From: Krzysztof Opasiak Date: Thu, 8 Apr 2021 08:09:41 +0000 (+0000) Subject: Merge "[COMMON] Add a checkbashisms tox profile" X-Git-Tag: 9.0.0~328 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=d3166747bb93ccaba9d471acce373850d7d6f35f;hp=d8eab71b6a1f4e89ec27df3228180912e3253051 Merge "[COMMON] Add a checkbashisms tox profile" --- diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index b1d8a0ad7b..7509cb3bd6 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -137,9 +137,24 @@ certInitializer: credsPath: /opt/app/osaaf/local fqi_namespace: org.onap.aai-resources aaf_add_config: | - echo "*** writing passwords into prop file" - echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop - echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ + -keystore {{ .Values.fqi_namespace }}.p12 \ + -keypass "${cadi_keystore_password_p12}" \ + -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 {{ .Values.credsPath }} diff --git a/kubernetes/aai/components/aai-sparky-be/requirements.yaml b/kubernetes/aai/components/aai-sparky-be/requirements.yaml index cf22720435..f9ba1c1fb7 100644 --- a/kubernetes/aai/components/aai-sparky-be/requirements.yaml +++ b/kubernetes/aai/components/aai-sparky-be/requirements.yaml @@ -21,6 +21,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~8.x-0 + repository: '@local' - name: repositoryGenerator version: ~8.x-0 repository: '@local' diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties similarity index 100% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-default.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties similarity index 100% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-override.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties similarity index 72% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties index 094c815744..fe8bd16fa1 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties @@ -15,14 +15,14 @@ */}} oxm.schemaNodeDir=/opt/app/sparky/onap/oxm -#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config +#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config oxm.schemaServiceTranslatorList=config # The end point for onap is https://:/onap/schema-service/v1/ oxm.schemaServiceBaseUrl=https:///aai/schema-service/v1/ -oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12 -oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore -oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o -oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o +oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD} +oxm.schemaServiceTruststorePassword=${TRUSTSTORE_PASSWORD} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties similarity index 70% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties index 59c0349b06..3c6bd4e1ad 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties @@ -19,4 +19,7 @@ resources.port=8443 resources.authType=SSL_BASIC resources.basicAuthUserName=aai@aai.onap.org resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek -resources.trust-store=tomcat_keystore +resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +resources.trust-store-password=${TRUSTSTORE_PASSWORD} +resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +resources.client-cert-password=${KEYSTORE_PASSWORD} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties similarity index 65% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties index 4db6c0a374..2e2351ad95 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties @@ -13,8 +13,8 @@ # limitations under the License. server.port=8000 -server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12 -server.ssl.key-store-password=OBF:1xfz1qie1jf81b3s1ir91tag1h381cvr1kze1zli16kj1b301b4y16kb1zm01kzo1cw71gze1t9y1ivd1b461je21qiw1xf3 +server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks -server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 +server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties similarity index 100% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application-sync.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties similarity index 75% rename from kubernetes/aai/components/aai-sparky-be/resources/config/application.properties rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties index 1269f25355..120f8ac114 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties @@ -24,12 +24,12 @@ spring.mvc.favicon.enabled=false spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy -portal.cadiFileLocation={{.Values.config.cadiFileLocation}} portal.cadiFileLocation={{.Values.config.cadiFileLocation}} searchservice.hostname={{.Values.global.searchData.serviceName}} searchservice.port=9509 -searchservice.client-cert=client-cert-onap.p12 -searchservice.client-cert-password=1xfz1qie1jf81b3s1ir91tag1h381cvr1kze1zli16kj1b301b4y16kb1zm01kzo1cw71gze1t9y1ivd1b461je21qiw1xf3 -searchservice.truststore=tomcat_keystore +searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +searchservice.client-cert-password=${KEYSTORE_PASSWORD} +searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +searchservice.truststore-password=${TRUSTSTORE_PASSWORD} schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml new file mode 100644 index 0000000000..cd5338f5b3 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/logback.xml @@ -0,0 +1,187 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + ${errorLogPattern} + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + ${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + + INFO + + 256 + + + + + + + + ${logDirectory}/${auditLogName}.log + + ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${auditMetricPattern} + + + + 256 + + + + + ${logDirectory}/${metricsLogName}.log + + ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + + ${auditMetricPattern} + + + + + + 256 + + + + + ${logDirectory}/${debugLogName}.log + + ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + 256 + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config similarity index 100% rename from kubernetes/aai/components/aai-sparky-be/resources/config/roles.config rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/roles.config diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config similarity index 100% rename from kubernetes/aai/components/aai-sparky-be/resources/config/users.config rename to kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 deleted file mode 100644 index 2601acf88a..0000000000 Binary files a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 and /dev/null differ diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 deleted file mode 100644 index 2601acf88a..0000000000 Binary files a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 and /dev/null differ diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties index 2592e5ca7c..7a0fb8250b 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties @@ -46,4 +46,4 @@ ext_req_connection_timeout=15000 ext_req_read_timeout=20000 #Add AAF namespace if the app is centralized -auth_namespace={{.Values.config.aafNamespace}} +auth_namespace={{ .Values.certInitializer.fqi_namespace }} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties index 1f154b6101..baefd9806b 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties @@ -6,14 +6,18 @@ aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 # AAF Environment Designation #if you are running aaf service from a docker image you have to use aaf service IP and port number -aaf_id={{.Values.config.aafUsername}} +aaf_id={{ .Values.certInitializer.fqi }} #Encrypt the password using AAF Jar -aaf_password={{.Values.config.aafPassword}} +aaf_password={{ .Values.certInitializer.aafDeployPass }} # Sample CADI Properties, from CADI 1.4.2 #hostname=org.onap.aai.orr csp_domain=PROD # Add Absolute path to Keyfile -cadi_keyfile={{.Values.config.cadiKeyFile}} +cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile +cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +cadi_keystore_password=${KEYSTORE_PASSWORD} + +cadi_alias={{ .Values.certInitializer.fqi }} # This is required to accept Certificate Authentication from Certman certificates. # can be TEST, IST or PROD @@ -23,9 +27,9 @@ aaf_env=DEV cadi_loglevel=DEBUG # Add Absolute path to truststore2018.jks -cadi_truststore={{.Values.config.cadiTrustStore}} +cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks # Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs -cadi_truststore_password={{.Values.config.cadiTrustStorePassword}} +cadi_truststore_password=${TRUSTSTORE_PASSWORD} # how to turn on SSL Logging #javax.net.debug=ssl diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml index 162e96b0dc..fee07d8acf 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml @@ -14,25 +14,6 @@ # limitations under the License. */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-prop - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap @@ -45,7 +26,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 6e74526ddc..45ff270047 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -38,7 +38,34 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ + | xargs -0) + if [ -z "$KEYSTORE_PASSWORD" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + fi + echo "*** write them in portal part" + cd /config-input + for PFILE in `ls -1 .` + do + envsubst <${PFILE} >/config/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: portal-config-input + - mountPath: /config + name: portal-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config - command: - /app/ready.py args: @@ -57,68 +84,56 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - volumeMounts: + command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \ + | xargs -0) + echo "*** actual launch of AAI Sparky BE" + /opt/app/sparky/bin/start.sh + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 - name: {{ include "common.fullname" . }}-auth-config - subPath: client-cert-onap.p12 - - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties - name: {{ include "common.fullname" . }}-auth-config + name: auth-config subPath: csp-cookie-filter.properties - - - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12 - name: {{ include "common.fullname" . }}-auth-config - subPath: org.onap.aai.p12 - - - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks - name: aai-common-aai-auth-mount - subPath: truststoreONAPall.jks - - mountPath: /opt/app/sparky/config/portal/ - name: {{ include "common.fullname" . }}-portal-config - + name: portal-config - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ - name: {{ include "common.fullname" . }}-portal-config-props - + name: portal-config-props - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - + name: logs - mountPath: /opt/app/sparky/config/application.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application.properties - - mountPath: /opt/app/sparky/config/application-resources.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-resources.properties - - mountPath: /opt/app/sparky/config/application-ssl.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-ssl.properties - - mountPath: /opt/app/sparky/config/application-oxm-default.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-oxm-default.properties - - mountPath: /opt/app/sparky/config/application-oxm-override.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-oxm-override.properties - - mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties - name: {{ include "common.fullname" . }}-properties + name: config subPath: application-oxm-schema-prod.properties - - mountPath: /opt/app/sparky/config/roles.config - name: {{ include "common.fullname" . }}-properties + name: config subPath: roles.config - - mountPath: /opt/app/sparky/config/users.config - name: {{ include "common.fullname" . }}-properties + name: config subPath: users.config - + - mountPath: /opt/app/sparky/config/logging/logback.xml + name: config + subPath: logback.xml ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -155,45 +170,35 @@ spec: subPath: filebeat.yml name: filebeat-conf - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /usr/share/filebeat/data name: aai-sparky-filebeat resources: {{ include "common.resources" . }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - - name: {{ include "common.fullname" . }}-properties - configMap: - name: {{ include "common.fullname" . }}-prop - - - name: {{ include "common.fullname" . }}-config + - name: config configMap: name: {{ include "common.fullname" . }} - - - name: {{ include "common.fullname" . }}-portal-config + - name: portal-config + emptyDir: + medium: Memory + - name: portal-config-input configMap: name: {{ include "common.fullname" . }}-portal - - - name: {{ include "common.fullname" . }}-portal-config-props + - name: portal-config-props configMap: name: {{ include "common.fullname" . }}-portal-props - - - name: {{ include "common.fullname" . }}-auth-config + - name: auth-config secret: secretName: {{ include "common.fullname" . }} - - - name: aai-common-aai-auth-mount - secret: - secretName: aai-common-aai-auth - - name: filebeat-conf configMap: name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} - name: aai-sparky-filebeat emptyDir: {} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index f8de79d31a..98dca5d11d 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -27,6 +27,40 @@ global: # global defaults searchData: serviceName: aai-search-data + +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-sparky-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: "aai" + app_ns: "org.osaaf.aaf" + fqi_namespace: "org.onap.aai" + fqi: "aai@aai.onap.org" + public_fqdn: "aaf.osaaf.org" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** changing passwords into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + # application image image: onap/sparky-be:2.0.3 pullPolicy: Always @@ -44,13 +78,7 @@ config: portalPassword: OBF:1t2v1vfv1unz1vgz1t3b portalCookieName: UserId portalAppRoles: ui_view - aafUsername: aai@aai.onap.org - aafNamespace: org.onap.aai - aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz - cadiKeyFile: /opt/app/sparky/config/portal/keyFile - cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties - cadiTrustStorePassword: changeit cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor # ONAP Cookie Processing - During initial development, the following flag, if true, will diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 8a063c2ba4..253f9b9e93 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -123,9 +123,24 @@ certInitializer: credsPath: /opt/app/osaaf/local fqi_namespace: org.onap.aai-traversal aaf_add_config: | - echo "*** writing passwords into prop file" - echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop - echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ + -keystore {{ .Values.fqi_namespace }}.p12 \ + -keypass "${cadi_keystore_password_p12}" \ + -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 {{ .Values.credsPath }} diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index 7858a24a62..266032844d 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -51,7 +51,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-blueprintsprocessor:1.1.1 +image: onap/ccsdk-blueprintsprocessor:1.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml index 57591c4fb0..bed223ebcd 100755 --- a/kubernetes/cds/components/cds-command-executor/values.yaml +++ b/kubernetes/cds/components/cds-command-executor/values.yaml @@ -32,7 +32,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-commandexecutor:1.1.1 +image: onap/ccsdk-commandexecutor:1.1.2 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml index 1e555e95d8..dfc7e59dda 100755 --- a/kubernetes/cds/components/cds-py-executor/values.yaml +++ b/kubernetes/cds/components/cds-py-executor/values.yaml @@ -30,7 +30,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-py-executor:1.1.1 +image: onap/ccsdk-py-executor:1.1.2 pullPolicy: Always # default number of instances diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml index 7fe3b3f790..f6f45b7ad8 100644 --- a/kubernetes/cds/components/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml @@ -29,7 +29,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-sdclistener:1.1.1 +image: onap/ccsdk-sdclistener:1.1.2 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index 9ece904334..8120679803 100644 --- a/kubernetes/cds/components/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -44,7 +44,7 @@ certInitializer: {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop # application image -image: onap/ccsdk-cds-ui-server:1.1.1 +image: onap/ccsdk-cds-ui-server:1.1.2 pullPolicy: Always # application configuration diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index 50f43c8674..39448a72c5 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -109,7 +109,7 @@ GLOBAL_INJECTED_SO_CATDB_IP_ADDR = '{{include "robot.ingress.svchost" (dict "roo GLOBAL_INJECTED_SO_OPENSTACK_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-openstack-adapter") }}' GLOBAL_INJECTED_SO_REQDB_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-request-db-adapter") }}' GLOBAL_INJECTED_SO_SDNC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-sdnc-adapter") }}' -GLOBAL_INJECTED_SO_VFC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-vfc-adapter") }}' +GLOBAL_INJECTED_SO_VFC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-etsi-sol005-adapter") }}' GLOBAL_INJECTED_SO_VNFM_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-etsi-sol003-adapter") }}' GLOBAL_INJECTED_SO_NSSMF_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-nssmf-adapter") }}' GLOBAL_INJECTED_UBUNTU_1404_IMAGE = '{{ .Values.ubuntu14Image }}' @@ -254,7 +254,7 @@ GLOBAL_SO_CATDB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "ho GLOBAL_SO_OPENSTACK_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-openstack-adapter" "port" 8087) }}' GLOBAL_SO_REQDB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-request-db-adapter" "port" 8083) }}' GLOBAL_SO_SDNC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-sdnc-adapter" "port" 8086) }}' -GLOBAL_SO_VFC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-vfc-adapter" "port" 8084) }}' +GLOBAL_SO_VFC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-etsi-sol005-adapter" "port" 8084) }}' GLOBAL_SO_VNFM_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-etsi-sol003-adapter" "port" 9092) }}' GLOBAL_SO_NSSMF_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-nssmf-adapter" "port" 8088) }}' GLOBAL_SO_USERNAME = '{{ .Values.soUsername }}' diff --git a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml index a2e3a48e25..7b04773ec5 100644 --- a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml @@ -85,7 +85,10 @@ spec: - name: TILEURL value: {{ .Values.config.topologyserver.tileserverUrl }} {{ end }} - + - name: ENABLE_OAUTH + value: "{{ .Values.config.oauth.enabled | default "false" }}" + - name: ENABLE_ODLUX_RBAC + value: "{{ .Values.config.oauth.odluxRbac.enabled | default "false" }}" volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index 72126b6dbd..3577c84a24 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -36,6 +36,10 @@ config: sslCertDir: "/opt/app/osaaf/local/certs" sslCertiticate: "cert.pem" sslCertKey: "key.pem" + oauth: + enabled: false + odluxRbac: + enabled: false transportpce: enabled: false transportpceUrl: http://transportpce.transportpce:8181 diff --git a/kubernetes/sdnc/resources/config/conf/oauth-provider.config.json b/kubernetes/sdnc/resources/config/conf/oauth-provider.config.json new file mode 100644 index 0000000000..8d3c106bb9 --- /dev/null +++ b/kubernetes/sdnc/resources/config/conf/oauth-provider.config.json @@ -0,0 +1,8 @@ +{ + "tokenSecret": "${OAUTH_TOKEN_SECRET}", + "tokenIssuer": {{ .Values.config.sdnr.oauth.tokenIssuer | quote }}, + "publicUrl": {{ .Values.config.sdnr.oauth.publicUrl | quote }}, + "redirectUri": "{{ .Values.config.sdnr.oauth.redirectUri | quote | default "null" }}", + "supportOdlUsers": "{{ .Values.config.sdnr.oauth.supportOdlUsers | default "true" }}", + "providers": {{ .Values.config.sdnr.oauth.providers | toJson }} +} \ No newline at end of file diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 027f01ce01..152337ee52 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -111,6 +111,15 @@ spec: - name: DMAAP_HTTP_PROXY_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }} {{- end }} + {{ if .Values.config.sdnr.oauth.enabled }} + - name: OAUTH_TOKEN_SECRET + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oauth-token-secret" "key" "password") | indent 10 }} + - name: KEYCLOAK_SECRET + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keycloak-secret" "key" "password") | indent 10 }} + + - name: ENABLE_ODLUX_RBAC + value: "{{ .Values.config.sdnr.oauth.odluxRbac.enabled | default "true" }}" + {{ end }} volumeMounts: @@ -128,6 +137,8 @@ spec: {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}} - --container-name - {{ include "common.mariadbService" . }} + - --job-name + - {{ include "common.fullname" . }}-dbinit-job {{ end -}} {{ if .Values.config.sdnr.enabled -}} - --container-name @@ -292,7 +303,8 @@ spec: - name: ODL_CERT_DIR value: {{ (mustFirst (.Values.certificates)).mountPath }} {{- end }} - + - name: ENABLE_OAUTH + value: "{{ .Values.config.sdnr.oauth.enabled | default "false" }}" volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} {{ include "common.certServiceClient.volumeMounts" . | indent 10 }} @@ -360,6 +372,11 @@ spec: - mountPath: {{ .Values.config.odl.etcDir }}/org.opendaylight.daexim.cfg name: properties subPath: org.opendaylight.daexim.cfg + {{- if .Values.config.sdnr.oauth.enabled }} + - mountPath: {{ .Values.config.odl.etcDir }}/oauth-provider.config.json + name: properties + subPath: oauth-provider.config.json + {{ end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index e3f3a6e172..399740ed05 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -172,6 +172,17 @@ secrets: login: '{{ .Values.config.scaleoutUser }}' password: '{{ .Values.config.scaleoutPassword }}' passwordPolicy: required + - uid: oauth-token-secret + type: password + externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.tokenExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}' + password: '{{ .Values.config.sdnr.oauth.tokenSecret }}' + passwordPolicy: required + - uid: keycloak-secret + type: password + externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.providersSecrets.keycloakExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}' + password: '{{ .Values.config.sdnr.oauth.providersSecrets.keycloak }}' + passwordPolicy: required + ################################################################# # Certificates ################################################################# @@ -311,6 +322,7 @@ config: sdnrdbTrustAllCerts: true mountpointRegistrarEnabled: false mountpointStateProviderEnabled: false + # # enable and set dmaap-proxy for mountpointRegistrar dmaapProxy: enabled: false @@ -318,10 +330,28 @@ config: user: addUserHere password: addPasswordHere url: addProxyUrlHere - - - - + oauth: + enabled: false + tokenIssuer: ONAP SDNC + tokenSecret: secret + supportOdlusers: true + redirectUri: null + publicUrl: none + odluxRbac: + enabled: true + # example definition for a oauth provider + providersSecrets: + keycloak: d8d7ed52-0691-4353-9ac6-5383e72e9c46 + providers: + - id: keycloak + type: KEYCLOAK + host: http://keycloak:8080 + clientId: odlux.app + secret: ${KEYCLOAK_SECRET} + scope: openid + title: ONAP Keycloak Provider + roleMapping: + mykeycloak: admin # dependency / sub-chart configuration certInitializer: diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index 7ab960c9fc..c64e10597a 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -102,7 +102,7 @@ mso: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAsync vfc: rest: - endpoint: http://so-vfc-adapter.{{ include "common.namespace" . }}:8084/services/v1/vfcadapter + endpoint: http://so-etsi-sol005-adapter.{{ include "common.namespace" . }}:8084/services/v1/vfcadapter workflow: message: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage diff --git a/kubernetes/so/components/so-vfc-adapter/Chart.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/Chart.yaml similarity index 95% rename from kubernetes/so/components/so-vfc-adapter/Chart.yaml rename to kubernetes/so/components/so-etsi-sol005-adapter/Chart.yaml index 520e53d105..b178ab5ee7 100755 --- a/kubernetes/so/components/so-vfc-adapter/Chart.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/Chart.yaml @@ -14,5 +14,5 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes -name: so-vfc-adapter +name: so-etsi-sol005-adapter version: 8.0.0 diff --git a/kubernetes/so/components/so-vfc-adapter/requirements.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml similarity index 100% rename from kubernetes/so/components/so-vfc-adapter/requirements.yaml rename to kubernetes/so/components/so-etsi-sol005-adapter/requirements.yaml diff --git a/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml similarity index 97% rename from kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml rename to kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml index db5caf45fc..dd46da0989 100755 --- a/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml @@ -38,7 +38,7 @@ server: max-threads: 50 mso: site-name: localSite - logPath: ./logs/vfc + logPath: ./logs/etsi-sol005-adapter config: cadi: {{ include "so.cadi.keys" . | nindent 8}} msb-ip: msb-iag diff --git a/kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml similarity index 100% rename from kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml rename to kubernetes/so/components/so-etsi-sol005-adapter/templates/configmap.yaml diff --git a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml similarity index 100% rename from kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml rename to kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml diff --git a/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/secret.yaml similarity index 100% rename from kubernetes/so/components/so-vfc-adapter/templates/secret.yaml rename to kubernetes/so/components/so-etsi-sol005-adapter/templates/secret.yaml diff --git a/kubernetes/so/components/so-vfc-adapter/templates/service.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml similarity index 100% rename from kubernetes/so/components/so-vfc-adapter/templates/service.yaml rename to kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml diff --git a/kubernetes/so/components/so-vfc-adapter/values.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml similarity index 94% rename from kubernetes/so/components/so-vfc-adapter/values.yaml rename to kubernetes/so/components/so-etsi-sol005-adapter/values.yaml index 924027abd2..d43bffd71b 100755 --- a/kubernetes/so/components/so-vfc-adapter/values.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/values.yaml @@ -57,7 +57,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/vfc-adapter:1.7.11 +image: onap/so/so-etsi-sol005-adapter:1.8.3 pullPolicy: Always db: @@ -76,13 +76,13 @@ mso: replicaCount: 1 minReadySeconds: 10 containerPort: &containerPort 8084 -logPath: ./logs/vfc/ -app: vfc-adapter +logPath: ./logs/etsi-sol005-adapter/ +app: etsi-sol005-adapter service: type: ClusterIP internalPort: *containerPort externalPort: *containerPort - portName: so-vfc-port + portName: http updateStrategy: type: RollingUpdate maxUnavailable: 1 @@ -93,9 +93,9 @@ updateStrategy: # soHelpers part ################################################################# soHelpers: - nameOverride: so-vfc-cert-init + nameOverride: so-etsi-sol005-cert-init certInitializer: - nameOverride: so-vfc-cert-init + nameOverride: so-etsi-sol005-cert-init credsPath: /opt/app/osaaf/local cadi: apiEnforcement: org.onap.so.vfcAdapterPerm diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml index 989cf7d11a..06fc6e9eb5 100755 --- a/kubernetes/so/requirements.yaml +++ b/kubernetes/so/requirements.yaml @@ -87,7 +87,7 @@ dependencies: version: ~8.x-0 repository: 'file://components/so-ve-vnfm-adapter' condition: so-ve-vnfm-adapter.enabled - - name: so-vfc-adapter + - name: so-etsi-sol005-adapter version: ~8.x-0 - repository: 'file://components/so-vfc-adapter' - condition: so-vfc-adapter.enabled + repository: 'file://components/so-etsi-sol005-adapter' + condition: so-etsi-sol005-adapter.enabled diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index d1d3873ced..1358795cec 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -371,7 +371,7 @@ so-sdnc-adapter: so-ve-vnfm-adapter: enabled: false -so-vfc-adapter: +so-etsi-sol005-adapter: enabled: true db: <<: *dbSecrets diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index 3232d828cb..de3a75a983 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -25,7 +25,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui-server:3.0.7 +image: onap/usecase-ui-server:4.0.0 pullPolicy: Always # application configuration diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index 1adb2565a0..b09ed1ac50 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -24,7 +24,7 @@ subChartsOnly: flavor: small # application image -image: onap/usecase-ui:3.0.6 +image: onap/usecase-ui:4.0.0 pullPolicy: Always # application configuration