summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-08 15:29:05 +0100
committerKrzysztof Opasiak <k.opasiak@samsung.com>2021-03-02 19:32:10 +0000
commit1d7647e027a74726e2ce0dea3e0c24933a38a9de (patch)
treeb1d72c7e4819f28b8cd23f2288dd3e870bfe491c
parent4487c4e27d5bd309165a8ea25e4afc58dac72504 (diff)
[CDS] Retrieve certificates automatically
Today, CDS UI is using an hardcoded certificate, which is not the right way to do. This patch is using certInitializer in order to do it automatically. Issue-ID: CCSDK-3141 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5f2e564abd15f685df03be130b3969cad867b0b5
-rw-r--r--kubernetes/cds/components/Makefile4
-rw-r--r--kubernetes/cds/components/cds-ui/requirements.yaml3
-rw-r--r--kubernetes/cds/components/cds-ui/templates/deployment.yaml13
-rw-r--r--kubernetes/cds/components/cds-ui/values.yaml21
4 files changed, 37 insertions, 4 deletions
diff --git a/kubernetes/cds/components/Makefile b/kubernetes/cds/components/Makefile
index f2e7a1fb82..bf267b7720 100644
--- a/kubernetes/cds/components/Makefile
+++ b/kubernetes/cds/components/Makefile
@@ -17,9 +17,9 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
-EXCLUDES := soHelpers
+EXCLUDES :=
HELM_BIN := helm
-HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
.PHONY: $(EXCLUDES) $(HELM_CHARTS)
diff --git a/kubernetes/cds/components/cds-ui/requirements.yaml b/kubernetes/cds/components/cds-ui/requirements.yaml
index ff51b4420a..2f608f1baf 100644
--- a/kubernetes/cds/components/cds-ui/requirements.yaml
+++ b/kubernetes/cds/components/cds-ui/requirements.yaml
@@ -16,6 +16,9 @@ dependencies:
- name: common
version: ~7.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~7.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~7.x-0
repository: '@local' \ No newline at end of file
diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
index 1c88f56d99..359c713ed4 100644
--- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
@@ -37,6 +37,9 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.fullname" . }}
spec:
+ {{- if .Values.global.aafEnabled }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -71,12 +74,18 @@ spec:
value: "{{ .Values.config.api.processor.grpc.port }}"
- name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN
value: {{ .Values.config.api.processor.grpc.authToken }}
+ {{- if .Values.global.aafEnabled }}
+ - name: KEYSTORE
+ value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12"
+ - name: PASSPHRASE
+ value: "{{ .Values.certInitializer.credsPath }}/mycreds.prop"
+ {{- end }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -90,7 +99,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml
index 1c7f628b2c..a7d0667695 100644
--- a/kubernetes/cds/components/cds-ui/values.yaml
+++ b/kubernetes/cds/components/cds-ui/values.yaml
@@ -22,6 +22,27 @@ global:
subChartsOnly:
enabled: true
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: cds-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: sdnc-cds
+ fqi: sdnc-cds@sdnc-cds.onap.org
+ public_fqdn: sdnc-cds.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.sdnc-cds
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
# application image
image: onap/ccsdk-cds-ui-server:1.0.3
pullPolicy: Always