-Subproject commit fa694e0feb325333cfffb7d7852aa97264f96b6c
+Subproject commit a8c4e701f9c26038a9ac9f22d5dd95fd54ebc1ca
curr_time=$1
echo "Clearing snapshots!!!"
command="nodetool clearsnapshot -t $curr_time"
- /app/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
}
{{ $root := . }}
curr_time=`date +%s`
echo "Executing cleanup!!"
command="nodetool cleanup"
- /app/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
echo "Cleaned Node!! Backing up database now!!!"
command="nodetool snapshot -t $curr_time"
- /app/exec.py -p "cassandra" -c "$command"
+ /app/exec.py -p "{{ include "common.name" . }}" -c "$command"
retCode=$?
if [ $retCode -ne 0 ]; then
echo "Backup Failed!!!"
{{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
{{/* when linted, the name must be lower cased. When used from a component,
name should be overriden in order to avoid collision so no need to do it */}}
- {{- if eq (printf "common/%s/templates" $name) $dot.Template.BasePath -}}
+ {{- if eq (printf "%s/templates" $name) $dot.Template.BasePath -}}
{{- $name = lower $name -}}
{{- end -}}
{{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
"version": "{{ default "v1" $msb_information.version }}",
"url": "{{ default "/" $msb_information.url }}",
"protocol": "{{ default "REST" $msb_information.protocol }}",
+ "enable_ssl": {{ default false $msb_information.enable_ssl }},
"port": "{{ $msb_information.port }}",
"visualRange":"{{ default "1" $msb_information.visualRange }}"
}
- mountPath: /backup
name: {{ include "common.fullname" $dot }}-backup
readOnly: true
- resources:
-{{ include "common.resources" $dot | indent 12 }}
+ resources: {{ include "common.resources" $dot | nindent 12 }}
{{- if $dot.Values.nodeSelector }}
nodeSelector:
{{ toYaml $dot.Values.nodeSelector | indent 10 }}
ingress:
enabled: false
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
</void>
<void method="put">
<int>37</int>
- <string>-477565695</string>
+ <string>-1501801709</string>
</void>
<void method="put">
<int>20037</int>
</void>
<void method="put">
<int>20011</int>
- <boolean>true</boolean>
+ <boolean>false</boolean>
</void>
<void method="put">
<int>10011</int>
</void>
<void method="put">
<int>20013</int>
- <boolean>true</boolean>
+ <boolean>false</boolean>
</void>
<void method="put">
<int>10013</int>
value: {{ .Values.config.openStackVNFTenantId | quote }}
- name: ONAP_CLOUDOWNER
value: {{ .Values.config.cloudOwner }}
+ - name: ONAP_K8SCLOUDREGIONID
+ value: {{ .Values.config.k8sCloudRegionId }}
+ - name: ONAP_K8SCLOUDOWNER
+ value: {{ .Values.config.k8sCloudOwner }}
- name: NBI_URL
value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4"
- name: SDC_HOST
logstashServiceName: log-ls
logstashPort: 5044
cloudOwner: CloudOwner
+ k8sCloudRegionId: k8sregionfour
+ k8sCloudOwner: k8scloudowner4
ecompInstanceId: OOM
openStackRegion: RegionOne
openStackVNFTenantId: 31047205ce114b60833b23e400d6a535
- name: certInitializer
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: log.conf
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
- name: {{ include "common.name" . }}-nginx
image: "{{ .Values.global.dockerHubRepository }}/{{ .Values.nginx.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
+ cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
+ /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- if .Values.liveness.enabled }}
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
+ - mountPath: /tmp/AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
+ - mountPath: /tmp/intermediate_root_ca.pem
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: intermediate_root_ca.pem
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: conductor.conf
- key: log.conf
path: log.conf
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
service:
type: NodePort
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: aai_key.key
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: aai_cert.cer
- key: aai_key.key
path: aai_key.key
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
-
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
- name: common
version: ~6.x-0
repository: '@local'
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://../../../oof-templates'
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: AAF_RootCA.cer
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: aaf_root_ca.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
- - key: AAF_RootCA.cer
- path: AAF_RootCA.cer
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
readinessImage: onap/oom/readiness:3.0.1
repository: nexus3.onap.org:10001
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
+
+#################################################################
+# secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
ingress:
enabled: false
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
listen 8091 ssl;
server_name oof;
- ssl_certificate /opt/bitnami/nginx/ssl/local/org.onap.oof.crt;
+ ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
repository: nexus3.onap.org:10001
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.1.1
+ optf_has: onap/optf-has:2.1.2
filebeat: docker.elastic.co/beats/filebeat:5.5.0
persistence:
enabled: true
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
pullPolicy: Always
nodePortPrefix: 302
dataRootDir: /dockerdata-nfs
#component overrides
oof-has-api:
enabled: true
+ certSecret: *oof-certs
oof-has-controller:
enabled: true
+ certSecret: *oof-certs
oof-has-data:
enabled: true
+ certSecret: *oof-certs
oof-has-reservation:
enabled: true
+ certSecret: *oof-certs
oof-has-solver:
enabled: true
+ certSecret: *oof-certs
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP OOF helm templates
+name: oof-templates
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+
--- /dev/null
+{{- define "oof.certificate.volume" -}}
+- name: {{ include "common.fullname" . }}-onap-certs
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }}
+ items:
+ - key: aaf_root_ca.cer
+ path: aaf_root_ca.cer
+ - key: intermediate_root_ca.pem
+ path: intermediate_root_ca.pem
+{{- end -}}
+
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
version: ~6.x-0
repository: 'file://components/oof-has'
condition: oof-has.enabled
+ - name: oof-templates
+ version: ~6.x-0
+ repository: 'file://components/oof-templates'
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
+
external: 8698 # clients use this port on DockerHost
osdf_ip_default: 0.0.0.0
# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: ['/opt/osdf/osaaf/local/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
+ ssl_context: ['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']
osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
resource_sharing_level:
source: request
value: serviceProfile.resourceSharingLevel
+ slice_scope:
+ source: request
+ value: slice_scope
reuse_preference:
source: request
value: preferReuse
policy_scope:
-
scope:
- - get_param: resource_sharing_level
- - get_param: reuse_preference
+ - get_param: slice_scope
services:
- get_param: service_name
+ resources:
+ - get_param: service_name
subnet_selection:
policy_fetch: by_scope
- OSDF_GUILIN
services:
- get_param: service_name
+ resources:
+ - get_param: service_name
placement:
policy_fetch: by_scope
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/conf/*").AsConfig . | indent 2 }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ args:
+ - "-c"
+ - |
+ grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
+ cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
+ ./osdfapp.sh -x osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
- name: {{ include "common.fullname" . }}-config
+ name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem
+ name: {{ include "common.fullname" . }}-onap-certs
+ subPath: intermediate_root_ca.pem
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
items:
- key: osdf_config.yaml
path: osdf_config.yaml
- - key: aaf_root_ca.cer
- path: aaf_root_ca.cer
- key: common_config.yaml
path: common_config.yaml
- key: log.yml
path: log.yml
+{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: oof-onap-certs
+ name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certs/intermediate_root_ca.pem
+ - resources/config/certs/aaf_root_ca.cer
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:3.0.0
+image: onap/optf-osdf:3.0.1
pullPolicy: Always
# flag to enable debugging - application support required
enabled: true
oof-has:
enabled: true
+ certSecret: *oof-certs
"parameters":{
"asdcAddress": "sdc-be:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "${SDCBE_USER}",
"password": "${SDCBE_PASSWORD}",
-Subproject commit 34913f2223539640c81ae9e7a65744a09a95c9ce
+Subproject commit da28d1cdc573a726d3fc8a19638ebc8b3679295f
name: sdc-be
both_tls_and_plain: true
msb:
- - port: 8080
+ - port: 8443
url: "/sdc/v1"
version: "v1"
protocol: "REST"
visualRange: "1"
serviceName: sdc
+ enable_ssl: true
- port: 8080
url: "/sdc/v1"
version: "v1"
logstashPort: 5044
environment:
workflowUrl: 10.0.2.15
- vnfRepoPort: 8702
+ vnfRepoPort: 8703
#Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster
cassandra:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
nssmf:
endpoint: http://so-nssmf-adapter.{{ include "common.namespace" . }}:8088
+ oof:
+ endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/v1
+ timeout: PT5M
+ callback:
+ endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/callback/v1
bpmn:
process:
historyTimeToLive: '30'
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP SO ETSI NFVO NS LCM
+name: so-etsi-nfvo-ns-lcm
+version: 6.0.0
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+aai:
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ version: v19
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+spring:
+ security:
+ usercredentials:
+ - username: ${ETSI_NFVO_USERNAME}
+ password: ${ETSI_NFVO_PASSWORD}
+ role: ETSI-NFVO-Client
+server:
+ port: {{ .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+mso:
+ key: {{ .Values.mso.key }}
+so:
+ adapters:
+ sol003-adapter:
+ url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
+ auth: {{ .Values.so.sol003.adapter.auth }}
+etsi-catalog-manager:
+ base:
+ {{- if .Values.global.msbEnabled }}
+ endpoint: https://msb-iag:443/api
+ http:
+ client:
+ ssl:
+ trust-store: ${TRUSTSTORE}
+ trust-store-password: ${TRUSTSTORE_PASSWORD}
+ {{- else }}
+ endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api
+ {{- end }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ {{- if .Values.global.security.aaf.enabled }}
+ export KEYSTORE_PASSWORD="${cadi_keystore_password}"
+ {{- end }}
+ {{- end }}
+ ./start-app.sh
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: ETSI_NFVO_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }}
+ - name: ETSI_NFVO_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }}
+ {{ include "so.certificates.env" . | indent 12 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-truststore
+ mountPath: /app/client
+ readonly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ index .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-truststore
+ secret:
+ secretName: {{ include "common.release" . }}-so-truststore-secret
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessImage: onap/oom/readiness:3.0.1
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: etsi-nfvo-nslcm-creds
+ name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}'
+ login: '{{ .Values.etsi.nfvo.nslcm.username }}'
+ password: '{{ .Values.etsi.nfvo.nslcm.password }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/so-etsi-nfvo-ns-lcm:1.7.4
+pullPolicy: Always
+
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+etsi:
+ nfvo:
+ nslcm:
+ username: so-etsi-nfvo-ns-lcm
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+so:
+ sol003:
+ adapter:
+ auth: Basic dm5mbTpwYXNzd29yZDEk
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 9095
+logPath: ./logs/so-etsi-nfvo-ns-lcm/
+app: so-etsi-nfvo-ns-lcm
+service:
+ type: ClusterIP
+ name: so-etsi-nfvo-ns-lcm
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
+ msb.onap.org/service-info: |
+ {{ if not .Values.global.msbDisabled -}}[
+ {
+ "serviceName": "{{ include "common.servicename" . }}",
+ "version": "v1",
+ "url": "/so/so-etsi-nfvo-ns-lcm/v1",
+ "protocol": "REST",
+ "port": "{{ include "common.getPort" (dict "global" . "name" "nfvo-nslcm-port") }}",
+ "visualRange":"1"
+ }
+ ]{{ end }}
+ ports:
+ - name: http-api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-nfvo-cert-init
+ certInitializer:
+ nameOverride: so-nfvo-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.nfvoAdapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+
+livenessProbe:
+ port: 9095
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'soetsinfvonslcm'
+ name: 'so-etsi-nfvo-ns-lcm'
+ port: 9095
+ config:
+ ssl: 'redirect'
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+DB_PASSWORD=`prepare_password $DB_PASSWORD`
+
mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
DROP USER IF EXISTS '${DB_USER}';
CREATE USER '${DB_USER}';
echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD`
+
mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
DROP USER IF EXISTS '${DB_ADMIN}';
CREATE USER '${DB_ADMIN}';
--- /dev/null
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: so-oof-adapter
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+logging:
+ path: logs
+spring:
+ security:
+ usercredentials:
+ - username: ${BPEL_USERNAME}
+ password: ${BPEL_PASSWORD}
+ role: BPEL-Client
+ - username: ${ACTUATOR_USERNAME}
+ password: ${ACTUATOR_PASSWORD}
+ role: ACTUATOR
+server:
+ port: {{ index .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+
+mso:
+ site-name: localSite
+ logPath: ./logs/oof
+ msb-ip: msb-iag.{{ include "common.namespace" . }}
+ msb-port: 80
+ msoKey: ${MSO_KEY}
+ camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
+ camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}}
+ workflow:
+ message:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
+ oof:
+ auth: ${OOF_LOGIN}:${OOF_PASSWORD}
+ endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ env:
+ - name: DB_HOST
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.host
+ - name: DB_PORT
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.release" . }}-so-db-secrets
+ key: mariadb.readwrite.port
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: MSO_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-adapter-mso-key" "key" "password") | indent 10 }}
+ - name: OOF_LOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }}
+ - name: OOF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }}
+ {{ include "so.certificates.env" . | indent 8 | trim }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "so.helpers.livenessProbe" .| indent 8 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ envsubstImage: dibi/envsubst
+ persistence:
+ mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+# Secrets metaconfig
+#################################################################
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: oof-adapter-mso-key
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+ password: '{{ .Values.mso.msoKey }}'
+ - uid: oof-auth
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.mso.oof.authSecret) . }}'
+ login: '{{ .Values.mso.oof.login }}'
+ password: '{{ .Values.mso.oof.password }}'
+ passwordPolicy: required
+
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+repository: nexus3.onap.org:10001
+image: onap/so/so-oof-adapter:1.7.2
+pullPolicy: Always
+
+mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ oof:
+ login: test
+ password: testpwd
+
+replicaCount: 1
+containerPort: &containerPort 8090
+minReadySeconds: 10
+containerPort: *containerPort
+logPath: ./logs/oof/
+app: so-oof-adapter
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+
+soHelpers:
+ nameOverride: so-oof-adapter-cert-init
+ certInitializer:
+ nameOverride: so-oof-adapter-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.oofadapterPerm
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ path: /manage/health
+ port: *containerPort
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+ingress:
+ enabled: false
+nodeSelector: {}
+tolerations: []
+affinity: {}
version: ~6.x-0
repository: 'file://components/so-db-secrets'
condition: so-etsi-nfvo-ns-lcm.enabled
+ - name: so-etsi-nfvo-ns-lcm
+ version: ~6.x-0
+ repository: 'file://components/so-etsi-nfvo-ns-lcm'
+ condition: so-etsi-nfvo-ns-lcm.enabled
- name: so-mariadb
version: ~6.x-0
repository: 'file://components/so-mariadb'
version: ~6.x-0
repository: 'file://components/so-nssmf-adapter'
condition: so-nssmf-adapter.enabled
+ - name: so-oof-adapter
+ version: ~6.x-0
+ repository: 'file://components/so-oof-adapter'
+ condition: so-oof-adapter.enabled
- name: so-openstack-adapter
version: ~6.x-0
repository: 'file://components/so-openstack-adapter'
type: generic
filePaths:
- resources/config/certificates/msb-ca.crt
+ - uid: "mso-key"
+ name: &mso-key '{{ include "common.release" . }}-mso-key'
+ type: password
+ password: '{{ .Values.global.app.msoKey }}'
+ - uid: mso-oof-auth
+ name: &mso-oof-auth '{{ include "common.release" . }}-mso-oof-auth'
+ type: basicAuth
+ login: '{{ .Values.mso.oof.login }}'
+ password: '{{ .Values.mso.oof.password }}'
+ passwordPolicy: required
aafConfig:
permission_user: 1000
auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
aai:
auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ oof:
+ login: test
+ password: testpwd
so:
operationalEnv:
dmaap:
db:
<<: *dbSecrets
+so-etsi-nfvo-ns-lcm:
+ enabled: true
+
so-monitoring:
enabled: true
db:
db:
<<: *dbSecrets
+so-oof-adapter:
+ enabled: true
+ db:
+ <<: *dbSecrets
+ mso:
+ msoKeySecret: *mso-key
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ oof:
+ authSecret: *mso-oof-auth
+
so-vnfm-adapter:
enabled: true
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/huawei:1.3.6
+image: onap/vfc/nfvo/svnfm/huawei:1.3.8
pullPolicy: Always
#Istio sidecar injection policy