summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-10 12:11:53 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-03-31 14:37:24 +0000
commitd060b429ac549682dce9dd8b1225aa6726b74181 (patch)
tree88840dfedffbf60c510f1e60abdd1df4e0bac4fe
parent81054fe936c851f10c18c03980de6f9548efe6b1 (diff)
[DMAAP][MR] Update hardcoded certificates
Instead of hardcoding certificates inside the container, add them into helm charts, so it's easier to update. Issue-ID: DMAAP-1547 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a (cherry picked from commit e5b6ffc663a2314fd545aa540cbdee6380adf00b)
-rw-r--r--kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/cadi.properties (renamed from kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties)6
-rw-r--r--kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile27
-rw-r--r--kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.p12bin0 -> 4637 bytes
-rw-r--r--kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.trust.jksbin0 -> 1413 bytes
-rw-r--r--kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml13
-rw-r--r--kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml14
-rw-r--r--kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml25
-rw-r--r--kubernetes/dmaap/components/message-router/requirements.yaml1
-rw-r--r--kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.jksbin0 -> 4105 bytes
-rw-r--r--kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.keyfile27
-rw-r--r--kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.p12bin0 -> 4637 bytes
-rw-r--r--kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.trust.jksbin0 -> 1413 bytes
-rwxr-xr-xkubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties19
-rw-r--r--kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml138
-rw-r--r--kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties15
-rw-r--r--kubernetes/dmaap/components/message-router/templates/configmap.yaml12
-rw-r--r--kubernetes/dmaap/components/message-router/templates/secrets.yaml14
-rw-r--r--kubernetes/dmaap/components/message-router/templates/statefulset.yaml16
18 files changed, 271 insertions, 56 deletions
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/cadi.properties
index 2bee404c0b..9d190f4c39 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/cadi.properties
@@ -3,16 +3,16 @@ aaf_env=DEV
aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
+cadi_truststore_password=enc:_ZrH3rkJPIOYVD7lAxlE_s2mGBNsWa4e7gHLlPz7_KC84_UQwc26MLEOoYS2ROxB
cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile
cadi_alias=dmaapmr@mr.dmaap.onap.org
cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
+cadi_keystore_password=enc:GbVFJzhyO_a-JqjrwLrlzBl63x4pKsygTWSATlYYKLsCRFSFP6x4MtwKEpGbbtrk
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
cadi_loglevel=INFO
cadi_protocols=TLSv1.1,TLSv1.2
cadi_latitude=37.78187
-cadi_longitude=-122.26147 \ No newline at end of file
+cadi_longitude=-122.26147
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile
new file mode 100644
index 0000000000..7acb332c2e
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile
@@ -0,0 +1,27 @@
+SV2A4lpBx7lrU86oIEs5Vi994hdhdk3ZOzN-o8r3VHBOp6NQks-r494popXjGEeepzkPtV2x8OS0
+yKJzc19D8jRTLWnsI9_c2gl_6YjYQ7mPKqzGcbM8WtF9mBKtxs-P3e1KJj0hg0uyY4JFjUVOoLG8
+5eAXW1MvAqmoMg6pZy5ygF8qqaB-eOrW9KeMMQGxn6U4PWS-SBDhoROY6CGjirTAFbcDOdfSvmrV
+5gprS8aT5g3gUeGX9yJIIo3ZUrpgSE7kqUa__kxUoP7KJtXyHjpwGoCMwcaLkn7yD_9rrSvHRARc
+MGYG18NgZCdiDNM059D6TyTMTEObQzgLLsxPmOawaQsa-XIhvMLQO4WeFAyza8RiAwR_0czLouFv
+JUjKXgfJJuxYCfUU-YLI3ptsxrDeX73geeUUsbsDKQll6bjxdl4ehj8einnkcWklWikRAY2FDbmY
+GvkSv3SoywIMMhQKPdccpqEnm_Gu5a8SVHklpqxh1s7ExWKdjJ026c9EwRUzJ5i1zkPzssUUH0Pd
+l07x2-2ROF8GTxEGECacfcDqaClG6SkyuSN1Xl3U0RTtTfesJo_Jvf2d268ejdC-XejCrQfvAxa4
+XNNTPhc_aY_xaG-9vBmH1rQXcNxS4NX-u3cBEGqtDeDy8x6ODhWGHwHpX4XH6kX_2HenGPHKW2rK
+J5CSP5QqmLP-idYI1zPuHRijSEMKNIYGQHuQmU5ZumnS9Qi7GXnY63Vvi1QKyTztImDSktbdzFD_
+AJDBwDtMHKe4f-NkNf3vPro_-8xeQPhPR7NkYq8HYnFhKQuHgMwzPpTaHhERLl5PJlVUEOf9Yk2u
+_7a1DAeM651FTNnpMiqEH2dqlk-fnJYA5GaNARf5bGhAJbex3Y0IHemsSuMShqORHQbQy4d0VGh6
+IsYwHEAufH0L6Kamo6LYcVMaDaHvxCUpZyYrGniZ7Bt65zl-E6s4kqPLwuoiyA2aVlmGZfwGHkXq
+teYutF2w2OzkhihDpcYQfPlavIxLUhVdXODzzHDkUwrdP2pvS7YSevk0hrNMiY9mAPlwwDV4MkiY
+ckPHcqkmRckLkp5Kt-_8GnR9rOCLHtgTOAP3xNi4i-JpSt7Eow-_g0Oedd5pcDB-qXV8SA0xs2Yb
+dTUOkrZ3-MvI0SfzSNuN5Uq5kkFjCUwWlcPIbIi19cuUbeM_88zKhtFtnmmxwtALNxs3fx0OjRXb
+4I9k_PsSP6rzoAljOshVlPUXScE0iA7M2yqjjfSSY50ROCIgVnJuL3m_tMr1CR83qwRLvgSgrzKm
+JvlUR4QzXfM2jpsQjUCxU3j4bangqg5mB0UFGoU8ONharVP1CrWI9YccgBePeuWvmseVwx8mkYWk
+FUHITpR0bHdSTHCWFC3N15ZjEj54dcGS-XNJyOtgisRFHHeob88_vljCfDQRp3LCU_FVFDRd4Pbf
+SwHtfvlWBfctm-N2XUx6WECNl2M40X6yDhqbYfbSdpOhc7ZpEoy57PTCBQrFkIK6_LexY8ruI794
+XSRRkg9DCr3Ph7ACOZDEeHFJuPy8h0BrCM9_YCLhtRLg03U0AOCM2mNriLN-ul2BRsL4exWmDwcs
+HTHXCycAoqctWKFruvonirdSSMYK1NkU1viqXQxs2qOHcYYagwIIzZFvcxuvBbAI90dCl_siy-iU
+f1MLLB8MSoxuATZtoIwJQopbyBoHby6-kYyRw-mD9EWg0ZprVRZAQ3U2Da42LZ3rZDiKTECJWtlk
+mSuNnQ69YXF6kSQrkfgpuWMYl6lqxaJWpkpenUkQq0NkzJhSvON6ktEMAFNR-t8ppk6nt0-fIEMQ
+WfbhUj3x3SSJL0kXYZZBe37rK0GhGOi9zrOImZ0EZ2erSMmkoU_sitmq5grDNSjWu5DynNAkRpdl
+mZbXprHJnki6LBB-_TeOBBT1TONDBB5SvrRnEM3UPMMJkIq-zLtD06w4uk7zrF5uC7B6K30M-126
+geHJwwiK-VfjswEU_fQn7oJ1ub3J4JWvR7wZsd7Y35txDzutSPHJX8s4hdOQEJnozvFoo7te \ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.p12 b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.p12
new file mode 100644
index 0000000000..7ff192b960
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.p12
Binary files differ
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.trust.jks b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.trust.jks
new file mode 100644
index 0000000000..20c00a5219
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.trust.jks
Binary files differ
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml
index b5eed38e5d..a58c780894 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml
@@ -15,18 +15,6 @@
*/}}
{{- if .Values.global.aafEnabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
@@ -57,7 +45,6 @@ data:
{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
---
{{- end }}
-
{{- if .Values.prometheus.jmx.enabled }}
apiVersion: v1
kind: ConfigMap
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml
index 033d8d5441..9f78c7b2a4 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml
@@ -15,3 +15,17 @@
*/}}
{{ include "common.secretFast" . }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-certs
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
index e08c78a582..071bc6709e 100644
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
@@ -146,7 +146,7 @@ spec:
- containerPort: {{ .Values.jmx.port }}
name: jmx
{{- end }}
- {{ if eq .Values.liveness.enabled true }}
+ {{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
@@ -170,8 +170,6 @@ spec:
value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
- name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
value: "{{ .Values.kafka.enableSupport }}"
- - name: KAFKA_OPTS
- value: "{{ .Values.kafka.jaasOptions }}"
{{- if .Values.global.aafEnabled }}
- name: KAFKA_OPTS
value: "{{ .Values.kafka.jaasOptionsAaf }}"
@@ -218,7 +216,16 @@ spec:
{{- if .Values.global.aafEnabled }}
- mountPath: /etc/kafka/data/cadi.properties
subPath: cadi.properties
- name: cadi
+ name: certs
+ - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks
+ subPath: org.onap.dmaap.mr.trust.jks
+ name: certs
+ - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.p12
+ subPath: org.onap.dmaap.mr.p12
+ name: certs
+ - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile
+ subPath: org.onap.dmaap.mr.keyfile
+ name: certs
{{ end }}
- name: jaas-config
mountPath: /etc/kafka/secrets/jaas
@@ -239,18 +246,18 @@ spec:
hostPath:
path: /var/run/docker.sock
{{- if .Values.global.aafEnabled }}
- - name: cadi
- configMap:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ - name: certs
+ secret:
+ secretName: {{ include "common.fullname" . }}-certs
{{ end }}
- name: jaas
configMap:
name: {{ include "common.fullname" . }}-jaas-configmap
- {{- if .Values.prometheus.jmx.enabled }}
+ {{- if .Values.prometheus.jmx.enabled }}
- name: jmx-config
configMap:
name: {{ include "common.fullname" . }}-prometheus-configmap
- {{- end }}
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: kafka-data
emptyDir: {}
diff --git a/kubernetes/dmaap/components/message-router/requirements.yaml b/kubernetes/dmaap/components/message-router/requirements.yaml
index 6963d207e7..a0da9a480b 100644
--- a/kubernetes/dmaap/components/message-router/requirements.yaml
+++ b/kubernetes/dmaap/components/message-router/requirements.yaml
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.jks b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.jks
new file mode 100644
index 0000000000..654a22ef51
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.jks
Binary files differ
diff --git a/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.keyfile b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.keyfile
new file mode 100644
index 0000000000..2d50d129ea
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.keyfile
@@ -0,0 +1,27 @@
+kdklLWZ2D0CQCtusKJ2v0GKIkc9gBUeRYHoqOK8K2a30IapB1H4rlirosRmNj0eSw6vQAXiXbFsb
+H_36Y5GJplbJsjFygSVva6P6XVtlXat_HghoDq6-Nu9wQZL9ZQUnT0U8GQtTovc7cutTJQTSFcly
+2c28cMB_pj6-H8YxiG_By9Nx8aSY6kwUAOnLzV4FwztYtIlA71FcXVodSMiAelxjip0lAFpTomrZ
+HCSKHAjSgRLpNb1DsAVoPoRuPj30c9FrHXQig5vqrQjXZOxBAhyepyGQl-Mab1tPMqaAOkXj-wJm
+mGdA2EXIabftpCczPuBgAOtr4ExG4OE8UmEMuiXn49VRzDNsUZvBI3PbQblnKxD1Htw_yaXTiYFu
+Enk48zh2L75ssAqzQtw8hHQdGiJU_0r9BDUwpyrHJ6xihxIj47NtoEfe-ttEKvSMw4paDGGoaBRo
+Xq33RyxBDTbfXgqFNvmTC7QHGEvP27hpQmdOJfWI7IeJ90Gkgt9HLmiAPXFdQwa_tBJ18iCtOisk
+qhf8yMR6ApbZURy2ueh3MyBIIPHshj94lwhXY0ZOVycsii9-zZkyQ1quBMvokYZ51u93D71t66E4
+Iqvf71yGHE3BITS9yu6ZFyjkKBy4asQ3WP-L-EZyaHiuTwqe8ZPAfCNUUs2BOCAesW2gz7nscHdw
+5DW-C05ItyDRlqTP7iXsoBJoGHzQVnLJ_3kVUqLVgwk2-ajM6lpLhnKpORSgCn3yZGdLjXJQN-HC
+BLLnQ9rguS5yf49HolkDFgspYvAE5ssmA4yBD_8W_t6-L76f26unFf-M__YpZBpXlIEZ3DfFL4Yx
+Ro05RAtgdcRX7Hzg4jMtc9Pqd8DgmEkdos3bY0DlpMwLX_W9dWP7j3TQ6A_U4iYRDqI2jSeg6xE6
+vShlNv7Kn19Nbt9yTa5Ne6lZi933Q-upY1Zmkmt_MgkGzTbaFR_cy5tHruGzCO7byNCo6iraVZiR
+wrTKTPko0GMlw8p5hnLnfG_F2c2SPNUME8QmdBSKinS1vqtzAOnJZf69B0DaEUR09iRIcbnMXSOg
+Eac2v_bT_vUOEtsxo3jZjbvaEvtK9DC-3Du3bQSrsz2keOs2zCTNb--D5W99zTJx_JHY3OF_eboe
+RSx42nun9aUTOqJk6jMz2asCf4DV5DsERVJwg3SdIbNxE4tSZPFSNEPeV2oPpnvuwKq4apDGKQtv
+IpxmCgCxMgd4IuVDkLMU49dNSFJozql_U7nAYXSPyG3Vt5ljWvQ9ovlvQiwE-gSnLDnNprDytUv9
+JQZ0c64P7PkbnZXW3VV4J-EiXM3Ped4twfcK2jSC4Yo3xwWCCZy_bzCRqoQ96gVZkOhYMkXpJKKz
+bWPi7eeaz2ShS0G3A2YnVyhw-4omFMbmgH5cKUolW-vZktHJNYuFzT2s6mFV-gCAYo__v5Ra7HN9
+RPz6sMmzxJAvXauDqr2JcqpoEZEkuMdTRqd8vCEFwAiGUPz2zO3f48kf2sTuNGqHRBc_XjMjo1bl
+X4j4V5HgbmDscXpJ9RK_WjN7WiA2sfQnh71bXNaVsQokcMd6sTevU1XWLtPDouieB93T5x1eqZ7H
+7v7QMuRTGxtmUCbB_bmESgGYQqrUEHhkspsaIa5MD1YEjlL163TnIFZm-nUgFSu0-gLBHk5K2t3s
+j588YKFPQzJa-LxbiNnt7buODYRcGYMMfCtj_QhmxJy6ETMm8-ejq7GfldnEggrsMSBWsOxbjW5u
+oQXAuG4clmdWDB9Anzt7Mh3-FoVHTXcCU-Syfh1oSca3OF41R17JP3xBSYsUD3dcCk5v1GjdDygN
+sVQh6Y6Ht3G6aJLoRsTSRLdb2Hkp5UF62WaHV3F1TIndUeX8RcBr70CVEXqnfEtMMmek2uTMbbiA
+JlSEw3V0pTUMBWI8BAhP7-JOyPf55WVns8cXJyK3QEFw5p1yimBeIsxXwk3E9bIp4f3HDNjfZU1r
+yjNOLJspvClgpuQX5bnx_tc0xy7BkkjacvVkPNz78bcP-Rwgm33B1QSofn9cIH6Qvjv_5S5k \ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.p12 b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.p12
new file mode 100644
index 0000000000..61bc0f86ea
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.p12
Binary files differ
diff --git a/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.trust.jks b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.trust.jks
new file mode 100644
index 0000000000..f9d240447d
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.trust.jks
Binary files differ
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties
deleted file mode 100755
index dca56c823d..0000000000
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties
+++ /dev/null
@@ -1,19 +0,0 @@
-aaf_locate_url=https://aaf-locate.{{ include "common.namespace" . }}:8095
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-aaf_env=DEV
-aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-
-cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
-
-cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile
-
-cadi_alias=dmaapmr@mr.dmaap.onap.org
-cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
-cadi_loglevel=INFO
-cadi_protocols=TLSv1.1,TLSv1.2
-cadi_latitude=37.78187
-cadi_longitude=-122.26147 \ No newline at end of file
diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml b/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml
new file mode 100644
index 0000000000..be174ab5bd
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- {{/*
+ ============LICENSE_START=======================================================
+ org.onap.dmaap
+ ================================================================================
+ Copyright © 2017-2021 AT&T Intellectual Property. All rights reserved.
+ Copyright © 2021 Orange Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+*/}}
+-->
+
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure id="ajsc-server" class="org.eclipse.jetty.server.Server">
+ <!-- DO NOT REMOVE!!!! This is setting up the AJSC Context -->
+ <New id="ajscContext" class="org.eclipse.jetty.webapp.WebAppContext">
+ <Set name="contextPath"><SystemProperty name="AJSC_CONTEXT_PATH" /></Set>
+ <Set name="extractWAR">true</Set>
+ <Set name="tempDirectory"><SystemProperty name="AJSC_TEMP_DIR" /></Set>
+ <Set name="war"><SystemProperty name="AJSC_WAR_PATH" /></Set>
+ <Set name="descriptor"><SystemProperty name="AJSC_HOME" />/etc/runner-web.xml</Set>
+ <Set name="overrideDescriptor"><SystemProperty name="AJSC_HOME" />/etc/ajsc-override-web.xml</Set>
+ <Set name="throwUnavailableOnStartupException">true</Set>
+ <Set name="extraClasspath"><SystemProperty name="AJSC_HOME" />/extJars/json-20131018.jar</Set>
+ <Set name="servletHandler">
+ <New class="org.eclipse.jetty.servlet.ServletHandler">
+ <Set name="startWithUnavailable">false</Set>
+ </New>
+ </Set>
+ </New>
+
+ <Set name="handler">
+ <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
+ <Set name="Handlers">
+ <Array type="org.eclipse.jetty.webapp.WebAppContext">
+ <Item>
+ <Ref refid="ajscContext" />
+ </Item>
+ </Array>
+ </Set>
+ </New>
+ </Set>
+
+ <Call name="addBean">
+ <Arg>
+ <New id="DeploymentManager" class="org.eclipse.jetty.deploy.DeploymentManager">
+ <Set name="contexts">
+ <Ref refid="Contexts" />
+ </Set>
+ <Call id="extAppHotDeployProvider" name="addAppProvider">
+ <Arg>
+ <New class="org.eclipse.jetty.deploy.providers.WebAppProvider">
+ <Set name="monitoredDirName"><SystemProperty name="AJSC_HOME" />/extApps</Set>
+ <Set name="scanInterval">10</Set>
+ <Set name="extractWars">true</Set>
+ </New>
+ </Arg>
+ </Call>
+ </New>
+ </Arg>
+ </Call>
+
+ <Call name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server">
+ <Ref refid="ajsc-server" />
+ </Arg>
+ <Set name="port"><SystemProperty name="AJSC_HTTP_PORT" default="8080" /></Set>
+ </New>
+ </Arg>
+ </Call>
+
+
+ <!-- SSL Keystore configuration -->
+
+ <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+ <Set name="KeyStorePath">/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.jks</Set>
+ <Set name="KeyStorePassword">wHOPeeVegmGk6OoiuEyUPuJjNgrlvKza62Mf6c0Mm4gMb5fAETzpMBv1BT2yv9Mx</Set>
+ <Set name="KeyManagerPassword">wHOPeeVegmGk6OoiuEyUPuJjNgrlvKza62Mf6c0Mm4gMb5fAETzpMBv1BT2yv9Mx</Set>
+ <Set name="WantClientAuth">true</Set>
+ </New>
+ <Call id="sslConnector" name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server">
+ <Ref refid="ajsc-server" />
+ </Arg>
+ <Arg name="factories">
+ <Array type="org.eclipse.jetty.server.ConnectionFactory">
+ <Item>
+ <New class="org.eclipse.jetty.server.SslConnectionFactory">
+ <Arg name="next">http/1.1</Arg>
+ <Arg name="sslContextFactory">
+ <Ref refid="sslContextFactory" />
+ </Arg>
+ </New>
+ </Item>
+ <Item>
+ <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+ <Arg name="config">
+ <New class="org.eclipse.jetty.server.HttpConfiguration">
+ <Call name="addCustomizer">
+ <Arg>
+ <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
+ </Arg>
+ </Call>
+ </New>
+ </Arg>
+ </New>
+ </Item>
+ </Array>
+ </Arg>
+ <Set name="port"><SystemProperty name="AJSC_HTTPS_PORT" default="0" /></Set>
+ <Set name="idleTimeout">30000</Set>
+ </New>
+ </Arg>
+ </Call>
+
+
+ <Get name="ThreadPool">
+ <Set name="minThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MIN" /></Set>
+ <Set name="maxThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MAX" /></Set>
+ <Set name="idleTimeout"><SystemProperty name="AJSC_JETTY_IDLETIME_MAX" /></Set>
+ <Set name="detailedDump">false</Set>
+ </Get>
+
+</Configure>
diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties
new file mode 100644
index 0000000000..789a44de26
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties
@@ -0,0 +1,15 @@
+aaf_locate_url=https://aaf-locate.onap:8095
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+aaf_env=DEV
+aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
+cadi_truststore=/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.trust.jks
+cadi_truststore_password=Eav*,dKoFUukNM$;?HMfvc2;
+cadi_keyfile=/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.keyfile
+cadi_alias=dmaapmr@mr.dmaap.onap.org
+cadi_keystore=/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.p12
+cadi_keystore_password=358ia?XLZ)nPeM?HFh3M6{Nc
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+cadi_loglevel=INFO
+cadi_protocols=TLSv1.1,TLSv1.2
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml
index a253c512eb..7ca9bd872a 100644
--- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml
@@ -30,7 +30,7 @@ data:
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ name: {{ include "common.fullname" . }}-logback-xml-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
@@ -38,13 +38,12 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/dmaap/cadi.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }}
---
-
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-logback-xml-configmap
+ name: {{ include "common.fullname" . }}-etc
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
@@ -52,9 +51,8 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }}
---
-
apiVersion: v1
kind: ConfigMap
metadata:
@@ -96,5 +94,3 @@ data:
{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }}
---
{{ end }}
-
-
diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml
index 9456c15994..bdae4c86b7 100644
--- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/secrets.yaml
@@ -28,3 +28,17 @@ metadata:
data:
{{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }}
type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-certs
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
index 940ad25ce5..2426bd81a3 100644
--- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
@@ -97,10 +97,15 @@ spec:
name: logback
- mountPath: /appl/dmaapMR1/etc/cadi.properties
subPath: cadi.properties
- name: cadi
+ name: etc
- mountPath: /appl/dmaapMR1/etc/keyfile
subPath: mykey
name: mykey
+ - mountPath: /appl/dmaapMR1/etc/ajsc-jetty.xml
+ subPath: ajsc-jetty.xml
+ name: etc
+ - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/local/
+ name: certs
resources: {{ include "common.resources" . | nindent 12 }}
volumes:
- name: localtime
@@ -109,12 +114,12 @@ spec:
- name: appprops
configMap:
name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap
+ - name: etc
+ configMap:
+ name: {{ include "common.fullname" . }}-etc
- name: logback
configMap:
name: {{ include "common.fullname" . }}-logback-xml-configmap
- - name: cadi
- configMap:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
{{- if .Values.prometheus.jmx.enabled }}
- name: jmx-config
configMap:
@@ -123,5 +128,8 @@ spec:
- name: mykey
secret:
secretName: {{ include "common.fullname" . }}-secret
+ - name: certs
+ secret:
+ secretName: {{ include "common.fullname" . }}-certs
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"