diff options
author | ChrisC <christophe.closset@intl.att.com> | 2020-09-11 18:39:23 +0200 |
---|---|---|
committer | ChrisC <christophe.closset@intl.att.com> | 2020-09-17 15:15:13 +0200 |
commit | 2325efd0b6f8b094f6a801bf55d6ff6f53e9cbfa (patch) | |
tree | ca6323d4e590c648b333cfc87122018d3e273323 | |
parent | 98efeea41f5617760fcc5fdb6718409b69684db9 (diff) |
[CLAMP] AAF certificate using certinializer
use of auto-generated certificates via AAF side-car
at OOM deployment time for CLAMP.
Issue-ID: CLAMP-884
Change-Id: I24f5a119714a5e46c4d0c152c03b6bc545135b8e
Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
-rw-r--r-- | kubernetes/clamp/Makefile | 50 | ||||
-rw-r--r-- | kubernetes/clamp/components/Makefile | 50 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/Chart.yaml (renamed from kubernetes/clamp/charts/clamp-backend/Chart.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/requirements.yaml (renamed from kubernetes/clamp/charts/clamp-backend/requirements.yaml) | 7 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/resources/config/application.properties | 69 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml (renamed from kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json (renamed from kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/templates/NOTES.txt (renamed from kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/templates/configmap.yaml (renamed from kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml) | 1 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/templates/deployment.yaml (renamed from kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml) | 30 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/templates/secrets.yaml (renamed from kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/templates/service.yaml (renamed from kubernetes/clamp/charts/clamp-backend/templates/service.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-backend/values.yaml (renamed from kubernetes/clamp/charts/clamp-backend/values.yaml) | 61 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-es/Chart.yaml (renamed from kubernetes/clamp/charts/clamp-dash-es/Chart.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-es/requirements.yaml (renamed from kubernetes/clamp/charts/clamp-dash-es/requirements.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml (renamed from kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml (renamed from kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml (renamed from kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml (renamed from kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml (renamed from kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-es/templates/service.yaml (renamed from kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-es/values.yaml (renamed from kubernetes/clamp/charts/clamp-dash-es/values.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml (renamed from kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml (renamed from kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml (renamed from kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml (renamed from kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml (renamed from kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml (renamed from kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml (renamed from kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-kibana/values.yaml (renamed from kubernetes/clamp/charts/clamp-dash-kibana/values.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml (renamed from kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml (renamed from kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml (renamed from kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf (renamed from kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml (renamed from kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml (renamed from kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml (renamed from kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-dash-logstash/values.yaml (renamed from kubernetes/clamp/charts/clamp-dash-logstash/values.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/Chart.yaml (renamed from kubernetes/clamp/charts/mariadb/Chart.yaml) | 2 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/NOTES.txt (renamed from kubernetes/clamp/charts/mariadb/NOTES.txt) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/requirements.yaml | 18 | ||||
-rwxr-xr-x | kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh (renamed from kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf (renamed from kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql (renamed from kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt (renamed from kubernetes/clamp/charts/mariadb/templates/NOTES.txt) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml (renamed from kubernetes/clamp/charts/mariadb/templates/configmap.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml (renamed from kubernetes/clamp/charts/mariadb/templates/deployment.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml (renamed from kubernetes/clamp/charts/mariadb/templates/pv.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml (renamed from kubernetes/clamp/charts/mariadb/templates/pvc.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml (renamed from kubernetes/clamp/charts/mariadb/templates/secrets.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/templates/service.yaml (renamed from kubernetes/clamp/charts/mariadb/templates/service.yaml) | 0 | ||||
-rw-r--r-- | kubernetes/clamp/components/clamp-mariadb/values.yaml (renamed from kubernetes/clamp/charts/mariadb/values.yaml) | 6 | ||||
-rw-r--r-- | kubernetes/clamp/requirements.yaml | 20 | ||||
-rw-r--r-- | kubernetes/clamp/resources/config/default.conf | 6 | ||||
-rw-r--r-- | kubernetes/clamp/templates/deployment.yaml | 5 | ||||
-rw-r--r-- | kubernetes/clamp/values.yaml | 42 |
56 files changed, 319 insertions, 48 deletions
diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile new file mode 100644 index 0000000000..8af301d7ae --- /dev/null +++ b/kubernetes/clamp/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/clamp/components/Makefile b/kubernetes/clamp/components/Makefile new file mode 100644 index 0000000000..acaf7fb683 --- /dev/null +++ b/kubernetes/clamp/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @:
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-backend/Chart.yaml b/kubernetes/clamp/components/clamp-backend/Chart.yaml index 89117ce205..89117ce205 100644 --- a/kubernetes/clamp/charts/clamp-backend/Chart.yaml +++ b/kubernetes/clamp/components/clamp-backend/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-backend/requirements.yaml b/kubernetes/clamp/components/clamp-backend/requirements.yaml index d3c442d32e..08708fba14 100644 --- a/kubernetes/clamp/charts/clamp-backend/requirements.yaml +++ b/kubernetes/clamp/components/clamp-backend/requirements.yaml @@ -14,9 +14,6 @@ # limitations under the License. dependencies: - - name: common + - name: certInitializer version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties new file mode 100644 index 0000000000..b2cee395b9 --- /dev/null +++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties @@ -0,0 +1,69 @@ +### +# ============LICENSE_START======================================================= +# ONAP CLAMP +# ================================================================================ +# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights +# reserved. +# ================================================================================ +# Modifications copyright (c) 2019 Nokia +# ================================================================================\ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# =================================================================== +# +### +{{- if .Values.global.aafEnabled }} +server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} +server.ssl.key-store-password=${cadi_keystore_password_p12} +server.ssl.key-password=${cadi_key_password} +server.ssl.key-store-type=PKCS12 +server.ssl.key-alias={{ .Values.certInitializer.fqi }} + +# The key file used to decode the key store and trust store password +# If not defined, the key store and trust store password will not be decrypted +clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }} + +## Config part for Client certificates +server.ssl.client-auth=want +server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} +server.ssl.trust-store-password=${cadi_truststore_password} +{{- end }} + +#clds datasource connection details +spring.datasource.username=${MYSQL_USER} +spring.datasource.password=${MYSQL_PASSWORD} +spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 +spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements + +#The log folder that will be used in logback.xml file +clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json + +# +# Configuration Settings for Policy Engine Components +clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969 +clamp.config.policy.api.userName=healthcheck +clamp.config.policy.api.password=zb!XztG34 +clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969 +clamp.config.policy.pap.userName=healthcheck +clamp.config.policy.pap.password=zb!XztG34 + +#DCAE Inventory Url Properties +clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080 +clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +#DCAE Deployment Url Properties +clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +clamp.config.dcae.deployment.userName=none +clamp.config.dcae.deployment.password=none + +#AAF related parameters +clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095
\ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml index dab2e44f5e..dab2e44f5e 100644 --- a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json index 3adda95c11..3adda95c11 100644 --- a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json +++ b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json diff --git a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt index e36d6a5bfb..e36d6a5bfb 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt +++ b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt diff --git a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml index f66312c741..3fce850140 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml @@ -25,6 +25,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }} {{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml index f08fd67fc4..f86c636a43 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: - /app/ready.py args: - --container-name - - mariadb + - clamp-mariadb env: - name: NAMESPACE valueFrom: @@ -49,6 +49,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: # side car containers {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} @@ -56,8 +57,19 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + workingDir: "/opt/clamp/" args: - - "" + - -c + - | + export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0) + java -Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx1g -jar ./app.jar + {{- else }} + args: + - "" + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -74,12 +86,15 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - mountPath: /opt/clamp/sdc-controllers-config.json name: {{ include "common.fullname" . }}-config subPath: sdc-controllers-config.json + - mountPath: /opt/clamp/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties env: - name: MYSQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} @@ -87,11 +102,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - name: MYSQL_DATABASE value: {{ tpl .Values.db.databaseName .}} - - name: SPRING_APPLICATION_JSON - valueFrom: - configMapKeyRef: - name: {{ template "common.fullname" . }} - key: spring_application_json resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -102,13 +112,15 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} items: - key: sdc-controllers-config.json path: sdc-controllers-config.json + - key: application.properties + path: application.properties - name: logs emptyDir: {} {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml index 57f88ce32d..57f88ce32d 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml diff --git a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml b/kubernetes/clamp/components/clamp-backend/templates/service.yaml index b1a5465116..b1a5465116 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml index 7d8e077f59..a6d5ca0b4c 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/components/clamp-backend/values.yaml @@ -21,6 +21,38 @@ global: # global defaults repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== readinessImage: onap/oom/readiness:3.0.1 persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + nameOverride: clamp-backend-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "-72.0" + cadi_latitude: "38.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd; + cd {{ .Values.credsPath }}; + chmod a+rx *; secrets: - uid: db-secret @@ -34,7 +66,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.7 +image: onap/clamp-backend:5.1.0 pullPolicy: Always # flag to enable debugging - application support required @@ -48,7 +80,12 @@ log: # Application configuration defaults. ################################################################# -db: {} +#####dummy values for db user and password to pass lint!!!####### + +db: + user: dummyclds + password: dummysidnnd83K + databaseName: dummycldsdb4 config: log: @@ -56,26 +93,6 @@ config: logstashPort: 5044 mysqlPassword: strong_pitchou dataRootDir: /dockerdata-nfs - springApplicationJson: > - { - "spring.datasource.username": "${MYSQL_USER}", - "spring.datasource.password": "${MYSQL_PASSWORD}", - "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", - "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements", - "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", - "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080", - "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", - "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", - "clamp.config.dcae.deployment.userName": "none", - "clamp.config.dcae.deployment.password": "none", - "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969", - "clamp.config.policy.api.userName": "healthcheck", - "clamp.config.policy.api.password": "zb!XztG34", - "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969", - "clamp.config.policy.pap.userName": "healthcheck", - "clamp.config.policy.pap.password": "zb!XztG34", - "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095" - } # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml index b2f8624a4b..b2f8624a4b 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml index caff1e5dc4..caff1e5dc4 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml index 1eb20fce89..1eb20fce89 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml index 20ff6f27c2..20ff6f27c2 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml index 0ec38b08e3..0ec38b08e3 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml index 3669621b24..3669621b24 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml index 6ae4eea0d3..6ae4eea0d3 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml index 292fc31dc3..292fc31dc3 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml index 27158a6668..27158a6668 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-es/values.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml index 5d897d96eb..5d897d96eb 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml index caff1e5dc4..caff1e5dc4 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml index db81e3da00..db81e3da00 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml +++ b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml index 5d1b32258c..5d1b32258c 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml index 0e5f65cabb..0e5f65cabb 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml index 0cd8cfbd36..0cd8cfbd36 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml index 07d4a8f8ea..07d4a8f8ea 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml index 11f29570bd..11f29570bd 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml index 9fc0317fd3..9fc0317fd3 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml index caff1e5dc4..caff1e5dc4 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml index cecd5b18c8..cecd5b18c8 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml +++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf index c005fcca3e..c005fcca3e 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml index 4278a6e6d3..4278a6e6d3 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml index acd108d2cf..acd108d2cf 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml index 07d4a8f8ea..07d4a8f8ea 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml index c2a522b1c8..c2a522b1c8 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml diff --git a/kubernetes/clamp/charts/mariadb/Chart.yaml b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml index eaad8b8440..91984c1014 100644 --- a/kubernetes/clamp/charts/mariadb/Chart.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml @@ -15,5 +15,5 @@ apiVersion: v1 description: MariaDB Service -name: mariadb +name: clamp-mariadb version: 6.0.0 diff --git a/kubernetes/clamp/charts/mariadb/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/clamp/charts/mariadb/NOTES.txt +++ b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt diff --git a/kubernetes/clamp/components/clamp-mariadb/requirements.yaml b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml new file mode 100644 index 0000000000..9b96d0cfc4 --- /dev/null +++ b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh index 71f32e2eff..71f32e2eff 100755 --- a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh +++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf index 612590cc6b..612590cc6b 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf +++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql index 1f153bce04..1f153bce04 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql +++ b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt index 1103affff1..1103affff1 100644 --- a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt +++ b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml index 01420aa97b..01420aa97b 100644 --- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml index 7d6e162813..7d6e162813 100644 --- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/pv.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml index 424987936d..424987936d 100644 --- a/kubernetes/clamp/charts/mariadb/templates/pv.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml index 6856c80540..6856c80540 100644 --- a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml index 57f88ce32d..57f88ce32d 100644 --- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/service.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml index 2533c26161..2533c26161 100644 --- a/kubernetes/clamp/charts/mariadb/templates/service.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/components/clamp-mariadb/values.yaml index 8cf489b377..492145ae07 100644 --- a/kubernetes/clamp/charts/mariadb/values.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/values.yaml @@ -40,7 +40,11 @@ secrets: password: '{{ .Values.db.password }}' # Application configuration -db: {} +# dummy value db user pasword to pass lint!!! +db: + user: dummy-clds + password: dummy-sidnnd83K + databaseName: dummy-cldsdb4 # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/requirements.yaml b/kubernetes/clamp/requirements.yaml index d3c442d32e..dd93eaca2d 100644 --- a/kubernetes/clamp/requirements.yaml +++ b/kubernetes/clamp/requirements.yaml @@ -14,9 +14,21 @@ # limitations under the License. dependencies: - - name: common + - name: certInitializer version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) repository: '@local' + - name: clamp-mariadb + version: ~6.x-0 + repository: 'file://components/clamp-mariadb' + - name: clamp-backend + version: ~6.x-0 + repository: 'file://components/clamp-backend' + - name: clamp-dash-es + version: ~6.x-0 + repository: 'file://components/clamp-dash-es' + - name: clamp-dash-logstash + version: ~6.x-0 + repository: 'file://components/clamp-dash-logstash' + - name: clamp-dash-kibana + version: ~6.x-0 + repository: 'file://components/clamp-dash-kibana'
\ No newline at end of file diff --git a/kubernetes/clamp/resources/config/default.conf b/kubernetes/clamp/resources/config/default.conf index 84beff8d5a..3e6fde9d0d 100644 --- a/kubernetes/clamp/resources/config/default.conf +++ b/kubernetes/clamp/resources/config/default.conf @@ -2,8 +2,14 @@ server { listen 2443 default ssl; ssl_protocols TLSv1.2; + {{ if .Values.global.aafEnabled }} + ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; + ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; + {{ else }} ssl_certificate /etc/ssl/clamp.pem; ssl_certificate_key /etc/ssl/clamp.key; + {{ end }} + ssl_verify_client optional_no_ca; location /restservices/clds/ { proxy_pass https://clamp-backend:443; diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml index d64a218985..b10d9d7926 100644 --- a/kubernetes/clamp/templates/deployment.yaml +++ b/kubernetes/clamp/templates/deployment.yaml @@ -49,6 +49,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: # side car containers {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} @@ -72,7 +73,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - mountPath: /etc/nginx/conf.d/default.conf @@ -88,7 +89,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 49fd98d27b..d180fbf729 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -21,7 +21,43 @@ global: # global defaults readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - centralizedLoggingEnabled: false + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "clamp.key" + clamp_pem: "clamp.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; secrets: - uid: db-root-pass @@ -44,7 +80,7 @@ clamp-backend: db: userCredsExternalSecret: *dbUserPass databaseName: *dbName -mariadb: +clamp-mariadb: db: rootCredsExternalSecret: *dbRootPass userCredsExternalSecret: *dbUserPass @@ -57,7 +93,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.7 +image: onap/clamp-frontend:5.1.0 pullPolicy: Always # flag to enable debugging - application support required |