Revert "moving certs and keys to k8s secrets"

This reverts commit 59ffd500ea34c201fbb3edc39e64655fa8381be0. Tested locally and does not work. DmaaP fails to come up causing many other pods to crash loop. failed to start container "dmaap": Error response from daemon: {"message":"invalid header field value "oci runtime error: container_linux.go:247:starting container process caused "process_linux.go:359: container init caused "rootfs_linux.go:53: mounting "/var/lib/kubelet/pods/9ae222e0-98a9-11e7-badd-02cfc855c3b9 /volumes/kubernetes.io~secret/mykey" to rootfs "/var/lib/docker/aufs/mnt /b92c56185f3371cb1f091679780d40797dd2c6124cd00cb8fe68da2b247363a8" at "/var/lib/docker/aufs/mnt/.../appl/dmaapMR1/etc/keyfile" caused "not a directory"""n""} Issue-ID: OOM-293 Change-Id: I348ffa14718bd6e89e99f2859cf6612c10370559 Signed-off-by: Mandeep Khinda <mandeep.khinda@amdocs.com>
author: Keren Joseph <keren.joseph@amdocs.com> 2017-09-12 10:13:15 +0300
committer: Mandeep Khinda <mandeep.khinda@amdocs.com> 2017-09-13 19:29:38 +0000
commit: 4b7026e95b93f2077f18d0681d55bbac022b5396 (patch)
tree: 670c66bf0c603bd0cfa4d4cb6436bbfa7604258a
parent: db4c9ae652b8222acf931f093e2e0ede44bc270f (diff)
18 files changed, 4 insertions, 77 deletions
diff --git a/kubernetes/aai/templates/data-router-deployment.yaml b/kubernetes/aai/templates/data-router-deployment.yaml
index 0033208642..f823061c33 100644
--- a/kubernetes/aai/templates/data-router-deployment.yaml
+++ b/kubernetes/aai/templates/data-router-deployment.yaml
@@ -35,10 +35,6 @@ spec:
         volumeMounts:
         - mountPath: /opt/app/data-router/config/
           name: data-router-config
-        - mountPath: /opt/app/data-router/config/auth/tomcat_keystore
-          name: data-router-tomcat-key
-        - mountPath: /opt/app/data-router/config/auth/client-cert-onap.p12 
-          name: data-router-client-cert
         - mountPath: /opt/app/data-router/dynamic/
           name: data-router-dynamic
         - mountPath: /logs/
@@ -60,12 +56,6 @@ spec:
       - name: data-router-logs
         hostPath:
           path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/data-router/logs/"
-      - name: data-router-tomcat-key
-        secret:
-          secretName: secret-{{ .Values.nsPrefix }}-aai
-      - name: data-router-client-cert
-        secret:
-          secretName: secret-{{ .Values.nsPrefix }}-aai
       restartPolicy: Always
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/modelloader-deployment.yaml b/kubernetes/aai/templates/modelloader-deployment.yaml
index ec6a9178a7..5391273d9d 100644
--- a/kubernetes/aai/templates/modelloader-deployment.yaml
+++ b/kubernetes/aai/templates/modelloader-deployment.yaml
@@ -20,8 +20,6 @@ spec:
         volumeMounts:
         - mountPath: /opt/app/model-loader/config/
           name: aai-model-loader-config
-        - mountPath: /opt/app/model-loader/config/auth/aai-os-cert.p12
-          name: aai-os-cert
         - mountPath: /logs/
           name: aai-model-loader-logs
         image: "{{ .Values.image.modelLoaderImage }}:{{ .Values.image.modelLoaderVersion }}"
@@ -37,9 +35,6 @@ spec:
       - name: aai-model-loader-logs
         hostPath:
           path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/model-loader/logs/"
-      - name: aai-os-cert
-        secret:
-          secretName: secret-{{ .Values.nsPrefix }}-aai
       restartPolicy: Always
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/search-data-service-deployment.yaml b/kubernetes/aai/templates/search-data-service-deployment.yaml
index 8f4acef7cb..f2db9370fd 100644
--- a/kubernetes/aai/templates/search-data-service-deployment.yaml
+++ b/kubernetes/aai/templates/search-data-service-deployment.yaml
@@ -27,8 +27,6 @@ spec:
         volumeMounts:
         - mountPath: /opt/app/search-data-service/config/
           name: aai-search-data-service-config
-        - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore
-          name: aai-tomcat-key
         - mountPath: /logs/
           name: aai-search-data-service-logs
         ports:
@@ -42,9 +40,6 @@ spec:
       - name: aai-search-data-service-config
         hostPath:
           path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/appconfig/"
-      - name: aai-tomcat-key
-        secret:
-          secretName: secret-{{ .Values.nsPrefix }}-aai
       - name: aai-search-data-service-logs
         hostPath:
           path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/logs/"
diff --git a/kubernetes/aai/templates/sparky-be-deployment.yaml b/kubernetes/aai/templates/sparky-be-deployment.yaml
index f4c44e28ed..6a8ff9308d 100644
--- a/kubernetes/aai/templates/sparky-be-deployment.yaml
+++ b/kubernetes/aai/templates/sparky-be-deployment.yaml
@@ -27,12 +27,6 @@ spec:
         volumeMounts:
         - mountPath: /opt/app/sparky/config/
           name: aai-sparky-be-config
-        - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 
-          name: aai-sparky-be-client-cert
-        - mountPath: /opt/app/sparky/config/auth/aai-os-cert.p12
-          name: aai-sparky-be-aai-os-cert
-        - mountPath: /opt/app/sparky/config/auth/inventory-ui-keystore
-          name: aai-sparky-be-inventory-key
         - mountPath: /logs/
           name: aai-sparky-be-logs
         ports:
@@ -49,15 +43,6 @@ spec:
       - name: aai-sparky-be-logs
         hostPath:
           path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/sparky-be/logs/"
-      - name: aai-sparky-be-client-cert
-        secret:
-          secretName: secret-{{ .Values.nsPrefix }}-aai
-      - name: aai-sparky-be-aai-os-cert
-        secret:
-          secretName: secret-{{ .Values.nsPrefix }}-aai
-      - name: aai-sparky-be-inventory-key
-        secret:
-          secretName: secret-{{ .Values.nsPrefix }}-aai
       restartPolicy: Always
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/config/.helmignore b/kubernetes/config/.helmignore
index bc7bb96055..4c38baed31 100644
--- a/kubernetes/config/.helmignore
+++ b/kubernetes/config/.helmignore
@@ -22,5 +22,4 @@
 
 #ignore config docker image files
 docker
-createConfig.sh
-certs
+createConfig.sh
+\ No newline at end of file
diff --git a/kubernetes/config/certs/aai/client-cert-onap.p12 b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12
index dbf4fcacec..dbf4fcacec 100644
--- a/kubernetes/config/certs/aai/client-cert-onap.p12
+++ b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12
diff --git a/kubernetes/config/certs/aai/tomcat_keystore b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore
index 9eec841aa2..9eec841aa2 100644
--- a/kubernetes/config/certs/aai/tomcat_keystore
+++ b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore
diff --git a/kubernetes/config/certs/aai/aai-os-cert.p12 b/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12
index ee57120fa0..ee57120fa0 100644
--- a/kubernetes/config/certs/aai/aai-os-cert.p12
+++ b/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12
diff --git a/kubernetes/config/certs/aai/inventory-ui-keystore b/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore
index efa01f8d79..efa01f8d79 100644
--- a/kubernetes/config/certs/aai/inventory-ui-keystore
+++ b/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore
diff --git a/kubernetes/config/certs/message-router/mykey b/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey
index c2b8b8779b..c2b8b8779b 100755
--- a/kubernetes/config/certs/message-router/mykey
+++ b/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey
diff --git a/kubernetes/config/certs/mso/aai.crt b/kubernetes/config/docker/init/src/config/mso/mso/aai.crt
index 4ffa426c1e..4ffa426c1e 100755
--- a/kubernetes/config/certs/mso/aai.crt
+++ b/kubernetes/config/docker/init/src/config/mso/mso/aai.crt
diff --git a/kubernetes/config/certs/mso/encryption.key b/kubernetes/config/docker/init/src/config/mso/mso/encryption.key
index eb52241e7f..eb52241e7f 100644
--- a/kubernetes/config/certs/mso/encryption.key
+++ b/kubernetes/config/docker/init/src/config/mso/mso/encryption.key
diff --git a/kubernetes/config/certs/policy/policy-keystore b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore
index ab25c3a341..ab25c3a341 100755
--- a/kubernetes/config/certs/policy/policy-keystore
+++ b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore
diff --git a/kubernetes/message-router/templates/message-router-dmaap.yaml b/kubernetes/message-router/templates/message-router-dmaap.yaml
index 0579541cb1..59c57f85f6 100644
--- a/kubernetes/message-router/templates/message-router-dmaap.yaml
+++ b/kubernetes/message-router/templates/message-router-dmaap.yaml
@@ -69,7 +69,7 @@ spec:
         hostPath:
           path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/cadi.properties
       - name: mykey
-        secret:
-          secretName: secret-{{ .Values.nsPrefix }}-message-router
+        hostPath:
+          path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/mykey
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/mso/templates/mso-deployment.yaml b/kubernetes/mso/templates/mso-deployment.yaml
index 9414990201..0f3034f4cc 100644
--- a/kubernetes/mso/templates/mso-deployment.yaml
+++ b/kubernetes/mso/templates/mso-deployment.yaml
@@ -49,10 +49,6 @@ spec:
         volumeMounts:
         - mountPath: /shared
           name: mso
-        - mountPath: /shared/aai.crt
-          name: mso-aai-crt
-        - mountPath: /shared/encryption.key
-          name: mso-key
         - mountPath: /docker-files
           name: mso-docker-files
         env:
@@ -76,11 +72,5 @@ spec:
         - name: mso-docker-files
           hostPath:
             path: /dockerdata-nfs/{{ .Values.nsPrefix }}/mso/docker-files
-        - name: mso-aai-crt
-          secret:
-            secretName: secret-{{ .Values.nsPrefix }}-mso
-        - name: mso-key
-          secret:
-            secretName: secret-{{ .Values.nsPrefix }}-mso
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash
index 5012a52d20..7be2e6a7de 100755
--- a/kubernetes/oneclick/createAll.bash
+++ b/kubernetes/oneclick/createAll.bash
@@ -39,14 +39,6 @@ create_registry_key() {
   check_return_code $cmd
 }
 
-create_certs_secret() {
-  if [ -d $LOCATION/config/certs/$i/ ]; then
-    printf "\nCreating certs and keys secret **********\n"
-    _CERTS_FILES=$(find $LOCATION/config/certs/$2/ -type f | awk '$0="--from-file="$0' ORS=' ')
-    kubectl create secret generic secret-$1-$2 $_CERTS_FILES -n $1-$2
-  fi
-}
-
 create_onap_helm() {
   HELM_VALUES_ADDITION=""
   if [[ ! -z $HELM_VALUES_FILEPATH ]]; then
@@ -140,8 +132,6 @@ for i in ${HELM_APPS[@]}; do
   printf "\nCreating registry secret **********\n"
   create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL
 
-  create_certs_secret $NS $i
-
   printf "\nCreating deployments and services **********\n"
   create_onap_helm $NS $i $start
 
diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash
index f7c48fd18d..40d070124a 100755
--- a/kubernetes/oneclick/deleteAll.bash
+++ b/kubernetes/oneclick/deleteAll.bash
@@ -16,13 +16,6 @@ delete_registry_key() {
   kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key
 }
 
-delete_certs_secret() {
-  if [ -d $LOCATION/config/certs/$i/ ]; then
-    kubectl delete secret secret-$1-$2 -n $1-$2
-  fi
-}
-
-
 delete_app_helm() {
   helm delete $1-$2 --purge
 }
@@ -43,9 +36,8 @@ EOF
 NS=
 INCL_SVC=false
 APP=
-LOCATION="../"
 
-while getopts ":n:u:s:a:l:" PARAM; do
+while getopts ":n:u:s:a:" PARAM; do
   case $PARAM in
     u)
       usage
@@ -61,9 +53,6 @@ while getopts ":n:u:s:a:l:" PARAM; do
         exit 1
       fi
       ;;
-    l)
-      LOCATION=${OPTARG}
-      ;;
     ?)
       usage
       exit
@@ -85,7 +74,6 @@ printf "\n********** Cleaning up ONAP: ${ONAP_APPS[*]}\n"
 
 for i in ${HELM_APPS[@]}; do
 
-  delete_certs_secret $NS $i
   delete_app_helm $NS $i
   delete_namespace $NS $i
 
diff --git a/kubernetes/policy/templates/dep-drools.yaml b/kubernetes/policy/templates/dep-drools.yaml
index 7da046e156..75055c10d8 100644
--- a/kubernetes/policy/templates/dep-drools.yaml
+++ b/kubernetes/policy/templates/dep-drools.yaml
@@ -66,8 +66,6 @@ spec:
         volumeMounts:
         - mountPath: /tmp/policy-install/config
           name: drools
-        - mountPath: /tmp/policy-install/config/policy-keystore
-          name: drools-keystore
         - mountPath: /usr/share/maven/conf/settings.xml
           name: drools-settingsxml
       volumes:
@@ -77,8 +75,5 @@ spec:
         - name: drools
           hostPath:
             path:  /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/drools/
-        - name: drools-keystore
-          secret:
-            secretName: secret-{{ .Values.nsPrefix }}-policy
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
author	Keren Joseph <keren.joseph@amdocs.com>	2017-09-12 10:13:15 +0300
committer	Mandeep Khinda <mandeep.khinda@amdocs.com>	2017-09-13 19:29:38 +0000
commit	4b7026e95b93f2077f18d0681d55bbac022b5396 (patch)
tree	670c66bf0c603bd0cfa4d4cb6436bbfa7604258a
parent	db4c9ae652b8222acf931f093e2e0ede44bc270f (diff)