diff options
author | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-05-21 19:06:42 +0200 |
---|---|---|
committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-05-26 18:17:43 +0200 |
commit | 57ec338ae0a875591e881f3457ff22bca737f81b (patch) | |
tree | fc00ee6ba119521b0adae3376a50bc47bbd5f930 | |
parent | df31a724d919b39183df702f970ba4968c09d44e (diff) |
[PORTAL] Use common aaf template in portal-app
Instead of copy-pasting code around aaf_agent usage let's use a common
template that automates this.
Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ida183073e70563527d9d218cb247d7028687c167
5 files changed, 17 insertions, 40 deletions
diff --git a/kubernetes/portal/components/portal-app/requirements.yaml b/kubernetes/portal/components/portal-app/requirements.yaml index c5d7864b9d..00b92235f3 100644 --- a/kubernetes/portal/components/portal-app/requirements.yaml +++ b/kubernetes/portal/components/portal-app/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-app/resources/server/server.xml b/kubernetes/portal/components/portal-app/resources/server/server.xml index 420dbd3fa3..38391ae774 100644 --- a/kubernetes/portal/components/portal-app/resources/server/server.xml +++ b/kubernetes/portal/components/portal-app/resources/server/server.xml @@ -94,7 +94,7 @@ {{ if .Values.global.aafEnabled }} <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" - keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}" + keystoreFile="{{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.keystoreFile}}" keystorePass="${javax.net.ssl.keyStorePassword}" clientAuth="false" sslProtocol="TLS" /> {{ end }} diff --git a/kubernetes/portal/components/portal-app/templates/configmap.yaml b/kubernetes/portal/components/portal-app/templates/configmap.yaml index d514fe6411..feaee66190 100644 --- a/kubernetes/portal/components/portal-app/templates/configmap.yaml +++ b/kubernetes/portal/components/portal-app/templates/configmap.yaml @@ -26,17 +26,3 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }} - -{{ if .Values.global.aafEnabled }} -{{- if .Values.aafConfig.addconfig -}} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "aaf-add-config" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -data: - aaf-add-config.sh: |- - /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop -{{- end -}} -{{- end -}} diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index af00b5ff89..26d8ba572e 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -46,24 +46,22 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config" . | indent 6 }} - {{- end }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c"] {{- if .Values.global.aafEnabled }} - args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\ + args: ["export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0);\ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"] env: - name: CATALINA_OPTS value: > - -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" - -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" + -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}" + -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}" {{- else }} args: ["/start-apache-tomcat.sh -i "" -n "" -b {{ .Values.global.env.tomcatDir }}"] {{- end }} @@ -85,9 +83,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config-volume-mountpath" . | indent 8 }} - {{- end }} +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -139,9 +135,7 @@ spec: - name: var-log-onap mountPath: /var/log/onap volumes: - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config-volumes" . | indent 8 }} - {{- end }} +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index cfab8e6183..d118c84faf 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -26,7 +26,6 @@ global: loggingImage: beats/filebeat:5.5.0 #AAF service aafEnabled: true - aafAgentImage: onap/aaf/aaf_agent:2.1.20 ################################################################# # Application configuration defaults. @@ -40,30 +39,25 @@ pullPolicy: Always #AAF local config aafURL: https://aaf-service:8100/authz/ -aafConfig: +certInitializer: + nameOverride: portal-app-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: portal fqi: portal@portal.onap.org - publicFqdn: portal.onap.org + public_fqdn: portal.onap.org cadi_latitude: "38.0" cadi_longitude: "-72.0" credsPath: /opt/app/osaaf/local app_ns: org.osaaf.aaf permission_user: 1000 permission_group: 999 - addconfig: true - secret_uid: &aaf_secret_uid portal-app-aaf-deploy-creds keystoreFile: "org.onap.portal.p12" truststoreFile: "org.onap.portal.trust.jks" - -secrets: - - uid: *aaf_secret_uid - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafConfig.aafDeployFqi }}' - password: '{{ .Values.aafConfig.aafDeployPass }}' - passwordPolicy: required + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + /opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop # default number of instances replicaCount: 1 |