diff options
author | Keren Joseph <keren.joseph@amdocs.com> | 2017-09-12 10:13:15 +0300 |
---|---|---|
committer | Mandeep Khinda <mandeep.khinda@amdocs.com> | 2017-09-13 19:29:38 +0000 |
commit | 4b7026e95b93f2077f18d0681d55bbac022b5396 (patch) | |
tree | 670c66bf0c603bd0cfa4d4cb6436bbfa7604258a | |
parent | db4c9ae652b8222acf931f093e2e0ede44bc270f (diff) |
Revert "moving certs and keys to k8s secrets"
This reverts commit 59ffd500ea34c201fbb3edc39e64655fa8381be0.
Tested locally and does not work. DmaaP fails to come up causing
many other pods to crash loop.
failed to start container "dmaap": Error response from daemon:
{"message":"invalid header field value "oci runtime error:
container_linux.go:247:starting container process caused
"process_linux.go:359: container init caused "rootfs_linux.go:53:
mounting "/var/lib/kubelet/pods/9ae222e0-98a9-11e7-badd-02cfc855c3b9
/volumes/kubernetes.io~secret/mykey" to rootfs "/var/lib/docker/aufs/mnt
/b92c56185f3371cb1f091679780d40797dd2c6124cd00cb8fe68da2b247363a8"
at "/var/lib/docker/aufs/mnt/.../appl/dmaapMR1/etc/keyfile" caused
"not a directory"""n""}
Issue-ID: OOM-293
Change-Id: I348ffa14718bd6e89e99f2859cf6612c10370559
Signed-off-by: Mandeep Khinda <mandeep.khinda@amdocs.com>
18 files changed, 4 insertions, 77 deletions
diff --git a/kubernetes/aai/templates/data-router-deployment.yaml b/kubernetes/aai/templates/data-router-deployment.yaml index 0033208642..f823061c33 100644 --- a/kubernetes/aai/templates/data-router-deployment.yaml +++ b/kubernetes/aai/templates/data-router-deployment.yaml @@ -35,10 +35,6 @@ spec: volumeMounts: - mountPath: /opt/app/data-router/config/ name: data-router-config - - mountPath: /opt/app/data-router/config/auth/tomcat_keystore - name: data-router-tomcat-key - - mountPath: /opt/app/data-router/config/auth/client-cert-onap.p12 - name: data-router-client-cert - mountPath: /opt/app/data-router/dynamic/ name: data-router-dynamic - mountPath: /logs/ @@ -60,12 +56,6 @@ spec: - name: data-router-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/data-router/logs/" - - name: data-router-tomcat-key - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai - - name: data-router-client-cert - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/aai/templates/modelloader-deployment.yaml b/kubernetes/aai/templates/modelloader-deployment.yaml index ec6a9178a7..5391273d9d 100644 --- a/kubernetes/aai/templates/modelloader-deployment.yaml +++ b/kubernetes/aai/templates/modelloader-deployment.yaml @@ -20,8 +20,6 @@ spec: volumeMounts: - mountPath: /opt/app/model-loader/config/ name: aai-model-loader-config - - mountPath: /opt/app/model-loader/config/auth/aai-os-cert.p12 - name: aai-os-cert - mountPath: /logs/ name: aai-model-loader-logs image: "{{ .Values.image.modelLoaderImage }}:{{ .Values.image.modelLoaderVersion }}" @@ -37,9 +35,6 @@ spec: - name: aai-model-loader-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/model-loader/logs/" - - name: aai-os-cert - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/aai/templates/search-data-service-deployment.yaml b/kubernetes/aai/templates/search-data-service-deployment.yaml index 8f4acef7cb..f2db9370fd 100644 --- a/kubernetes/aai/templates/search-data-service-deployment.yaml +++ b/kubernetes/aai/templates/search-data-service-deployment.yaml @@ -27,8 +27,6 @@ spec: volumeMounts: - mountPath: /opt/app/search-data-service/config/ name: aai-search-data-service-config - - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore - name: aai-tomcat-key - mountPath: /logs/ name: aai-search-data-service-logs ports: @@ -42,9 +40,6 @@ spec: - name: aai-search-data-service-config hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/appconfig/" - - name: aai-tomcat-key - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai - name: aai-search-data-service-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/logs/" diff --git a/kubernetes/aai/templates/sparky-be-deployment.yaml b/kubernetes/aai/templates/sparky-be-deployment.yaml index f4c44e28ed..6a8ff9308d 100644 --- a/kubernetes/aai/templates/sparky-be-deployment.yaml +++ b/kubernetes/aai/templates/sparky-be-deployment.yaml @@ -27,12 +27,6 @@ spec: volumeMounts: - mountPath: /opt/app/sparky/config/ name: aai-sparky-be-config - - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 - name: aai-sparky-be-client-cert - - mountPath: /opt/app/sparky/config/auth/aai-os-cert.p12 - name: aai-sparky-be-aai-os-cert - - mountPath: /opt/app/sparky/config/auth/inventory-ui-keystore - name: aai-sparky-be-inventory-key - mountPath: /logs/ name: aai-sparky-be-logs ports: @@ -49,15 +43,6 @@ spec: - name: aai-sparky-be-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/sparky-be/logs/" - - name: aai-sparky-be-client-cert - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai - - name: aai-sparky-be-aai-os-cert - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai - - name: aai-sparky-be-inventory-key - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/config/.helmignore b/kubernetes/config/.helmignore index bc7bb96055..4c38baed31 100644 --- a/kubernetes/config/.helmignore +++ b/kubernetes/config/.helmignore @@ -22,5 +22,4 @@ #ignore config docker image files docker -createConfig.sh -certs +createConfig.sh
\ No newline at end of file diff --git a/kubernetes/config/certs/aai/client-cert-onap.p12 b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 Binary files differindex dbf4fcacec..dbf4fcacec 100644 --- a/kubernetes/config/certs/aai/client-cert-onap.p12 +++ b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 diff --git a/kubernetes/config/certs/aai/tomcat_keystore b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore Binary files differindex 9eec841aa2..9eec841aa2 100644 --- a/kubernetes/config/certs/aai/tomcat_keystore +++ b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore diff --git a/kubernetes/config/certs/aai/aai-os-cert.p12 b/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 Binary files differindex ee57120fa0..ee57120fa0 100644 --- a/kubernetes/config/certs/aai/aai-os-cert.p12 +++ b/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 diff --git a/kubernetes/config/certs/aai/inventory-ui-keystore b/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore Binary files differindex efa01f8d79..efa01f8d79 100644 --- a/kubernetes/config/certs/aai/inventory-ui-keystore +++ b/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore diff --git a/kubernetes/config/certs/message-router/mykey b/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey index c2b8b8779b..c2b8b8779b 100755 --- a/kubernetes/config/certs/message-router/mykey +++ b/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey diff --git a/kubernetes/config/certs/mso/aai.crt b/kubernetes/config/docker/init/src/config/mso/mso/aai.crt index 4ffa426c1e..4ffa426c1e 100755 --- a/kubernetes/config/certs/mso/aai.crt +++ b/kubernetes/config/docker/init/src/config/mso/mso/aai.crt diff --git a/kubernetes/config/certs/mso/encryption.key b/kubernetes/config/docker/init/src/config/mso/mso/encryption.key index eb52241e7f..eb52241e7f 100644 --- a/kubernetes/config/certs/mso/encryption.key +++ b/kubernetes/config/docker/init/src/config/mso/mso/encryption.key diff --git a/kubernetes/config/certs/policy/policy-keystore b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore Binary files differindex ab25c3a341..ab25c3a341 100755 --- a/kubernetes/config/certs/policy/policy-keystore +++ b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore diff --git a/kubernetes/message-router/templates/message-router-dmaap.yaml b/kubernetes/message-router/templates/message-router-dmaap.yaml index 0579541cb1..59c57f85f6 100644 --- a/kubernetes/message-router/templates/message-router-dmaap.yaml +++ b/kubernetes/message-router/templates/message-router-dmaap.yaml @@ -69,7 +69,7 @@ spec: hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/cadi.properties - name: mykey - secret: - secretName: secret-{{ .Values.nsPrefix }}-message-router + hostPath: + path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/mykey imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/mso/templates/mso-deployment.yaml b/kubernetes/mso/templates/mso-deployment.yaml index 9414990201..0f3034f4cc 100644 --- a/kubernetes/mso/templates/mso-deployment.yaml +++ b/kubernetes/mso/templates/mso-deployment.yaml @@ -49,10 +49,6 @@ spec: volumeMounts: - mountPath: /shared name: mso - - mountPath: /shared/aai.crt - name: mso-aai-crt - - mountPath: /shared/encryption.key - name: mso-key - mountPath: /docker-files name: mso-docker-files env: @@ -76,11 +72,5 @@ spec: - name: mso-docker-files hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/mso/docker-files - - name: mso-aai-crt - secret: - secretName: secret-{{ .Values.nsPrefix }}-mso - - name: mso-key - secret: - secretName: secret-{{ .Values.nsPrefix }}-mso imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash index 5012a52d20..7be2e6a7de 100755 --- a/kubernetes/oneclick/createAll.bash +++ b/kubernetes/oneclick/createAll.bash @@ -39,14 +39,6 @@ create_registry_key() { check_return_code $cmd } -create_certs_secret() { - if [ -d $LOCATION/config/certs/$i/ ]; then - printf "\nCreating certs and keys secret **********\n" - _CERTS_FILES=$(find $LOCATION/config/certs/$2/ -type f | awk '$0="--from-file="$0' ORS=' ') - kubectl create secret generic secret-$1-$2 $_CERTS_FILES -n $1-$2 - fi -} - create_onap_helm() { HELM_VALUES_ADDITION="" if [[ ! -z $HELM_VALUES_FILEPATH ]]; then @@ -140,8 +132,6 @@ for i in ${HELM_APPS[@]}; do printf "\nCreating registry secret **********\n" create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL - create_certs_secret $NS $i - printf "\nCreating deployments and services **********\n" create_onap_helm $NS $i $start diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash index f7c48fd18d..40d070124a 100755 --- a/kubernetes/oneclick/deleteAll.bash +++ b/kubernetes/oneclick/deleteAll.bash @@ -16,13 +16,6 @@ delete_registry_key() { kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key } -delete_certs_secret() { - if [ -d $LOCATION/config/certs/$i/ ]; then - kubectl delete secret secret-$1-$2 -n $1-$2 - fi -} - - delete_app_helm() { helm delete $1-$2 --purge } @@ -43,9 +36,8 @@ EOF NS= INCL_SVC=false APP= -LOCATION="../" -while getopts ":n:u:s:a:l:" PARAM; do +while getopts ":n:u:s:a:" PARAM; do case $PARAM in u) usage @@ -61,9 +53,6 @@ while getopts ":n:u:s:a:l:" PARAM; do exit 1 fi ;; - l) - LOCATION=${OPTARG} - ;; ?) usage exit @@ -85,7 +74,6 @@ printf "\n********** Cleaning up ONAP: ${ONAP_APPS[*]}\n" for i in ${HELM_APPS[@]}; do - delete_certs_secret $NS $i delete_app_helm $NS $i delete_namespace $NS $i diff --git a/kubernetes/policy/templates/dep-drools.yaml b/kubernetes/policy/templates/dep-drools.yaml index 7da046e156..75055c10d8 100644 --- a/kubernetes/policy/templates/dep-drools.yaml +++ b/kubernetes/policy/templates/dep-drools.yaml @@ -66,8 +66,6 @@ spec: volumeMounts: - mountPath: /tmp/policy-install/config name: drools - - mountPath: /tmp/policy-install/config/policy-keystore - name: drools-keystore - mountPath: /usr/share/maven/conf/settings.xml name: drools-settingsxml volumes: @@ -77,8 +75,5 @@ spec: - name: drools hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/drools/ - - name: drools-keystore - secret: - secretName: secret-{{ .Values.nsPrefix }}-policy imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" |