Merge "[A1P] Chart Cleanup from TLS/AAF"
diff --git a/kubernetes/a1policymanagement/Chart.yaml b/kubernetes/a1policymanagement/Chart.yaml
index 1fa512a..c6798d1 100644
--- a/kubernetes/a1policymanagement/Chart.yaml
+++ b/kubernetes/a1policymanagement/Chart.yaml
@@ -26,9 +26,6 @@
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/a1policymanagement/resources/config/application.yaml b/kubernetes/a1policymanagement/resources/config/application.yaml
index 29b0b9a..789f3eb 100644
--- a/kubernetes/a1policymanagement/resources/config/application.yaml
+++ b/kubernetes/a1policymanagement/resources/config/application.yaml
@@ -49,26 +49,23 @@
server:
# Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework.
# See springboot documentation.
- port: 8433
+ #port: 8081
http-port: 8081
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
key-store-type: PKCS12
- key-store-password: ${KEYSTORE_PASSWORD}
- key-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
- key-password: ${KEYSTORE_PASSWORD}
- key-alias: {{ .Values.certInitializer.fqi }}
+ key-store-password: ""
+ key-store: ""
+ key-password: ""
+ key-alias: ""
app:
# Location of the component configuration file. The file will only be used if the Consul database is not used;
# configuration from the Consul will override the file.
filepath: /opt/app/policy-agent/data/application_configuration.json
webclient:
- # Configuration of the trust store used for the HTTP client (outgoing requests)
- # The file location and the password for the truststore is only relevant if trust-store-used == true
- # Note that the same keystore as for the server is used.
trust-store-used: false
- trust-store-password: ${TRUSTSORE_PASSWORD}
- trust-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+ trust-store-password: ""
+ trust-store: ""
# Configuration of usage of HTTP Proxy for the southbound accesses.
# The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s
http.proxy-host:
diff --git a/kubernetes/a1policymanagement/resources/config/application_configuration.json b/kubernetes/a1policymanagement/resources/config/application_configuration.json
index 5ee3f7d..837ce0c 100644
--- a/kubernetes/a1policymanagement/resources/config/application_configuration.json
+++ b/kubernetes/a1policymanagement/resources/config/application_configuration.json
@@ -3,7 +3,7 @@
"controller": [
{
"name": "controller1",
- "baseUrl": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.sdncLink .Values.sdncLinkHttp }}",
+ "baseUrl": "{{ .Values.sdncLink }}",
"userName": "${A1CONTROLLER_USER}",
"password": "${A1CONTROLLER_PASSWORD}"
}
diff --git a/kubernetes/a1policymanagement/templates/ingress.yaml b/kubernetes/a1policymanagement/templates/ingress.yaml
new file mode 100644
index 0000000..bcc60a0
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/ingress.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/a1policymanagement/templates/statefulset.yaml b/kubernetes/a1policymanagement/templates/statefulset.yaml
index 89d131e..b1d0407 100644
--- a/kubernetes/a1policymanagement/templates/statefulset.yaml
+++ b/kubernetes/a1policymanagement/templates/statefulset.yaml
@@ -30,7 +30,7 @@
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-bootstrap-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -39,10 +39,6 @@
args:
- -c
- |
- {{- if (include "common.needTLS" .) }}
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\
- | xargs -0)
- {{- end }}
cd /config-input
for PFILE in `ls -1`
do
@@ -55,7 +51,7 @@
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
- name: A1CONTROLLER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /config-input
name: {{ include "common.fullname" . }}-policy-conf-input
- mountPath: /config
@@ -97,10 +93,10 @@
httpGet:
path: /status
port: {{ .Values.liveness.port }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: config
mountPath: /opt/app/policy-agent/data/application_configuration.json
subPath: application_configuration.json
@@ -111,7 +107,7 @@
mountPath: "/var/policy-management-service/database"
resources: {{ include "common.resources" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: {{ include "common.fullname" . }}-policy-conf-input
configMap:
name: {{ include "common.fullname" . }}-policy-conf
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index bf49313..93f57d3 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -30,39 +30,6 @@
password: '{{ .Values.a1controller.password }}'
passwordPolicy: required
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: a1p-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: a1p
- fqi: a1p@a1p.onap.org
- public_fqdn: a1p.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.a1p
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
image: onap/ccsdk-oran-a1policymanagementservice:1.3.2
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
@@ -72,21 +39,25 @@
service:
type: NodePort
name: a1policymanagement
- both_tls_and_plain: true
ports:
- name: api
- port: 8433
- plain_port: 8081
+ port: 8081
port_protocol: http
nodePort: '94'
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'a1policymanagement-api'
+ name: 'a1policymanagement'
+ port: 8081
+
# SDNC Credentials are used here
a1controller:
user: admin
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-sdncLink: https://sdnc.onap:8443
-sdncLinkHttp: http://sdnc.onap:8282
+sdncLink: http://sdnc.onap:8282
# The information about A1-Mediator/RICs can be added here.
# The A1 policy management service supports both STD & OSC versions.
# Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD & OSC versions for A1 termination.