summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKeren Joseph <keren.joseph@amdocs.com>2017-09-12 10:13:15 +0300
committerMandeep Khinda <mandeep.khinda@amdocs.com>2017-09-13 19:29:38 +0000
commit4b7026e95b93f2077f18d0681d55bbac022b5396 (patch)
tree670c66bf0c603bd0cfa4d4cb6436bbfa7604258a
parentdb4c9ae652b8222acf931f093e2e0ede44bc270f (diff)
Revert "moving certs and keys to k8s secrets"
This reverts commit 59ffd500ea34c201fbb3edc39e64655fa8381be0. Tested locally and does not work. DmaaP fails to come up causing many other pods to crash loop. failed to start container "dmaap": Error response from daemon: {"message":"invalid header field value "oci runtime error: container_linux.go:247:starting container process caused "process_linux.go:359: container init caused "rootfs_linux.go:53: mounting "/var/lib/kubelet/pods/9ae222e0-98a9-11e7-badd-02cfc855c3b9 /volumes/kubernetes.io~secret/mykey" to rootfs "/var/lib/docker/aufs/mnt /b92c56185f3371cb1f091679780d40797dd2c6124cd00cb8fe68da2b247363a8" at "/var/lib/docker/aufs/mnt/.../appl/dmaapMR1/etc/keyfile" caused "not a directory"""n""} Issue-ID: OOM-293 Change-Id: I348ffa14718bd6e89e99f2859cf6612c10370559 Signed-off-by: Mandeep Khinda <mandeep.khinda@amdocs.com>
-rw-r--r--kubernetes/aai/templates/data-router-deployment.yaml10
-rw-r--r--kubernetes/aai/templates/modelloader-deployment.yaml5
-rw-r--r--kubernetes/aai/templates/search-data-service-deployment.yaml5
-rw-r--r--kubernetes/aai/templates/sparky-be-deployment.yaml15
-rw-r--r--kubernetes/config/.helmignore3
-rw-r--r--kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 (renamed from kubernetes/config/certs/aai/client-cert-onap.p12)bin2556 -> 2556 bytes
-rw-r--r--kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore (renamed from kubernetes/config/certs/aai/tomcat_keystore)bin2214 -> 2214 bytes
-rw-r--r--kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 (renamed from kubernetes/config/certs/aai/aai-os-cert.p12)bin4357 -> 4357 bytes
-rw-r--r--kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore (renamed from kubernetes/config/certs/aai/inventory-ui-keystore)bin7201 -> 7201 bytes
-rwxr-xr-xkubernetes/config/docker/init/src/config/message-router/dmaap/mykey (renamed from kubernetes/config/certs/message-router/mykey)0
-rwxr-xr-xkubernetes/config/docker/init/src/config/mso/mso/aai.crt (renamed from kubernetes/config/certs/mso/aai.crt)0
-rw-r--r--kubernetes/config/docker/init/src/config/mso/mso/encryption.key (renamed from kubernetes/config/certs/mso/encryption.key)0
-rwxr-xr-xkubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore (renamed from kubernetes/config/certs/policy/policy-keystore)bin5640 -> 5640 bytes
-rw-r--r--kubernetes/message-router/templates/message-router-dmaap.yaml4
-rw-r--r--kubernetes/mso/templates/mso-deployment.yaml10
-rwxr-xr-xkubernetes/oneclick/createAll.bash10
-rwxr-xr-xkubernetes/oneclick/deleteAll.bash14
-rw-r--r--kubernetes/policy/templates/dep-drools.yaml5
18 files changed, 4 insertions, 77 deletions
diff --git a/kubernetes/aai/templates/data-router-deployment.yaml b/kubernetes/aai/templates/data-router-deployment.yaml
index 0033208642..f823061c33 100644
--- a/kubernetes/aai/templates/data-router-deployment.yaml
+++ b/kubernetes/aai/templates/data-router-deployment.yaml
@@ -35,10 +35,6 @@ spec:
volumeMounts:
- mountPath: /opt/app/data-router/config/
name: data-router-config
- - mountPath: /opt/app/data-router/config/auth/tomcat_keystore
- name: data-router-tomcat-key
- - mountPath: /opt/app/data-router/config/auth/client-cert-onap.p12
- name: data-router-client-cert
- mountPath: /opt/app/data-router/dynamic/
name: data-router-dynamic
- mountPath: /logs/
@@ -60,12 +56,6 @@ spec:
- name: data-router-logs
hostPath:
path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/data-router/logs/"
- - name: data-router-tomcat-key
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-aai
- - name: data-router-client-cert
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-aai
restartPolicy: Always
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/modelloader-deployment.yaml b/kubernetes/aai/templates/modelloader-deployment.yaml
index ec6a9178a7..5391273d9d 100644
--- a/kubernetes/aai/templates/modelloader-deployment.yaml
+++ b/kubernetes/aai/templates/modelloader-deployment.yaml
@@ -20,8 +20,6 @@ spec:
volumeMounts:
- mountPath: /opt/app/model-loader/config/
name: aai-model-loader-config
- - mountPath: /opt/app/model-loader/config/auth/aai-os-cert.p12
- name: aai-os-cert
- mountPath: /logs/
name: aai-model-loader-logs
image: "{{ .Values.image.modelLoaderImage }}:{{ .Values.image.modelLoaderVersion }}"
@@ -37,9 +35,6 @@ spec:
- name: aai-model-loader-logs
hostPath:
path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/model-loader/logs/"
- - name: aai-os-cert
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-aai
restartPolicy: Always
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/search-data-service-deployment.yaml b/kubernetes/aai/templates/search-data-service-deployment.yaml
index 8f4acef7cb..f2db9370fd 100644
--- a/kubernetes/aai/templates/search-data-service-deployment.yaml
+++ b/kubernetes/aai/templates/search-data-service-deployment.yaml
@@ -27,8 +27,6 @@ spec:
volumeMounts:
- mountPath: /opt/app/search-data-service/config/
name: aai-search-data-service-config
- - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore
- name: aai-tomcat-key
- mountPath: /logs/
name: aai-search-data-service-logs
ports:
@@ -42,9 +40,6 @@ spec:
- name: aai-search-data-service-config
hostPath:
path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/appconfig/"
- - name: aai-tomcat-key
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-aai
- name: aai-search-data-service-logs
hostPath:
path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/logs/"
diff --git a/kubernetes/aai/templates/sparky-be-deployment.yaml b/kubernetes/aai/templates/sparky-be-deployment.yaml
index f4c44e28ed..6a8ff9308d 100644
--- a/kubernetes/aai/templates/sparky-be-deployment.yaml
+++ b/kubernetes/aai/templates/sparky-be-deployment.yaml
@@ -27,12 +27,6 @@ spec:
volumeMounts:
- mountPath: /opt/app/sparky/config/
name: aai-sparky-be-config
- - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
- name: aai-sparky-be-client-cert
- - mountPath: /opt/app/sparky/config/auth/aai-os-cert.p12
- name: aai-sparky-be-aai-os-cert
- - mountPath: /opt/app/sparky/config/auth/inventory-ui-keystore
- name: aai-sparky-be-inventory-key
- mountPath: /logs/
name: aai-sparky-be-logs
ports:
@@ -49,15 +43,6 @@ spec:
- name: aai-sparky-be-logs
hostPath:
path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/sparky-be/logs/"
- - name: aai-sparky-be-client-cert
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-aai
- - name: aai-sparky-be-aai-os-cert
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-aai
- - name: aai-sparky-be-inventory-key
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-aai
restartPolicy: Always
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/config/.helmignore b/kubernetes/config/.helmignore
index bc7bb96055..4c38baed31 100644
--- a/kubernetes/config/.helmignore
+++ b/kubernetes/config/.helmignore
@@ -22,5 +22,4 @@
#ignore config docker image files
docker
-createConfig.sh
-certs
+createConfig.sh \ No newline at end of file
diff --git a/kubernetes/config/certs/aai/client-cert-onap.p12 b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12
index dbf4fcacec..dbf4fcacec 100644
--- a/kubernetes/config/certs/aai/client-cert-onap.p12
+++ b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12
Binary files differ
diff --git a/kubernetes/config/certs/aai/tomcat_keystore b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore
index 9eec841aa2..9eec841aa2 100644
--- a/kubernetes/config/certs/aai/tomcat_keystore
+++ b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/config/certs/aai/aai-os-cert.p12 b/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12
index ee57120fa0..ee57120fa0 100644
--- a/kubernetes/config/certs/aai/aai-os-cert.p12
+++ b/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12
Binary files differ
diff --git a/kubernetes/config/certs/aai/inventory-ui-keystore b/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore
index efa01f8d79..efa01f8d79 100644
--- a/kubernetes/config/certs/aai/inventory-ui-keystore
+++ b/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore
Binary files differ
diff --git a/kubernetes/config/certs/message-router/mykey b/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey
index c2b8b8779b..c2b8b8779b 100755
--- a/kubernetes/config/certs/message-router/mykey
+++ b/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey
diff --git a/kubernetes/config/certs/mso/aai.crt b/kubernetes/config/docker/init/src/config/mso/mso/aai.crt
index 4ffa426c1e..4ffa426c1e 100755
--- a/kubernetes/config/certs/mso/aai.crt
+++ b/kubernetes/config/docker/init/src/config/mso/mso/aai.crt
diff --git a/kubernetes/config/certs/mso/encryption.key b/kubernetes/config/docker/init/src/config/mso/mso/encryption.key
index eb52241e7f..eb52241e7f 100644
--- a/kubernetes/config/certs/mso/encryption.key
+++ b/kubernetes/config/docker/init/src/config/mso/mso/encryption.key
diff --git a/kubernetes/config/certs/policy/policy-keystore b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore
index ab25c3a341..ab25c3a341 100755
--- a/kubernetes/config/certs/policy/policy-keystore
+++ b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore
Binary files differ
diff --git a/kubernetes/message-router/templates/message-router-dmaap.yaml b/kubernetes/message-router/templates/message-router-dmaap.yaml
index 0579541cb1..59c57f85f6 100644
--- a/kubernetes/message-router/templates/message-router-dmaap.yaml
+++ b/kubernetes/message-router/templates/message-router-dmaap.yaml
@@ -69,7 +69,7 @@ spec:
hostPath:
path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/cadi.properties
- name: mykey
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-message-router
+ hostPath:
+ path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/mykey
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/mso/templates/mso-deployment.yaml b/kubernetes/mso/templates/mso-deployment.yaml
index 9414990201..0f3034f4cc 100644
--- a/kubernetes/mso/templates/mso-deployment.yaml
+++ b/kubernetes/mso/templates/mso-deployment.yaml
@@ -49,10 +49,6 @@ spec:
volumeMounts:
- mountPath: /shared
name: mso
- - mountPath: /shared/aai.crt
- name: mso-aai-crt
- - mountPath: /shared/encryption.key
- name: mso-key
- mountPath: /docker-files
name: mso-docker-files
env:
@@ -76,11 +72,5 @@ spec:
- name: mso-docker-files
hostPath:
path: /dockerdata-nfs/{{ .Values.nsPrefix }}/mso/docker-files
- - name: mso-aai-crt
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-mso
- - name: mso-key
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-mso
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash
index 5012a52d20..7be2e6a7de 100755
--- a/kubernetes/oneclick/createAll.bash
+++ b/kubernetes/oneclick/createAll.bash
@@ -39,14 +39,6 @@ create_registry_key() {
check_return_code $cmd
}
-create_certs_secret() {
- if [ -d $LOCATION/config/certs/$i/ ]; then
- printf "\nCreating certs and keys secret **********\n"
- _CERTS_FILES=$(find $LOCATION/config/certs/$2/ -type f | awk '$0="--from-file="$0' ORS=' ')
- kubectl create secret generic secret-$1-$2 $_CERTS_FILES -n $1-$2
- fi
-}
-
create_onap_helm() {
HELM_VALUES_ADDITION=""
if [[ ! -z $HELM_VALUES_FILEPATH ]]; then
@@ -140,8 +132,6 @@ for i in ${HELM_APPS[@]}; do
printf "\nCreating registry secret **********\n"
create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL
- create_certs_secret $NS $i
-
printf "\nCreating deployments and services **********\n"
create_onap_helm $NS $i $start
diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash
index f7c48fd18d..40d070124a 100755
--- a/kubernetes/oneclick/deleteAll.bash
+++ b/kubernetes/oneclick/deleteAll.bash
@@ -16,13 +16,6 @@ delete_registry_key() {
kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key
}
-delete_certs_secret() {
- if [ -d $LOCATION/config/certs/$i/ ]; then
- kubectl delete secret secret-$1-$2 -n $1-$2
- fi
-}
-
-
delete_app_helm() {
helm delete $1-$2 --purge
}
@@ -43,9 +36,8 @@ EOF
NS=
INCL_SVC=false
APP=
-LOCATION="../"
-while getopts ":n:u:s:a:l:" PARAM; do
+while getopts ":n:u:s:a:" PARAM; do
case $PARAM in
u)
usage
@@ -61,9 +53,6 @@ while getopts ":n:u:s:a:l:" PARAM; do
exit 1
fi
;;
- l)
- LOCATION=${OPTARG}
- ;;
?)
usage
exit
@@ -85,7 +74,6 @@ printf "\n********** Cleaning up ONAP: ${ONAP_APPS[*]}\n"
for i in ${HELM_APPS[@]}; do
- delete_certs_secret $NS $i
delete_app_helm $NS $i
delete_namespace $NS $i
diff --git a/kubernetes/policy/templates/dep-drools.yaml b/kubernetes/policy/templates/dep-drools.yaml
index 7da046e156..75055c10d8 100644
--- a/kubernetes/policy/templates/dep-drools.yaml
+++ b/kubernetes/policy/templates/dep-drools.yaml
@@ -66,8 +66,6 @@ spec:
volumeMounts:
- mountPath: /tmp/policy-install/config
name: drools
- - mountPath: /tmp/policy-install/config/policy-keystore
- name: drools-keystore
- mountPath: /usr/share/maven/conf/settings.xml
name: drools-settingsxml
volumes:
@@ -77,8 +75,5 @@ spec:
- name: drools
hostPath:
path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/drools/
- - name: drools-keystore
- secret:
- secretName: secret-{{ .Values.nsPrefix }}-policy
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"