[PORTAL] Use common aaf template in portal-app

Instead of copy-pasting code around aaf_agent usage let's use a common template that automates this. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ida183073e70563527d9d218cb247d7028687c167
author: Krzysztof Opasiak <k.opasiak@samsung.com> 2020-05-21 19:06:42 +0200
committer: Krzysztof Opasiak <k.opasiak@samsung.com> 2020-05-26 18:17:43 +0200
commit: 57ec338ae0a875591e881f3457ff22bca737f81b (patch)
tree: fc00ee6ba119521b0adae3376a50bc47bbd5f930
parent: df31a724d919b39183df702f970ba4968c09d44e (diff)
5 files changed, 17 insertions, 40 deletions
diff --git a/kubernetes/portal/components/portal-app/requirements.yaml b/kubernetes/portal/components/portal-app/requirements.yaml
index c5d7864b9d..00b92235f3 100644
--- a/kubernetes/portal/components/portal-app/requirements.yaml
+++ b/kubernetes/portal/components/portal-app/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
   - name: common
     version: ~6.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
diff --git a/kubernetes/portal/components/portal-app/resources/server/server.xml b/kubernetes/portal/components/portal-app/resources/server/server.xml
index 420dbd3fa3..38391ae774 100644
--- a/kubernetes/portal/components/portal-app/resources/server/server.xml
+++ b/kubernetes/portal/components/portal-app/resources/server/server.xml
@@ -94,7 +94,7 @@
     {{ if .Values.global.aafEnabled }}
     <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
-               keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
+               keystoreFile="{{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.keystoreFile}}"
                keystorePass="${javax.net.ssl.keyStorePassword}"
                clientAuth="false" sslProtocol="TLS" />
     {{ end }}
diff --git a/kubernetes/portal/components/portal-app/templates/configmap.yaml b/kubernetes/portal/components/portal-app/templates/configmap.yaml
index d514fe6411..feaee66190 100644
--- a/kubernetes/portal/components/portal-app/templates/configmap.yaml
+++ b/kubernetes/portal/components/portal-app/templates/configmap.yaml
@@ -26,17 +26,3 @@ metadata:
 data:
 {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }}
 {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
-
-{{ if .Values.global.aafEnabled }}
-{{- if .Values.aafConfig.addconfig -}}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "aaf-add-config" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
-  aaf-add-config.sh: |-
-    /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
-    {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml
index af00b5ff89..26d8ba572e 100644
--- a/kubernetes/portal/components/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml
@@ -46,24 +46,22 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-      {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config" . | indent 6 }}
-      {{- end }}
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
       - name: {{ include "common.name" . }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["bash","-c"]
         {{- if .Values.global.aafEnabled }}
-        args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
+        args: ["export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0);\
                export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
               -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
               /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
         env:
           - name: CATALINA_OPTS
             value: >
-              -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-              -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+              -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}"
+              -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}"
         {{- else }}
         args: ["/start-apache-tomcat.sh -i "" -n "" -b {{ .Values.global.env.tomcatDir }}"]
         {{- end }}
@@ -85,9 +83,7 @@ spec:
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         volumeMounts:
-        {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
-        {{- end }}
+{{ include "common.certInitializer.volumeMount" . | indent 8 }}
         - mountPath: /etc/localtime
           name: localtime
           readOnly: true
@@ -139,9 +135,7 @@ spec:
         - name: var-log-onap
           mountPath: /var/log/onap
       volumes:
-        {{- if .Values.global.aafEnabled }}
-{{ include "common.aaf-config-volumes" . | indent 8 }}
-        {{- end }}
+{{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml
index cfab8e6183..d118c84faf 100644
--- a/kubernetes/portal/components/portal-app/values.yaml
+++ b/kubernetes/portal/components/portal-app/values.yaml
@@ -26,7 +26,6 @@ global:
   loggingImage: beats/filebeat:5.5.0
   #AAF service
   aafEnabled: true
-  aafAgentImage: onap/aaf/aaf_agent:2.1.20
 
 #################################################################
 # Application configuration defaults.
@@ -40,30 +39,25 @@ pullPolicy: Always
 #AAF local config
 
 aafURL: https://aaf-service:8100/authz/
-aafConfig:
+certInitializer:
+  nameOverride: portal-app-cert-initializer
   aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
   fqdn: portal
   fqi: portal@portal.onap.org
-  publicFqdn: portal.onap.org
+  public_fqdn: portal.onap.org
   cadi_latitude: "38.0"
   cadi_longitude: "-72.0"
   credsPath: /opt/app/osaaf/local
   app_ns: org.osaaf.aaf
   permission_user: 1000
   permission_group: 999
-  addconfig: true
-  secret_uid: &aaf_secret_uid portal-app-aaf-deploy-creds
   keystoreFile: "org.onap.portal.p12"
   truststoreFile: "org.onap.portal.trust.jks"
-
-secrets:
-  - uid: *aaf_secret_uid
-    type: basicAuth
-    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
-    login: '{{ .Values.aafConfig.aafDeployFqi }}'
-    password: '{{ .Values.aafConfig.aafDeployPass }}'
-    passwordPolicy: required
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    /opt/app/aaf_config/bin/agent.sh local showpass \
+    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
 
 # default number of instances
 replicaCount: 1
author	Krzysztof Opasiak <k.opasiak@samsung.com>	2020-05-21 19:06:42 +0200
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	2020-05-26 18:17:43 +0200
commit	57ec338ae0a875591e881f3457ff22bca737f81b (patch)
tree	fc00ee6ba119521b0adae3376a50bc47bbd5f930
parent	df31a724d919b39183df702f970ba4968c09d44e (diff)