From 52b94c834d1c0252873ca4ced0ba3818648eccfe Mon Sep 17 00:00:00 2001 From: Jack Lucas Date: Mon, 3 Feb 2020 17:11:07 -0500 Subject: Provide cacert in JKS format for clients Issue-ID: DCAEGEN2-1938 Signed-off-by: Jack Lucas Change-Id: Ic9a852bb058075b2b03aa6382ed33e23a4cca8b5 --- k8s/configure/configure.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'k8s/configure') diff --git a/k8s/configure/configure.py b/k8s/configure/configure.py index 959c215..d51b87b 100644 --- a/k8s/configure/configure.py +++ b/k8s/configure/configure.py @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # org.onap.dcae # ================================================================================ -# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2019 Pantheon.tech. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,8 +16,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= -# -# ECOMP is a trademark and service mark of AT&T Intellectual Property. _CONFIG_PATH = "/opt/onap/config.txt" # Path to config file on the Cloudify Manager host _CONSUL_KEY = "k8s-plugin" # Key under which CM configuration is stored in Consul @@ -26,6 +24,7 @@ _CONSUL_KEY = "k8s-plugin" # Key under which CM configuration is st DCAE_NAMESPACE = "dcae" CONSUL_DNS_NAME = "consul" DEFAULT_K8S_LOCATION = "central" +DEFAULT_MAX_WAIT = 1800 FB_LOG_PATH = "/var/log/onap" FB_DATA_PATH = "/usr/share/filebeat/data" @@ -34,9 +33,9 @@ FB_CONFIG_SUBPATH = "filebeat.yml" FB_CONFIG_MAP = "filebeat-conf" FB_IMAGE = "docker.elastic.co/beats/filebeat:5.5.0" -TLS_CERT_PATH = "/opt/tls/shared" -TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.0" -TLS_CA_CERT_PATH = "/opt/dcae/cacert/cacert.pem" +TLS_CERT_PATH = "/opt/app/osaaf" +TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0" +TLS_COMP_CERT_PATH = "/opt/dcae/cacert" TLS_CA_CONFIGMAP = "dcae-cacert-configmap" CBS_BASE_URL = "https://config-binding-service:10443/service_component_all" @@ -48,6 +47,7 @@ def _set_defaults(): "consul_dns_name" : CONSUL_DNS_NAME, # k8s internal DNS name for Consul "default_k8s_location" : DEFAULT_K8S_LOCATION, # default k8s location to deploy components "image_pull_secrets" : [], # list of k8s secrets for accessing Docker registries + "max_wait": DEFAULT_MAX_WAIT, # Default maximum time to wait for component to become healthy (secs) "filebeat": { # Configuration for setting up filebeat container "log_path" : FB_LOG_PATH, # mount point for log volume in filebeat container "data_path" : FB_DATA_PATH, # mount point for data volume in filebeat container @@ -59,8 +59,7 @@ def _set_defaults(): "tls": { # Configuration for setting up TLS "cert_path" : TLS_CERT_PATH, # mount point for certificate volume in TLS init container "image": TLS_IMAGE, # Docker image to use for TLS init container - "component_ca_cert_path": TLS_CA_CERT_PATH, # Mount point for CA cert for components that are clients only - "ca_cert_configmap": TLS_CA_CONFIGMAP # ConfigMap holding CA cert for components that are clients only + "component_cert_dir": TLS_COMP_CERT_PATH # default mount point for certificate volume in component container }, "cbs": { "base_url" : CBS_BASE_URL # URL prefix for accessing config binding service -- cgit 1.2.3-korg