[SO] Enable SO-Monitoring - use HTTPS and certInitializer
- SO-Monitoring service exposed as NodePort
- Certs are retrieved dynamically using certInitializer
Issue-ID: SO-2920
Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Change-Id: I04e6556bcddc3c67afc2a76c5b4fecb59a134911
diff --git a/kubernetes/so/components/so-monitoring/values.yaml b/kubernetes/so/components/so-monitoring/values.yaml
index e746baf..9ba1d7b 100644
--- a/kubernetes/so/components/so-monitoring/values.yaml
+++ b/kubernetes/so/components/so-monitoring/values.yaml
@@ -1,6 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Copyright (C) 2020 Huawei
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,8 +28,15 @@
readinessImage: onap/oom/readiness:3.0.1
aafAgentImage: onap/aaf/aaf_agent:2.1.20
envsubstImage: dibi/envsubst
+ aafEnabled: true
persistence:
mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: true
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
#################################################################
# Secrets metaconfig
@@ -46,25 +54,21 @@
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.monitoring.soMonitoringCredsExternalSecret) . }}'
+ login: '{{ .Values.server.monitoring.username }}'
+ password: '{{ .Values.server.monitoring.password }}'
#secretsFilePaths: |
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
-# AAF part
-#################################################################
-soHelpers:
- nameOverride: so-monitoring-cert-init
- certInitializer:
- nameOverride: so-monitoring-cert-init
- credsPath: /opt/app/osaaf/local
-
-#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.6.4
+image: onap/so/so-monitoring:1.7.7
pullPolicy: Always
db:
@@ -77,15 +81,34 @@
replicaCount: 1
minReadySeconds: 10
-containerPort: 9091
+containerPort: &containerPort 9091
logPath: app/logs/
app: so-monitoring
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-monitoring-cert-init
+ certInitializer:
+ nameOverride: so-monitoring-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.monitoringPerm
+ containerPort: *containerPort
+
+server:
+ monitoring:
+ username: demo
+ # password: demo123456!
+ # soMonitoringCredsExternalSecret: some secret
+
service:
#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
- type: ClusterIP
+ type: NodePort
nodePort: 24
- internalPort: 9091
- externalPort: 9091
+ internalPort: *containerPort
+ externalPort: *containerPort
portName: so-monitor-port
updateStrategy:
type: RollingUpdate