1 diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
2 index 1c20977..4b47c63 100644
3 --- a/kubernetes/appc/values.yaml
4 +++ b/kubernetes/appc/values.yaml
5 @@ -29,7 +29,7 @@ global:
6 #################################################################
8 repository: nexus3.onap.org:10001
9 -image: onap/appc-image:1.4.0-SNAPSHOT-latest
10 +image: onap/appc-image:1.3.0
13 # flag to enable debugging - application support required
14 @@ -37,10 +37,7 @@ debugEnabled: false
16 # application configuration
19 - aafExtFQDN: aaf-onap-beijing-test.osaaf.org
20 dbRootPassword: openECOMP1.0
22 enableClustering: true
23 configDir: /opt/onap/appc/data/properties
25 diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
26 index 328e058..b359526 100644
27 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml
28 +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
29 @@ -35,8 +35,14 @@ spec:
30 - name: {{ include "common.name" . }}
31 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
32 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
33 - command: ["/bin/bash"]
34 - args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
39 + UPDATE_HOSTS_FILE >> /etc/hosts;
40 + UPDATE_NPM_REGISTRY;
41 + cd /opt/onap/ccsdk/dgbuilder/;
42 + ./start.sh sdnc1.0 && wait
44 - containerPort: {{ .Values.service.internalPort }}
46 @@ -94,3 +100,4 @@ spec:
49 - name: "{{ include "common.namespace" . }}-docker-registry-key"
51 diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
52 index acda520..8fa35f9 100644
53 --- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
54 +++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
55 @@ -68,6 +68,8 @@ spec:
56 - mountPath: /etc/localtime
59 + - mountPath: /etc/pki/ca-trust/source/anchors
64 @@ -80,6 +82,8 @@ spec:
66 mkdir -p /var/run/secrets/kubernetes.io/
67 ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
68 + echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice
69 + update-ca-trust extract
71 - name: {{ include "common.fullname" . }}-config
73 @@ -93,5 +97,8 @@ spec:
81 - name: "{{ include "common.namespace" . }}-docker-registry-key"
82 diff --git a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
83 index 379fc24..4802f8b 100644
84 --- a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
85 +++ b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
86 @@ -48,6 +48,12 @@ spec:
87 name: {{ include "common.name" . }}-readiness
89 - name: {{ include "common.name" . }}
94 + UPDATE_HOSTS_FILE >> /etc/hosts;
96 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
97 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
99 diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
100 index b8f15e1..fadb56e 100644
101 --- a/kubernetes/onap/values.yaml
102 +++ b/kubernetes/onap/values.yaml
103 @@ -39,7 +39,8 @@ global:
104 loggingRepository: docker.elastic.co
108 + #pullPolicy: Always
109 + pullPolicy: IfNotPresent
111 # default mount path root directory referenced
112 # by persistent volumes and log files
113 @@ -66,11 +67,11 @@ appc:
115 openStackType: OpenStackProvider
116 openStackName: OpenStack
117 - openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
118 - openStackServiceTenantName: default
119 - openStackDomain: default
120 - openStackUserName: admin
121 - openStackEncryptedPassword: admin
122 + openStackKeyStoneUrl: FILL-ME
123 + openStackServiceTenantName: FILL-ME
124 + openStackDomain: FILL-ME
125 + openStackUserName: FILL-ME
126 + openStackEncryptedPassword: FILL-ME
130 @@ -97,8 +98,11 @@ nbi:
133 # openstack configuration
134 - openStackRegion: "Yolo"
135 - openStackVNFTenantId: "1234"
136 + openStackUserName: "FILL-ME"
137 + openStackRegion: "FILL-ME"
138 + openStackKeyStoneUrl: "FILL-ME"
139 + openStackServiceTenantName: "FILL-ME"
140 + openStackEncryptedPasswordHere: "FILL-ME"
144 @@ -112,7 +116,11 @@ sdnc:
149 + enableClustering: false
152 + disableNfsProvisioner: true
156 @@ -129,11 +137,11 @@ so:
157 # message router configuration
159 # openstack configuration
160 - openStackUserName: "vnf_user"
161 - openStackRegion: "RegionOne"
162 - openStackKeyStoneUrl: "http://1.2.3.4:5000"
163 - openStackServiceTenantName: "service"
164 - openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
165 + openStackUserName: "FILL-ME"
166 + openStackRegion: "FILL-ME"
167 + openStackKeyStoneUrl: "FILL-ME"
168 + openStackServiceTenantName: "FILL-ME"
169 + openStackEncryptedPasswordHere: "FILL-ME"
171 # configure embedded mariadb
173 diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
174 index 72f7a74..f6b3478 100644
175 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
176 +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
177 @@ -114,7 +114,7 @@ else
181 -wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip
182 +wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip --no-check-certificate
183 if [[ $? != 0 ]]; then
184 echo "ERROR: cannot download ${DOWNLOAD_DIR}/apps-${APP_NAME}.zip"
186 diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
187 index a6c054d..9e48d55 100644
188 --- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
189 +++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
190 @@ -84,8 +84,8 @@ echo "Restarting PDP-D .."
194 -POD=$(kubectl --namespace onap-policy get pods | sed 's/ .*//'| grep drools)
195 -kubectl --namespace onap-policy exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start"
196 +POD=$(kubectl --namespace onap get pods | sed 's/ .*//'| grep drools)
197 +kubectl --namespace onap exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 1 && policy start"
201 diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh
202 index dcd3afb..21b3171 100644
203 --- a/kubernetes/policy/resources/config/pe/push-policies.sh
204 +++ b/kubernetes/policy/resources/config/pe/push-policies.sh
205 @@ -22,7 +22,7 @@ echo "Upload BRMS Param Template"
209 -wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing
210 +wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing --no-check-certificate
214 diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
215 index aea67c8..06dc17b 100644
216 --- a/kubernetes/robot/values.yaml
217 +++ b/kubernetes/robot/values.yaml
218 @@ -39,49 +39,49 @@ config:
219 # Password of the lighthttpd server. Used for HTML auth for webpage access
220 lightHttpdPassword: robot
221 # gerrit branch where the latest heat code is checked in
222 - gerritBranch: 2.0.0-ONAP
223 + gerritBranch: master
224 # gerrit project where the latest heat code is checked in
225 gerritProject: http://gerrit.onap.org/r/demo.git
229 # Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION
230 -demoArtifactsVersion: "1.2.0-SNAPSHOT"
231 +demoArtifactsVersion: "1.3.0"
232 # Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR
233 openStackFlavourMedium: "m1.medium"
234 # Openstack keystone URL. Maps to GLOBAL_INJECTED_KEYSTONE
235 -openStackKeyStoneUrl: "http://1.2.3.4:5000"
236 +openStackKeyStoneUrl: "FILL-ME"
237 # UUID of the Openstack network that can assign floating ips. Maps to GLOBAL_INJECTED_PUBLIC_NET_ID
238 -openStackPublicNetId: "e8f51958045716781ffc"
239 +openStackPublicNetId: "FILL-ME"
240 # password for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PASSWORD
241 -openStackPassword: "tenantPassword"
242 +openStackPassword: "FILL-ME"
243 # Openstack region. Maps to GLOBAL_INJECTED_REGION
244 openStackRegion: "RegionOne"
245 # Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID
246 -openStackTenantId: "47899782ed714295b1151681fdfd51f5"
247 +openStackTenantId: "FILL-ME"
248 # username for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME
249 -openStackUserName: "tenantUsername"
250 +openStackUserName: "FILL-ME"
251 # Openstack glance image name for Ubuntu 14. Maps to GLOBAL_INJECTED_UBUNTU_1404_IMAGE
252 -ubuntu14Image: "Ubuntu_14_trusty"
253 +ubuntu14Image: "FILL-ME"
254 # Openstack glance image name for Ubuntu 16. Maps to GLOBAL_INJECTED_UBUNTU_1604_IMAGE
255 -ubuntu16Image: "Ubuntu_16_xenial"
256 +ubuntu16Image: "FILL-ME"
257 # GLOBAL_INJECTED_SCRIPT_VERSION. Maps to GLOBAL_INJECTED_SCRIPT_VERSION
258 -scriptVersion: "1.2.0-SNAPSHOT"
259 +scriptVersion: "1.2.1"
260 # Openstack network to which VNFs will bind their primary (first) interface. Maps to GLOBAL_INJECTED_NETWORK
261 -openStackPrivateNetId: "e8f51956-00dd-4425-af36-045716781ffc"
262 +openStackPrivateNetId: "FILL-ME"
264 # SDNC Preload configuration
265 # Openstack subnet UUID for the network defined by openStackPrivateNetId. Maps to onap_private_subnet_id
266 -openStackPrivateSubnetId: "e8f51956-00dd-4425-af36-045716781ffc"
267 +openStackPrivateSubnetId: "FILL-ME"
268 # CIDR notation for the Openstack private network where VNFs will be spawned. Maps to onap_private_net_cidr
269 -openStackPrivateNetCidr: "10.0.0.0/8"
270 +openStackPrivateNetCidr: "FILL-ME"
271 # The first 2 octets of the private Openstack subnet where VNFs will be spawned.
272 # Needed because sdnc preload templates hardcodes things like this 10.0.${ecompnet}.X
273 openStackOamNetworkCidrPrefix: "10.0"
274 # Override with Pub Key for access to VNF
275 -vnfPubKey: "FILL_IN_WITH_PUB_KEY"
276 -# Override with DCAE VES Collector external IP
277 -dcaeCollectorIp: "FILL_IN_WITH_DCAE_VES_COLLECTOR_IP"
278 +vnfPubKey: "FILL-ME"
279 +# Override with DCAE VES Collector external IP
280 +dcaeCollectorIp: "FILL-ME"
282 # default number of instances
284 @@ -156,4 +156,4 @@ persistence:
285 accessMode: ReadWriteMany
287 mountPath: /dockerdata-nfs
288 - mountSubPath: robot/logs
289 \ No newline at end of file
290 + mountSubPath: robot/logs
291 diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
292 index a19c33a..b49e2c4 100644
293 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
294 +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
295 @@ -47,8 +47,17 @@ spec:
296 name: {{ include "common.name" . }}-readiness
298 - name: {{ include "common.name" . }}
299 - command: ["/bin/bash"]
300 - args: ["-c", "cd /opt/onap/sdnc && ./startAnsibleServer.sh"]
305 + pip install /root/ansible_pkg/*.whl
306 + dpkg -i /root/ansible_pkg/*.deb
307 + cp /etc/ansible/ansible.cfg /etc/ansible/ansible.cfg.orig
308 + cat /etc/ansible/ansible.cfg.orig | sed -e 's/#host_key_checking/host_key_checking/' > /etc/ansible/ansible.cfg
309 + touch /tmp/.ansible-server-installed
311 + ./startAnsibleServer.sh
312 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
313 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
315 @@ -74,6 +83,8 @@ spec:
316 - mountPath: {{ .Values.config.configDir }}/RestServer_config
318 subPath: RestServer_config
319 + - mountPath: /root/ansible_pkg
322 {{ toYaml .Values.resources | indent 12 }}
323 {{- if .Values.nodeSelector }}
324 @@ -92,5 +103,9 @@ spec:
326 name: {{ include "common.fullname" . }}
328 + - name: ansible-pkg
330 + path: /root/ansible_pkg
332 - - name: "{{ include "common.namespace" . }}-docker-registry-key"
333 \ No newline at end of file
334 + - name: "{{ include "common.namespace" . }}-docker-registry-key"
336 diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
337 index 87ed6aa..5da236d 100644
338 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
339 +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
340 @@ -49,8 +49,13 @@ spec:
341 name: {{ include "common.name" . }}-readiness
343 - name: {{ include "common.name" . }}
344 - command: ["/bin/bash"]
345 - args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"]
350 + UPDATE_HOSTS_FILE >> /etc/hosts;
351 + UPDATE_NPM_REGISTRY;
352 + cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh
353 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
354 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
356 diff --git a/kubernetes/uui/charts/uui-server/templates/deployment.yaml b/kubernetes/uui/charts/uui-server/templates/deployment.yaml
357 index accdff9..fa83daf 100644
358 --- a/kubernetes/uui/charts/uui-server/templates/deployment.yaml
359 +++ b/kubernetes/uui/charts/uui-server/templates/deployment.yaml
360 @@ -34,6 +34,12 @@ spec:
361 - name: {{ include "common.name" . }}
362 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
363 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
368 + chown -R mysql:mysql /var/lib/mysql /var/run/mysqld;
369 + /home/uui/bin/run.sh
371 - containerPort: {{ .Values.service.internalPort }}
372 # disable liveness probe when breakpoints set in debugger
373 --- oom/kubernetes/common/common/templates/_cacert.tpl 1970-01-01 00:00:00.000000000 +0000
374 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/common/common/templates/_cacert.tpl 2018-11-02 15:09:31.781688957 +0000
376 +#This template adds volume for access to ca certificate.
377 +#Template is ignored when cacert not set.
378 +{{- define "common.cacert-volume" }}
379 +{{- if .Values.global.cacert }}
382 + name: {{ include "common.namespace" . }}-root-ca-cert
386 +#This template mounts the CA certificate in an ubuntu compatible way.
387 +#It is mounted to /usr/local/share/ca-certificates/cacert.crt.
388 +#Template is ignored if cacert not set.
389 +{{- define "common.cacert-mount-ubuntu" }}
390 +{{- if .Values.global.cacert }}
391 +- mountPath: "/usr/local/share/ca-certificates/cacert.crt"
393 + subPath: certificate
397 +#This template creates an empty volume used to store system certificates (includes java keystore).
398 +{{- define "common.system-ca-store-volume" }}
399 +{{- if .Values.global.cacert }}
400 +- name: system-ca-store
405 +#This template mounts system ca store volume to /etc/ssl/certs (ubuntu specific).
406 +#Template is ignored in case cacert is not given.
407 +{{- define "common.system-ca-store-mount-ubuntu" }}
408 +{{- if .Values.global.cacert }}
409 +- mountPath: "/etc/ssl/certs"
410 + name: system-ca-store
414 +#This template is a template for an init container.
415 +#This init container can be declared to update system's ca store for ubuntu containers.
416 +#It runs as root using the same image as the main one.
417 +#It expects /etc/ssl/certs to be mounted as a volume.
418 +#It has to be shared with the main container.
419 +#This template is ignored if cacert is not given as helm value.
420 +{{- define "common.update-system-ca-store-ubuntu" }}
421 +{{- if .Values.global.cacert }}
426 + mkdir -p /etc/ssl/certs/java
427 + update-ca-certificates
428 + name: update-system-ca-store
429 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
430 + image: {{ include "common.repository" . }}/{{ .Values.image }}
434 +{{ include "common.cacert-mount-ubuntu" . | indent 2 }}
435 +{{ include "common.system-ca-store-mount-ubuntu" . | indent 2 }}
438 --- oom/kubernetes/onap/templates/configmap.yaml 1970-01-01 00:00:00.000000000 +0000
439 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/onap/templates/configmap.yaml 2018-11-02 15:09:31.804689107 +0000
441 +{{ if .Values.global.cacert -}}
445 + name: {{ include "common.namespace" . }}-root-ca-cert
446 + namespace: {{ include "common.namespace" . }}
448 + app: {{ include "common.name" . }}
449 + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
450 + release: {{ .Release.Name }}
451 + heritage: {{ .Release.Service }}
454 +{{ .Values.global.cacert | indent 4 }}
456 --- oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml 2018-11-06 07:38:46.341849402 +0000
457 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml 2018-11-02 15:09:31.808689133 +0000
459 image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
460 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
461 name: {{ include "common.name" . }}-readiness
462 +{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
467 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
468 periodSeconds: {{ .Values.readiness.periodSeconds }}
470 +{{ include "common.cacert-mount-ubuntu" . | indent 8 }}
471 +{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }}
472 - mountPath: /etc/localtime
476 {{ toYaml .Values.affinity | indent 10 }}
479 +{{ include "common.cacert-volume" . | indent 8 }}
480 +{{ include "common.system-ca-store-volume" . | indent 8 }}
484 --- oom/kubernetes/policy/charts/drools/templates/statefulset.yaml 2018-11-06 07:38:46.343849404 +0000
485 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/drools/templates/statefulset.yaml 2018-11-02 15:09:31.810689146 +0000
487 image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
488 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
489 name: {{ include "common.name" . }}-readiness
490 +{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
491 +{{ include "policy.update-policy-keystore" . | indent 6 }}
493 - name: {{ include "common.name" . }}
494 image: "{{ include "common.repository" . }}/{{ .Values.image }}"
497 value: "{{ .Values.replicaCount }}"
499 +{{ include "common.cacert-mount-ubuntu" . | indent 10 }}
500 +{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }}
501 +{{ include "policy.keystore-mount" . | indent 10 }}
502 - mountPath: /etc/localtime
506 {{ toYaml .Values.affinity | indent 10 }}
509 +{{ include "common.cacert-volume" . | indent 8 }}
510 +{{ include "common.system-ca-store-volume" . | indent 8 }}
511 +{{ include "policy.keystore-storage-volume" . | indent 8 }}
515 --- oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-06 07:38:46.345849405 +0000
516 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-02 15:09:31.812689159 +0000
518 image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
519 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
520 name: {{ include "common.name" . }}-readiness
521 +{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
526 initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
527 periodSeconds: {{ .Values.readiness.periodSeconds }}
529 +{{ include "common.cacert-mount-ubuntu" . | indent 8 }}
530 +{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }}
531 - mountPath: /etc/localtime
535 {{ toYaml .Values.affinity | indent 10 }}
538 +{{ include "common.cacert-volume" . | indent 6 }}
539 +{{ include "common.system-ca-store-volume" . | indent 6 }}
543 --- oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl 1970-01-01 00:00:00.000000000 +0000
544 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl 2018-11-02 15:09:31.812689159 +0000
546 +#This template creates a volume for storing policy-keystore with imported ca.
547 +#It is ignored if cacert was not given.
548 +{{- define "policy.keystore-storage-volume" }}
549 +{{- if .Values.global.cacert }}
550 +- name: keystore-storage
555 +#This template mounts policy-keystore in appropriate place for policy components to take it.
556 +#It is ignored if cacert is not given.
557 +{{- define "policy.keystore-mount" }}
558 +{{- if .Values.global.cacert }}
559 +- mountPath: "/tmp/policy-install/config/policy-keystore"
560 + name: keystore-storage
561 + subPath: policy-keystore
565 +#This will extract a policy keystore and then import
566 +#the root cacert of offline nexus into it.
567 +#This template expects a volume named keystore-storage where policy-keystore will be put.
568 +#It also expects volume named cacert where the file "certificate" will contain the cert to import.
569 +#Template is ignored if ca certificate not given.
570 +{{- define "policy.update-policy-keystore" }}
571 +{{- if .Values.global.cacert }}
577 + tar -xzf base-*.tar.gz etc/ssl/policy-keystore
578 + cp etc/ssl/policy-keystore keystore-storage/
579 + keytool -import -keystore keystore-storage/policy-keystore -storepass "Pol1cy_0nap" -noprompt -file /usr/local/share/ca-certificates/cacert.crt
580 + name: update-policy-keystore
581 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
582 + image: {{ include "common.repository" . }}/{{ .Values.image }}
584 + - mountPath: "/tmp/policy-install/keystore-storage"
585 + name: keystore-storage
586 +{{ include "common.cacert-mount-ubuntu" . | indent 2 }}
589 --- oom/kubernetes/policy/templates/deployment.yaml 2018-11-06 07:38:46.346849406 +0000
590 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/templates/deployment.yaml 2018-11-02 15:09:31.813689166 +0000
592 image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
593 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
594 name: {{ include "common.name" . }}-readiness
595 +{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
600 - name: PRELOAD_POLICIES
601 value: "{{ .Values.config.preloadPolicies }}"
603 +{{ include "common.cacert-mount-ubuntu" . | indent 10 }}
604 +{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }}
605 - mountPath: /etc/localtime
609 {{ toYaml .Values.affinity | indent 10 }}
612 +{{ include "common.cacert-volume" . | indent 8 }}
613 +{{ include "common.system-ca-store-volume" . | indent 8 }}