--- /dev/null
+server.port=9516
+{{ if ( include "common.needTLS" .) }}
+server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
+server.ssl.client-auth=need
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
+
+server.servlet.context-path=/services/babel-service
+
+logging.config=${CONFIG_HOME}/logback.xml
+
+tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json
{{- if eq .Values.service.type "NodePort" }}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else }}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end }}
selector:
service:
type: NodePort
- portName: babel
+ portName: http
externalPort: 9516
internalPort: 9516
nodePort: 79
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.global.config.truststore.filename }}
aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
aai.keystore.filename={{ .Values.global.config.keystore.filename }}
aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-spring.profiles.active={{ .Values.config.profiles.active }}
+spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8449
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61649
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
aperture.rdbmsname=aai_relational
-aperture.service.client={{ .Values.global.config.schema.service.client }}
+aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+
aperture.service.base.url=http://localhost:8457/aai/aperture
+{{ if ( include "common.needTLS" .) }}
aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }}
aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }}
aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
aperture.service.timeout-in-milliseconds=300000
{{ end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: {{ include "common.namespace" . }}-docker-registry-key
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - dataSnapshot.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh dataSnapshot.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - createDBSchema.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh createDBSchema.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
{{ end }}
restartPolicy: Never
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: {{ include "common.namespace" . }}-docker-registry-key
{{ end }}
command:
- /bin/bash
- -c
- - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges
+ - |
+ bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - dataSnapshot.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh dataSnapshot.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
{{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
- clusterIP: None
# Schema specific properties that include supported versions of api
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
+ # will be set to no-auth if tls is disabled
service:
client: one-way-ssl
# Specifies which translator to use if it has schema-service, then it will
# Specify the profiles for the graphadmin microservice
profiles:
- active: "dmaap,one-way-ssl"
+ # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and
+ # serviceMesh.tls is set to tru
+ active: dmaap #,one-way-ssl"
# Specifies the timeout limit for the REST API requests
timeout:
service:
type: ClusterIP
# REST API port for the graphadmin microservice
- portName: aai-graphadmin-8449
+ portName: http
internalPort: 8449
- portName2: aai-graphadmin-5005
+ portName2: tcp-5005
internalPort2: 5005
terminationGracePeriodSeconds: 120
# Model Loader Distribution Client Configuration
*/}}
ml.distribution.ACTIVE_SERVER_TLS_AUTH=false
+{{ if ( include "common.needTLS" .) }}
ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443
-ml.distribution.CONSUMER_GROUP=aai-ml-group
-ml.distribution.CONSUMER_ID=aai-ml
-ml.distribution.ENVIRONMENT_NAME=AUTO
+ml.distribution.ASDC_USE_HTTPS=true
ml.distribution.KEYSTORE_PASSWORD=
ml.distribution.KEYSTORE_FILE=asdc-client.jks
ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+{{ else }}
+ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8080
+ml.distribution.ASDC_USE_HTTPS=false
+{{ end }}
+ml.distribution.CONSUMER_GROUP=aai-ml-group
+ml.distribution.CONSUMER_ID=aai-ml
+ml.distribution.ENVIRONMENT_NAME=AUTO
ml.distribution.POLLING_INTERVAL=30
ml.distribution.POLLING_TIMEOUT=20
ml.distribution.USER=aai
ml.distribution.MSG_BUS_ADDRESSES=message-router.{{.Release.Namespace}}
# Model Loader AAI REST Client Configuration
+{{ if ( include "common.needTLS" .) }}
ml.aai.BASE_URL=https://aai.{{.Release.Namespace}}:8443
+ml.aai.KEYSTORE_FILE=aai-os-cert.p12
+ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+{{ else }}
+ml.aai.BASE_URL=http://aai.{{.Release.Namespace}}:8080
+{{ end }}
ml.aai.MODEL_URL=/aai/v*/service-design-and-creation/models/model/
ml.aai.NAMED_QUERY_URL=/aai/v*/service-design-and-creation/named-queries/named-query/
ml.aai.VNF_IMAGE_URL=/aai/v*/service-design-and-creation/vnf-images
-ml.aai.KEYSTORE_FILE=aai-os-cert.p12
-ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+
ml.aai.AUTH_USER=ModelLoader
ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw
# Model Loader Babel REST Client Configuration\r
-ml.babel.BASE_URL=https://aai-babel.{{.Release.Namespace}}:9516
+ml.babel.BASE_URL={{ include "common.scheme" . }}://aai-babel.{{.Release.Namespace}}:9516
ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts
+{{ if ( include "common.needTLS" .) }}
ml.babel.KEYSTORE_FILE=babel-client-cert.p12
ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
ml.babel.TRUSTSTORE_FILE=tomcat_keystore
ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+{{ end }}
service:
type: NodePort
- portName: aai-modelloader
+ portName: http
externalPort: 8080
internalPort: 8080
nodePort: 10
- portName2: aai-modelloader-ssl
+ portName2: https
externalPort2: 8443
internalPort2: 8443
nodePort2: 29
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
{{ if .Values.global.config.basic.auth.enabled }}
aai.tools.enableBasicAuth=true
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
server.servlet.context-path=/
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
-
-spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8447
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" ( include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ end }}
{{ if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
{{- end }}
migration:
enabled: false
+ aafEnabled: false
+
config:
# Specifies that the cluster connected to a dynamic
# cluster being spinned up by kubernetes deployment
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap,aaf-auth #,keycloak
+ # aaf-auth profile will be automatically set if aaf enabled is set to true
+ active: production,dmaap #,aaf-auth
# Notification event specific properties
notification:
service:
type: ClusterIP
- portName: aai-resources-8447
+ portName: http
internalPort: 8447
- portName2: aai-resources-5005
+ portName2: tcp-5005
internalPort2: 5005
terminationGracePeriodSeconds: 120
# ============LICENSE_END=========================================================
*/}}
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.global.config.truststore.filename }}
aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
aai.keystore.filename={{ .Values.global.config.keystore.filename }}
aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+{{ end }}
aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties
server.port=8452
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
schema.configuration.location=N/A
schema.source.name={{ .Values.global.config.schema.source.name }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
- clusterIP: None
service:
type: ClusterIP
- portName: aai-schema-service-8452
+ portName: http
internalPort: 8452
- portName2: aai-schema-service-5005
+ portName2: tcp-5005
internalPort2: 5005
ingress:
#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
oxm.schemaServiceTranslatorList=config
# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
+{{ if ( include "common.needTLS" .) }}
oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD}
oxm.schemaServiceTruststorePassword=${TRUSTSTORE_PASSWORD}
-
+{{ else }}
+oxm.schemaServiceBaseUrl=http://<schema-service/config>/aai/schema-service/v1/
+{{ end }}
# Schema Service need this variable for the time being
*/}}
resources.hostname=aai
+{{ if ( include "common.needTLS" .) }}
resources.port=8443
resources.authType=SSL_BASIC
resources.basicAuthUserName=aai@aai.onap.org
resources.trust-store-password=${TRUSTSTORE_PASSWORD}
resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
resources.client-cert-password=${KEYSTORE_PASSWORD}
+{{ else }}
+resources.port=8080
+resources.authType=HTTP_NOAUTH
+{{ end }}
# limitations under the License.
server.port=8000
+{{ if ( include "common.needTLS" .) }}
server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# and in the values.yaml change the internalPort to 9517
#
-spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy
+spring.profiles.active=camel,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy,{{ ( eq "true" ( include "common.needTLS" .)) | ternary "ssl" "http" }}
portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
+{{ if ( include "common.needTLS" .) }}
searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
searchservice.client-cert-password=${KEYSTORE_PASSWORD}
searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
searchservice.truststore-password=${TRUSTSTORE_PASSWORD}
+{{ end }}
schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
name: {{ include "common.name" . }}
spec:
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- if ( include "common.needTLS" .) }}
- command:
- sh
args:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+ {{- end }}
- command:
- /app/ready.py
args:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ name: {{ .Values.service.portName }}{{ ternary "s" "" (eq "true" (include "common.needTLS" .)) }}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
service:
type: NodePort
- portName: aai-sparky-be
+ portName: http
internalPort: 8000
nodePort: 20
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{else}}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.profiles.active={{ .Values.global.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8446
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
schema.service.custom.queries.endpoint=stored-queries
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ end }}
- bash
- "-c"
- |
- set -x
- if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
- until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
- bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
+ set -x
+ if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
+ {{- if (include "common.needTLS" .) }}
+ until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
+ bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
+ {{- else }}
+ until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do echo "Retrying to reach aai on port 80"; done;
+ bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ {{- end }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap,aaf-auth #,keycloak
+ active: production,dmaap #,aaf-auth ,keycloak
# Notification event specific properties
notification:
service:
type: ClusterIP
- portName: aai-traversal-8446
+ portName: http
internalPort: 8446
- portName2: aai-traversal-5005
+ portName2: tcp-5005
internalPort2: 5005
terminationGracePeriodSeconds: 120
#######################
-#DEFAULT BACKEND 847###
+#DEFAULT BACKEND 8447##
#######################
backend IST_Default_8447
log global
mode http
option httplog
+{{- if ( include "common.needTLS" .) }}
option ssl-hello-chk
+{{- end }}
option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ==
default-server init-addr none
# option dontlognull
timeout http-keep-alive 30000
+frontend IST_8080
+ mode http
+ bind 0.0.0.0:8080
+ log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+ option httplog
+ log global
+ option logasap
+ option forwardfor
+ capture request header Host len 100
+ capture response header Host len 100
+ option log-separate-errors
+ option forwardfor
+ http-request set-header X-Forwarded-Proto http
+ reqadd X-Forwarded-Proto:\ http
+ reqadd X-Forwarded-Port:\ 8080
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
+
+ default_backend IST_Default_8447
+
+{{- if ( include "common.needTLS" .) }}
frontend IST_8443
mode http
bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 8443
+{{- end }}
#######################
#ACLS FOR PORT 8446####
default_backend IST_Default_8447
-
#######################
-#DEFAULT BACKEND 847###
+#DEFAULT BACKEND 8447##
#######################
backend IST_Default_8447
balance roundrobin
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+{{- if ( include "common.needTLS" .) }}
server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
-
+{{- else }}
+ server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
+{{- end }}
#######################
# BACKEND 8446#########
balance roundrobin
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+{{- if ( include "common.needTLS" .) }}
server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
-
+{{- else }}
+ server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
+{{- end }}
{{- include "common.certInitializer.volumeMount" . | nindent 8 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPlainPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
httpGet:
path: /aai/util/echo
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ #scheme: HTTPS
+ scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
httpHeaders:
- name: X-FromAppId
value: OOM_ReadinessCheck
heritage: {{ .Release.Service }}
spec:
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - name: {{ .Values.service.portName }}
- port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
+ - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort .Values.service.externalPlainPort }}
+ targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ {{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ {{- end }}
type: {{ .Values.service.type }}
selector:
app: {{ include "common.name" . }}
passwd: AAI
# Active spring profiles for the resources microservice
+ # aaf-auth profile will be automatically set if aaf enabled is set to true
profiles:
- active: production,dmaap,aaf-auth
+ active: production,dmaap #,aaf-auth
# Notification event specific properties
notification:
# Schema specific properties that include supported versions of api
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
+ # will be set to no-auth if tls is disabled
service:
client: one-way-ssl
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
service:
type: NodePort
- portName: aai-ssl
+ portName: http
externalPort: 8443
internalPort: 8443
nodePort: 33
# POLICY hotfix - Note this must be temporary
# See https://jira.onap.org/browse/POLICY-510
aaiServiceClusterIp:
+ externalPlainPort: 80
+ internalPlainPort: 8080
+ nodeport: 33
ingress:
enabled: false
- baseaddr: "aai.api"
name: "aai"
port: 8443
- config:
- ssl: "redirect"
+ config:
+ ssl: "redirect"
resources:
small:
{{- end }}
{{- end -}}
+{{/*
+ generate needed scheme:
+ - https if needTLS
+ - http if not
+*/}}
+
+{{- define "common.scheme" -}}
+ {{- ternary "https" "http" (eq "true" (include "common.needTLS" .)) }}
+{{- end -}}
+
{{- define "common.port.buildCache" -}}
{{- $global := . }}
{{- if not $global.Values._DmaapDrNodePortsCache }}
{{- end -}}
{{- end -}}
{{- end -}}
+
+{{- define "common.serviceMesh.killSidecar" -}}
+{{- if (include "common.onServiceMesh" .) }}
+RCODE="$?";
+echo "*** script finished with exit code $RCODE" ;
+echo "*** killing service mesh sidecar" ;
+curl -sf -X POST http://127.0.0.1:15020/quitquitquit ;
+echo "" ;
+echo "*** exiting with script exit code" ;
+exit "$RCODE"
+{{- end }}
+{{- end -}}
GLOBAL_AAF_PASSWORD = '{{ .Values.aafPassword }}'
GLOBAL_AAF_AUTHENTICATION = [GLOBAL_AAF_USERNAME, GLOBAL_AAF_PASSWORD]
# aai info - everything is from the private oam network (also called onap private network)
-GLOBAL_AAI_SERVER_PROTOCOL = "https"
-GLOBAL_AAI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aai" "port" 8443) }}'
+GLOBAL_AAI_SERVER_PROTOCOL = '{{ include "common.scheme" . }}'
+GLOBAL_AAI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aai" "port" ( ternary 8443 80 (eq "true" (include "common.needTLS" . )))) }}'
GLOBAL_AAI_USERNAME = '{{ .Values.aaiUsername }}'
GLOBAL_AAI_PASSWORD = '{{ .Values.aaiPassword}}'
GLOBAL_AAI_AUTHENTICATION = [GLOBAL_AAI_USERNAME, GLOBAL_AAI_PASSWORD]
Code Review / oom.git / commitdiff