diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-10 12:11:53 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-03-31 14:37:24 +0000 |
commit | d060b429ac549682dce9dd8b1225aa6726b74181 (patch) | |
tree | 88840dfedffbf60c510f1e60abdd1df4e0bac4fe | |
parent | 81054fe936c851f10c18c03980de6f9548efe6b1 (diff) |
[DMAAP][MR] Update hardcoded certificates
Instead of hardcoding certificates inside the container, add them into
helm charts, so it's easier to update.
Issue-ID: DMAAP-1547
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a
(cherry picked from commit e5b6ffc663a2314fd545aa540cbdee6380adf00b)
18 files changed, 271 insertions, 56 deletions
diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/cadi.properties index 2bee404c0b..9d190f4c39 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/cadi.properties @@ -3,16 +3,16 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ +cadi_truststore_password=enc:_ZrH3rkJPIOYVD7lAxlE_s2mGBNsWa4e7gHLlPz7_KC84_UQwc26MLEOoYS2ROxB cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W +cadi_keystore_password=enc:GbVFJzhyO_a-JqjrwLrlzBl63x4pKsygTWSATlYYKLsCRFSFP6x4MtwKEpGbbtrk cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 -cadi_longitude=-122.26147
\ No newline at end of file +cadi_longitude=-122.26147 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile new file mode 100644 index 0000000000..7acb332c2e --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.keyfile @@ -0,0 +1,27 @@ +SV2A4lpBx7lrU86oIEs5Vi994hdhdk3ZOzN-o8r3VHBOp6NQks-r494popXjGEeepzkPtV2x8OS0 +yKJzc19D8jRTLWnsI9_c2gl_6YjYQ7mPKqzGcbM8WtF9mBKtxs-P3e1KJj0hg0uyY4JFjUVOoLG8 +5eAXW1MvAqmoMg6pZy5ygF8qqaB-eOrW9KeMMQGxn6U4PWS-SBDhoROY6CGjirTAFbcDOdfSvmrV +5gprS8aT5g3gUeGX9yJIIo3ZUrpgSE7kqUa__kxUoP7KJtXyHjpwGoCMwcaLkn7yD_9rrSvHRARc +MGYG18NgZCdiDNM059D6TyTMTEObQzgLLsxPmOawaQsa-XIhvMLQO4WeFAyza8RiAwR_0czLouFv +JUjKXgfJJuxYCfUU-YLI3ptsxrDeX73geeUUsbsDKQll6bjxdl4ehj8einnkcWklWikRAY2FDbmY +GvkSv3SoywIMMhQKPdccpqEnm_Gu5a8SVHklpqxh1s7ExWKdjJ026c9EwRUzJ5i1zkPzssUUH0Pd +l07x2-2ROF8GTxEGECacfcDqaClG6SkyuSN1Xl3U0RTtTfesJo_Jvf2d268ejdC-XejCrQfvAxa4 +XNNTPhc_aY_xaG-9vBmH1rQXcNxS4NX-u3cBEGqtDeDy8x6ODhWGHwHpX4XH6kX_2HenGPHKW2rK +J5CSP5QqmLP-idYI1zPuHRijSEMKNIYGQHuQmU5ZumnS9Qi7GXnY63Vvi1QKyTztImDSktbdzFD_ +AJDBwDtMHKe4f-NkNf3vPro_-8xeQPhPR7NkYq8HYnFhKQuHgMwzPpTaHhERLl5PJlVUEOf9Yk2u +_7a1DAeM651FTNnpMiqEH2dqlk-fnJYA5GaNARf5bGhAJbex3Y0IHemsSuMShqORHQbQy4d0VGh6 +IsYwHEAufH0L6Kamo6LYcVMaDaHvxCUpZyYrGniZ7Bt65zl-E6s4kqPLwuoiyA2aVlmGZfwGHkXq +teYutF2w2OzkhihDpcYQfPlavIxLUhVdXODzzHDkUwrdP2pvS7YSevk0hrNMiY9mAPlwwDV4MkiY +ckPHcqkmRckLkp5Kt-_8GnR9rOCLHtgTOAP3xNi4i-JpSt7Eow-_g0Oedd5pcDB-qXV8SA0xs2Yb +dTUOkrZ3-MvI0SfzSNuN5Uq5kkFjCUwWlcPIbIi19cuUbeM_88zKhtFtnmmxwtALNxs3fx0OjRXb +4I9k_PsSP6rzoAljOshVlPUXScE0iA7M2yqjjfSSY50ROCIgVnJuL3m_tMr1CR83qwRLvgSgrzKm +JvlUR4QzXfM2jpsQjUCxU3j4bangqg5mB0UFGoU8ONharVP1CrWI9YccgBePeuWvmseVwx8mkYWk +FUHITpR0bHdSTHCWFC3N15ZjEj54dcGS-XNJyOtgisRFHHeob88_vljCfDQRp3LCU_FVFDRd4Pbf +SwHtfvlWBfctm-N2XUx6WECNl2M40X6yDhqbYfbSdpOhc7ZpEoy57PTCBQrFkIK6_LexY8ruI794 +XSRRkg9DCr3Ph7ACOZDEeHFJuPy8h0BrCM9_YCLhtRLg03U0AOCM2mNriLN-ul2BRsL4exWmDwcs +HTHXCycAoqctWKFruvonirdSSMYK1NkU1viqXQxs2qOHcYYagwIIzZFvcxuvBbAI90dCl_siy-iU +f1MLLB8MSoxuATZtoIwJQopbyBoHby6-kYyRw-mD9EWg0ZprVRZAQ3U2Da42LZ3rZDiKTECJWtlk +mSuNnQ69YXF6kSQrkfgpuWMYl6lqxaJWpkpenUkQq0NkzJhSvON6ktEMAFNR-t8ppk6nt0-fIEMQ +WfbhUj3x3SSJL0kXYZZBe37rK0GhGOi9zrOImZ0EZ2erSMmkoU_sitmq5grDNSjWu5DynNAkRpdl +mZbXprHJnki6LBB-_TeOBBT1TONDBB5SvrRnEM3UPMMJkIq-zLtD06w4uk7zrF5uC7B6K30M-126 +geHJwwiK-VfjswEU_fQn7oJ1ub3J4JWvR7wZsd7Y35txDzutSPHJX8s4hdOQEJnozvFoo7te
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.p12 b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.p12 Binary files differnew file mode 100644 index 0000000000..7ff192b960 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.p12 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.trust.jks b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.trust.jks Binary files differnew file mode 100644 index 0000000000..20c00a5219 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/certs/org.onap.dmaap.mr.trust.jks diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml index b5eed38e5d..a58c780894 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml @@ -15,18 +15,6 @@ */}} {{- if .Values.global.aafEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-cadi-prop-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap @@ -57,7 +45,6 @@ data: {{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }} --- {{- end }} - {{- if .Values.prometheus.jmx.enabled }} apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml index 033d8d5441..9f78c7b2a4 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml @@ -15,3 +15,17 @@ */}} {{ include "common.secretFast" . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index e08c78a582..071bc6709e 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -146,7 +146,7 @@ spec: - containerPort: {{ .Values.jmx.port }} name: jmx {{- end }} - {{ if eq .Values.liveness.enabled true }} + {{ if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} @@ -170,8 +170,6 @@ spec: value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE value: "{{ .Values.kafka.enableSupport }}" - - name: KAFKA_OPTS - value: "{{ .Values.kafka.jaasOptions }}" {{- if .Values.global.aafEnabled }} - name: KAFKA_OPTS value: "{{ .Values.kafka.jaasOptionsAaf }}" @@ -218,7 +216,16 @@ spec: {{- if .Values.global.aafEnabled }} - mountPath: /etc/kafka/data/cadi.properties subPath: cadi.properties - name: cadi + name: certs + - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks + subPath: org.onap.dmaap.mr.trust.jks + name: certs + - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.p12 + subPath: org.onap.dmaap.mr.p12 + name: certs + - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile + subPath: org.onap.dmaap.mr.keyfile + name: certs {{ end }} - name: jaas-config mountPath: /etc/kafka/secrets/jaas @@ -239,18 +246,18 @@ spec: hostPath: path: /var/run/docker.sock {{- if .Values.global.aafEnabled }} - - name: cadi - configMap: - name: {{ include "common.fullname" . }}-cadi-prop-configmap + - name: certs + secret: + secretName: {{ include "common.fullname" . }}-certs {{ end }} - name: jaas configMap: name: {{ include "common.fullname" . }}-jaas-configmap - {{- if .Values.prometheus.jmx.enabled }} + {{- if .Values.prometheus.jmx.enabled }} - name: jmx-config configMap: name: {{ include "common.fullname" . }}-prometheus-configmap - {{- end }} + {{- end }} {{ if not .Values.persistence.enabled }} - name: kafka-data emptyDir: {} diff --git a/kubernetes/dmaap/components/message-router/requirements.yaml b/kubernetes/dmaap/components/message-router/requirements.yaml index 6963d207e7..a0da9a480b 100644 --- a/kubernetes/dmaap/components/message-router/requirements.yaml +++ b/kubernetes/dmaap/components/message-router/requirements.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.jks b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.jks Binary files differnew file mode 100644 index 0000000000..654a22ef51 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.jks diff --git a/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.keyfile b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.keyfile new file mode 100644 index 0000000000..2d50d129ea --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.keyfile @@ -0,0 +1,27 @@ +kdklLWZ2D0CQCtusKJ2v0GKIkc9gBUeRYHoqOK8K2a30IapB1H4rlirosRmNj0eSw6vQAXiXbFsb +H_36Y5GJplbJsjFygSVva6P6XVtlXat_HghoDq6-Nu9wQZL9ZQUnT0U8GQtTovc7cutTJQTSFcly +2c28cMB_pj6-H8YxiG_By9Nx8aSY6kwUAOnLzV4FwztYtIlA71FcXVodSMiAelxjip0lAFpTomrZ +HCSKHAjSgRLpNb1DsAVoPoRuPj30c9FrHXQig5vqrQjXZOxBAhyepyGQl-Mab1tPMqaAOkXj-wJm +mGdA2EXIabftpCczPuBgAOtr4ExG4OE8UmEMuiXn49VRzDNsUZvBI3PbQblnKxD1Htw_yaXTiYFu +Enk48zh2L75ssAqzQtw8hHQdGiJU_0r9BDUwpyrHJ6xihxIj47NtoEfe-ttEKvSMw4paDGGoaBRo +Xq33RyxBDTbfXgqFNvmTC7QHGEvP27hpQmdOJfWI7IeJ90Gkgt9HLmiAPXFdQwa_tBJ18iCtOisk +qhf8yMR6ApbZURy2ueh3MyBIIPHshj94lwhXY0ZOVycsii9-zZkyQ1quBMvokYZ51u93D71t66E4 +Iqvf71yGHE3BITS9yu6ZFyjkKBy4asQ3WP-L-EZyaHiuTwqe8ZPAfCNUUs2BOCAesW2gz7nscHdw +5DW-C05ItyDRlqTP7iXsoBJoGHzQVnLJ_3kVUqLVgwk2-ajM6lpLhnKpORSgCn3yZGdLjXJQN-HC +BLLnQ9rguS5yf49HolkDFgspYvAE5ssmA4yBD_8W_t6-L76f26unFf-M__YpZBpXlIEZ3DfFL4Yx +Ro05RAtgdcRX7Hzg4jMtc9Pqd8DgmEkdos3bY0DlpMwLX_W9dWP7j3TQ6A_U4iYRDqI2jSeg6xE6 +vShlNv7Kn19Nbt9yTa5Ne6lZi933Q-upY1Zmkmt_MgkGzTbaFR_cy5tHruGzCO7byNCo6iraVZiR +wrTKTPko0GMlw8p5hnLnfG_F2c2SPNUME8QmdBSKinS1vqtzAOnJZf69B0DaEUR09iRIcbnMXSOg +Eac2v_bT_vUOEtsxo3jZjbvaEvtK9DC-3Du3bQSrsz2keOs2zCTNb--D5W99zTJx_JHY3OF_eboe +RSx42nun9aUTOqJk6jMz2asCf4DV5DsERVJwg3SdIbNxE4tSZPFSNEPeV2oPpnvuwKq4apDGKQtv +IpxmCgCxMgd4IuVDkLMU49dNSFJozql_U7nAYXSPyG3Vt5ljWvQ9ovlvQiwE-gSnLDnNprDytUv9 +JQZ0c64P7PkbnZXW3VV4J-EiXM3Ped4twfcK2jSC4Yo3xwWCCZy_bzCRqoQ96gVZkOhYMkXpJKKz +bWPi7eeaz2ShS0G3A2YnVyhw-4omFMbmgH5cKUolW-vZktHJNYuFzT2s6mFV-gCAYo__v5Ra7HN9 +RPz6sMmzxJAvXauDqr2JcqpoEZEkuMdTRqd8vCEFwAiGUPz2zO3f48kf2sTuNGqHRBc_XjMjo1bl +X4j4V5HgbmDscXpJ9RK_WjN7WiA2sfQnh71bXNaVsQokcMd6sTevU1XWLtPDouieB93T5x1eqZ7H +7v7QMuRTGxtmUCbB_bmESgGYQqrUEHhkspsaIa5MD1YEjlL163TnIFZm-nUgFSu0-gLBHk5K2t3s +j588YKFPQzJa-LxbiNnt7buODYRcGYMMfCtj_QhmxJy6ETMm8-ejq7GfldnEggrsMSBWsOxbjW5u +oQXAuG4clmdWDB9Anzt7Mh3-FoVHTXcCU-Syfh1oSca3OF41R17JP3xBSYsUD3dcCk5v1GjdDygN +sVQh6Y6Ht3G6aJLoRsTSRLdb2Hkp5UF62WaHV3F1TIndUeX8RcBr70CVEXqnfEtMMmek2uTMbbiA +JlSEw3V0pTUMBWI8BAhP7-JOyPf55WVns8cXJyK3QEFw5p1yimBeIsxXwk3E9bIp4f3HDNjfZU1r +yjNOLJspvClgpuQX5bnx_tc0xy7BkkjacvVkPNz78bcP-Rwgm33B1QSofn9cIH6Qvjv_5S5k
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.p12 b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.p12 Binary files differnew file mode 100644 index 0000000000..61bc0f86ea --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.p12 diff --git a/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.trust.jks b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.trust.jks Binary files differnew file mode 100644 index 0000000000..f9d240447d --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/certs/org.onap.dmaap.mr.trust.jks diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties deleted file mode 100755 index dca56c823d..0000000000 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties +++ /dev/null @@ -1,19 +0,0 @@ -aaf_locate_url=https://aaf-locate.{{ include "common.namespace" . }}:8095 -aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 -aaf_env=DEV -aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm - -cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ - -cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile - -cadi_alias=dmaapmr@mr.dmaap.onap.org -cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - -cadi_loglevel=INFO -cadi_protocols=TLSv1.1,TLSv1.2 -cadi_latitude=37.78187 -cadi_longitude=-122.26147
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml b/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml new file mode 100644 index 0000000000..be174ab5bd --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/config/etc/ajsc-jetty.xml @@ -0,0 +1,138 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- {{/* + ============LICENSE_START======================================================= + org.onap.dmaap + ================================================================================ + Copyright © 2017-2021 AT&T Intellectual Property. All rights reserved. + Copyright © 2021 Orange Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + ECOMP is a trademark and service mark of AT&T Intellectual Property. +*/}} +--> + +<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> +<Configure id="ajsc-server" class="org.eclipse.jetty.server.Server"> + <!-- DO NOT REMOVE!!!! This is setting up the AJSC Context --> + <New id="ajscContext" class="org.eclipse.jetty.webapp.WebAppContext"> + <Set name="contextPath"><SystemProperty name="AJSC_CONTEXT_PATH" /></Set> + <Set name="extractWAR">true</Set> + <Set name="tempDirectory"><SystemProperty name="AJSC_TEMP_DIR" /></Set> + <Set name="war"><SystemProperty name="AJSC_WAR_PATH" /></Set> + <Set name="descriptor"><SystemProperty name="AJSC_HOME" />/etc/runner-web.xml</Set> + <Set name="overrideDescriptor"><SystemProperty name="AJSC_HOME" />/etc/ajsc-override-web.xml</Set> + <Set name="throwUnavailableOnStartupException">true</Set> + <Set name="extraClasspath"><SystemProperty name="AJSC_HOME" />/extJars/json-20131018.jar</Set> + <Set name="servletHandler"> + <New class="org.eclipse.jetty.servlet.ServletHandler"> + <Set name="startWithUnavailable">false</Set> + </New> + </Set> + </New> + + <Set name="handler"> + <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"> + <Set name="Handlers"> + <Array type="org.eclipse.jetty.webapp.WebAppContext"> + <Item> + <Ref refid="ajscContext" /> + </Item> + </Array> + </Set> + </New> + </Set> + + <Call name="addBean"> + <Arg> + <New id="DeploymentManager" class="org.eclipse.jetty.deploy.DeploymentManager"> + <Set name="contexts"> + <Ref refid="Contexts" /> + </Set> + <Call id="extAppHotDeployProvider" name="addAppProvider"> + <Arg> + <New class="org.eclipse.jetty.deploy.providers.WebAppProvider"> + <Set name="monitoredDirName"><SystemProperty name="AJSC_HOME" />/extApps</Set> + <Set name="scanInterval">10</Set> + <Set name="extractWars">true</Set> + </New> + </Arg> + </Call> + </New> + </Arg> + </Call> + + <Call name="addConnector"> + <Arg> + <New class="org.eclipse.jetty.server.ServerConnector"> + <Arg name="server"> + <Ref refid="ajsc-server" /> + </Arg> + <Set name="port"><SystemProperty name="AJSC_HTTP_PORT" default="8080" /></Set> + </New> + </Arg> + </Call> + + + <!-- SSL Keystore configuration --> + + <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> + <Set name="KeyStorePath">/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.jks</Set> + <Set name="KeyStorePassword">wHOPeeVegmGk6OoiuEyUPuJjNgrlvKza62Mf6c0Mm4gMb5fAETzpMBv1BT2yv9Mx</Set> + <Set name="KeyManagerPassword">wHOPeeVegmGk6OoiuEyUPuJjNgrlvKza62Mf6c0Mm4gMb5fAETzpMBv1BT2yv9Mx</Set> + <Set name="WantClientAuth">true</Set> + </New> + <Call id="sslConnector" name="addConnector"> + <Arg> + <New class="org.eclipse.jetty.server.ServerConnector"> + <Arg name="server"> + <Ref refid="ajsc-server" /> + </Arg> + <Arg name="factories"> + <Array type="org.eclipse.jetty.server.ConnectionFactory"> + <Item> + <New class="org.eclipse.jetty.server.SslConnectionFactory"> + <Arg name="next">http/1.1</Arg> + <Arg name="sslContextFactory"> + <Ref refid="sslContextFactory" /> + </Arg> + </New> + </Item> + <Item> + <New class="org.eclipse.jetty.server.HttpConnectionFactory"> + <Arg name="config"> + <New class="org.eclipse.jetty.server.HttpConfiguration"> + <Call name="addCustomizer"> + <Arg> + <New class="org.eclipse.jetty.server.SecureRequestCustomizer" /> + </Arg> + </Call> + </New> + </Arg> + </New> + </Item> + </Array> + </Arg> + <Set name="port"><SystemProperty name="AJSC_HTTPS_PORT" default="0" /></Set> + <Set name="idleTimeout">30000</Set> + </New> + </Arg> + </Call> + + + <Get name="ThreadPool"> + <Set name="minThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MIN" /></Set> + <Set name="maxThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MAX" /></Set> + <Set name="idleTimeout"><SystemProperty name="AJSC_JETTY_IDLETIME_MAX" /></Set> + <Set name="detailedDump">false</Set> + </Get> + +</Configure> diff --git a/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties new file mode 100644 index 0000000000..789a44de26 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/config/etc/cadi.properties @@ -0,0 +1,15 @@ +aaf_locate_url=https://aaf-locate.onap:8095 +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 +aaf_env=DEV +aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm +cadi_truststore=/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.trust.jks +cadi_truststore_password=Eav*,dKoFUukNM$;?HMfvc2; +cadi_keyfile=/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.keyfile +cadi_alias=dmaapmr@mr.dmaap.onap.org +cadi_keystore=/appl/dmaapMR1/bundleconfig/etc/sysprops/local/org.onap.dmaap.mr.p12 +cadi_keystore_password=358ia?XLZ)nPeM?HFh3M6{Nc +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US +cadi_loglevel=INFO +cadi_protocols=TLSv1.1,TLSv1.2 +cadi_latitude=37.78187 +cadi_longitude=-122.26147 diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml index a253c512eb..7ca9bd872a 100644 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml @@ -30,7 +30,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-cadi-prop-configmap + name: {{ include "common.fullname" . }}-logback-xml-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -38,13 +38,12 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/dmaap/cadi.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }} --- - apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-logback-xml-configmap + name: {{ include "common.fullname" . }}-etc namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -52,9 +51,8 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }} --- - apiVersion: v1 kind: ConfigMap metadata: @@ -96,5 +94,3 @@ data: {{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }} --- {{ end }} - - diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml index 9456c15994..bdae4c86b7 100644 --- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/templates/secrets.yaml @@ -28,3 +28,17 @@ metadata: data: {{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }} type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index 940ad25ce5..2426bd81a3 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -97,10 +97,15 @@ spec: name: logback - mountPath: /appl/dmaapMR1/etc/cadi.properties subPath: cadi.properties - name: cadi + name: etc - mountPath: /appl/dmaapMR1/etc/keyfile subPath: mykey name: mykey + - mountPath: /appl/dmaapMR1/etc/ajsc-jetty.xml + subPath: ajsc-jetty.xml + name: etc + - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/local/ + name: certs resources: {{ include "common.resources" . | nindent 12 }} volumes: - name: localtime @@ -109,12 +114,12 @@ spec: - name: appprops configMap: name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap + - name: etc + configMap: + name: {{ include "common.fullname" . }}-etc - name: logback configMap: name: {{ include "common.fullname" . }}-logback-xml-configmap - - name: cadi - configMap: - name: {{ include "common.fullname" . }}-cadi-prop-configmap {{- if .Values.prometheus.jmx.enabled }} - name: jmx-config configMap: @@ -123,5 +128,8 @@ spec: - name: mykey secret: secretName: {{ include "common.fullname" . }}-secret + - name: certs + secret: + secretName: {{ include "common.fullname" . }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" |