From: Krzysztof Opasiak Date: Tue, 27 Oct 2020 18:09:51 +0000 (+0000) Subject: Merge "[COMMON] Add TLS for Ingress configuration" X-Git-Tag: 7.0.0~65 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=b256e1f8ba533aa59c92eb6c585cc53379bf42ff;hp=80a32b94ca05c392d49a0abaeeec27e859358633 Merge "[COMMON] Add TLS for Ingress configuration" --- diff --git a/kubernetes/aai b/kubernetes/aai index a8c4e701f9..bac40922e4 160000 --- a/kubernetes/aai +++ b/kubernetes/aai @@ -1 +1 @@ -Subproject commit a8c4e701f9c26038a9ac9f22d5dd95fd54ebc1ca +Subproject commit bac40922e4043c632e1a8a5fe1531a640cbfe6c2 diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index cabe59f696..b242de2b6b 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -149,7 +149,7 @@ spec: subPath: exec.py containers: - name: cassandra-backup-validate - image: "{{ .Values.image }}" + image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh index dd311830e7..7e2fa91363 100755 --- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2020 Bell Canada # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} CERTS_DIR=${CERTS_DIR:-/certs} WORK_DIR=${WORK_DIR:-/updatedTruststore} diff --git a/kubernetes/common/dgbuilder/resources/config/svclogic.properties b/kubernetes/common/dgbuilder/resources/config/svclogic.properties index 28612a270b..01edb4d411 100644 --- a/kubernetes/common/dgbuilder/resources/config/svclogic.properties +++ b/kubernetes/common/dgbuilder/resources/config/svclogic.properties @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}} diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml index 23302335ea..b606c3ed6e 100644 --- a/kubernetes/common/elasticsearch/components/master/values.yaml +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -12,7 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. - ################################################################# # Global configuration defaults. ################################################################# @@ -41,7 +40,7 @@ name: master ## replicaCount: 3 ## master acts as master only node, choose 'no' if no further data nodes are deployed) -dedicatednode: "yes" +dedicatednode: 'yes' ## dedicatednode: "no" image: bitnami/elasticsearch:7.6.1 ## Specify a imagePullPolicy @@ -102,12 +101,14 @@ resources: ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. - limits: {} + limits: + cpu: 25m + memory: 1Gi # cpu: 100m # memory: 128Mi requests: - cpu: 25m - memory: 256Mi + cpu: 5m + memory: 310Mi ## Elasticsearch master-eligible container's liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @@ -160,13 +161,13 @@ persistence: ## Service parameters for master-eligible node(s) ## service: - suffix: "service" - name: "" + suffix: 'service' + name: '' ## list of ports for "common.containerPorts" ## Elasticsearch transport port ports: - - name: http-transport - port: 9300 + - name: http-transport + port: 9300 ## master-eligible service type ## type: ClusterIP @@ -192,10 +193,6 @@ serviceAccount: ## If not set and create is true, a name is generated using the fullname template # name: - ## Elasticsearch cluster name ## clusterName: elastic-cluster - - - diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh index 678761736a..b354efe86c 100755 --- a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh +++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh @@ -1,8 +1,10 @@ #!/bin/bash +{{/* # # Adfinis SyGroup AG # openshift-mariadb-galera: mysql setup script # +*/}} set -eox pipefail diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index 40254d469b..fa4b007a5a 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # Copyright © 2019 Orange # Copyright © 2020 Samsung Electronics # @@ -13,6 +14,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} # make sure the script fails if any of commands failed set -e diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/charts/music/resources/config/startup.sh index 7ab32558b4..37bb84de8b 100755 --- a/kubernetes/common/music/charts/music/resources/config/startup.sh +++ b/kubernetes/common/music/charts/music/resources/config/startup.sh @@ -1,4 +1,5 @@ #!/bin/bash +{{/* # # ============LICENSE_START========================================== # org.onap.music @@ -19,6 +20,7 @@ # # ============LICENSE_END============================================= # ==================================================================== +*/}} echo "Running startup script to get password from certman" PWFILE=/opt/app/aafcertman/.password diff --git a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml index 02263eeced..430b6dd1bd 100644 --- a/kubernetes/consul/charts/consul-server/templates/statefulset.yaml +++ b/kubernetes/consul/charts/consul-server/templates/statefulset.yaml @@ -70,3 +70,4 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 10 }} diff --git a/kubernetes/consul/charts/consul-server/values.yaml b/kubernetes/consul/charts/consul-server/values.yaml index f4f3b16dad..81472e71eb 100644 --- a/kubernetes/consul/charts/consul-server/values.yaml +++ b/kubernetes/consul/charts/consul-server/values.yaml @@ -63,4 +63,30 @@ service: ingress: enabled: false -resources: {} +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 30m + memory: 25Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/consul/templates/deployment.yaml b/kubernetes/consul/templates/deployment.yaml index a5b72aedee..51c6eb72d5 100644 --- a/kubernetes/consul/templates/deployment.yaml +++ b/kubernetes/consul/templates/deployment.yaml @@ -61,6 +61,7 @@ spec: name: consul-agent-scripts-config - mountPath: /consul/certs name: consul-agent-certs-config + resources: {{ include "common.resources" . | nindent 10 }} volumes: - configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml index 72d9a38fa7..512c4c3dac 100644 --- a/kubernetes/consul/values.yaml +++ b/kubernetes/consul/values.yaml @@ -65,8 +65,34 @@ ingress: port: 8800 config: ssl: "none" - -resources: {} + +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 1 + memory: 1500Mi + requests: + cpu: 650m + memory: 530Mi + large: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} odl: jolokia: diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml index bdcd0501ef..347d79401a 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml @@ -84,12 +84,18 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MSB_ADDR - value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}" - name: SSL_ENABLED value: "{{ .Values.config.ssl_enabled }}" - name: MSB_ENABLED value: "{{ .Values.config.msb_enabled }}" + - name: MSB_ADDR + value: "{{ .Values.config.msbProtocol }}://{{ .Values.config.msbServiceName }}:{{ .Values.config.msbPort }}" + - name: SDC_ADDR + value: "{{ .Values.config.sdcProtocol }}://{{ .Values.config.sdcServiceName }}:{{ .Values.config.sdcPort }}" + - name: DMAAP_ENABLED + value: "{{ .Values.config.dmaap_enabled }}" + - name: DMAAP_ADDR + value: "{{ .Values.config.dmaapProtocol }}://{{ .Values.config.dmaapServiceName }}:{{ .Values.config.dmaapPort }}" - name: DB_IP value: "{{ include "common.mariadbService" . }}" - name: DB_PORT diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index 9bc8aa0433..9c910badfa 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -79,10 +79,18 @@ mariadb-init: config: #application configuration about msb ssl_enabled: false + msb_enabled: false msbProtocol: https msbServiceName: msb-iag msbPort: 443 - msb_enabled: true + sdcProtocol: https + sdcServiceName: sdc-be + sdcPort: 8443 + dmaap_enabled: false + dmaapProtocol: https + dmaapServiceName: message-router-external + dmaapPort: 3905 + #application configuration user password about mariadb db: userName: etsicatalog @@ -93,7 +101,7 @@ config: flavor: small repository: nexus3.onap.org:10001 -image: onap/modeling/etsicatalog:1.0.7 +image: onap/modeling/etsicatalog:1.0.8 initImage: busybox:latest pullPolicy: Always diff --git a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties index a53dd2e283..f5a900e8ce 100644 --- a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties +++ b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.properties @@ -7,27 +7,26 @@ microservice.widget.location=/tmp ## App DB Properties spring.datasource.url=jdbc:mysql://portal-db:3306/portal -spring.datasource.username=root -spring.datasource.password=Aa123456 +spring.datasource.username=${PORTAL_DB_USER} +spring.datasource.password=${PORTAL_DB_PASSWORD} spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect spring.database.driver.classname=org.mariadb.jdbc.Driver spring.jpa.show-sql=false spring.jpa.properties.hibernate.format_sql=false ## Basic Authentication Properties -security.user.name=widget_user -security.user.password=ENC(IjywcRnI9+nuVEh9+OFFiRWAjBT1n718) +security.user.name=${WIDGET_USER} +security.user.password=${WIDGET_PASSWORD} initialization.default.widgets=true initialization.widgetData.url=http://portal-app:{{.Values.global.portalPort}}/ONAPPORTAL/commonWidgets ## Account Basic Authentication Properties -account.user.name=portal -account.user.password=6APqvG4AU2rfLgCvMdySwQ== +account.user.name=${ACC_USER} +account.user.password=${ACC_PASSWORD} ## Certificate Properties #server.ssl.key-store=classpath:widget-keystore.p12 #server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8) #server.ssl.keyStoreType=PKCS12 #server.ssl.keyAlias=widget-microservice - diff --git a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml index 08a9714506..f3da66f882 100644 --- a/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml +++ b/kubernetes/portal/components/portal-widget/resources/config/deliveries/properties/ONAPWIDGETMS/application.yml @@ -16,4 +16,4 @@ jasypt: encryptor: - password: EncryptionKey + password: ${JASYPT_ENC_KEY} diff --git a/kubernetes/portal/components/portal-widget/templates/deployment.yaml b/kubernetes/portal/components/portal-widget/templates/deployment.yaml index 9d345d909b..eb6fc9eeee 100644 --- a/kubernetes/portal/components/portal-widget/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-widget/templates/deployment.yaml @@ -51,6 +51,40 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-portal-widget-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + cd /config-input && \ + for PFILE in `ls -1 *.*` + do + envsubst <${PFILE} >/config/${PFILE} + chmod 0755 /config/${PFILE} + done + env: + - name: PORTAL_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }} + - name: PORTAL_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }} + - name: WIDGET_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }} + - name: WIDGET_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }} + - name: ACC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }} + - name: ACC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }} + - name: JASYPT_ENC_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-onapwidgetms-scrubbed + - mountPath: /config + name: properties-onapwidgetms containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -96,6 +130,9 @@ spec: hostPath: path: /etc/localtime - name: properties-onapwidgetms + emptyDir: + medium: Memory + - name: properties-onapwidgetms-scrubbed configMap: name: {{ include "common.fullname" . }}-onapwidgetms defaultMode: 0755 diff --git a/kubernetes/portal/components/portal-widget/templates/secret.yaml b/kubernetes/portal/components/portal-widget/templates/secret.yaml new file mode 100644 index 0000000000..9a3f011e80 --- /dev/null +++ b/kubernetes/portal/components/portal-widget/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/components/portal-widget/values.yaml b/kubernetes/portal/components/portal-widget/values.yaml index 94da33019c..1367b25e4c 100644 --- a/kubernetes/portal/components/portal-widget/values.yaml +++ b/kubernetes/portal/components/portal-widget/values.yaml @@ -22,6 +22,46 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 ubuntuInit: ubuntu-init:1.0.0 + envsubstImage: dibi/envsubst + +################################################################ +# Secrets metaconfig +################################################################# + +secrets: + - uid: portal-backend-db + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}' + login: '{{ .Values.mariadb.config.backendUserName }}' + password: '{{ .Values.mariadb.config.backendPassword }}' + passwordPolicy: required + - uid: portal-widget + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.widgetCredsExternalSecret) . }}' + login: '{{ .Values.config.widgetUsername }}' + password: '{{ .Values.config.widgetPassword }}' + passwordPolicy: required + - uid: portal-account + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.accountCredsExternalSecret) . }}' + login: '{{ .Values.config.accountUsername }}' + password: '{{ .Values.config.accountPassword }}' + passwordPolicy: required + - uid: jasypt-enc-key + type: password + externalSecret: '{{ .Values.config.jasyptEncKeyExternalSecret}}' + password: '{{ .Values.config.jasyptEncKey }}' + passwordPolicy: required + +config: + widgetUsername: widget_user + widgetPassword: widget_pass +# widgetCredsExternalSecret: some secret + accountUsername: portal + accountPassword: portal +# accountCredsExternalSecret: some secret + jasyptEncKey: EncryptionKey + # jasyptEncKeyExternalSecret: some secret ################################################################# # Application configuration defaults. @@ -56,6 +96,10 @@ readiness: mariadb: service: name: portal-db + config: + # backendDbExternalSecret: some secret + backendUserName: portal + backendPassword: portal service: type: ClusterIP diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 488c050bfb..137d94fab2 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -62,6 +62,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SDNC_DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: ODL_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + - name: ODL_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + volumeMounts: - mountPath: /config-input name: config-input diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index 4429bd9f46..6aa2356bed 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -92,7 +92,7 @@ mso: vnf: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter rest: - endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/{{ .Values.vnf.api.version }}/vnfs volume-groups: rest: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index b6f315aa3d..034e269d6a 100755 --- a/kubernetes/so/components/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -56,8 +56,6 @@ secrets: # - 'my file 1' # - '{{ include "templateThatGeneratesFileName" . }}' - - ################################################################# # Application configuration defaults. ################################################################# @@ -102,6 +100,10 @@ so: sniro: endpoint: http://replaceme:28090/optimizationInstance/V1/create +vnf: + api: + version: v2 + replicaCount: 1 minReadySeconds: 10 containerPort: &containerPort 8081 @@ -129,7 +131,6 @@ soHelpers: apiEnforcement: org.onap.so.bpmnPerm containerPort: *containerPort - # Resource Limit flavor -By Default using small flavor: large # Segregation for Different environment (Small and Large) @@ -150,13 +151,13 @@ resources: cpu: 1000m unlimited: {} livenessProbe: - path: /manage/health - scheme: HTTP - initialDelaySeconds: 600 - periodSeconds: 60 - timeoutSeconds: 10 - successThreshold: 1 - failureThreshold: 3 + path: /manage/health + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 ingress: enabled: false nodeSelector: {} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml index 97ebd93ed1..bc36fc1f46 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -39,6 +39,7 @@ spec: {{- if .Values.global.aafEnabled }} export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + export TRUSTSTORE="file:/${TRUSTSTORE}" {{- if .Values.global.security.aaf.enabled }} export KEYSTORE_PASSWORD="${cadi_keystore_password}" {{- end }} diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl index fa25ba5177..ef3b0768f5 100644 --- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -16,7 +16,11 @@ keytool -import -trustcacerts -alias msb_root -file \ /certificates/msb-ca.crt -keystore \ "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ - -keypass $cadi_truststore_password -noprompt + -storepass $cadi_truststore_password -noprompt + keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \ + -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \ + -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ + -deststorepass $cadi_truststore_password -noprompt volumeMounts: {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }} - name: {{ include "common.name" $dot }}-msb-certificate diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml index 5dbe46cf9e..391938199e 100755 --- a/kubernetes/so/components/soHelpers/values.yaml +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -37,7 +37,7 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: "so-onap-certs" + - uid: 'so-onap-certs' name: '{{ include "common.release" . }}-so-certs' externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' type: generic @@ -54,10 +54,11 @@ certInitializer: fqdn: so fqi: so@so.onap.org public_fqdn: so.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" + cadi_longitude: '0.0' + cadi_latitude: '0.0' app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local + trustStoreAllPass: changeit aaf_add_config: > /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop