-Subproject commit a8c4e701f9c26038a9ac9f22d5dd95fd54ebc1ca
+Subproject commit bac40922e4043c632e1a8a5fe1531a640cbfe6c2
subPath: exec.py
containers:
- name: cassandra-backup-validate
- image: "{{ .Values.image }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
#!/bin/bash
+{{/*
# Copyright © 2020 Bell Canada
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
CERTS_DIR=${CERTS_DIR:-/certs}
WORK_DIR=${WORK_DIR:-/updatedTruststore}
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
# See the License for the specific language governing permissions and
# limitations under the License.
-
#################################################################
# Global configuration defaults.
#################################################################
##
replicaCount: 3
## master acts as master only node, choose 'no' if no further data nodes are deployed)
-dedicatednode: "yes"
+dedicatednode: 'yes'
## dedicatednode: "no"
image: bitnami/elasticsearch:7.6.1
## Specify a imagePullPolicy
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube.
- limits: {}
+ limits:
+ cpu: 25m
+ memory: 1Gi
# cpu: 100m
# memory: 128Mi
requests:
- cpu: 25m
- memory: 256Mi
+ cpu: 5m
+ memory: 310Mi
## Elasticsearch master-eligible container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
## Service parameters for master-eligible node(s)
##
service:
- suffix: "service"
- name: ""
+ suffix: 'service'
+ name: ''
## list of ports for "common.containerPorts"
## Elasticsearch transport port
ports:
- - name: http-transport
- port: 9300
+ - name: http-transport
+ port: 9300
## master-eligible service type
##
type: ClusterIP
## If not set and create is true, a name is generated using the fullname template
# name:
-
## Elasticsearch cluster name
##
clusterName: elastic-cluster
-
-
-
#!/bin/bash
+{{/*
#
# Adfinis SyGroup AG
# openshift-mariadb-galera: mysql setup script
#
+*/}}
set -eox pipefail
#!/bin/bash
+{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
# make sure the script fails if any of commands failed
set -e
#!/bin/bash
+{{/*
#
# ============LICENSE_START==========================================
# org.onap.music
#
# ============LICENSE_END=============================================
# ====================================================================
+*/}}
echo "Running startup script to get password from certman"
PWFILE=/opt/app/aafcertman/.password
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
ingress:
enabled: false
-resources: {}
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 100Mi
+ requests:
+ cpu: 30m
+ memory: 25Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
name: consul-agent-scripts-config
- mountPath: /consul/certs
name: consul-agent-certs-config
+ resources: {{ include "common.resources" . | nindent 10 }}
volumes:
- configMap:
name: {{ include "common.fullname" . }}-configmap
port: 8800
config:
ssl: "none"
-
-resources: {}
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1500Mi
+ requests:
+ cpu: 650m
+ memory: 530Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
odl:
jolokia:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MSB_ADDR
- value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}"
- name: SSL_ENABLED
value: "{{ .Values.config.ssl_enabled }}"
- name: MSB_ENABLED
value: "{{ .Values.config.msb_enabled }}"
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}"
+ - name: SDC_ADDR
+ value: "{{ .Values.config.sdcProtocol }}://{{ .Values.config.sdcServiceName }}:{{ .Values.config.sdcPort }}"
+ - name: DMAAP_ENABLED
+ value: "{{ .Values.config.dmaap_enabled }}"
+ - name: DMAAP_ADDR
+ value: "{{ .Values.config.dmaapProtocol }}://{{ .Values.config.dmaapServiceName }}:{{ .Values.config.dmaapPort }}"
- name: DB_IP
value: "{{ include "common.mariadbService" . }}"
- name: DB_PORT
config:
#application configuration about msb
ssl_enabled: false
+ msb_enabled: false
msbProtocol: https
msbServiceName: msb-iag
msbPort: 443
- msb_enabled: true
+ sdcProtocol: https
+ sdcServiceName: sdc-be
+ sdcPort: 8443
+ dmaap_enabled: false
+ dmaapProtocol: https
+ dmaapServiceName: message-router-external
+ dmaapPort: 3905
+
#application configuration user password about mariadb
db:
userName: etsicatalog
flavor: small
repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.7
+image: onap/modeling/etsicatalog:1.0.8
initImage: busybox:latest
pullPolicy: Always
\r
## App DB Properties\r
spring.datasource.url=jdbc:mysql://portal-db:3306/portal\r
-spring.datasource.username=root\r
-spring.datasource.password=Aa123456\r
+spring.datasource.username=${PORTAL_DB_USER}\r
+spring.datasource.password=${PORTAL_DB_PASSWORD}\r
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect\r
spring.database.driver.classname=org.mariadb.jdbc.Driver\r
spring.jpa.show-sql=false\r
spring.jpa.properties.hibernate.format_sql=false\r
\r
## Basic Authentication Properties\r
-security.user.name=widget_user\r
-security.user.password=ENC(IjywcRnI9+nuVEh9+OFFiRWAjBT1n718)\r
+security.user.name=${WIDGET_USER}\r
+security.user.password=${WIDGET_PASSWORD}\r
\r
initialization.default.widgets=true\r
initialization.widgetData.url=http://portal-app:{{.Values.global.portalPort}}/ONAPPORTAL/commonWidgets\r
\r
## Account Basic Authentication Properties\r
-account.user.name=portal\r
-account.user.password=6APqvG4AU2rfLgCvMdySwQ==\r
+account.user.name=${ACC_USER}\r
+account.user.password=${ACC_PASSWORD}\r
\r
## Certificate Properties\r
#server.ssl.key-store=classpath:widget-keystore.p12\r
#server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8)\r
#server.ssl.keyStoreType=PKCS12\r
#server.ssl.keyAlias=widget-microservice\r
-\r
jasypt:
encryptor:
- password: EncryptionKey
+ password: ${JASYPT_ENC_KEY}
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-portal-widget-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ cd /config-input && \
+ for PFILE in `ls -1 *.*`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ chmod 0755 /config/${PFILE}
+ done
+ env:
+ - name: PORTAL_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
+ - name: PORTAL_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
+ - name: WIDGET_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }}
+ - name: WIDGET_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }}
+ - name: ACC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }}
+ - name: ACC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }}
+ - name: JASYPT_ENC_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: properties-onapwidgetms-scrubbed
+ - mountPath: /config
+ name: properties-onapwidgetms
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
hostPath:
path: /etc/localtime
- name: properties-onapwidgetms
+ emptyDir:
+ medium: Memory
+ - name: properties-onapwidgetms-scrubbed
configMap:
name: {{ include "common.fullname" . }}-onapwidgetms
defaultMode: 0755
--- /dev/null
+{{/*
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
ubuntuInit: ubuntu-init:1.0.0
+ envsubstImage: dibi/envsubst
+
+################################################################
+# Secrets metaconfig
+#################################################################
+
+secrets:
+ - uid: portal-backend-db
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
+ login: '{{ .Values.mariadb.config.backendUserName }}'
+ password: '{{ .Values.mariadb.config.backendPassword }}'
+ passwordPolicy: required
+ - uid: portal-widget
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.widgetCredsExternalSecret) . }}'
+ login: '{{ .Values.config.widgetUsername }}'
+ password: '{{ .Values.config.widgetPassword }}'
+ passwordPolicy: required
+ - uid: portal-account
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.accountCredsExternalSecret) . }}'
+ login: '{{ .Values.config.accountUsername }}'
+ password: '{{ .Values.config.accountPassword }}'
+ passwordPolicy: required
+ - uid: jasypt-enc-key
+ type: password
+ externalSecret: '{{ .Values.config.jasyptEncKeyExternalSecret}}'
+ password: '{{ .Values.config.jasyptEncKey }}'
+ passwordPolicy: required
+
+config:
+ widgetUsername: widget_user
+ widgetPassword: widget_pass
+# widgetCredsExternalSecret: some secret
+ accountUsername: portal
+ accountPassword: portal
+# accountCredsExternalSecret: some secret
+ jasyptEncKey: EncryptionKey
+ # jasyptEncKeyExternalSecret: some secret
#################################################################
# Application configuration defaults.
mariadb:
service:
name: portal-db
+ config:
+ # backendDbExternalSecret: some secret
+ backendUserName: portal
+ backendPassword: portal
service:
type: ClusterIP
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: ODL_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+
volumeMounts:
- mountPath: /config-input
name: config-input
vnf:
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter
rest:
- endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs
+ endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/{{ .Values.vnf.api.version }}/vnfs
volume-groups:
rest:
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
-
-
#################################################################
# Application configuration defaults.
#################################################################
sniro:
endpoint: http://replaceme:28090/optimizationInstance/V1/create
+vnf:
+ api:
+ version: v2
+
replicaCount: 1
minReadySeconds: 10
containerPort: &containerPort 8081
apiEnforcement: org.onap.so.bpmnPerm
containerPort: *containerPort
-
# Resource Limit flavor -By Default using small
flavor: large
# Segregation for Different environment (Small and Large)
cpu: 1000m
unlimited: {}
livenessProbe:
- path: /manage/health
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
nodeSelector: {}
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export TRUSTSTORE="file:/${TRUSTSTORE}"
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password}"
{{- end }}
keytool -import -trustcacerts -alias msb_root -file \
/certificates/msb-ca.crt -keystore \
"{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -keypass $cadi_truststore_password -noprompt
+ -storepass $cadi_truststore_password -noprompt
+ keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
+ -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
+ -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
+ -deststorepass $cadi_truststore_password -noprompt
volumeMounts:
{{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
- name: {{ include "common.name" $dot }}-msb-certificate
# Secrets metaconfig
#################################################################
secrets:
- - uid: "so-onap-certs"
+ - uid: 'so-onap-certs'
name: '{{ include "common.release" . }}-so-certs'
externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
type: generic
fqdn: so
fqi: so@so.onap.org
public_fqdn: so.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
+ cadi_longitude: '0.0'
+ cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
+ trustStoreAllPass: changeit
aaf_add_config: >
/opt/app/aaf_config/bin/agent.sh local showpass
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop