From: seshukm Date: Mon, 17 Aug 2020 16:15:49 +0000 (+0530) Subject: [SO] move subcharts to components folder X-Git-Tag: 7.0.0~135^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=0df1f8ec5332651b5ce2731dd25ee2319f393b4f [SO] move subcharts to components folder Move subcharts to components folder in order to be able to enable/disable them one by one. Also use certInitializer to retrieve truststore in order to be able to discuss with other ONAP components. Issue-ID: SO-2046 Change-Id: Ia5c2a590a2ad75e4b69be0748e9d79fda996af37 Signed-off-by: seshukm Signed-off-by: Sylvain Desbureaux --- diff --git a/kubernetes/so/Makefile b/kubernetes/so/Makefile new file mode 100644 index 0000000000..8af301d7ae --- /dev/null +++ b/kubernetes/so/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/so/components/Makefile b/kubernetes/so/components/Makefile new file mode 100644 index 0000000000..4bf77eecf1 --- /dev/null +++ b/kubernetes/so/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := soHelpers +HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/so/charts/so-appc-orchestrator/Chart.yaml b/kubernetes/so/components/so-appc-orchestrator/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-appc-orchestrator/Chart.yaml rename to kubernetes/so/components/so-appc-orchestrator/Chart.yaml diff --git a/kubernetes/so/components/so-appc-orchestrator/requirements.yaml b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml similarity index 86% rename from kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml index c897f48e4a..9b6fb26d61 100644 --- a/kubernetes/so/charts/so-appc-orchestrator/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml @@ -19,11 +19,11 @@ server: ssl-enable: false mso: logPath: ./logs/soappcorch - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}} msoKey: {{ .Values.global.app.msoKey }} config: - {{ if eq .Values.global.security.aaf.enabled true }} - cadi: {{ include "cadi.keys" . | nindent 8}} + {{ if .Values.global.security.aaf.enabled }} + cadi: {{ include "so.cadi.keys" . | nindent 8}} {{- else }} cadi: aafId: {{ .Values.mso.basicUser }} diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml similarity index 90% rename from kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml rename to kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml index 8c0ee290ce..cfa106adaf 100755 --- a/kubernetes/so/charts/so-appc-orchestrator/templates/configmap.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml @@ -16,7 +16,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml similarity index 80% rename from kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml rename to kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml index b9a39fe8c3..f0615ad56a 100644 --- a/kubernetes/so/charts/so-appc-orchestrator/templates/deployment.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml @@ -50,18 +50,28 @@ spec: - sh args: - -c - - export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"; ./start-app.sh + - | + export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)" + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + {{- end }} + /app/start-app.sh image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} env: - name: ACTUATOR_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{- include "common.containerPorts" . | nindent 10 }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: encoder @@ -69,7 +79,7 @@ spec: - name: config mountPath: /app/config readOnly: true -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} @@ -78,6 +88,6 @@ spec: medium: Memory - name: config configMap: - name: {{ include "common.fullname" . }}-app-configmap + name: {{ include "common.fullname" . }}-app-configmap imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-appc-orchestrator/templates/secret.yaml rename to kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml diff --git a/kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-appc-orchestrator/templates/service.yaml rename to kubernetes/so/components/so-appc-orchestrator/templates/service.yaml diff --git a/kubernetes/so/charts/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-appc-orchestrator/values.yaml similarity index 74% rename from kubernetes/so/charts/so-appc-orchestrator/values.yaml rename to kubernetes/so/components/so-appc-orchestrator/values.yaml index b35d6a03af..7570116fd5 100644 --- a/kubernetes/so/charts/so-appc-orchestrator/values.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2020 AT&T USA +# Copyright © 2020 Huawei # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,10 +21,17 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + envsubstImage: dibi/envsubst + aafAgentImage: onap/aaf/aaf_agent:2.1.20 persistence: mountPath: /dockerdata-nfs htpasswdImage: xmartlabs/htpasswd dockerHubRepository: docker.io + security: + aaf: + enabled: false + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 ################################################################# # Secrets metaconfig ################################################################# @@ -40,10 +48,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - uid: server-actuator-creds name: '{{ include "common.release" . }}-so-appc-actuator-creds' type: basicAuth @@ -76,14 +80,14 @@ server: password: password1$ replicaCount: 1 minReadySeconds: 10 -containerPort: 8080 +containerPort: &containerPort 8080 logPath: ./logs/soappcorch app: appc-orchestrator service: name: so-appc-orchestrator type: ClusterIP ports: - - port: 8080 + - port: *containerPort name: http updateStrategy: type: RollingUpdate @@ -91,6 +95,21 @@ updateStrategy: maxSurge: 1 # Resource Limit flavor -By Default using small flavor: small + + +################################################################# +# soHelper part +################################################################# + +soHelpers: + nameOverride: so-appc-cert-init + certInitializer: + nameOverride: so-appc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.openStackAdapterPerm + containerPort: *containerPort + # Segregation for Different environment (Small and Large) resources: small: @@ -122,3 +141,27 @@ ingress: nodeSelector: {} tolerations: [] affinity: {} + +auth: + rest: + encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + +mso: + auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + basicUser: poBpmn + +appc: + client: + topic: + read: + name: APPC-LCM-WRITE + timeout: 360000 + write: APPC-LCM-READ + sdnc: + read: SDNC-LCM-WRITE + write: SDNC-LCM-READ + response: + timeout: 3600000 + key: VIlbtVl6YLhNUrtU + secret: 64AG2hF4pYeG2pq7CT6XwUOT + service: ueb diff --git a/kubernetes/so/charts/so-bpmn-infra/Chart.yaml b/kubernetes/so/components/so-bpmn-infra/Chart.yaml similarity index 91% rename from kubernetes/so/charts/so-bpmn-infra/Chart.yaml rename to kubernetes/so/components/so-bpmn-infra/Chart.yaml index 17fa3459ad..faba23eb16 100755 --- a/kubernetes/so/charts/so-bpmn-infra/Chart.yaml +++ b/kubernetes/so/components/so-bpmn-infra/Chart.yaml @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 appVersion: "1.0" -description: A Helm chart for Kubernetes +description: A Helm chart for SO Bpmn Infra name: so-bpmn-infra -version: 6.0.0 \ No newline at end of file +version: 6.0.0 diff --git a/kubernetes/so/components/so-bpmn-infra/requirements.yaml b/kubernetes/so/components/so-bpmn-infra/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml similarity index 95% rename from kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index e57ea34f43..028b698657 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} dme2: timeout: '30000' endpoint: https://aai.{{ include "common.namespace" . }}:8443 @@ -56,7 +56,7 @@ mso: timeout: 60 logPath: logs config: - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} async: core-pool-size: 50 max-pool-size: 50 @@ -66,7 +66,7 @@ mso: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}} db: auth: {{ .Values.mso.adapters.db.auth }} password: {{ .Values.mso.adapters.db.password }} @@ -116,7 +116,7 @@ mso: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} default: adapter: namespace: http://org.onap.mso diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml similarity index 91% rename from kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml rename to kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml index a2e27548ba..747941610f 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml similarity index 87% rename from kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml rename to kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml index a8b7bdc966..de76901865 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml @@ -55,8 +55,20 @@ spec: containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST valueFrom: @@ -76,27 +88,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -104,7 +101,7 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml b/kubernetes/so/components/so-bpmn-infra/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml rename to kubernetes/so/components/so-bpmn-infra/templates/secret.yaml diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/service.yaml b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-bpmn-infra/templates/service.yaml rename to kubernetes/so/components/so-bpmn-infra/templates/service.yaml diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml similarity index 64% rename from kubernetes/so/charts/so-bpmn-infra/values.yaml rename to kubernetes/so/components/so-bpmn-infra/values.yaml index ef57e7173d..b6f315aa3d 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -19,11 +19,19 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs #This configuration specifies Service and port for SDNC OAM interface sdncOamService: sdnc-oam sdncOamPort: 8282 + security: + aaf: + enabled: false + aaf: + auth: + encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 ################################################################# # Secrets metaconfig @@ -43,15 +51,13 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' # - '{{ include "templateThatGeneratesFileName" . }}' + + ################################################################# # Application configuration defaults. ################################################################# @@ -66,20 +72,64 @@ db: adminName: so_admin adminPassword: so_Admin123 # adminCredsExternalSecret: some secret + +aai: + auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885 + +cds: + auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + db: + auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF + password: wLg4sjrAFUS8rfVfdvTXeQ== + po: + auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF + sdnc: + password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F + sniro: + auth: test:testpwd + oof: + auth: test:testpwd +so: + vnfm: + adapter: + auth: Basic dm5mbTpwYXNzd29yZDEk +sniro: + endpoint: http://replaceme:28090/optimizationInstance/V1/create + replicaCount: 1 minReadySeconds: 10 -containerPort: 8081 +containerPort: &containerPort 8081 logPath: ./logs/bpmn/ app: so-bpmn-infra service: - type: ClusterIP - internalPort: 8081 - externalPort: 8081 - portName: so-bpmn-port + type: ClusterIP + internalPort: *containerPort + externalPort: 8081 + portName: so-bpmn-port updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelper part +################################################################# +soHelpers: + nameOverride: so-bpmn-cert-init + certInitializer: + nameOverride: so-bpmn-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.bpmnPerm + containerPort: *containerPort + + # Resource Limit flavor -By Default using small flavor: large # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-catalog-db-adapter/Chart.yaml b/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-catalog-db-adapter/Chart.yaml rename to kubernetes/so/components/so-catalog-db-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml similarity index 93% rename from kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml index fb83e4e26b..f267d86b29 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml @@ -20,13 +20,13 @@ mso: logPath: logs site-name: onapheat config: - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}} spring: datasource: hikari: diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml similarity index 90% rename from kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml rename to kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml index b57205223e..d351be32fc 100755 --- a/kubernetes/so/charts/so-request-db-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml similarity index 83% rename from kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml rename to kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml index 0e5e24b5ec..159d2e7f13 100755 --- a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml @@ -55,8 +55,20 @@ spec: containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST valueFrom: @@ -76,33 +88,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml rename to kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/service.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-catalog-db-adapter/templates/service.yaml rename to kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml similarity index 81% rename from kubernetes/so/charts/so-catalog-db-adapter/values.yaml rename to kubernetes/so/components/so-catalog-db-adapter/values.yaml index 6b363c6c77..2fadf41e01 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -19,8 +19,18 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 ################################################################# # Secrets metaconfig @@ -40,10 +50,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -64,20 +70,38 @@ db: adminPassword: so_Admin123 # adminCredsExternalSecret: some secret +mso: + adapters: + db: + auth: Basic YnBlbDpwYXNzd29yZDEk + replicaCount: 1 minReadySeconds: 10 -containerPort: 8082 +containerPort: &containerPort 8082 logPath: ./logs/catdb/ app: catalog-db-adapter service: type: ClusterIP - internalPort: 8082 - externalPort: 8082 + internalPort: *containerPort + externalPort: *containerPort portName: so-catdb-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +################################################################# +# soHelper part +################################################################# +soHelpers: + nameOverride: so-catalogdb-cert-init + certInitializer: + nameOverride: so-catalogdb-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.catalogDbAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-db-secrets/Chart.yaml b/kubernetes/so/components/so-db-secrets/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-db-secrets/Chart.yaml rename to kubernetes/so/components/so-db-secrets/Chart.yaml diff --git a/kubernetes/so/components/so-db-secrets/requirements.yaml b/kubernetes/so/components/so-db-secrets/requirements.yaml new file mode 100755 index 0000000000..2eb32d00ed --- /dev/null +++ b/kubernetes/so/components/so-db-secrets/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/so/charts/so-db-secrets/templates/secrets.yaml b/kubernetes/so/components/so-db-secrets/templates/secrets.yaml similarity index 100% rename from kubernetes/so/charts/so-db-secrets/templates/secrets.yaml rename to kubernetes/so/components/so-db-secrets/templates/secrets.yaml diff --git a/kubernetes/so/charts/so-db-secrets/values.yaml b/kubernetes/so/components/so-db-secrets/values.yaml similarity index 89% rename from kubernetes/so/charts/so-db-secrets/values.yaml rename to kubernetes/so/components/so-db-secrets/values.yaml index 63b6852d50..7e51e3ce5d 100644 --- a/kubernetes/so/charts/so-db-secrets/values.yaml +++ b/kubernetes/so/components/so-db-secrets/values.yaml @@ -11,8 +11,11 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +global: + mariadbGalera: + serviceName: mariadb-galera + servicePort: "3306" db_admin_username: so_admin db_admin_password: so_Admin123 db_username: so_user db_password: so_User123 - diff --git a/kubernetes/so/charts/so-mariadb/Chart.yaml b/kubernetes/so/components/so-mariadb/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-mariadb/Chart.yaml rename to kubernetes/so/components/so-mariadb/Chart.yaml diff --git a/kubernetes/so/components/so-mariadb/requirements.yaml b/kubernetes/so/components/so-mariadb/requirements.yaml new file mode 100755 index 0000000000..2eb32d00ed --- /dev/null +++ b/kubernetes/so/components/so-mariadb/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh similarity index 100% rename from kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh rename to kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh similarity index 100% rename from kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh rename to kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh similarity index 100% rename from kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh rename to kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh similarity index 100% rename from kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh rename to kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh similarity index 100% rename from kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh rename to kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh similarity index 100% rename from kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh rename to kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql similarity index 100% rename from kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql rename to kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql diff --git a/kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql similarity index 100% rename from kubernetes/so/charts/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql rename to kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql diff --git a/kubernetes/so/charts/so-mariadb/templates/configmap.yaml b/kubernetes/so/components/so-mariadb/templates/configmap.yaml similarity index 100% rename from kubernetes/so/charts/so-mariadb/templates/configmap.yaml rename to kubernetes/so/components/so-mariadb/templates/configmap.yaml diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml similarity index 100% rename from kubernetes/so/charts/so-mariadb/templates/job.yaml rename to kubernetes/so/components/so-mariadb/templates/job.yaml diff --git a/kubernetes/so/charts/so-mariadb/templates/pv.yaml b/kubernetes/so/components/so-mariadb/templates/pv.yaml similarity index 100% rename from kubernetes/so/charts/so-mariadb/templates/pv.yaml rename to kubernetes/so/components/so-mariadb/templates/pv.yaml diff --git a/kubernetes/so/charts/so-mariadb/templates/pvc.yaml b/kubernetes/so/components/so-mariadb/templates/pvc.yaml similarity index 100% rename from kubernetes/so/charts/so-mariadb/templates/pvc.yaml rename to kubernetes/so/components/so-mariadb/templates/pvc.yaml diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/components/so-mariadb/templates/secrets.yaml similarity index 100% rename from kubernetes/so/charts/so-mariadb/templates/secrets.yaml rename to kubernetes/so/components/so-mariadb/templates/secrets.yaml diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml similarity index 96% rename from kubernetes/so/charts/so-mariadb/values.yaml rename to kubernetes/so/components/so-mariadb/values.yaml index 0a5a056464..9ecf3b0ca6 100755 --- a/kubernetes/so/charts/so-mariadb/values.yaml +++ b/kubernetes/so/components/so-mariadb/values.yaml @@ -23,7 +23,16 @@ global: repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 ubuntuInitRepository: registry.hub.docker.com - + mariadbGalera: + nameOverride: mariadb-galera + serviceName: mariadb-galera + servicePort: "3306" + migration: + enabled: false + dbHost: mariadb-galera + dbPort: 3306 + dbUser: root + dbPassword: secretpassword ################################################################# # Secrets metaconfig ################################################################# diff --git a/kubernetes/so/charts/so-monitoring/Chart.yaml b/kubernetes/so/components/so-monitoring/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-monitoring/Chart.yaml rename to kubernetes/so/components/so-monitoring/Chart.yaml diff --git a/kubernetes/so/components/so-monitoring/requirements.yaml b/kubernetes/so/components/so-monitoring/requirements.yaml new file mode 100755 index 0000000000..2eb32d00ed --- /dev/null +++ b/kubernetes/so/components/so-monitoring/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/so/charts/so-monitoring/resources/config/overrides/override.yaml b/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml similarity index 100% rename from kubernetes/so/charts/so-monitoring/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml diff --git a/kubernetes/so/charts/so-monitoring/templates/configmap.yaml b/kubernetes/so/components/so-monitoring/templates/configmap.yaml similarity index 100% rename from kubernetes/so/charts/so-monitoring/templates/configmap.yaml rename to kubernetes/so/components/so-monitoring/templates/configmap.yaml diff --git a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml similarity index 93% rename from kubernetes/so/charts/so-monitoring/templates/deployment.yaml rename to kubernetes/so/components/so-monitoring/templates/deployment.yaml index 82ca53dcf8..f5969738f6 100644 --- a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml +++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + initContainers: - name: so-chown image: alpine:3.6 volumeMounts: @@ -54,8 +54,7 @@ spec: containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} env: - name: DB_HOST valueFrom: @@ -79,7 +78,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: - name: logs mountPath: /app/logs - name: config @@ -102,7 +101,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + volumes: - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-monitoring/templates/ingress.yaml b/kubernetes/so/components/so-monitoring/templates/ingress.yaml similarity index 100% rename from kubernetes/so/charts/so-monitoring/templates/ingress.yaml rename to kubernetes/so/components/so-monitoring/templates/ingress.yaml diff --git a/kubernetes/so/charts/so-monitoring/templates/secret.yaml b/kubernetes/so/components/so-monitoring/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-monitoring/templates/secret.yaml rename to kubernetes/so/components/so-monitoring/templates/secret.yaml diff --git a/kubernetes/so/charts/so-monitoring/templates/service.yaml b/kubernetes/so/components/so-monitoring/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-monitoring/templates/service.yaml rename to kubernetes/so/components/so-monitoring/templates/service.yaml diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/components/so-monitoring/values.yaml similarity index 90% rename from kubernetes/so/charts/so-monitoring/values.yaml rename to kubernetes/so/components/so-monitoring/values.yaml index 6f38f3c263..e746baf1bb 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/components/so-monitoring/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Copyright (C) 2020 Huawei # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,6 +25,8 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs @@ -43,15 +46,20 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' # - '{{ include "templateThatGeneratesFileName" . }}' +################################################################# +# AAF part +################################################################# +soHelpers: + nameOverride: so-monitoring-cert-init + certInitializer: + nameOverride: so-monitoring-cert-init + credsPath: /opt/app/osaaf/local + ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml b/kubernetes/so/components/so-nssmf-adapter/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-nssmf-adapter/Chart.yaml rename to kubernetes/so/components/so-nssmf-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-nssmf-adapter/requirements.yaml b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml similarity index 84% rename from kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml index 10741b75e7..d1158a0898 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} endpoint: https://aai.{{ include "common.namespace" . }}:8443 logging: path: logs @@ -50,7 +50,7 @@ mso: adapters: requestDb: endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} #Actuator management: endpoints: diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml similarity index 86% rename from kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml rename to kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml index 85d00fddf3..811da004ee 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml @@ -17,7 +17,7 @@ metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml similarity index 84% rename from kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml rename to kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml index 2354f127b9..d07f58e84e 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml @@ -48,7 +48,17 @@ spec: - sh args: - -c - - export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh + - | + export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` + export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + {{- end }} + ./start-app.sh image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} ports: {{- include "common.containerPorts" . | nindent 12 }} @@ -71,13 +81,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }} - - name: TRUSTSTORE - value: {{ .Values.global.client.certs.truststore }} - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - name: BPEL_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }} - name: BPEL_PASSWORD_INPUT @@ -86,20 +89,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} - name: ACTUATOR_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: KEYSTORE - value: {{ .Values.global.client.certs.keystore }} - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-env imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} - name: logs mountPath: /app/logs - name: config diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml rename to kubernetes/so/components/so-nssmf-adapter/templates/secret.yaml diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml rename to kubernetes/so/components/so-nssmf-adapter/templates/service.yaml diff --git a/kubernetes/so/charts/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml similarity index 85% rename from kubernetes/so/charts/so-nssmf-adapter/values.yaml rename to kubernetes/so/components/so-nssmf-adapter/values.yaml index d8f3db6e83..3bfe1b212f 100755 --- a/kubernetes/so/charts/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -19,8 +19,16 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= ################################################################# # Secrets metaconfig @@ -40,10 +48,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - uid: server-bpel-creds name: '{{ include "common.release" . }}-so-server-bpel-creds' type: basicAuth @@ -59,7 +63,6 @@ secrets: password: '{{ .Values.server.actuator.password }}' passwordPolicy: required - #secretsFilePaths: | # - 'my file 1' # - '{{ include "templateThatGeneratesFileName" . }}' @@ -85,21 +88,37 @@ server: bpel: username: bpel password: password1$ +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk replicaCount: 1 minReadySeconds: 10 -containerPort: 8088 +containerPort: &containerPort 8088 logPath: ./logs/nssmf/ app: nssmf-adapter service: type: ClusterIP ports: - name: api - port: 8088 + port: *containerPort updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +soHelpers: + nameOverride: so-nssmf-cert-init + certInitializer: + nameOverride: so-nssmf-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.nssmfAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-openstack-adapter/Chart.yaml b/kubernetes/so/components/so-openstack-adapter/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-openstack-adapter/Chart.yaml rename to kubernetes/so/components/so-openstack-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-openstack-adapter/requirements.yaml b/kubernetes/so/components/so-openstack-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml similarity index 76% rename from kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml index dde3b3ee63..bc556c5d47 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} endpoint: https://aai.{{ include "common.namespace" . }}:8443 server: port: {{ index .Values.containerPort }} @@ -58,7 +58,7 @@ org: default_keystone_url_version: /v2.0 default_keystone_reg_ex: "/[vV][0-9]" vnf: - bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} + bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} checkRequiredParameters: true addGetFilesOnVolumeReq: false sockettimeout: 30 @@ -69,7 +69,7 @@ org: valet_enabled: false fail_requests_on_valet_failure: false network: - bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} + bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} sockettimeout: 5 connecttimeout: 5 retrycount: 5 @@ -99,8 +99,8 @@ mso: adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} logPath: ./logs/openstack msb-ip: msb-iag msb-port: 443 @@ -110,7 +110,7 @@ mso: msoKey: {{ .Values.mso.msoKey }} config: {{ if eq .Values.global.security.aaf.enabled true }} - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} {{- else }} cadi: aafId: {{ .Values.mso.basicUser }} @@ -120,7 +120,7 @@ mso: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} site-name: localDevEnv async: core-pool-size: 50 diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml similarity index 91% rename from kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml rename to kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml index 21544798cf..137fdb7016 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml similarity index 87% rename from kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml rename to kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml index 7f7ef01ae2..de76901865 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml @@ -55,8 +55,20 @@ spec: containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST valueFrom: @@ -76,27 +88,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -104,7 +101,7 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml b/kubernetes/so/components/so-openstack-adapter/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-openstack-adapter/templates/secret.yaml rename to kubernetes/so/components/so-openstack-adapter/templates/secret.yaml diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/service.yaml b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-openstack-adapter/templates/service.yaml rename to kubernetes/so/components/so-openstack-adapter/templates/service.yaml diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml similarity index 70% rename from kubernetes/so/charts/so-openstack-adapter/values.yaml rename to kubernetes/so/components/so-openstack-adapter/values.yaml index c9b446d80e..16bbac2afd 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -19,8 +19,16 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 ################################################################# # Secrets metaconfig @@ -38,10 +46,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -62,20 +66,50 @@ db: adminPassword: so_Admin123 # adminCredsExternalSecret: some secret +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +aaf: + auth: + encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F +org: + onap: + so: + adapters: + bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + basicUser: poBpmn + auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + db: + auth: Basic YnBlbDpwYXNzd29yZDEk + replicaCount: 1 minReadySeconds: 10 -containerPort: 8087 +containerPort: &containerPort 8087 logPath: ./logs/openstack/ app: openstack-adapter service: type: ClusterIP - internalPort: 8087 - externalPort: 8087 + internalPort: *containerPort + externalPort: *containerPort portName: so-optack-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +################################################################# +# soHelper part +################################################################# +soHelpers: + nameOverride: so-openstack-cert-init + certInitializer: + nameOverride: so-openstack-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.openStackAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-request-db-adapter/Chart.yaml b/kubernetes/so/components/so-request-db-adapter/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-request-db-adapter/Chart.yaml rename to kubernetes/so/components/so-request-db-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-request-db-adapter/requirements.yaml b/kubernetes/so/components/so-request-db-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml similarity index 85% rename from kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml index 8dde3b7f99..089d80c774 100755 --- a/kubernetes/so/charts/so-request-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml @@ -21,10 +21,10 @@ mso: logPath: logs site-name: localSite config: - cadi: {{- include "cadi.keys" . | nindent 8}} + cadi: {{- include "so.cadi.keys" . | nindent 8}} adapters: requestDb: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 spring: datasource: diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml similarity index 90% rename from kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml rename to kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml index b57205223e..d351be32fc 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml similarity index 83% rename from kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml rename to kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml index 0e5e24b5ec..159d2e7f13 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml @@ -55,8 +55,20 @@ spec: containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST valueFrom: @@ -76,33 +88,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config mountPath: /app/config readOnly: true -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml b/kubernetes/so/components/so-request-db-adapter/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-request-db-adapter/templates/secret.yaml rename to kubernetes/so/components/so-request-db-adapter/templates/secret.yaml diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/service.yaml b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-request-db-adapter/templates/service.yaml rename to kubernetes/so/components/so-request-db-adapter/templates/service.yaml diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml similarity index 79% rename from kubernetes/so/charts/so-request-db-adapter/values.yaml rename to kubernetes/so/components/so-request-db-adapter/values.yaml index d4be6ed763..5a3721abbe 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/components/so-request-db-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -19,8 +19,16 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= ################################################################# # Secrets metaconfig @@ -38,10 +46,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -62,20 +66,38 @@ db: adminPassword: so_Admin123 # adminCredsExternalSecret: some secret +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + replicaCount: 1 minReadySeconds: 10 -containerPort: 8083 +containerPort: &containerPort 8083 logPath: ./logs/reqdb/ app: request-db-adapter service: type: ClusterIP - internalPort: 8083 - externalPort: 8083 + internalPort: *containerPort + externalPort: *containerPort portName: so-reqdb-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-requestdb-cert-init + certInitializer: + nameOverride: so-requestdb-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.requestDbAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-sdc-controller/Chart.yaml b/kubernetes/so/components/so-sdc-controller/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-sdc-controller/Chart.yaml rename to kubernetes/so/components/so-sdc-controller/Chart.yaml diff --git a/kubernetes/so/components/so-sdc-controller/requirements.yaml b/kubernetes/so/components/so-sdc-controller/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml similarity index 87% rename from kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml index 8d02cc1f5c..8fa49ba3e7 100755 --- a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml @@ -47,19 +47,19 @@ mso: msoKey: {{ index .Values.mso.msoKey }} logPath: ./logs/sdc config: - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} site-name: onapheat camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} aai: endpoint: https://aai.{{ include "common.namespace" . }}:8443 asdc-connections: diff --git a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml similarity index 91% rename from kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml rename to kubernetes/so/components/so-sdc-controller/templates/configmap.yaml index 104daae051..4859112580 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml similarity index 87% rename from kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml rename to kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index 7f7ef01ae2..de76901865 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -55,8 +55,20 @@ spec: containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST valueFrom: @@ -76,27 +88,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -104,7 +101,7 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-sdc-controller/templates/secret.yaml b/kubernetes/so/components/so-sdc-controller/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-sdc-controller/templates/secret.yaml rename to kubernetes/so/components/so-sdc-controller/templates/secret.yaml diff --git a/kubernetes/so/charts/so-sdc-controller/templates/service.yaml b/kubernetes/so/components/so-sdc-controller/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-sdc-controller/templates/service.yaml rename to kubernetes/so/components/so-sdc-controller/templates/service.yaml diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml similarity index 71% rename from kubernetes/so/charts/so-sdc-controller/values.yaml rename to kubernetes/so/components/so-sdc-controller/values.yaml index 57fc44d263..24de2c6862 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -19,8 +19,16 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= ################################################################# # Secrets metaconfig @@ -38,10 +46,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -62,20 +66,46 @@ db: adminPassword: so_Admin123 # adminCredsExternalSecret: some secret +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + asdc: + config: + key: 566B754875657232314F5548556D3665 + asdc-connections: + asdc-controller1: + password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + replicaCount: 1 minReadySeconds: 10 -containerPort: 8085 +containerPort: &containerPort 8085 logPath: ./logs/sdc/ app: sdc-controller service: type: ClusterIP - internalPort: 8085 - externalPort: 8085 + internalPort: *containerPort + externalPort: *containerPort portName: so-sdc-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-sdc-cert-init + certInitializer: + nameOverride: so-sdc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.sdcControllerPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-sdnc-adapter/Chart.yaml b/kubernetes/so/components/so-sdnc-adapter/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-sdnc-adapter/Chart.yaml rename to kubernetes/so/components/so-sdnc-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-sdnc-adapter/requirements.yaml b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml similarity index 95% rename from kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml index d363122a33..3e4e355eba 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -20,13 +20,13 @@ mso: queue-capacity: 500 logPath: ./logs/sdnc config: - cadi: {{ include "cadi.keys" . | nindent 14}} + cadi: {{ include "so.cadi.keys" . | nindent 14}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} site-name: onapheat org: onap: @@ -102,7 +102,7 @@ org: changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf - bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}} + bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}} bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService opticalservice: optical-service-create: @@ -146,7 +146,7 @@ org: myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify rest: bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage - sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} + sdncauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} sdncconnecttime: 5000 sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:' sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:' diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml similarity index 91% rename from kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml rename to kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml index 104daae051..4859112580 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml similarity index 86% rename from kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml rename to kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml index d4bd389296..16342ad19a 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml @@ -41,8 +41,20 @@ spec: containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST valueFrom: @@ -62,27 +74,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -90,7 +87,7 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-sdnc-adapter/templates/secret.yaml rename to kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/service.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-sdnc-adapter/templates/service.yaml rename to kubernetes/so/components/so-sdnc-adapter/templates/service.yaml diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml similarity index 72% rename from kubernetes/so/charts/so-sdnc-adapter/values.yaml rename to kubernetes/so/components/so-sdnc-adapter/values.yaml index 92a262b929..4b36815d3d 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -19,11 +19,19 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs #This configuration specifies Service and port for SDNC OAM interface sdncOamService: sdnc-oam sdncOamPort: 8282 + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= ################################################################# # Secrets metaconfig @@ -41,10 +49,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -57,6 +61,20 @@ repository: nexus3.onap.org:10001 image: onap/so/sdnc-adapter:1.6.4 pullPolicy: Always +org: + onap: + so: + adapters: + sdnc: + bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100 + sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135 + network: + encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + db: userName: so_user userPassword: so_User123 @@ -67,18 +85,32 @@ db: replicaCount: 1 minReadySeconds: 10 -containerPort: 8086 +containerPort: &containerPort 8086 logPath: ./logs/sdnc/ app: sdnc-adapter service: type: ClusterIP - internalPort: 8086 - externalPort: 8086 + internalPort: *containerPort + externalPort: *containerPort portName: so-sdnc-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-sdnc-cert-init + certInitializer: + nameOverride: so-sdnc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.sdncAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-secrets/Chart.yaml b/kubernetes/so/components/so-secrets/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-secrets/Chart.yaml rename to kubernetes/so/components/so-secrets/Chart.yaml diff --git a/kubernetes/so/components/so-secrets/requirements.yaml b/kubernetes/so/components/so-secrets/requirements.yaml new file mode 100755 index 0000000000..2eb32d00ed --- /dev/null +++ b/kubernetes/so/components/so-secrets/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks similarity index 100% rename from kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks rename to kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-secrets/templates/secrets.yaml b/kubernetes/so/components/so-secrets/templates/secrets.yaml similarity index 100% rename from kubernetes/so/charts/so-secrets/templates/secrets.yaml rename to kubernetes/so/components/so-secrets/templates/secrets.yaml diff --git a/kubernetes/so/components/so-secrets/values.yaml b/kubernetes/so/components/so-secrets/values.yaml new file mode 100644 index 0000000000..602ea79084 --- /dev/null +++ b/kubernetes/so/components/so-secrets/values.yaml @@ -0,0 +1,20 @@ +# Copyright (c) 2020 Orange +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + client: + certs: + trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml rename to kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml similarity index 100% rename from kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/configmap.yaml similarity index 100% rename from kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml rename to kubernetes/so/components/so-ve-vnfm-adapter/templates/configmap.yaml diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml similarity index 97% rename from kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml rename to kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml index b7040044c5..1f9dfb5a5c 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml @@ -47,7 +47,7 @@ spec: image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} - name: logs mountPath: /app/logs - name: config diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml rename to kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml rename to kubernetes/so/components/so-ve-vnfm-adapter/templates/service.yaml diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml similarity index 88% rename from kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml rename to kubernetes/so/components/so-ve-vnfm-adapter/values.yaml index 0620a0b052..6511af320b 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml @@ -17,22 +17,11 @@ global: repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - -#secretsFilePaths: | -# - 'my file 1' -# - '{{ include "templateThatGeneratesFileName" . }}' - ################################################################# # Application configuration defaults. ################################################################# @@ -57,6 +46,16 @@ service: ports: - name: http port: 9098 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-vevnfm-cert-init + certInitializer: + nameOverride: so-vevnfm-cert-init + credsPath: /opt/app/osaaf/local + flavor: small resources: small: diff --git a/kubernetes/so/charts/so-vfc-adapter/Chart.yaml b/kubernetes/so/components/so-vfc-adapter/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-vfc-adapter/Chart.yaml rename to kubernetes/so/components/so-vfc-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-vfc-adapter/requirements.yaml b/kubernetes/so/components/so-vfc-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml similarity index 86% rename from kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml index dec34485bc..59028bcce8 100755 --- a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml @@ -38,13 +38,13 @@ mso: site-name: localSite logPath: ./logs/vfc config: - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} msb-ip: msb-iag msb-port: 80 adapters: requestDb: endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} #Actuator management: security: diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml similarity index 90% rename from kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml rename to kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml index b57205223e..d351be32fc 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml similarity index 86% rename from kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml rename to kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml index d2d72d07cf..c0575106cc 100755 --- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml @@ -55,8 +55,20 @@ spec: containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST valueFrom: @@ -76,27 +88,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml b/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-vfc-adapter/templates/secret.yaml rename to kubernetes/so/components/so-vfc-adapter/templates/secret.yaml diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/service.yaml b/kubernetes/so/components/so-vfc-adapter/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-vfc-adapter/templates/service.yaml rename to kubernetes/so/components/so-vfc-adapter/templates/service.yaml diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/components/so-vfc-adapter/values.yaml similarity index 80% rename from kubernetes/so/charts/so-vfc-adapter/values.yaml rename to kubernetes/so/components/so-vfc-adapter/values.yaml index 8eb991430c..d0e1d20e75 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/components/so-vfc-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -19,8 +19,15 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 persistence: mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= ################################################################# # Secrets metaconfig @@ -38,10 +45,6 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' #secretsFilePaths: | # - 'my file 1' @@ -62,20 +65,39 @@ db: adminPassword: so_Admin123 # adminCredsExternalSecret: some secret +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + replicaCount: 1 minReadySeconds: 10 -containerPort: 8084 +containerPort: &containerPort 8084 logPath: ./logs/vfc/ app: vfc-adapter service: type: ClusterIP - internalPort: 8084 - externalPort: 8084 + internalPort: *containerPort + externalPort: *containerPort portName: so-vfc-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-vfc-cert-init + certInitializer: + nameOverride: so-vfc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.vfcAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/charts/so-vnfm-adapter/Chart.yaml b/kubernetes/so/components/so-vnfm-adapter/Chart.yaml similarity index 100% rename from kubernetes/so/charts/so-vnfm-adapter/Chart.yaml rename to kubernetes/so/components/so-vnfm-adapter/Chart.yaml diff --git a/kubernetes/so/components/so-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-vnfm-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml similarity index 77% rename from kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml index 4128bc36ee..e8d625ed7a 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} version: v15 endpoint: https://aai.{{ include "common.namespace" . }}:8443 spring: @@ -41,12 +41,12 @@ mso: site-name: localSite logPath: ./logs/vnfm-adapter config: - cadi: {{ include "cadi.keys" . | nindent 8}} + cadi: {{ include "so.cadi.keys" . | nindent 8}} msb-ip: msb-iag msb-port: 80 sdc: - username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}} - password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}} + username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}} + password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}} key: {{ .Values.sdc.key }} endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 vnfmadapter: diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/configmap.yaml similarity index 90% rename from kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml rename to kubernetes/so/components/so-vnfm-adapter/templates/configmap.yaml index b57205223e..d351be32fc 100755 --- a/kubernetes/so/charts/so-vfc-adapter/templates/configmap.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml similarity index 80% rename from kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml rename to kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml index ee84d60905..caf218fb6d 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml @@ -41,30 +41,27 @@ spec: containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} - env: - - name: TRUSTSTORE - value: {{ .Values.global.client.certs.truststore }} - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - {{ if eq .Values.global.security.aaf.enabled true }} - - name: KEYSTORE - value: {{ .Values.global.client.certs.keystore }} - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh {{- end }} + env: + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/ingress.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/ingress.yaml similarity index 100% rename from kubernetes/so/charts/so-vnfm-adapter/templates/ingress.yaml rename to kubernetes/so/components/so-vnfm-adapter/templates/ingress.yaml diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml similarity index 100% rename from kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml rename to kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/service.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/service.yaml similarity index 100% rename from kubernetes/so/charts/so-vnfm-adapter/templates/service.yaml rename to kubernetes/so/components/so-vnfm-adapter/templates/service.yaml diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/components/so-vnfm-adapter/values.yaml similarity index 67% rename from kubernetes/so/charts/so-vnfm-adapter/values.yaml rename to kubernetes/so/components/so-vnfm-adapter/values.yaml index 8580df2bf9..f15fffb055 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/components/so-vnfm-adapter/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2019 Nordix Foundation -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -18,22 +18,16 @@ global: nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: "so-onap-certs" - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - -#secretsFilePaths: | -# - 'my file 1' -# - '{{ include "templateThatGeneratesFileName" . }}' - + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= ################################################################# # Application configuration defaults. @@ -42,21 +36,47 @@ repository: nexus3.onap.org:10001 image: onap/so/vnfm-adapter:1.6.4 pullPolicy: Always +aaf: + auth: + username: so@so.onap.org + password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 +sdc: + username: mso + password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + key: 566B754875657232314F5548556D3665 + replicaCount: 1 minReadySeconds: 10 -containerPort: 9092 +containerPort: &containerPort 9092 logPath: ./logs/vnfm-adapter/ app: vnfm-adapter service: type: NodePort - internalPort: 9092 - externalPort: 9092 + internalPort: *containerPort + externalPort: *containerPort nodePort: "06" portName: so-vnfm-port updateStrategy: type: RollingUpdate maxUnavailable: 1 maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-vnfm-cert-init + certInitializer: + nameOverride: so-vnfm-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.vnfmAdapterPerm + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/so/components/soHelpers/Chart.yaml b/kubernetes/so/components/soHelpers/Chart.yaml new file mode 100755 index 0000000000..a91111a33a --- /dev/null +++ b/kubernetes/so/components/soHelpers/Chart.yaml @@ -0,0 +1,17 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +description: A Helm chart for SO helpers +name: soHelpers +version: 6.0.0 diff --git a/kubernetes/so/components/soHelpers/requirements.yaml b/kubernetes/so/components/soHelpers/requirements.yaml new file mode 100755 index 0000000000..aa972a525b --- /dev/null +++ b/kubernetes/so/components/soHelpers/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl new file mode 100644 index 0000000000..d16b4f7cf8 --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl @@ -0,0 +1,21 @@ +{{- define "so.cadi.keys" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +cadiLoglevel: {{ $initRoot.cadi.logLevel }} +cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }} +cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }} +cadiTruststorePassword: ${TRUSTSTORE_PASSWORD} +cadiLatitude: {{ $initRoot.cadi.latitude }} +cadiLongitude: {{ $initRoot.cadi.longitude }} +aafEnv: {{ $initRoot.cadi.aafEnv }} +aafApiVersion: {{ $initRoot.cadi.aafApiVersion }} +aafRootNs: {{ $initRoot.cadi.aafRootNs }} +aafId: {{ $initRoot.cadi.aafId }} +aafPassword: {{ $initRoot.cadi.aafPassword }} +aafLocateUrl: {{ $initRoot.cadi.aafLocateUrl }} +aafUrl: {{ $initRoot.cadi.aafUrl }} +apiEnforcement: {{ $initRoot.cadi.apiEnforcement }} +{{- if ($initRoot.cadi.noAuthn) }} +noAuthn: {{ $initRoot.cadi.noAuthn }} +{{- end }} +{{- end }} diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl new file mode 100644 index 0000000000..fa25ba5177 --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -0,0 +1,58 @@ +{{- define "so.certificate.container_importer" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{ include "common.certInitializer.initContainer" $subchartDot }} +{{- if $dot.Values.global.aafEnabled }} +- name: {{ include "common.name" $dot }}-msb-cert-importer + image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.aafAgentImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} + command: + - "/bin/sh" + args: + - "-c" + - | + export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + keytool -import -trustcacerts -alias msb_root -file \ + /certificates/msb-ca.crt -keystore \ + "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ + -keypass $cadi_truststore_password -noprompt + volumeMounts: + {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }} + - name: {{ include "common.name" $dot }}-msb-certificate + mountPath: /certificates +{{- end }} +{{- end -}} + +{{- define "so.certificate.volumes" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{ include "common.certInitializer.volumes" $subchartDot }} +{{- if $dot.Values.global.aafEnabled }} +- name: {{ include "common.name" $dot }}-msb-certificate + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }} +{{- end }} +{{- end -}} + +{{- define "so.certificate.volumeMount" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{ include "common.certInitializer.volumeMount" $subchartDot }} +{{- end -}} + +{{- define "so.certificates.env" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{- if $dot.Values.global.aafEnabled }} +- name: TRUSTSTORE + value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }} +{{- if $dot.Values.global.security.aaf.enabled }} +- name: KEYSTORE + value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.jks +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl new file mode 100644 index 0000000000..cde94742c6 --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl @@ -0,0 +1,20 @@ +{{- define "so.helpers.livenessProbe" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +livenessProbe: + httpGet: + path: {{ $subchartDot.Values.livenessProbe.path }} + port: {{ $subchartDot.Values.containerPort }} + scheme: {{ $subchartDot.Values.livenessProbe.scheme }} + {{- if $subchartDot.Values.global.security.aaf.enabled }} + httpHeaders: + - name: Authorization + value: {{ $subchartDot.Values.global.aaf.auth.header }} + {{- end }} + initialDelaySeconds: {{ $subchartDot.Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $subchartDot.Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $subchartDot.Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ $subchartDot.Values.livenessProbe.successThreshold }} + failureThreshold: {{ $subchartDot.Values.livenessProbe.failureThreshold }} +{{- end -}} diff --git a/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl new file mode 100644 index 0000000000..56910ebebd --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl @@ -0,0 +1,3 @@ +{{- define "so.helpers.profileProperty" -}} + {{ if .condition }}{{ .value1 }}{{ else }}{{ .value2 }}{{ end }} +{{- end -}} diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml new file mode 100755 index 0000000000..5dbe46cf9e --- /dev/null +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -0,0 +1,98 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + soBaseImage: onap/so/base-image:1.0 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + msbEnabled: true + security: + aaf: + enabled: false + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + client: + certs: + truststore: /app/client/org.onap.so.trust.jks + keystore: /app/client/org.onap.so.jks + trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI + keyStorePassword: c280b25hcA== + certificates: + path: /etc/ssl/certs + share_path: /usr/local/share/ca-certificates/ + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "so-onap-certs" + name: '{{ include "common.release" . }}-so-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: + - resources/config/certificates/msb-ca.crt + +################################################################# +# AAF part +################################################################# +certInitializer: + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: so + fqi: so@so.onap.org + public_fqdn: so.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +aafConfig: + permission_user: 1000 + permission_group: 999 + +aaf: + trustore: org.onap.so.trust.jks + keyFile: org.onap.so.keyfile + +################################################################# +# Application configuration defaults. +################################################################# + +livenessProbe: + path: /manage/health + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + +cadi: + logLevel: DEBUG + latitude: 38.4329 + longitude: -90.43248 + aafEnv: IST + aafApiVersion: 2.1 + aafRootNs: org.onap.so + aafLocateUrl: https://aaf-locate.onap:8095 + aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1 + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.apihPerm + noAuthn: /manage/health diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml index 4f4eac48cb..66e16a9562 100755 --- a/kubernetes/so/requirements.yaml +++ b/kubernetes/so/requirements.yaml @@ -22,3 +22,61 @@ dependencies: version: ~6.x-0 repository: '@local' condition: global.mariadbGalera.localCluster + - name: soHelpers + version: ~6.x-0 + repository: 'file://components/soHelpers' + - name: so-appc-orchestrator + version: ~6.x-0 + repository: 'file://components/so-appc-orchestrator' + condition: so-appc-orchestrator.enabled + - name: so-bpmn-infra + version: ~6.x-0 + repository: 'file://components/so-bpmn-infra' + - name: so-catalog-db-adapter + version: ~6.x-0 + repository: 'file://components/so-catalog-db-adapter' + condition: so-catalog-db-adapter.enabled + - name: so-db-secrets + version: ~6.x-0 + repository: 'file://components/so-db-secrets' + condition: so-etsi-nfvo-ns-lcm.enabled + - name: so-mariadb + version: ~6.x-0 + repository: 'file://components/so-mariadb' + - name: so-monitoring + version: ~6.x-0 + repository: 'file://components/so-monitoring' + condition: so-monitoring.enabled + - name: so-nssmf-adapter + version: ~6.x-0 + repository: 'file://components/so-nssmf-adapter' + condition: so-nssmf-adapter.enabled + - name: so-openstack-adapter + version: ~6.x-0 + repository: 'file://components/so-openstack-adapter' + condition: so-openstack-adapter.enabled + - name: so-request-db-adapter + version: ~6.x-0 + repository: 'file://components/so-request-db-adapter' + - name: so-sdc-controller + version: ~6.x-0 + repository: 'file://components/so-sdc-controller' + - name: so-sdnc-adapter + version: ~6.x-0 + repository: 'file://components/so-sdnc-adapter' + condition: so-sdnc-adapter.enabled + - name: so-secrets + version: ~6.x-0 + repository: 'file://components/so-secrets' + - name: so-ve-vnfm-adapter + version: ~6.x-0 + repository: 'file://components/so-ve-vnfm-adapter' + condition: so-ve-vnfm-adapter.enabled + - name: so-vfc-adapter + version: ~6.x-0 + repository: 'file://components/so-vfc-adapter' + condition: so-vfc-adapter.enabled + - name: so-vnfm-adapter + version: ~6.x-0 + repository: 'file://components/so-vnfm-adapter' + condition: so-vnfm-adapter.enabled diff --git a/kubernetes/so/resources/config/certificates/onap-ca.crt b/kubernetes/so/resources/config/certificates/onap-ca.crt deleted file mode 100755 index e9a50d7ea0..0000000000 --- a/kubernetes/so/resources/config/certificates/onap-ca.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index 6bd930d7b1..efcf029fbc 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -1,6 +1,6 @@ aai: endpoint: https://aai.{{ include "common.namespace" . }}:8443 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} server: port: {{ index .Values.containerPort }} tomcat: @@ -13,16 +13,16 @@ mso: adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} config: path: /src/main/resources/ - cadi: {{ include "cadi.keys" . | nindent 10}} + cadi: {{ include "so.cadi.keys" . | nindent 10}} infra: default: alacarte: @@ -34,14 +34,14 @@ mso: default: testApi: GR_API camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ - camundaAuth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}} + camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}} async: core-pool-size: 50 max-pool-size: 50 queue-capacity: 500 sdc: client: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}} activate: instanceid: test userid: cs0008 @@ -52,7 +52,7 @@ mso: count: 3 aai: endpoint: https://aai.{{ include "common.namespace" . }}:8443 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} extApi: endpoint: http://nbi.onap:8080/nbi/api/v3 @@ -62,11 +62,11 @@ mso: username: testuser password: VjR5NDcxSzA= host: http://dmaap-bc.{{ include "common.namespace" . }}:8080 - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}} publisher: topic: com.att.ecomp.mso.operationalEnvironmentEvent health: - auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}} endpoints: - subsystem: apih uri: http://so-bpmn-infra:8081 diff --git a/kubernetes/so/templates/_cadiValues.tpl b/kubernetes/so/templates/_cadiValues.tpl deleted file mode 100644 index 426facc4b1..0000000000 --- a/kubernetes/so/templates/_cadiValues.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{- define "cadi.keys" -}} -cadiLoglevel: DEBUG -cadiKeyFile: /org.onap.so.keyfile -cadiTrustStore: /app/org.onap.so.trust.jks -cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }} -cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }} -cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }} -aafEnv: {{ .Values.global.app.cadi.aafEnv }} -aafApiVersion: 2.0 -aafRootNs: {{ .Values.global.app.cadi.aafRootNs }} -aafId: {{ .Values.mso.config.cadi.aafId }} -aafPassword: {{ .Values.mso.config.cadi.aafPassword }} -aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }} -aafUrl: {{ .Values.global.app.cadi.aafUrl }} -apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }} -{{- if (.Values.global.app.cadi.noAuthn) }} -noAuthn: {{ .Values.mso.config.cadi.noAuthn }} -{{- end }} -{{- end }} diff --git a/kubernetes/so/templates/_certificates.tpl b/kubernetes/so/templates/_certificates.tpl deleted file mode 100644 index 8bd25d27a1..0000000000 --- a/kubernetes/so/templates/_certificates.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{- define "so.certificate.container_importer" -}} -- name: {{ include "common.name" . }}-certs-importer - image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - "/bin/sh" - args: - - "-c" - - "update-ca-certificates --fresh && \ - cp -r {{ .Values.global.certificates.path }}/* /certificates" - volumeMounts: - - name: {{ include "common.name" . }}-certificates - mountPath: /certificates - - name: {{ include "common.name" . }}-onap-certificates - mountPath: {{ .Values.global.certificates.share_path }} -{{- end -}} - -{{- define "so.certificate.volume-mounts" -}} -- name: {{ include "common.name" . }}-certificates - mountPath: {{ .Values.global.certificates.path }} -- name: {{ include "common.name" . }}-onap-certificates - mountPath: {{ .Values.global.certificates.share_path }} -{{- end -}} - -{{- define "so.certificate.volumes" -}} -- name: {{ include "common.name" . }}-certificates - emptyDir: - medium: Memory -- name: {{ include "common.name" . }}-onap-certificates - secret: - secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }} -{{- end -}} diff --git a/kubernetes/so/templates/_livenessProbe.tpl b/kubernetes/so/templates/_livenessProbe.tpl deleted file mode 100644 index 4181beb1f8..0000000000 --- a/kubernetes/so/templates/_livenessProbe.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{- define "helpers.livenessProbe" -}} -livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - {{- if eq .Values.global.security.aaf.enabled true }} - httpHeaders: - - name: Authorization - value: {{ index .Values.global.aaf.auth.header }} - {{- end }} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} -{{- end -}} diff --git a/kubernetes/so/templates/_profileProperty.tpl b/kubernetes/so/templates/_profileProperty.tpl deleted file mode 100644 index 113bc343d0..0000000000 --- a/kubernetes/so/templates/_profileProperty.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "helpers.profileProperty" -}} - {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }} -{{- end -}} diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml index 6aa4b5f4f0..ab7b5f3624 100755 --- a/kubernetes/so/templates/configmap.yaml +++ b/kubernetes/so/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 83452ccba8..d378cae606 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -37,7 +37,8 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -52,12 +53,23 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST valueFrom: @@ -77,27 +89,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -105,7 +102,7 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 328f4f296e..8c31e71040 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 AT&T USA -# +# Copyright © 2020 Huawei # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -22,6 +22,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 soBaseImage: onap/so/base-image:1.0 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 mariadbGalera: nameOverride: mariadb-galera serviceName: mariadb-galera @@ -57,18 +58,6 @@ global: siteName: onapheat auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 defaultCloudOwner: onap - cadi: - cadiLoglevel: DEBUG - cadiKeyFile: /app/client/org.onap.so.keyfile - cadiTrustStore: /app/client/org.onap.so.trust.jks - cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC - cadiLatitude: 38.4329 - cadiLongitude: -90.43248 - aafEnv: IST - aafApiVersion: 2.1 - aafRootNs: org.onap.so - aafLocateUrl: https://aaf-locate.onap:8095 - aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1 msoKey: 07a7159d3bf51a0e53be7a8f89699be7 client: certs: @@ -119,9 +108,15 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic filePaths: - - resources/config/certificates/onap-ca.crt - resources/config/certificates/msb-ca.crt +aafConfig: + permission_user: 1000 + permission_group: 999 + +aaf: + trustore: org.onap.so.trust.jks + ################################################################# # Application configuration defaults. ################################################################# @@ -140,19 +135,31 @@ image: onap/so/api-handler-infra:1.6.4 pullPolicy: Always replicaCount: 1 minReadySeconds: 10 -containerPort: 8080 +containerPort: &containerPort 8080 logPath: ./logs/apih/ app: api-handler-infra service: - type: NodePort - nodePort: 77 - internalPort: 8080 - externalPort: 8080 - portName: so-apih-port + type: NodePort + nodePort: 77 + internalPort: *containerPort + externalPort: *containerPort + portName: so-apih-port updateStrategy: - type: RollingUpdate - maxUnavailable: 1 - maxSurge: 1 + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-apih-cert-init + certInitializer: + nameOverride: so-apih-cert-init + credsPath: /opt/app/osaaf/local + certSecret: *so-certs + containerPort: *containerPort + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) @@ -174,14 +181,6 @@ resources: cpu: 1000m memory: 2Gi unlimited: {} -livenessProbe: - path: /manage/health - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 nodeSelector: {} affinity: {} @@ -220,12 +219,6 @@ mso: adapters: requestDb: auth: Basic YnBlbDpwYXNzd29yZDEk - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.apihPerm - noAuthn: /manage/health camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A sdc: client: @@ -239,215 +232,58 @@ mso: health: auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ= +so-appc-orchestrator: + enabled: true + db: + <<: *dbSecrets + so-bpmn-infra: - certSecret: *so-certs db: <<: *dbSecrets - cds: - auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== - aai: - auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885 - mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 - adapters: - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk - db: - auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF - password: wLg4sjrAFUS8rfVfdvTXeQ== - po: - auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF - config: - cadi: - aafId: so@so.onap.org - aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.bpmnPerm - noAuthn: /manage/health - sdnc: - password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F - sniro: - auth: test:testpwd - endpoint: http://replaceme:28090/optimizationInstance/V1/create - oof: - auth: test:testpwd - so: - vnfm: - adapter: - auth: Basic dm5mbTpwYXNzd29yZDEk so-catalog-db-adapter: - certSecret: *so-certs + enabled: true db: <<: *dbSecrets - mso: - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.catalogDbAdapterPerm - noAuthn: /manage/health - adapters: - db: - auth: Basic YnBlbDpwYXNzd29yZDEk so-monitoring: - certSecret: *so-certs + enabled: true db: <<: *dbSecrets so-openstack-adapter: - certSecret: *so-certs + enabled: true db: <<: *dbSecrets - aaf: - auth: - encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - org: - onap: - so: - adapters: - bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E - valet: - basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg== - mso: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 - auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 - basicUser: poBpmn - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.openStackAdapterPerm - noAuthn: /manage/health - db: - auth: Basic YnBlbDpwYXNzd29yZDEk so-request-db-adapter: - certSecret: *so-certs db: <<: *dbSecrets - mso: - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.requestDbAdapterPerm - noAuthn: /manage/health - adapters: - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk so-sdc-controller: - certSecret: *so-certs db: <<: *dbSecrets - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - mso: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.sdcControllerPerm - noAuthn: /manage/health - asdc: - config: - key: 566B754875657232314F5548556D3665 - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk - asdc-connections: - asdc-controller1: - password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F so-sdnc-adapter: - certSecret: *so-certs + enabled: true db: <<: *dbSecrets - org: - onap: - so: - adapters: - sdnc: - bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100 - sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135 - network: - encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 - mso: - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.sdncAdapterPerm - noAuthn: /manage/health - adapters: - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk - rest: - aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 so-ve-vnfm-adapter: - certSecret: *so-certs + enabled: true so-vfc-adapter: - certSecret: *so-certs + enabled: true db: <<: *dbSecrets - mso: - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.vfcAdapterPerm - noAuthn: /manage/health - adapters: - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk so-nssmf-adapter: - certSecret: *so-certs + enabled: true db: <<: *dbSecrets - aaf: - auth: - username: so@so.onap.org - password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.nssmfAdapterPerm - noAuthn: /manage/health - adapters: - requestDb: - auth: Basic YnBlbDpwYXNzd29yZDEk so-vnfm-adapter: - certSecret: *so-certs - aaf: - auth: - username: so@so.onap.org - password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA - aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - sdc: - username: mso - password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F - key: 566B754875657232314F5548556D3665 - mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.vnfmAdapterPerm - noAuthn: /manage/health + enabled: true so-mariadb: db: @@ -456,35 +292,3 @@ so-mariadb: backupCredsExternalSecret: *dbBackupCredsSecretName userCredsExternalSecret: *dbUserCredsSecretName adminCredsExternalSecret: *dbAdminCredsSecretName -so-appc-orchestrator: - certSecret: *so-certs - db: - <<: *dbSecrets - mso: - basicUser: poBpmn - auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 - config: - cadi: - aafId: so@so.onap.org - aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 - apiEnforcement: org.onap.so.openStackAdapterPerm - noAuthn: /manage/health - appc: - client: - topic: - read: - name: APPC-LCM-WRITE - timeout: 360000 - write: APPC-LCM-READ - sdnc: - read: SDNC-LCM-WRITE - write: SDNC-LCM-READ - response: - timeout: 3600000 - key: VIlbtVl6YLhNUrtU - secret: 64AG2hF4pYeG2pq7CT6XwUOT - service: ueb - auth: - rest: - aaf: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= - aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456