURL }}
+ - name: ONAP_IMPORT_CLOUDIFYPLUGIN
+ value: {{ .Values.config.importCloudify }}
+ - name: ONAP_IMPORT_K8SPLUGIN
+ value: {{ .Values.config.importK8S }}
+ - name: ONAP_IMPORT_POLICYPLUGIN
+ value: {{ .Values.config.importPolicy }}
+ - name: ONAP_INPORT_POSTGRESPLUGIN
+ value: {{ .Values.config.importPostgres }}
+ - name: ONAP_IMPORT_CLAMPPLUGIN
+ value: {{ .Values.config.importClamp }}
+ - name: ONAP_IMPORT_DMAAPPLUGIN
+ value: {{ .Values.config.importDMaaP }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
-{{ include "common.secret" . }}
\ No newline at end of file
+
+{{ include "common.secretFast" . }}
dashboardUser: nobody
#dashboardPassword: doesntmatter
mrTopicURL: http://message-router:3904/events
+ importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
+ importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml
+ importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml
+ importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml
+ importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml
+ importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml
secrets:
- uid: "dashsecret"
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.0
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.1
# Resource Limit flavor -By Default using small
flavor: small
# Environment settings for starting a container
DMAAPBC_WAIT_TO_EXIT=Y
-
+DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks
# See the License for the specific language governing permissions and
# limitations under the License.
-#####################################################
-#
-# ONAP Casablanca oom configurable deployment params:
-#
-#####################################################
-
#####################################################
#
# Hooks for specific environment configurations
#
#####################################################
-# Indicator for whether to use AAF
+# Indicator for whether to use AAF for authentication
UseAAF: {{ .Values.global.aafEnabled }}
-# csit: stubs out some southbound APIs for csit
-csit: No
+# Stub out southbound calls for Unit Test cases to run. e.g. not timeout
+# Comment out in other environments to get default (No)
+#UnitTest: Yes
-# name of this DMaaP instance (deprecated)
-#DmaapName: demo
#####################################################
#
# Settings for Southbound API: Datarouter
#
#####################################################
-# FQDN of DR Prov Server (deprecated)
-#DR.provhost: dcae-drps.domain.not.set
# URI to retrieve dynamic DR configuration
ProvisioningURI: /internal/prov
# indicator for handling feed delete:
# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
-# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments.
+# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments.
Feed.deleteHandling: SimulateDelete
+###########################################################
+# The following properties default to match ONAP DR instance.
+# However, there are some non-ONAP DR instances that require other values.
+# Sets the X-DR-ON-BEHALF-OF HTTP Header value
+#DR.onBehalfHeader:
+# Value for the Content-Type Header in DR Feed API
+#DR.feedContentType:
+# Value for the Content-Type Header in DR Subscription API
+#DR.subContentType:
+#
+# END OF properties helpful for non-ONAP DR instance.
+############################################################
+
#####################################################
#
# Settings for Soutbound API: Postgresql
# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
MR.CentralCname: {{ .Values.dmaapMessageRouterService }}
+# Indicator for whether we want hostname verification on SSL connection to MR
+MR.hostnameVerify: false
+
# MR Client Delete Level thoroughness:
# 0 = don't delete
# 1 = delete from persistent store
# Use Basic Authentication when provisioning topics
MR.authentication: basicAuth
+# MR topic name style (default is FQTN_LEGACY_FORMAT)
+#MR.topicStyle: FQTN_LEGACY_FORMAT
+#
+# end of MR Related Properties
+################################################################################
+
#####################################################
#
# Identity that is owner of any created namespaces for topics
aaf.NsOwnerIdentity: {{ .Values.adminUser }}
-# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
-CredentialCodeKeyfile: etc/LocalKey
# this overrides the Class used for Decryption.
# This allows for a plugin encryption/decryption method if needed.
# Call this Class for decryption at runtime.
#AafDecryption.Class: com.company.proprietaryDecryptor
+# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
+# Not used in ONAP, but possibly used with Decryption override class.
+#CredentialCodeKeyfile: etc/LocalKey
+
+#
+# endof AAF Properties
+####################################################
+
#####################################################
#
# pwd for Identity used to publish MM prov cmds
MM.ProvUserPwd: demo123456!
-# AAF Role of MirrorMaker agent subscribed to prov cmds
+# AAF Role of MirrorMaker agent subscribed to prov cmds.
MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent
+#####################################################
+#
+# Certificate Management
+#
+#####################################################
+
+# Indicates how we are expecting certificates to be provided:
+# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
+# legacy (default) - artifacts will be installed manually or some other way and details will be in this file
+CertificateManagement: cadi
+
+# When CertificateManagement is cadi, then this is where all the cadi properties will be.
+# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
+cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
+
+###########################################################################################
+# When CertificateManagement is legacy, we need to provide more details about cert handling:
+#CertificateManagement: legacy
+# the type of keystore for https (for legacy CertificateManagment only)
+#KeyStoreType: jks
+
+# path to the keystore file (for legacy CertificateManagment only)
+#KeyStoreFile: etc/keystore
+
+# password for the https keystore (for legacy CertificateManagment only)
+#KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
+# password for the private key in the https keystore (for legacy CertificateManagment only)
+#KeyPassword: changeit
+
+# type of truststore for https (for legacy CertificateManagment only)
+#TrustStoreType: jks
+
+# path to the truststore for https (for legacy CertificateManagment only)
+#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
+
+# password for the https truststore (for legacy CertificateManagment only)
+#TrustStorePassword: changeit
+#
+# END OF legacy CertificateManagement properties
+###########################################################################################
+
+
#####################################################
#
# HTTP Server Configuration
# set to 0 if no certificates are available.
IntHttpsPort: 8443
-# external port number for https taking port mapping into account
-ExtHttpsPort: 443
-
-# the type of keystore for https
-KeyStoreType: jks
-
-# path to the keystore file
-KeyStoreFile: etc/keystore
-
-# password for the https keystore
-KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-# password for the private key in the https keystore
-KeyPassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-# type of truststore for https
-TrustStoreType: jks
-
-# path to the truststore for https
-TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
-
-# password for the https truststore
-TrustStorePassword: 8b&R5%l$l:@jSWz@FCs;rhY*
-
-# path to the file used to trigger an orderly shutdown
-QuiesceFile: etc/SHUTDOWN
inHttpsPort: 0
+
+#####################################################
+#
+# Deprecated
+#
+#####################################################
+# csit: stubs out some southbound APIs for csit (deprecated)
+#csit: No
+# name of this DMaaP instance (deprecated)
+#DmaapName: demo
+# external port number for https taking port mapping into account (deprecated)
+#ExtHttpsPort: 443
+# path to the file used to trigger an orderly shutdown (deprecated)
+#QuiesceFile: etc/SHUTDOWN
+# FQDN of DR Prov Server (deprecated)
+#DR.provhost: dcae-drps.domain.not.set
+# root of topic namespace (decrecated)
+#topicNsRoot: org.onap.dcae.dmaap
command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
volumeMounts:
- mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.name" . }}-aaf-config
+ name: {{ include "common.name" . }}-aaf-config-vol
env:
- name: APP_FQI
value: "{{ .Values.aafConfig.fqi }}"
value: "{{ .Values.aafConfig.cadiLongitude }}"
- name: cadi_latitude
value: "{{ .Values.aafConfig.cadiLatitude }}"
+ - name: {{ include "common.name" . }}-permission-fixer
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
+ command: ["chown","-Rf","1000:1001", "/opt/app/"]
+# See AAF-425 for explanation of why this is needed.
+# This artifact is provisioned in AAF for both pks12 and jks format and apparently
+# the cadi library is not using the jks password on the jks keystore.
+# So, this attempts to "fix" the credential property file until this is fixed properly.
+ - name: {{ include "common.name" . }}-cred-fixer
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
+ command: ["/bin/sh"]
+ args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
+
{{- end }}
{{- if .Values.PG.enabled }}
- name: {{ include "common.name" . }}-postgres-readiness
{{- end }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: "{{ .Values.repository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true -}}
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
# NOTE: on the following several configMaps, careful to include / at end
# since there may be more than one file in each mountPath
- name: {{ include "common.name" . }}-config
mountPath: /opt/app/config/conf/
- - name: {{ include "common.name" . }}-aaf-config
- mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props
- subPath: org.onap.dmaap-bc.props
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
- name: {{ include "common.name" . }}-config
configMap:
name: {{ include "common.fullname" . }}-config
- - name: {{ include "common.name" . }}-aaf-config
- configMap:
- name: {{ include "common.fullname" . }}-aaf-config
+ - name: {{ include "common.name" . }}-aaf-config-vol
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# application images
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-bc:2.0.3
+#repository: 10.12.7.57:5000
+image: onap/dmaap/dmaap-bc:2.0.4
# application configuration
#AAF local config
aafConfig:
- aafDeployFqi: dmaap-bc@dmaap-bc.onap.org
+ aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-bc
fqi: dmaap-bc@dmaap-bc.onap.org
cadiLongitude: 0.0
persistence:
- aafCredsPath: /opt/app/osaaf/local
+ aafCredsPath: /opt/app/osaaf/local/
# for Casablanca default deployment, leave this true to
# get a topic namespace that matches MR. When set to false,
---
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
+{{- if (include "common.needPV" .) -}}
{{- range $i := until (int $global.Values.replicaCount)}}
kind: PersistentVolume
apiVersion: v1
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: DB_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
volumeMounts:
{{- if .Values.global.aafEnabled }}
- mountPath: {{ .Values.persistence.aafCredsPath }}
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw
+cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile
cadi_alias=dmaapmr@mr.dmaap.onap.org
cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht
+cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
cadi_loglevel=INFO
cadi_protocols=TLSv1.1,TLSv1.2
cadi_latitude=37.78187
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }}
-
-{{ else }}
+---
+{{- else }}
apiVersion: v1
kind: ConfigMap
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
-
+---
{{- end }}
{{- if .Values.prometheus.jmx.enabled }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }}
---
{{- end }}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
\ No newline at end of file
+{{ include "common.secretFast" . }}
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done"
env:
- name: ZK_ADMIN
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }}
- name: ZK_PSWD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }}
- name: KAFKA_ADMIN
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }}
- name: KAFKA_PSWD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/kafka/secrets/jaas
name: jaas-config
- name: KAFKA_AUTHORIZER_CLASS_NAME
value: "{{ .Values.kafka.authorizer }}"
{{ else }}
- - name: KAFKA_OPTS
+ - name: KAFKA_OPTS
value: "{{ .Values.kafka.jaasOptions }}"
- name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
value: "{{ .Values.kafka.protocolMap }}"
storage: {{ .Values.persistence.size | quote }}
{{ end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:1.0.3
+image: onap/dmaap/kafka111:1.0.4
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
busyBoxImage: busybox:1.30
"log.retention.hours": "168"
"zookeeper.connection.timeout.ms": "6000"
"default.replication.factor": "3"
+ "zookeeper.set.acl": "true"
jmx:
port: 5555
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }}
---
{{ end }}
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done"
env:
- name: ZK_ADMIN
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }}
- name: ZK_PSWD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/zookeeper/secrets/jaas
name: jaas-config
value: "{{ .Values.zkConfig.clientPort }}"
- name: KAFKA_OPTS
value: "{{ .Values.zkConfig.kafkaOpts }}"
- - name: EXTRA_ARGS
- value: "{{ .Values.zkConfig.extraArgs }}"
- name: ZOOKEEPER_SERVER_ID
valueFrom:
fieldRef:
name: {{ include "common.fullname" . }}-jaas-configmap
{{- if .Values.prometheus.jmx.enabled }}
- name: jmx-config
- configMap:
+ configMap:
name: {{ include "common.fullname" . }}-prometheus-configmap
{{- end }}
{{ if not .Values.persistence.enabled }}
storage: {{ .Values.persistence.size | quote }}
{{ end }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/zookeeper:6.0.2
+image: onap/dmaap/zookeeper:6.0.3
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
busyBoxImage: busybox:1.30
autoPurgeSnapRetainCount: 3
autoPurgePurgeInterval: 24
heapOptions: -Xmx2G -Xms2G
- kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
- extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
+ kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
clientPort: 2181
jmx:
aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw
+cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile
cadi_alias=dmaapmr@mr.dmaap.onap.org
cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht
+cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
cadi_loglevel=INFO
cadi_protocols=TLSv1.1,TLSv1.2
cadi_latitude=37.78187
-cadi_longitude=-122.26147
+cadi_longitude=-122.26147
\ No newline at end of file
--- /dev/null
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
\ No newline at end of file
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
apiVersion: v1
kind: ConfigMap
metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
+---
+{{- if .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }}
+---
+{{ end }}
+
+{{- if .Values.global.aafEnabled }}
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "common.fullname" . }}-dbc-topics
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end }}
\ No newline at end of file
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-kafka/jmx-mrservice-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-kafka
+ {{- end }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: cadi
configMap:
name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
- name: mykey
secret:
secretName: {{ include "common.fullname" . }}-secret
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-mr:1.1.17
+image: onap/dmaap/dmaap-mr:1.1.18
pullPolicy: Always
kafka:
name: message-router
both_tls_and_plain: true
msb:
- port: api
- url: "/"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
+ - port: 3904
+ url: "/"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
ports:
- name: api
port: 3905
port_protocol: http
nodePort: 26
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ imageRepository: docker.io
+ port: 5556
+ targetPort: 5555
+
ingress:
enabled: false
#AAF global config overrides
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafAppNs: org.osaaf.aaf
aafLocatorContainer: oom
- name: MYSQL_ADDR
value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
- name: SPRING_DATASOURCE_URL
value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: SPRING_DATASOURCE_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }}
- name: SPRING_DATASOURCE_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }}
- name: SPRING_DATA_MONGODB_HOST
value: {{ .Values.mongo.service.name }}.{{ include "common.namespace" . }}
- name: SPRING_DATA_MONGODB_PORT
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
kind: Secret
BRMS_UEB_API_SECRET=
#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.5.3
-BRMS_MODELS_DEPENDENCY_VERSION=2.1.4
+BRMS_DEPENDENCY_VERSION=1.6.0
+BRMS_MODELS_DEPENDENCY_VERSION=2.2.2
name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ include "common.secretFast" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.5.2
+image: onap/policy-pe:1.6.1
pullPolicy: Always
# flag to enable debugging - application support required
pdpPort: 8081
nexusPort: 8081
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
+++ /dev/null
-#!/bin/bash
-# ============LICENSE_START=======================================================
-# ONAP
-# ================================================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-
-docker-entrypoint.sh nexus
\ No newline at end of file
# Copyright © 2017-2018 Amdocs, Bell Canada.
-# Modifications Copyright (C) 2018-2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
POLICY_HOME=/opt/app/policy
POLICY_LOGS=/var/log/onap/policy/pdpd
-JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk
# Telemetry credentials
SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
RELEASE_REPOSITORY_ID=policy-nexus-releases
RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
+REPOSITORY_OFFLINE={{.Values.nexus.offline}}
# Relational (SQL) DB access
# PAP-PDP configuration channel
POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
+POLICY_PDP_PAP_GROUP=defaultGroup
# Symmetric Key for encoded sensitive data
# PDP-X
PDP_HOST=policy-xacml-pdp
+PDP_PORT=6969
+PDP_CONTEXT_URI=policy/pdpx/v1/
+GUARD_DISABLED=false
# DCAE DMaaP
# AAI
-AAI_URL=https://aai.{{.Release.Namespace}}:8443
+AAI_HOST=aai.{{.Release.Namespace}}
+AAI_PORT=8443
+AAI_CONTEXT_URI=
# MSO
-SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra
+SO_HOST=so.{{.Release.Namespace}}
+SO_PORT=8080
+SO_CONTEXT_URI=onap/so/infra/
+SO_URL=https://so.{{.Release.Namespace}}:8080/onap/so/infra
# VFC
-VFC_URL=
+VFC_HOST=
+VFC_PORT=
+VFC_CONTEXT_URI=api/nslcm/v1/
# SDNC
-SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations
+SDNC_HOST=sdnc.{{.Release.Namespace}}
+SDNC_PORT=8282
+SDNC_CONTEXT_URI=restconf/operations/
# CDS
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START=======================================================
+ ONAP
+ ================================================================================
+ Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+
+
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
+
+ <offline>{{.Values.nexus.offline}}</offline>
+
+ <profiles>
+
+ <profile>
+ <id>policy-local</id>
+
+ <repositories>
+ <repository>
+ <id>file-repository</id>
+ <url>file:${user.home}/.m2/file-repository</url>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>policy-releases</id>
+
+ <repositories>
+ <repository>
+ <id>${env.RELEASE_REPOSITORY_ID}</id>
+ <url>${env.RELEASE_REPOSITORY_URL}</url>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>policy-snapshots</id>
+
+ <repositories>
+ <repository>
+ <id>${env.SNAPSHOT_REPOSITORY_ID}</id>
+ <url>${env.SNAPSHOT_REPOSITORY_URL}</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>onap-releases</id>
+
+ <repositories>
+ <repository>
+ <id>onap-releases</id>
+ <name>onap-releases</name>
+ <url>https://nexus.onap.org/content/repositories/releases/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+
+ <id>onap-snapshots</id>
+
+ <repositories>
+ <repository>
+ <id>onap-snapshots</id>
+ <name>onap-snapshots</name>
+ <url>https://nexus.onap.org/content/repositories/snapshots/</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ </profiles>
+
+ <activeProfiles>
+ <activeProfile>policy-local</activeProfile>
+ <activeProfile>policy-releases</activeProfile>
+ <activeProfile>policy-snapshots</activeProfile>
+ <activeProfile>onap-releases</activeProfile>
+ <activeProfile>onap-snapshots</activeProfile>
+ </activeProfiles>
+
+ <servers>
+ <server>
+ <id>${env.SNAPSHOT_REPOSITORY_ID}</id>
+ <username>${env.REPOSITORY_USERNAME}</username>
+ <password>${env.REPOSITORY_PASSWORD}</password>
+ </server>
+ <server>
+ <id>${env.RELEASE_REPOSITORY_ID}</id>
+ <username>${env.REPOSITORY_USERNAME}</username>
+ <password>${env.REPOSITORY_PASSWORD}</password>
+ </server>
+ </servers>
+
+</settings>
REPOSITORY_USERNAME={{.Values.nexus.user}}
REPOSITORY_PASSWORD={{.Values.nexus.password}}
-SQL_USER={{.Values.db.user}}
-SQL_PASSWORD={{.Values.db.password}}
-
PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}}
PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}}
# See the License for the specific language governing permissions and
# limitations under the License.
+{{ include "common.secret" . }}
+---
apiVersion: v1
kind: Secret
metadata:
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingImage: beats/filebeat:5.5.0
ubuntuImage: ubuntu:16.04
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.5.3
+image: onap/policy-pdpd-cl:1.6.0
pullPolicy: Always
# flag to enable debugging - application support required
user: admin
password: admin123
port: 8081
+ offline: true
db:
user: policy_user
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps": true,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
},
{
"topic" : "POLICY-NOTIFICATION",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}]
- }
+ },
+ "healthCheckRestClientParameters":[{
+ "clientName": "api",
+ "hostname": "policy-api",
+ "port": 6969,
+ "userName": "healthcheck",
+ "password": "zb!XztG34",
+ "useHttps": true,
+ "basePath": "policy/api/v1/healthcheck"
+ },
+ {
+ "clientName": "distribution",
+ "hostname": "policy-distribution",
+ "port": 6969,
+ "userName": "healthcheck",
+ "password": "zb!XztG34",
+ "useHttps": true,
+ "basePath": "healthcheck"
+ }]
}
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.1.2
+image: onap/policy-pap:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
resources:
{{ include "common.resources" . | indent 12 }}
ports:
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2019 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.5.2
+image: onap/policy-pe:1.6.1
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
+
+db:
+ user: policy_user
+ password: policy_user
+
config:
papPort: 9091
"https": true
},
"pdpStatusParameters":{
+ "pdpGroup": "defaultGroup",
"timeIntervalMs": 120000,
"pdpType":"apex",
"description":"Pdp Heartbeat",
- "supportedPolicyTypes":[{"name":"onap.policies.controlloop.operational.Apex","version":"1.0.0"}]
+ "supportedPolicyTypes": [
+ {
+ "name": "onap.policies.controlloop.operational.Apex",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.native.Apex",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.operational.common.Apex",
+ "version": "1.0.0"
+ }
+ ]
},
"topicParameterGroup": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}]
}
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.2.2
+image: onap/policy-apex-pdp:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"databaseUser": "{{ .Values.global.mariadb.config.userName }}",
"databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}",
"persistenceUnit": "PolicyMariaDb"
- }
+ },
+ "preloadPolicyTypes": [
+ "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml",
+ "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
+ "policytypes/onap.policies.Optimization.yaml",
+ "policytypes/onap.policies.optimization.Resource.yaml",
+ "policytypes/onap.policies.optimization.Service.yaml",
+ "policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.DistancePolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.HpaPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.PciPolicy.yaml",
+ "policytypes/onap.policies.optimization.service.QueryPolicy.yaml",
+ "policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.Vim_fit.yaml",
+ "policytypes/onap.policies.optimization.resource.VnfPolicy.yaml",
+ "policytypes/onap.policies.controlloop.guard.Common.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
+ "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
+ "policytypes/onap.policies.controlloop.Operational.yaml",
+ "policytypes/onap.policies.Naming.yaml",
+ "policytypes/onap.policies.native.Drools.yaml",
+ "policytypes/onap.policies.native.Xacml.yaml",
+ "policytypes/onap.policies.native.Apex.yaml",
+ "policytypes/onap.policies.controlloop.operational.Common.yaml",
+ "policytypes/onap.policies.controlloop.operational.common.Apex.yaml",
+ "policytypes/onap.policies.controlloop.operational.common.Drools.yaml"
+ ],
+ "preloadPolicies" : [
+ "policies/sdnc.policy.naming.input.tosca.yaml"
+ ]
}
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.1.2
+image: onap/policy-api:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# See the License for the specific language governing permissions and
# limitations under the License.
-JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk
+JAVA_HOME=/usr/local/openjdk-11
POLICY_HOME=/opt/app/policy
POLICY_LOGS=/var/log/onap
KEYSTORE_PASSWD=Pol1cy_0nap
# wait for DB up
# now that DB is up, invoke database upgrade
# (which does nothing if the db is already up-to-date)
- dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
- dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ if [[ -v JDBC_USER ]]; then
+ dbuser=${JDBC_USER};
+ else
+ dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
+ fi
+
+ if [[ -v JDBC_PASSWORD ]]; then
+ dbpw=${JDBC_PASSWORD}
+ else
+ dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ fi
db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
fi
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"receptionHandlerConfigurationName":"sdcConfiguration",
"pluginHandlerParameters":{
"policyDecoders":{
- "CsarDecoder":{
- "decoderType":"CsarDecoder",
- "decoderClassName":"org.onap.policy.distribution.reception.decoding.pdpx.PolicyDecoderCsarPdpx",
+ "HpaDecoder":{
+ "decoderType":"HpaDecoder",
+ "decoderClassName":"org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpa",
"decoderConfigurationName": "csarToOptimizationPolicyConfiguration"
},
- "ApexDecoder":{
- "decoderType":"ApexDecoder",
+ "ToscaPolicyDecoder":{
+ "decoderType":"ToscaPolicyDecoder",
"decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy",
- "decoderConfigurationName": "apexDecoderConfiguration"
+ "decoderConfigurationName": "toscaPolicyDecoderConfiguration"
}
},
"policyForwarders":{
- "PAPEngineForwarder":{
- "forwarderType":"PAPEngine",
- "forwarderClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarder",
- "forwarderConfigurationName": "xacmlPdpConfiguration"
- },
- "ApexForwarder":{
- "forwarderType":"ApexForwarder",
- "forwarderClassName":"org.onap.policy.distribution.forwarding.apex.pdp.ApexPdpPolicyForwarder",
- "forwarderConfigurationName": "apexForwarderConfiguration"
- },
"LifeCycleApiForwarder":{
"forwarderType":"LifeCycleAPI",
"forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder",
"keystorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false
+ "isUseHttpsWithDmaap": true
}
}
},
"policyDecoderConfigurationParameters":{
"csarToOptimizationPolicyConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.reception.decoding.pdpx.PolicyDecoderCsarPdpxConfigurationParameterGroup",
+ "parameterClassName": "org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpaParameters",
"parameters":{
"policyNamePrefix": "oofCasablanca",
"onapName": "OOF",
"riskLevel": "2"
}
},
- "apexDecoderConfiguration":{
+ "toscaPolicyDecoderConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup",
"parameters":{
- "policyFileName": "apex_policy",
- "policyTypeFileName": "apex_policy_type"
+ "policyFileName": "tosca_policy",
+ "policyTypeFileName": "tosca_policy_type"
}
}
},
"policyForwarderConfigurationParameters":{
- "xacmlPdpConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarderParameterGroup",
- "parameters":{
- "useHttps": true,
- "hostname": "pdp",
- "port": 8081,
- "userName": "testpdp",
- "password": "alpha123",
- "clientAuth": "cHl0aG9uOnRlc3Q=",
- "isManaged": true,
- "pdpGroup": "default"
- }
- },
- "apexForwarderConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.forwarding.apex.pdp.ApexPdpPolicyForwarderParameterGroup",
- "parameters":{
- "hostname":"policy-apex-pdp",
- "port":"12345",
- "ignoreConflicts": true,
- "forceUpdate": true
- }
- },
"lifecycleApiConfiguration":{
"parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
"parameters":{
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.2.1
+image: onap/policy-distribution:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}]
}
#
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user={{ .Values.global.mariadb.config.userName }}
-javax.persistence.jdbc.password={{ .Values.global.mariadb.config.userPassword | b64enc }}
+javax.persistence.jdbc.user=${SQL_USER}
+javax.persistence.jdbc.password=${SQL_PASSWORD}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
persistence: {}
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.1.2
+image: onap/policy-xacml-pdp:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
# application configuration
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.5.2
+image: onap/policy-pe:1.6.1
mariadb_image: library/mariadb:10
pullPolicy: Always
type: {{ .Values.service.type }}
ports:
{{ if or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer") -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.portName }}3
- port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
---sdc-be => 8443:30204, 8080:30205
+--sdc-be => 8443:30204
--sdc-fe => 8181:30206, 9443:30207
update fn_app set app_url = 'https://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'https://sdc-be:8443/api/v3' where app_name = 'SDC';
--pap => 8443:30219
- name: aaf_locator_app_ns
value: "{{ .Values.global.aafAppNs }}"
- name: DEPLOY_FQI
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }}
- name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }}
- name: cadi_longitude
value: "{{ .Values.aafConfig.cadiLongitude }}"
- name: cadi_latitude
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
-Subproject commit 3fa8381f2a1e5f030ee1388466417817dda0fbe2
+Subproject commit 60271b7510ea9d57ed56cd9958d1c07f5ceaf3c5
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
path: /sdc2/rest/healthCheck
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ port: {{ .Values.liveness.port }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
metadata:
name: {{ include "common.fullname" . }}-config-backend
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
backoffLimit: 20
template:
metadata:
labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}-job
+ helm.sh/chart: {{ include "common.chart" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
restartPolicy: Never
initContainers:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
+ - name: sdc-logs
+ mountPath: /var/lib/jetty/logs
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
+ - name: sdc-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc",
- "version": "v1",
- "url": "/sdc/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange":"1"
- },
- {
- "serviceName": "sdc-deprecated",
- "version": "v1",
- "url": "/sdc/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange":"1",
- "path":"/sdc/v1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.2
-backendInitImage: onap/sdc-backend-init:1.6.2
+image: onap/sdc-backend:1.6.3
+backendInitImage: onap/sdc-backend-init:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
+ port: api
enabled: true
readiness:
service:
type: NodePort
name: sdc-be
- portName: sdc-be
- nodePort: "04"
- internalPort: 8443
- externalPort: 8443
- nodePort2: "05"
- internalPort2: 8080
- externalPort2: 8080
+ both_tls_and_plain: true
+ msb:
+ - port: 8080
+ url: "/sdc/v1"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ serviceName: sdc
+ - port: 8080
+ url: "/sdc/v1"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ serviceName: sdc-deprecated
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: '04'
ingress:
enabled: false
service:
- baseaddr: "sdcbe"
name: "sdc-be"
- port: 8080
+ port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
- name: {{ include "common.fullname" . }}-chef-cache
- mountPath: /root/chef-solo/cache
+ mountPath: /home/sdc/chef-solo/cache
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.2
-cassandraInitImage: onap/sdc-cassandra-init:1.6.2
+image: onap/sdc-cassandra:1.6.3
+cassandraInitImage: onap/sdc-cassandra-init:1.6.3
pullPolicy: Always
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments
+ mountPath: /var/lib/jetty/chef-solo/environments
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.2
+image: onap/dcae-be:1.3.3
pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3.2
+backendInitImage: onap/dcae-tools:v1.3.3
# flag to enable debugging - application support required
debugEnabled: false
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
path: /dcae/healthCheckOld
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
scheme: HTTPS
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
{{- end}}
selector:
app: {{ include "common.name" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.2
+image: onap/dcae-dt:1.3.3
pullPolicy: IfNotPresent
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
type: NodePort
name: sdc-dcae-dt
portName: dcae-dt
- nodePort: "65"
- internalPort: 8186
- portName2: dcae-dt2
- nodePort2: "66"
- internalPort2: 9446
+ nodePort: "66"
+ internalPort: 9446
ingress:
enabled: false
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
path: /dcaed/healthCheck
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
scheme: HTTPS
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
{{- end}}
selector:
app: {{ include "common.name" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.2
+image: onap/dcae-fe:1.3.3
pullPolicy: Always
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
type: NodePort
name: sdc-dcae-fe
portName: dcae-fe
- nodePort: "63"
- internalPort: 8183
- portName2: dcae-fe2
- nodePort2: "64"
- internalPort2: 9444
+ nodePort: "64"
+ internalPort: 9444
ingress:
enabled: false
service:
- baseaddr: "dcaedt"
- name: "sdc-dcae-fe"
- port: 8183
- - baseaddr: "dcaedt2"
name: "sdc-dcae-fe"
port: 9444
config:
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3.1
+image: onap/dcae-tosca-app:1.3.3
pullPolicy: Always
# flag to enable debugging - application support required
value: {{ .Values.config.javaOptions }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
spec:
type: {{ .Values.service.type }}
ports:
+ {{ if not .Values.global.security.disableHttp }}
+ # setting http port only if enabled
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
+ {{ end }}
+ {{ end }}
+
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName }}2
+ {{- else -}}
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName }}2
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.2
+image: onap/sdc-frontend:1.6.3
pullPolicy: Always
config:
livenessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
value: {{ .Values.cert.certDir }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.2
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.2
+image: onap/sdc-onboard-backend:1.6.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.1
-configInitImage: onap/workflow-init:1.6.1
+image: onap/workflow-backend:1.6.2
+configInitImage: onap/workflow-init:1.6.2
pullPolicy: Always
initJob:
serverSSLEnabled: true
serverSSLKeyStoreType: jks
- serverSSLKeyStorePath: /etc/keystore
+ serverSSLKeyStorePath: /home/sdc/etc/keystore
serverSSLTrustStoreType: jks
- serverSSLTrustStorePath: /etc/truststore
+ serverSSLTrustStorePath: /home/sdc/etc/truststore
cassandraSSLEnabled: false
- cassandraTrustStorePath: /etc/truststore
+ cassandraTrustStorePath: /home/sdc/etc/truststore
# default number of instances
replicaCount: 1
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.1
+image: onap/workflow-frontend:1.6.2
pullPolicy: Always
# flag to enable debugging - application support required
"chef_type": "environment",
"default_attributes": {
- "disableHttp": true,
+ "disableHttp": {{ .Values.global.security.disableHttp }},
"CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
replicaCount: 3
clusterName: cassandra
dataCenter: Pod
-
+ security:
+ disableHttp: true
config:
logstashServiceName: log-ls
logstashPort: 5044
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: SDNC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: ODL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- name: ODL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: config-input
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: REST_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }}
- name: REST_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: config-input
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
name: {{ .Values.service.name }}
selector:
app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+ release: {{ include "common.release" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: SDNC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: DB_FABRIC_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }}
- name: DB_FABRIC_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }}
- name: ODL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- name: ODL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: config-input
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }}
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
volumeMounts:
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
- uid: db-root-password
type: password
externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
- password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
passwordPolicy: required
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret'
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: SDNC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: UEB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }}
- name: UEB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }}
- name: ODL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- name: ODL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: config-input
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: batch/v1
kind: Job
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: AAI_CLIENT_NAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
- name: AAI_CLIENT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
- name: MODELSERVICE_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
- name: MODELSERVICE_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
- name: RESTCONF_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
- name: RESTCONF_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
- name: ANSIBLE_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
- name: ANSIBLE_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
- name: SCALEOUT_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
- name: SCALEOUT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
- name: NETBOX_APIKEY
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
- name: SDNC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: config-input
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
- name: ODL_ADMIN_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
- name: ODL_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
- name: SDNC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: MYSQL_HOST
value: {{ include "common.mariadbService" . }}
- name: SDNC_HOME
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
+
{{ if .Values.certpersistence.enabled }}
---
kind: PersistentVolume
+{{/*
# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
}
]'
spec:
- type: {{ .Values.service.type }}
+ type: NodePort
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
+ - name: "{{ .Values.service.portName }}-restconf"
{{ if not .Values.global.aafEnabled }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- {{ end }}
- name: "{{ .Values.service.portName }}-8282"
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: "{{ .Values.service.portName }}-8202"
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: "{{ .Values.service.portName }}-8280"
- - port: {{ .Values.service.externalPort4 }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
- {{ if .Values.global.aafEnabled }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
{{ end }}
- name: "{{ .Values.service.portName }}-8443"
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ .Values.service.name }}-oam"
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ ports:
+ - name: "{{ .Values.service.portName }}-restconf-alt"
+ {{ if .Values.global.aafEnabled }}
+ port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ {{- else -}}
+ port: {{ .Values.service.internalPort4 }}
+ target: {{ .Values.service.internalPort4 }}
+ {{ end }}
+ - name: "{{ .Values.service.portName }}-karaf"
+ port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1beta1
kind: StatefulSet
- "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: AAI_CLIENT_NAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
- name: AAI_CLIENT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
- name: MODELSERVICE_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
- name: MODELSERVICE_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
- name: RESTCONF_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
- name: RESTCONF_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
- name: ANSIBLE_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
- name: ANSIBLE_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
- name: SCALEOUT_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
- name: SCALEOUT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
- name: NETBOX_APIKEY
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
- name: SDNC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: config-input
- name: aaf_locator_app_ns
value: "{{ .Values.aaf_init.app_ns }}"
- name: DEPLOY_FQI
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }}
- name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }}
- name: cadi_longitude
value: "{{ .Values.aaf_init.cadi_longitude }}"
- name: cadi_latitude
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
- name: ODL_ADMIN_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
- name: ODL_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
- name: SDNC_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: SDNC_DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
- name: ENABLE_ODL_CLUSTER
- uid: db-root-password
name: '{{ include "common.release" . }}-sdnc-db-root-password'
type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
- password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+ ternary (default (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName"
+ (index .Values "mariadb-galera" "nameOverride")))
+ (index .Values "mariadb-galera" "config"
+ "mariadbRootPasswordExternalSecret"))
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}'
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
type: basicAuth
mariadb-galera: &mariadbGalera
nameOverride: sdnc-db
- config:
+ config: &mariadbGaleraConfig
rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}'
userName: sdnctl
userCredentialsExternalSecret: *dbSecretName
dmaap-listener:
nameOverride: sdnc-dmaap-listener
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
ueb-listener:
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
nameOverride: sdnc-ueb-listener
config:
sdnc-portal:
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
config:
restCredsExternalSecret: *ansibleSecretName
mariadb-galera:
- << : *mariadbGalera
+ <<: *mariadbGalera
config:
+ <<: *mariadbGaleraConfig
mysqlDatabase: ansible
service:
name: sdnc-ansible-server
#port
externalPort: 8282
- nodePort: "02"
externalPort2: 8202
- nodePort2: "08"
externalPort3: 8280
- nodePort3: 46
externalPort4: 8443
nodePort4: 67
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- uid: db-user-creds
name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
passwordPolicy: required
- uid: db-admin-creds
name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.5.3
+image: onap/so/bpmn-infra:1.6.0
pullPolicy: Always
db:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- uid: db-user-creds
name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds'
type: basicAuth
- externalSecret: '{{ .Values.db.userCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
login: '{{ .Values.db.userName }}'
password: '{{ .Values.db.userPassword }}'
passwordPolicy: required
- uid: db-admin-creds
name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds'
type: basicAuth
- externalSecret: '{{ .Values.db.adminCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.5.3
+image: onap/so/catalog-db-adapter:1.6.0
pullPolicy: Always
db:
echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `camundabpmn`;
-CREATE DATABASE `camundabpmn`;
-DROP USER IF EXISTS 'camundauser';
-CREATE USER 'camundauser';
-GRANT ALL on camundabpmn.* to 'camundauser' identified by 'camunda123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS camundabpmn;
+CREATE DATABASE camundabpmn;
+DROP USER IF EXISTS '${CAMUNDA_DB_USER}';
+CREATE USER '${CAMUNDA_DB_USER}';
+GRANT ALL on camundabpmn.* to '${CAMUNDA_DB_USER}' identified by '${CAMUNDA_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `requestdb`;
-CREATE DATABASE /*!32312 IF NOT EXISTS*/ `requestdb` /*!40100 DEFAULT CHARACTER SET latin1 */;
-DROP USER IF EXISTS 'requestuser';
-CREATE USER 'requestuser';
-GRANT ALL on requestdb.* to 'requestuser' identified by 'request123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS requestdb;
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ requestdb /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${REQUEST_DB_USER}';
+CREATE USER '${REQUEST_DB_USER}';
+GRANT ALL on requestdb.* to '${REQUEST_DB_USER}' identified by '${REQUEST_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `catalogdb`;
-CREATE DATABASE /*!32312 IF NOT EXISTS*/ `catalogdb` /*!40100 DEFAULT CHARACTER SET latin1 */;
-DROP USER IF EXISTS 'cataloguser';
-CREATE USER 'cataloguser';
-GRANT ALL on catalogdb.* to 'cataloguser' identified by 'catalog123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS catalogdb;
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ catalogdb /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${CATALOG_DB_USER}';
+CREATE USER '${CATALOG_DB_USER}';
+GRANT ALL on catalogdb.* to '${CATALOG_DB_USER}' identified by '${CATALOG_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP USER IF EXISTS 'so_user';
-CREATE USER 'so_user';
-GRANT USAGE ON *.* TO 'so_user'@'%' IDENTIFIED BY 'so_User123';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `requestdb`.* TO 'so_user'@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `catalogdb`.* TO 'so_user'@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `camundabpmn`.* TO 'so_user'@'%';
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP USER IF EXISTS '${DB_USER}';
+CREATE USER '${DB_USER}';
+GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
FLUSH PRIVILEGES;
EOF
echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP USER IF EXISTS 'so_admin';
-CREATE USER 'so_admin';
-GRANT USAGE ON *.* TO 'so_admin'@'%' IDENTIFIED BY 'so_Admin123';
-GRANT ALL PRIVILEGES ON `camundabpmn`.* TO 'so_admin'@'%' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON `requestdb`.* TO 'so_admin'@'%' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON `catalogdb`.* TO 'so_admin'@'%' WITH GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP USER IF EXISTS '${DB_ADMIN}';
+CREATE USER '${DB_ADMIN}';
+GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}';
+GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
- name: DB_HOST
value: {{ .Values.global.migration.dbHost }}
- name: DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
- name: DB_PORT
value: "{{ .Values.global.migration.dbPort }}"
- name: DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
command:
- /bin/bash
- -c
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: CAMUNDA_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "login") | indent 10 }}
+ - name: CAMUNDA_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "password") | indent 10 }}
+ - name: REQUEST_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "login") | indent 10 }}
+ - name: REQUEST_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "password") | indent 10 }}
+ - name: CATALOG_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }}
+ - name: CATALOG_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- uid: db-root-pass
name: '{{ include "common.release" . }}-so-mariadb-root-pass'
type: password
- externalSecret: '{{ .Values.db.rootPasswordExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.rootPasswordExternalSecret) . }}'
password: '{{ .Values.db.rootPassword }}'
passwordPolicy: required
- uid: db-backup-creds
name: '{{ include "common.release" . }}-so-mariadb-backup-creds'
type: basicAuth
- externalSecret: '{{ .Values.db.backupCredsExternalSecret }}'
+ externalSecret: '{{ tpl (default "" .Values.db.backupCredsExternalSecret) . }}'
login: '{{ .Values.db.backupUser }}'
password: '{{ .Values.db.backupPassword }}'
passwordPolicy: required
helm.sh/hook: pre-upgrade,pre-install
helm.sh/hook-weight: "0"
helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ - uid: camunda-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.camunda.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.camunda.userName }}'
+ password: '{{ .Values.db.camunda.password }}'
+ - uid: request-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.request.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.request.userName }}'
+ password: '{{ .Values.db.request.password }}'
+ - uid: catalog-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.catalog.userName }}'
+ password: '{{ .Values.db.catalog.password }}'
+
+
#################################################################
# Application configuration defaults.
backupPassword: secretpassword
backupUser: root
# backupCredsExternalSecret: some secret
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+ camunda:
+ userName: camundauser
+ password: camunda123
+ # dbCredsExternalSecret: some secret
+ request:
+ userName: requestuser
+ password: request123
+ # dbCredsExternalSecret: some secret
+ catalog:
+ userName: cataloguser
+ password: catalog123
+ # dbCredsExternalSecret: some secret
+
# application configuration
config:
# gerrit branch where the latest heat code is checked in
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- name: so-chown
image: alpine:3.6
volumeMounts:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
name: {{ include "common.fullname" . }}-app-configmap
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
-
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.5.3
+image: onap/so/so-monitoring:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 9091
logPath: app/logs/
app: so-monitoring
service:
- type: NodePort
+#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
+ type: ClusterIP
nodePort: 24
internalPort: 9091
externalPort: 9091
ssl: "none"
nodeSelector: {}
tolerations: []
-affinity: {}
\ No newline at end of file
+affinity: {}
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
msoKey: {{ .Values.mso.msoKey }}
config:
+ {{ if eq .Values.global.security.aaf.enabled true }}
cadi: {{ include "cadi.keys" . | nindent 8}}
+ {{- else }}
+ cadi:
+ aafId: {{ .Values.mso.basicUser }}
+ {{- end }}
catalog:
db:
spring:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.5.3
+image: onap/so/openstack-adapter:1.6.0
pullPolicy: Always
repository: nexus3.onap.org:10001
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8087
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.5.3
+image: onap/so/request-db-adapter:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8083
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.5.3
+image: onap/so/sdc-controller:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8085
rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
+ opticalservice:
+ optical-service-create:
+ create: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service
+ optical-service-delete:
+ delete: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service
generic-resource:
network-topology-operation:
create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:'
sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:'
sdncurl12: 'http://sdnc.{{ include "common.namespace" . }}:8282/'
+ sdncurl13: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/opticalservice:'
sdncurl5: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config'
sdncurl6: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:'
sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:'
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.5.3
+image: onap/so/sdnc-adapter:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8086
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
- name: logs
mountPath: /app/logs
- name: config
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
ports: {{- include "common.containerPorts" . | nindent 10 }}
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+#################################################################
+# Global configuration defaults.
+#################################################################
global:
repository: nexus3.onap.org:10001
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
persistence:
mountPath: /dockerdata-nfs
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
image: onap/so/ve-vnfm-adapter:1.6.0
pullPolicy: Always
replicaCount: 1
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.5.3
+image: onap/so/vfc-adapter:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8084
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- env:
+ env:
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- name: TRUSTSTORE_PASSWORD
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.5.3
+image: onap/so/vnfm-adapter:1.6.0
pullPolicy: Always
replicaCount: 1
ssl: "redirect"
nodeSelector: {}
tolerations: []
-affinity: {}
\ No newline at end of file
+affinity: {}
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
+Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
+DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
+Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
+bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
+YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
+dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
+Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
+mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
+2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
+6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
+7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
+p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
+5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
+bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
+wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
+ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
+FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
+3lR7lW/J
+-----END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFpTCCA42gAwIBAgIJAJqx8dKnCZZoMA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV
-BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3Bl
-bkVDT01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEn
-MCUGCSqGSIb3DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEy
-ODIxMTQyNloXDTIxMTEyNzIxMTQyNlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMw
-EQYDVQQLDApzaW1wbGVkZW1vMSowKAYDVQQDDCFPcGVuRUNPTVAgc2ltcGxlZGVt
-byBTZXJ2ZXIgQ0EgWDExJzAlBgkqhkiG9w0BCQEWGHNpbXBsZWRlbW9Ab3BlbmVj
-b21wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr4rivKQuRk
-YNf5Ig40e1nqj6s6LB1vgMOYbKfRziOFpPcUpsHPOhusHowiUsrU1vdFSzPz6Ej7
-PjlmNSg2Qka8YCn9kd6QgM7U0KcPJvIucBp+qjifH3EvP0jgDPhDeVRYxzV454dv
-5kQ9uCpswJP7YAnX51dkWeH8nwPUoagt31bOl9LXENSrgxEThxdLYMJnQJWk2CmV
-otXM4tT1dxyJxFUrZ6uJCEAYw5VtlplqihHf8lHy+sWQavtsLz/4dc+sGeXSTfoI
-voKvoh3uZ5gEhGV8yfJxk1veX5y5/AxP80vQ+smWYjTnQL5QQ57y4bciez4XVBmQ
-SWimWtOi4e8CAwEAAaOBtTCBsjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBhjAdBgNVHQ4EFgQUTqdsYgGNGubdJHq9tsaJhM9HE5wwcAYDVR0gBGkwZzBl
-BgRVHSAAMF0wWwYIKwYBBQUHAgIwTxpNSWYgeW91IHRydXN0IHRoaXMgY2VydCB0
-aGVuIHdlIGhhdmUgYSBicmlkZ2UgdGhhdCB5b3UgbWlnaHQgYmUgaW50ZXJlc3Rl
-ZCBpbi4wDQYJKoZIhvcNAQELBQADggIBAKNNlRqFuE/JgV1BHyYK0xoSXH4aZP/7
-IoHtDVcSaZAOOuFOUrwVMUbzRBebbb6RpFwt/X+NLFUGysd+XNLF7W7lzxKtmFNX
-n4OpNkBe0y5O7yurus8rERHzu3jiOSgVo+WzDlGpYSRnG3hI2qPWqD+Puzx/WwI8
-XUTuzEQQ3gUSyVFfXHpay3VpYmLZiLJ9WKY5SDw7Ie6Sxrju4Qm1HwnFY8wHZGcs
-2KMQzorJ1ZNQf523yUTghbT0rKaSFaD8zugPtI2ONfFG/QgrkQXo78opzPsHnHwa
-SxGSiAgeLbwAUCvPNl27zr6k6+7TcNjV0VUivAs0OG3VEAdgi7UWYB+30KfWwHwE
-zGmvd4IAGqIqlqLcSVArN5z8JK1B5nfjQn5UrclU1vK+dnuiKE2X4rKuBTRYRFR/
-km+mj4koYFPKFHndmJl1uv2OCJK9l5CSIuKWeI1qv8BASKqgNdoT/SKBXqxgYlCb
-o+j4IDjxrxChRO+e5vl9lA7INfRrbljCkUjfLRa+v2q9tWQ3+EQUwwnSrSfihh2T
-j0Tksr6b8dDsvMlCdOKG1B+JPcEXORSFKNXVTEfjqpJG8s16kFAocWt3S6xO0k1t
-qbQp+3tWQgW2TGnX0rMZzB6NGRNfWhlYmq2zHgXkiCIZ26Ztgt/LNbwEvN3+VlLo
-z/Rd+SKtlrfb
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGQTCCBCmgAwIBAgIJANSi/bsXEOI5MA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV
-BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3Bl
-bkVDT01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEn
-MCUGCSqGSIb3DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEy
-ODIxMTQyNVoXDTI2MTEyNjIxMTQyNVowgb0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMw
-EQYDVQQLDApzaW1wbGVkZW1vMTowOAYDVQQDDDFPcGVuRUNPTVAgc2ltcGxlZGVt
-byBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MScwJQYJKoZIhvcNAQkBFhhz
-aW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
-ggIKAoICAQDLgdDTCZX5xlMFIo+tjj5DItAwbutQE3NMchx/CRIuYwRCBOEO0yOs
-AdnZAuheYrjv/Dw4wKNzcvtIlYbfiPsGWVvx5j6+xoGBLLwIOnDyzD2B62uCvMs9
-47MAuiqpPojPwDDb9fF5EIhlC+cBzSYKm7D5ihYxmUCnh9yHIPEMq0IoVj2illlK
-eCTLW+bZKeaKoWdkFxyyzykOoMFgZTUm01EhDIt1DHTve675Qq80UgzrZdSK6Zjv
-3wLV7tkJSGmCkbUELpxsTLKYuaGUkE0m5n3SMUcvBDa6WNQpWlUbZlTwWotOrxfN
-Gib3nGiqyCmQXrVvuuBDzmZifZaJpBGiiGiOxp0j79E/OZkfk/9V3Hvfy78Ss9H5
-uhf/ACGKsUq9nN25u+Wpz7EzAQm/OBubBrBCMP/8pm+y1jCfQ6Bwd0Nm48KrJkTe
-ySkferISNmpQZ2dyZXQVXMarbRfagQ6XdJw6EVnDwydVzb5LAqam3JUXjsHIj7Gv
-2DmXwJtwV+cnKB/OxRsP/JWwlyC9pFGy17HWc7EwPqXm1UNdDM36UaoBDzsh3DcI
-vg5+BOOtYPmiZ2+CMD2JxAXmtCMAmQA1mSsW7beTuHKy+7EdCAWcregE60PE3w2l
-G8n50YSXb0WZ2IaQUsBhhpZmu6VVTEcoi5eMglI6QyO21y0oKPYWPQIDAQABo0Iw
-QDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmmQF
-QD3oWZUOVE81Qc9WSfcyqwwwDQYJKoZIhvcNAQELBQADggIBAE1ArwZwMVVJe1Pj
-p1R9+Q766Qhzh4EN9RFCsktCcf4pB23lPtFhMhIZJP5eZKLB4MUIvtmleU+DmOWf
-jcEcgauMrc9Ihacra+IRJsr4JQjQSDHoEgl/yR6VUd9vbGH66ElIg9nP7XWAE6h5
-DTAxA8X1qyUOVGsKAps2uhBwNtl8RdX6GrZahkSOUMOq3H4wyEEPQlpU2AewZqOU
-p0vdbQ/is6cbJh6dgxFrSzBti/MKj/EPM6yJwlO+RfGlJmEI7J7bLEYIeNssLnv6
-FGiOgyWQ+gmwVK827F4Jwoght2BCcNsG/oPkAPbdw4yRIyi92QSWMEBKibECypQE
-a1DYvfHWGQLQifGzFuJTOca9vgu2B/BQ+0Ii4DqMS8hc2rw1CAD5zHAT/BIgAKM6
-ygL5Oyvrj8AQLgOkjhFh0HFKneh4j7wBtibpmDnBoSv227PAtdytCoRgivjhmF5B
-Ryx7BswcTEtZHWHxD/i2wlMEGNqGbcRmCCy9hhCxitAz70aq3Y/pC46n7w5bOmvJ
-Ap9D+WmTJ9PdpDjiwCXCkMD3QaTuUV1W3Zr4mLLj6gRLb6ycgDrsqXnY6/JB/AOd
-gxFK9q1vjhm02FAABIa+kL10CKPuRdlE/GsWl03WKMeT5bY3MTO3odsNXhKWA19h
-wUAp0gnljuFHPX7jWwruZ1eD8mQv
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
--- /dev/null
+{{- define "so.certificate.container_importer" -}}
+- name: {{ include "common.name" . }}-certs-importer
+ image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - "/bin/sh"
+ args:
+ - "-c"
+ - "update-ca-certificates --fresh && \
+ cp -r {{ .Values.global.certificates.path }}/* /certificates"
+ volumeMounts:
+ - name: {{ include "common.name" . }}-certificates
+ mountPath: /certificates
+ - name: {{ include "common.name" . }}-onap-certificates
+ mountPath: {{ .Values.global.certificates.share_path }}
+{{- end -}}
+
+{{- define "so.certificate.volume-mounts" -}}
+- name: {{ include "common.name" . }}-certificates
+ mountPath: {{ .Values.global.certificates.path }}
+- name: {{ include "common.name" . }}-onap-certificates
+ mountPath: {{ .Values.global.certificates.share_path }}
+{{- end -}}
+
+{{- define "so.certificate.volumes" -}}
+- name: {{ include "common.name" . }}-certificates
+ emptyDir:
+ medium: Memory
+- name: {{ include "common.name" . }}-onap-certificates
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }}
+{{- end -}}
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
- - command:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/job_complete.py
args:
- --job-name
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
{{- if eq .Values.global.security.aaf.enabled true }}
- name: TRUSTSTORE
value: /app/org.onap.so.trust.jks
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /var/log/onap/so
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+# Modifications Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ soBaseImage: onap/so/base-image:1.0
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
servicePort: "3306"
- mariadbRootPassword: secretpassword
+ # mariadbRootPassword: secretpassword
+ # rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
#serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
localCluster: false
dbPort: 3306
dbUser: root
dbPassword: secretpassword
+ # dbCredsExternalSecret: some secret
msbEnabled: true
security:
aaf:
certs:
trustStorePassword: b25hcDRzbw==
keyStorePassword: c280b25hcA==
+ certificates:
+ path: /etc/ssl/certs
+ share_path: /usr/local/share/ca-certificates/
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}'
+ password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
+ - uid: db-backup-creds
+ name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
+ login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
+ password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: "0"
+ helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.userName }}'
+ password: '{{ .Values.dbCreds.userPassword }}'
+ passwordPolicy: generate
+ - uid: db-admin-creds
+ name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.adminName }}'
+ password: '{{ .Values.dbCreds.adminPassword }}'
+ passwordPolicy: generate
+ - uid: "so-onap-certs"
+ name: &so-certs '{{ include "common.release" . }}-so-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certificates/onap-ca.crt
+ - resources/config/certificates/msb-ca.crt
+
#################################################################
# Application configuration defaults.
#################################################################
+
+dbSecrets: &dbSecrets
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
+
+# unused in this, just to pass to subcharts
+dbCreds:
+ userName: so_user
+ adminName: so_admin
+
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.5.3
+image: onap/so/api-handler-infra:1.6.0
pullPolicy: Always
replicaCount: 1
minReadySeconds: 10
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
+persistence:
+ certificatesPath: /certificates
resources:
small:
limits:
logstashServiceName: log-ls
logstashPort: 5044
-
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
# --set so.global.mariadbGalera.localCluster=true \
# --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
# --set so.global.mariadbGalera.serviceName=so-mariadb-galera
mariadb-galera:
+ config:
+ mariadbRootPasswordExternalSecret: *dbRootPassSecretName
nameOverride: so-mariadb-galera
replicaCount: 1
service:
auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
health:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+
so-bpmn-infra:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
cds:
auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
aai:
vnfm:
adapter:
auth: Basic dm5mbTpwYXNzd29yZDEk
+
so-catalog-db-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
mso:
config:
cadi:
adapters:
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
+so-monitoring:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+
so-openstack-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
aaf:
auth:
encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
mso:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ basicUser: poBpmn
config:
cadi:
aafId: so@so.onap.org
noAuthn: /manage/health
db:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-request-db-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
mso:
config:
cadi:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-sdc-controller:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
mso:
asdc-connections:
asdc-controller1:
password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+
so-sdnc-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
org:
onap:
so:
auth: Basic YnBlbDpwYXNzd29yZDEk
rest:
aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+
+so-ve-vnfm-adapter:
+ certSecret: *so-certs
+
so-vfc-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
mso:
config:
cadi:
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+
so-vnfm-adapter:
+ certSecret: *so-certs
aaf:
auth:
username: so@so.onap.org
aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
apiEnforcement: org.onap.so.vnfmAdapterPerm
noAuthn: /manage/health
+
+so-mariadb:
+ db:
+ rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+ rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+ backupCredsExternalSecret: *dbBackupCredsSecretName
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:2.0.2
+image: onap/usecase-ui-server:3.0.1
pullPolicy: Always
# application configuration
command:
- /bin/bash
- -c
- - /home/uui/tomcat/bin/catalina.sh run
+ - /home/uui/uuiStartup.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
"path":"/iui/usecaseui",
"protocol": "UI",
"port": "{{ .Values.service.internalPort }}",
- "visualRange":"1"
+ "visualRange":"1",
+ "enable_ssl": true
}
]'
spec:
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui:2.0.1
+image: onap/usecase-ui:3.0.1
pullPolicy: Always
# application configuration
type: NodePort
name: uui
portName: uui
- internalPort: 8080
+ internalPort: 8443
nodePort: 98
ingress:
service:
- baseaddr: uui
name: "uui"
- port: 8080
+ port: 8443
config:
ssl: "none"
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-version: 1
-disable_existing_loggers: False
-
-loggers:
- catalog:
- handlers: [cataloglocal_handler, catalog_handler]
- level: "DEBUG"
- propagate: False
- django:
- handlers: [django_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- cataloglocal_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/runtime_catalog.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
- catalog_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/vfc/catalog/runtime_catalog.log"
- formatter:
- "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
- django_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/django.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format:
- "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
- mdcFormat:
- format:
- "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.config.mariadbService }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- command:
- - sh
- args:
- - -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_PROTO
- value: "{{ .Values.global.config.msbprotocol }}"
- - name: SSL_ENABLED
- value: "{{ .Values.global.config.ssl_enabled }}"
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- - name: MYSQL_ROOT_USER
- value: "{{ .Values.global.config.mariadb_admin }}"
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: REG_TO_MSB_WHEN_START
- value: "{{ .Values.global.config.reg_to_msb_when_start }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-catalog
- mountPath: /service/vfc/nfvo/catalog/static
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/catalog/config/log.yml
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-catalog
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "catalog",
- "version": "v1",
- "url": "/api/catalog/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "enable_ssl": {{ .Values.global.config.ssl_enabled }},
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
- type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
- policy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/catalog:1.3.8
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- # mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: vfc/catalog
-
-service:
- type: ClusterIP
- name: vfc-catalog
- portName: vfc-catalog
- externalPort: 8806
- internalPort: 8806
-# nodePort: 30806
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.7
+image: onap/vfc/nslcm:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.7
+image: onap/vfc/vnflcm:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
mariadbPort: 3306
mariadbRootPasswordExternalSecret: *dbRootPassSecret
-vfc-catalog:
- config:
- << : *dbConfig
-
vfc-nslcm:
config:
<< : *dbConfig
- name: VID_MYSQL_DBNAME
value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: VID_MYSQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }}
- name: VID_MYSQL_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }}
- name: VID_MYSQL_MAXCONNECTIONS
value: "{{ .Values.config.vidmysqlmaxconnections }}"
volumeMounts:
- /dbcmd-config/db_cmd.sh
env:
- name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }}
- name: MYSQL_HOST
value: {{ index .Values "mariadb-galera" "service" "name" }}
- name: MYSQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
restartPolicy: Never
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
kind: Secret
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:6.0.3
+image: onap/vid:6.0.4
pullPolicy: Always
# mariadb image for initializing
userName: vidadmin
# userCredentialsExternalSecret: some secret
# userPassword: password
- vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!'
+ vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g'
asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
asdcclientrestport: "8443"
vidaaiport: "8443"
Code Review / oom.git / commitdiff